Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wechat-3.9.7-installer_ae-GFz1.exe

Overview

General Information

Sample name:wechat-3.9.7-installer_ae-GFz1.exe
Analysis ID:1450567
MD5:c9db32520878a90f367b284f5f765ab7
SHA1:e59b03e0dfe13054a30eb68a04b0cd7cc0456e1a
SHA256:5dc9eafb99e68c0ef77d151ea645736d19393fffc3e01d9dbb073584893b99a4
Infos:

Detection

Coinhive, Crypto Miner, DarkComet, GhostRat, IcedID, LaZagne, Mini RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:52
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Coinhive miner
Yara detected Crypto Miner
Yara detected DarkComet
Yara detected GhostRat
Yara detected IcedID
Yara detected LaZagne password dumper
Yara detected Mini RAT
Yara detected Nemty Ransomware
Yara detected Njrat
Yara detected Powershell decode and execute
Yara detected Powershell download and execute
Yara detected PureLog Stealer
Yara detected Quasar RAT
Yara detected ReflectiveLoader
Yara detected RevengeRAT
Yara detected Wannacry ransomware
Yara detected WebMonitor RAT
Yara detected Xmrig cryptocurrency miner
Creates an autostart registry key pointing to binary in C:\Windows
Creates files in the system32 config directory
Drops large PE files
Hides that the sample has been downloaded from the Internet (zone.identifier)
Installs Task Scheduler Managed Wrapper
Reads the Security eventlog
Reads the System eventlog
Tries to harvest and steal browser information (history, passwords, etc)
Tries to open files direct via NTFS file id
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Registers a DLL
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potentially Suspicious Rundll32 Activity
Sigma detected: Suspicious Rundll32 Setupapi.dll Activity
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • wechat-3.9.7-installer_ae-GFz1.exe (PID: 4108 cmdline: "C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe" MD5: C9DB32520878A90F367B284F5F765AB7)
    • wechat-3.9.7-installer_ae-GFz1.tmp (PID: 6712 cmdline: "C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp" /SL5="$1043C,837551,832512,C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe" MD5: 053B158842578C53DB20AD6835B8658B)
      • component0.exe (PID: 5440 cmdline: "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240601225827&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=&se=true" -i MD5: 9918A291E486157963C3B089BD65AEBD)
        • 40kgqfax.exe (PID: 1072 cmdline: "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silent MD5: 436F7DECB25CBA7886B44FA4D6305F91)
          • RAVEndPointProtection-installer.exe (PID: 5304 cmdline: "C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silent MD5: 31CB221ABD09084BF10C8D6ACF976A21)
            • rsSyncSvc.exe (PID: 6828 cmdline: "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10 MD5: 3068531529196A5F3C9CB369B8A6A37F)
              • conhost.exe (PID: 7068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • rundll32.exe (PID: 3752 cmdline: "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf MD5: EF3179D498793BF4234F708D3BE28633)
              • runonce.exe (PID: 2536 cmdline: "C:\Windows\system32\runonce.exe" -r MD5: 9ADEF025B168447C1E8514D919CB5DC0)
                • grpconv.exe (PID: 6224 cmdline: "C:\Windows\System32\grpconv.exe" -o MD5: 8531882ACC33CB4BDC11B305A01581CE)
            • wevtutil.exe (PID: 5900 cmdline: "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml MD5: 1AAE26BD68B911D0420626A27070EB8D)
              • conhost.exe (PID: 6216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • fltMC.exe (PID: 6184 cmdline: "fltmc.exe" load rsKernelEngine MD5: 6AB08CADCE7DF971A043DCD1257D7374)
              • conhost.exe (PID: 4168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • wevtutil.exe (PID: 5164 cmdline: "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml MD5: 1AAE26BD68B911D0420626A27070EB8D)
              • conhost.exe (PID: 4960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • rsWSC.exe (PID: 1516 cmdline: "C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i MD5: D8021F3B7E9C952B7EC33B929183E8EF)
            • rsClientSvc.exe (PID: 7576 cmdline: "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i MD5: 9170244A34CB903FC5DFBE4159DB6F16)
              • conhost.exe (PID: 7584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • rsEngineSvc.exe (PID: 7648 cmdline: "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i MD5: D8053B9FDBDBB3E32CF583AACB29D1EE)
            • rsEDRSvc.exe (PID: 7768 cmdline: "C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i MD5: 6B03DAEF1CAA676A0BC6E13B4BC8F89B)
      • saBSI.exe (PID: 4484 cmdline: "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
        • installer.exe (PID: 2300 cmdline: "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 58B8915D4281DB10762AF30EAF315C9E)
          • installer.exe (PID: 3176 cmdline: "C:\Program Files\McAfee\Temp1361141607\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: B2B02A72E98408C9E0EBD5036BD7A092)
            • regsvr32.exe (PID: 5928 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
              • regsvr32.exe (PID: 2128 cmdline: /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
            • regsvr32.exe (PID: 480 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
            • regsvr32.exe (PID: 1144 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
              • regsvr32.exe (PID: 5104 cmdline: /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
            • regsvr32.exe (PID: 772 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • WerFault.exe (PID: 1668 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 1320 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • rsSyncSvc.exe (PID: 5756 cmdline: "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10 MD5: 3068531529196A5F3C9CB369B8A6A37F)
  • Uninstall.exe (PID: 6128 cmdline: "C:\Program Files\ReasonLabs\EPP\Uninstall.exe" /auto-repair=RavStub MD5: 436F7DECB25CBA7886B44FA4D6305F91)
    • Uninstall.exe (PID: 3896 cmdline: "C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe" /auto-repair=RavStub MD5: 436F7DECB25CBA7886B44FA4D6305F91)
      • RAVEndPointProtection-installer.exe (PID: 5184 cmdline: "C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe" /auto-repair=RavStub MD5: 31CB221ABD09084BF10C8D6ACF976A21)
  • svchost.exe (PID: 6504 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 5184 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6712 -ip 6712 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • Conhost.exe (PID: 7988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • servicehost.exe (PID: 5124 cmdline: "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" MD5: AF384AA87E3D70F7A687C5C60DA2FB7F)
    • uihost.exe (PID: 6248 cmdline: "C:\Program Files\McAfee\WebAdvisor\UIHost.exe" MD5: D1BEFCFE26C5C2132BDABBF332306004)
  • rsWSC.exe (PID: 7492 cmdline: "C:\Program Files\ReasonLabs\EPP\rsWSC.exe" MD5: D8021F3B7E9C952B7EC33B929183E8EF)
  • rsClientSvc.exe (PID: 7624 cmdline: "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" MD5: 9170244A34CB903FC5DFBE4159DB6F16)
  • rsEngineSvc.exe (PID: 7720 cmdline: "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" MD5: D8053B9FDBDBB3E32CF583AACB29D1EE)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DarkCometDarkComet is one of the most famous RATs, developed by Jean-Pierre Lesueur in 2008. After being used in the Syrian civil war in 2011, Lesuer decided to stop developing the trojan. Indeed, DarkComet is able to enable control over a compromised system through use of a simple graphic user interface. Experts think that this user friendliness is the key of its mass success.
  • APT33
  • Lazarus Group
  • Operation C-Major
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkcomet
NameDescriptionAttributionBlogpost URLsLink
IcedIDAccording to Proofpoint, IcedID (aka BokBot) is a malware originally classified as a banking malware and was first observed in 2017. It also acts as a loader for other malware, including ransomware. The well-known IcedID version consists of an initial loader which contacts a Loader C2 server, downloads the standard DLL Loader, which then delivers the standard IcedID Bot. IcedID is developed and operated by the actor named LUNAR SPIDER.As previously published, historically there has been just one version of IcedID that has remained constant since 2017.* In November 2022, Proofpoint researchers observed the first new variant of IcedID Proofpoint dubbed 'IcedID Lite' distributed as a follow-on payload in a TA542 Emotet campaign. It was dropped by the Emotet malware soon after the actor returned to the e-crime landscape after a nearly four-month break.* The IcedID Lite Loader observed in November 2022 contains a static URL to download a 'Bot Pack' file with a static name (botpack.dat) which results in the IcedID Lite DLL Loader, and then delivers the Forked version of IcedID Bot, leaving out the webinjects and backconnect functionality that would typically be used for banking fraud.* Starting in February 2023, Proofpoint observed the new Forked variant of IcedID. This variant was distributed by TA581 and one unattributed threat activity cluster which acted as initial access facilitators. The campaigns used a variety of email attachments such as Microsoft OneNote attachments and somewhat rare to see .URL attachments, which led to the Forked variant of IcedID.
  • GOLD CABIN
  • Lunar Spider
https://malpedia.caad.fkie.fraunhofer.de/details/win.icedid

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Loggers.Business.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\rsServiceController.DLLJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dllJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 213 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000002B.00000002.2445610095.00000299967CF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0000002D.00000002.2493242434.000001EB9B0B2000.00000002.00000001.01000000.00000034.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0000002C.00000002.3596734872.0000018CAD462000.00000002.00000001.01000000.00000046.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 27 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      8.2.RAVEndPointProtection-installer.exe.135c07c0000.4.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        45.0.rsEDRSvc.exe.1eb809f0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          8.2.RAVEndPointProtection-installer.exe.135c0910000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                            38.0.rsWSC.exe.246c6c60000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              8.2.RAVEndPointProtection-installer.exe.135bd6dd9b0.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                Click to see the 9 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: grpconv -o, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\rundll32.exe, ProcessId: 3752, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv
                                Sigma detected: Potentially Suspicious Rundll32 Activity
                                Source: Process startedAuthor: juju4, Jonhnathan Ribeiro, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf, CommandLine: "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf, CommandLine|base64offset|contains: [HZ, Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silent, ParentImage: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe, ParentProcessId: 5304, ParentProcessName: RAVEndPointProtection-installer.exe, ProcessCommandLine: "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf, ProcessId: 3752, ProcessName: rundll32.exe
                                Sigma detected: Suspicious Rundll32 Setupapi.dll Activity
                                Source: Process startedAuthor: Konstantin Grishchenko, oscd.community: Data: Command: "C:\Windows\system32\runonce.exe" -r, CommandLine: "C:\Windows\system32\runonce.exe" -r, CommandLine|base64offset|contains: , Image: C:\Windows\System32\runonce.exe, NewProcessName: C:\Windows\System32\runonce.exe, OriginalFileName: C:\Windows\System32\runonce.exe, ParentCommandLine: "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 3752, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\system32\runonce.exe" -r, ProcessId: 2536, ProcessName: runonce.exe
                                Sigma detected: Windows Processes Suspicious Parent Directory
                                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 6504, ProcessName: svchost.exe

                                Snort Signatures

                                No Snort rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for submitted file
                                Source: wechat-3.9.7-installer_ae-GFz1.exeVirustotal: Detection: 20%Perma Link
                                Yara detected IcedID
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Njrat
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Quasar RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected RevengeRAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006914F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,6_2_006914F0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006917A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,6_2_006917A0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00645870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,6_2_00645870
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00646220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,6_2_00646220
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067E610 CryptMsgClose,6_2_0067E610
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006467B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,6_2_006467B0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067EB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,6_2_0067EB60
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067F150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,6_2_0067F150
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067F3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,6_2_0067F3C0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3714A0 CryptQueryObject,GetLastError,CryptMsgGetParam,GetLastError,LocalAlloc,CryptMsgGetParam,GetLastError,CertFindCertificateInStore,GetLastError,CertGetNameStringW,CertGetNameStringW,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,9_2_00007FF7DC3714A0

                                Bitcoin Miner

                                barindex
                                Yara detected Coinhive miner
                                Source: Yara matchFile source: 0000002C.00000002.3597757506.0000018CAD720000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Yara detected Crypto Miner
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPED
                                Yara detected Xmrig cryptocurrency miner
                                Source: Yara matchFile source: 0000002C.00000002.3597757506.0000018CAD720000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002C.00000002.3597757506.0000018CADA56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED

                                Compliance

                                barindex
                                Uses 32bit PE files
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Found installer window with terms and condition text
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpWindow detected: HYPERLINK "https://risecodes.com/terms" Terms of UseHYPERLINK "https://risecodes.com/privacy" Privacy PolicyHYPERLINK "https://hello.softonic.com/terms-of-use" End User License AgreementHYPERLINK "https://hello.softonic.com/privacy-policy" Privacy PolicyThis will download WeChat to your computer click "Next" to continue.Welcome to WeChat Download Manager&NextCancel
                                Creates a directory in C:\Program Files
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPPJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Uninstall.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\uninstall.icoJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\CommonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\ClientJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\localesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resourcesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_100_percent.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_200_percent.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\icudtl.datJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSEJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSES.chromium.htmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\af.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\am.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ar.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\bg.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\bn.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ca.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\cs.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\da.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\de.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\en-GB.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\en-US.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es-419.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\et.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fa.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fi.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fil.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\gu.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\he.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hi.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hu.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\id.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\it.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ja.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\kn.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ko.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\lt.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\lv.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ml.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\mr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ms.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\nb.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\nl.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pl.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-BR.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-PT.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ro.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ru.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sk.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sl.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sv.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sw.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ta.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\te.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\th.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\tr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\uk.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ur.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\vi.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\zh-CN.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\zh-TW.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asarJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar.sigJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\snapshot_blob.binJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\v8_context_snapshot.binJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\versionJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader_icd.jsonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\d3dcompiler_47.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\ffmpeg.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libEGL.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libGLESv2.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vulkan-1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPPJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Uninstall.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ReasonLabs-EPP.7zJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\amd64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDRJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elamJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\uiJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpackedJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electronJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-coreJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modulesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftwareJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapiJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuildsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modulesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftwareJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapiJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuildsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-stateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuildsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\rselam.catJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\rsElam.infJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\manifest.jsonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsClient.Protection.Microphone.dll.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsHelper.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsRemediation.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\SecurityProductInformation.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Signatures.datJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asarJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.sigJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\manifest.jsonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\WhiteList.datJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.infJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\amd64\KernelTraceControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\amd64\msdia140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64\KernelTraceControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64\msdia140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64\rsYara-ARM64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\BouncyCastle.Crypto.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Dia2Lib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\KernelTraceControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msdia140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msvcp140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140_1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Dia2Lib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\OSExtensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.JSON.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.AppContext.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Console.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Data.Common.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Data.SQLite.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Pipes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Http.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Ping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Requests.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Security.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Sockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ObjectModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Reader.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Writer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Claims.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Principal.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.SecureString.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Thread.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Timer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ValueTuple.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\TraceReloggerLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Uninstall.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\x64\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\rsElam.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\InstallerLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\mc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Bcl.HashCode.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.FastSerialization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Registry.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.TaskScheduler.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\NAudio.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\netstandard.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsAssistant.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsAtom.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsBridge.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsBuild.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsClient.Protection.Microphone.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsDatabase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Application.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Wsc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsFrame.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsHelper.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsJSON.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsLitmus.A.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsLitmus.S.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsLogger.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsPerformance.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsRemediation.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsServiceController.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsTime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsWSC.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsWSCClient.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.AppContext.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Console.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Data.Common.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Data.SQLite.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.DirectoryServices.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Globalization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.Pipes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Http.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Ping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Requests.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Security.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Sockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ObjectModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Reflection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Resources.Reader.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Resources.Writer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.AccessControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Claims.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Principal.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Principal.Windows.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.SecureString.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Thread.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Timer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ValueTuple.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\EPP.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\7z64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\ext_x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\lz4_x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsCamFilter020502.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsJournal-x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\uninstall.icoJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EDRJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EDR\amd64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EDR\x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ReasonLabs-EPP.7z
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\evntdrv.xml
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rselam.cat
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rsElam.inf
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\manifest.json
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsClient.Protection.Microphone.dll.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\SecurityProductInformation.ini
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\Signatures.dat
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.sig
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\manifest.json
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\WhiteList.dat
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsKernelEngine.inf
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\KernelTraceControl.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\msdia140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\KernelTraceControl.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\msdia140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\rsYara-ARM64.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\BouncyCastle.Crypto.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\Dia2Lib.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\KernelTraceControl.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\msdia140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\msvcp140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\vcruntime140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\vcruntime140_1.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Dia2Lib.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.FastSerialization.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Win32.Primitives.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\netstandard.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\OSExtensions.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll
                                Creates a software uninstall entry
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReasonLabs-EPPJump to behavior
                                Creates install or setup log file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RAVEndPointProtection-installer.exe.logJump to behavior
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeFile created: C:\Program Files\ReasonLabs\EPP\InstallUtil.InstallLog
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeFile created: C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeFile created: C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
                                Creates license or readme file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-cs-CZ.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-da-DK.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-de-DE.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-el-GR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-en-US.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-es-ES.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-es-MX.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-fi-FI.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-fr-CA.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-fr-FR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-hr-HR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-hu-HU.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-it-IT.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-ja-JP.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-ko-KR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-nb-NO.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-nl-NL.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-pl-PL.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-pt-BR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-pt-PT.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-ru-RU.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-sk-SK.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-sr-Latn-CS.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-sv-SE.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-tr-TR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-zh-CN.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-zh-TW.txt
                                PE / OLE file has a valid certificate
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: certificate valid
                                Contains modern PE file flags such as dynamic base (ASLR) or NX
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Binary contains paths to debug symbols
                                Source: Binary string: rsAtom.pdb source: 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3098035990.00000135C0912000.00000002.00000001.01000000.0000003F.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A81AF000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2058447523.0000000002752000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\ServiceHost.pdbu source: installer.exe, 00000013.00000003.2270538414.0000022446C98000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\SettingManager.pdb source: installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main@2\Build\x64\Release\caller_dll.pdb source: installer.exe, 00000013.00000000.2211589353.00007FF7F59B2000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: D:\a\rsStubActivator\rsStubActivator\rsStubActivator\obj\Release\net462\rsStubActivator.pdb source: component0.exe, 00000005.00000000.1949671998.00000292BE792000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: rsTime.pdb source: 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2062756455.0000000002751000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdbGCTL source: installer.exe, 00000013.00000003.2268070159.0000022446C9C000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3609400317.00000207EE450000.00000002.00000001.00040000.00000043.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\BrowserHost.pdbe source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\LogicModule.pdb source: installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb$ source: installer.exe, 00000012.00000002.2405961965.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp, installer.exe, 00000012.00000000.2178276489.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdb source: installer.exe, 00000013.00000003.2268070159.0000022446C9C000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3609400317.00000207EE450000.00000002.00000001.00040000.00000043.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\RavStub\obj\Release\RavStub.pdb source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb< source: 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, rsSyncSvc.exe, 00000009.00000000.2034173626.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 00000009.00000002.2036031681.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000000.2035333427.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000002.3575391594.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\x64\Release\ArchiveUtility.pdb source: 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2055745503.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\ServiceHost.pdb source: installer.exe, 00000013.00000003.2270538414.0000022446C98000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsJSON.pdbHG source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: rsServiceController.pdb source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\TaskManager.pdb source: installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\rsStubLib\obj\Release\rsStubLib.pdb source: 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2834700953.00000135A6892000.00000002.00000001.01000000.0000003C.sdmp, Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\TaskManager.pdb{ source: installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdbSHA256 source: 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3099063497.00000135C09A2000.00000002.00000001.01000000.00000040.sdmp, Uninstall.exe, 0000000D.00000003.2056382460.0000000002754000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\BrowserHost.pdb source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb source: installer.exe, 00000012.00000002.2405961965.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp, installer.exe, 00000012.00000000.2178276489.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdb source: installer.exe, 00000013.00000003.2286589668.0000022446C94000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsDatabase.pdb source: 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2059111756.000000000275C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIManager.pdb source: installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000000.1974718176.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\Installer.pdb source: installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\LookupManager.pdb source: installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb@ source: 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\Uninstaller.pdb source: installer.exe, 00000013.00000003.2298743769.0000022446E3B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdb source: 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3090043199.00000135C06C2000.00000002.00000001.01000000.0000003D.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8655000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdbu source: installer.exe, 00000013.00000003.2286589668.0000022446C94000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdb source: 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3099063497.00000135C09A2000.00000002.00000001.01000000.00000040.sdmp, Uninstall.exe, 0000000D.00000003.2056382460.0000000002754000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\EventManager.pdb source: installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsJSON.pdb source: 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3091227950.00000135C07C2000.00000002.00000001.01000000.0000003E.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\Dev3\Elam\4\rsElam\x64\Release\rsElam.pdb source: RAVEndPointProtection-installer.exe, 00000008.00000002.3092202963.00000135C08BB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb source: 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, rsSyncSvc.exe, 00000009.00000000.2034173626.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 00000009.00000002.2036031681.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000000.2035333427.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000002.3575391594.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdbx source: 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3090043199.00000135C06C2000.00000002.00000001.01000000.0000003D.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8655000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\AnalyticsManager.pdb source: installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\LookupManager.pdbG source: installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmp
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405C4D
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_0040689E FindFirstFileW,FindClose,7_2_0040689E
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_00402930 FindFirstFileW,7_2_00402930
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,12_2_00405C4D
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_0040689E FindFirstFileW,FindClose,12_2_0040689E
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_00402930 FindFirstFileW,12_2_00402930
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,13_2_00405C4D
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_0040689E FindFirstFileW,FindClose,13_2_0040689E
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_00402930 FindFirstFileW,13_2_00402930
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-1P17I.tmpJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extractJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior

                                Networking

                                barindex
                                Yara detected Generic Downloader
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.API.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC37F6E0 _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,URLDownloadToFileA,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC37F6E0
                                Source: installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%u.%u.%u.%uhttps://%%=?=?&/invalid
                                Source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmp, servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1%
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
                                Source: installer.exe, 00000013.00000003.2262291160.00000224469A4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2264009527.0000022446993000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: installer.exe, 00000013.00000003.2229760665.00000224469F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertT
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478764933.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176837518.0000000005DF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478932415.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2444105122.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2453899301.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedGi
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.CS
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176837518.0000000005DF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478932415.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174774608.000000000321A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustj
                                Source: servicehost.exe, 00000017.00000003.2495336169.000001FFEDCC7000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2368660207.000001FFEDCD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert:
                                Source: servicehost.exe, 00000017.00000002.3609961013.00000207EE4A0000.00000004.00000800.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2431039291.00000207EE8A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://caligatio.github.com/jsSHA/
                                Source: regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx#
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx&
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx(
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx.
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx/
                                Source: servicehost.exe, 00000017.00000003.2366447376.000001FFED1DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx0c1
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx76
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx79
                                Source: regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx=
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx?
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx?;x
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxB
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxC
                                Source: servicehost.exe, 00000017.00000003.2366447376.000001FFED1DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxF
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxH
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxI
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxK
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxNJ
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxS
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxS9
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxT
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxV
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxW
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxZ
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx_
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxd
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxf
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxg
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxh
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxj
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxl
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxootG4.crt0
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxovider
                                Source: servicehost.exe, 00000017.00000003.2366447376.000001FFED1DF000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxping
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxr
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxrnal
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxs;r
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxw
                                Source: servicehost.exe, 00000017.00000003.2366447376.000001FFED1DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxy
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
                                Source: servicehost.exe, 00000017.00000003.2375921574.000001FFEDE33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codes
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289610124.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276357578.00000224469F7000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241512951.00000224469F8000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2239013560.00000224469EA000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2173001007.0000000005A66000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289610124.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276357578.00000224469F7000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2278852743.0000022446A0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                Source: servicehost.exe, 00000017.00000003.2432944527.000001FFEDECC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
                                Source: installer.exe, 00000013.00000003.2262291160.00000224469A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.di
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2391298191.00000207EE5DB000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
                                Source: installer.exe, 00000013.00000003.2274435274.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2286389647.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2219182759.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274021637.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2277127253.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2270076034.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2278147598.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245748910.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2244688082.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2246812728.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2287764867.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2286914109.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2270777463.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2275372509.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2242246263.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2264850438.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2251677354.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276477193.00000224469DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digic
                                Source: installer.exe, 00000013.00000003.2253712172.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217431676.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289117576.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2262291160.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2263492137.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2268436630.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2288756225.00000224469DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digice
                                Source: installer.exe, 00000013.00000003.2256176235.00000224469E0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2258972491.00000224469DD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2254304454.00000224469DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digiceR
                                Source: installer.exe, 00000013.00000003.2214210454.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213780885.00000224469E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com
                                Source: installer.exe, 00000013.00000003.2233351941.00000224469E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertA
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174802519.0000000005D34000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertT
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096S:
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2377633723.000001FFEDD2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SH
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478764933.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176837518.0000000005DF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478932415.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2444105122.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2453899301.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: Uninstall.exe, 0000000D.00000003.2058447523.0000000002752000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241512951.00000224469F8000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2221661665.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2219767801.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2278852743.0000022446A0E000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2265750470.0000022444BD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2237353189.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2214462173.0000022446994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: servicehost.exe, 00000017.00000003.2375921574.000001FFEDE33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertT~
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/e
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                Source: saBSI.exe, 00000006.00000002.2478411515.00000000059F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en3
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d14mh4uvqj4iiz.cloudfront.net
                                Source: installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.mcafee.com/
                                Source: installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.mcafee.com/SaveEulaTrackingDetailsHost:
                                Source: 40kgqfax.exe, 00000007.00000000.1980567482.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, 40kgqfax.exe, 00000007.00000002.3135294913.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, Uninstall.exe, 0000000C.00000000.2048447862.000000000040A000.00000008.00000001.01000000.00000013.sdmp, Uninstall.exe, 0000000C.00000002.2053745835.000000000040A000.00000004.00000001.01000000.00000013.sdmp, Uninstall.exe, 0000000D.00000000.2052839016.000000000040A000.00000008.00000001.01000000.00000015.sdmp, Uninstall.exe, 0000000D.00000002.3571693581.000000000040A000.00000004.00000001.01000000.00000015.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0.
                                Source: installer.exe, 00000013.00000003.2253957097.0000022444B8C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2254157205.0000022444B8C000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.di
                                Source: servicehost.exe, 00000017.00000003.2368660207.000001FFEDCD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digic
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176837518.0000000005DF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478932415.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174774608.000000000321A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2165346763.0000000005A3C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478764933.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176837518.0000000005DF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478932415.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2444105122.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2453899301.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.cos
                                Source: installer.exe, 00000013.00000003.2267385234.0000022446A0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.glob
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289610124.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276357578.00000224469F7000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241512951.00000224469F8000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2239013560.00000224469EA000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2173001007.0000000005A66000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289610124.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276357578.00000224469F7000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2278852743.0000022446A0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                Source: servicehost.exe, 00000017.00000003.2432944527.000001FFEDECC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                Source: servicehost.exe, 00000017.00000002.3609961013.00000207EE4A0000.00000004.00000800.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2431039291.00000207EE8A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pajhome.org.uk/crypt/md5
                                Source: installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0591000.00000004.00000800.00020000.00000000.sdmp, component0.exe, 00000005.00000002.3145337309.00000292C0621000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/search?ei=UTF-8&fr=mcafeess1&p=
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/ca
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289610124.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276357578.00000224469F7000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241512951.00000224469F8000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2239013560.00000224469EA000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2563203619.00000000050C0000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1973769500.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174681203.0000000005CF3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2176993875.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2173001007.0000000005A66000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2174916866.0000000005A67000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289610124.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276357578.00000224469F7000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2278852743.0000022446A0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://shield.reasonsecurity.com
                                Source: Uninstall.exe, 0000000C.00000002.2053961517.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.2574258255.00000000021CA000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1698490474.0000000002520000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1708336351.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
                                Source: servicehost.exe, 00000017.00000003.2378863641.000001FFED794000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2375921574.000001FFEDE33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
                                Source: installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: http://www.siteadvisor.com/favicon.ico
                                Source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.siteadvisor.com/favicon.icoF59B2EC8-1D34-435D-B539-435BA415D1B6aapocclcgogkmnckokdopfmhon
                                Source: installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.siteadvisor.com/favicon.icoMcAfee
                                Source: installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.siteadvisor.com/favicon.icoMcAfeebepbmhgboaologfdajaanbcjmnhjmhfnapdfllckaahabafndbhieahi
                                Source: installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: http://www.siteadvisor.com/favicon.icoblpcfgokakmgnkcojhhkbfbldkacnbeobepbmhgboaologfdajaanbcjmnhjmh
                                Source: installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://.servicebus.windows.net/&se=&skn=Failed
                                Source: installer.exe, 00000013.00000003.2298743769.0000022446E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://.servicebus.windows.net//messages?timeout=60&api-version=2014-01&skn=Failed
                                Source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmp, servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.1%
                                Source: servicehost.exe, 00000017.00000002.3622241227.00000207EEB90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2000012310.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013792271.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3603961084.000001FFEDEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
                                Source: servicehost.exe, 00000017.00000002.3620985273.00000207EEA5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/webadvisor/v1/record)
                                Source: servicehost.exe, 00000017.00000002.3620132169.00000207EEA40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/webadvisor/v1/record);APIEndpointTransport:
                                Source: saBSI.exe, 00000006.00000002.2477013407.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
                                Source: saBSI.exe, 00000006.00000002.2477013407.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordbq0pzMh1iysE9YiVlC14kJF9ZI
                                Source: installer.exe, 00000013.00000003.2298743769.0000022446E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.comContent-Type:
                                Source: servicehost.exe, 00000017.00000002.3574570108.000000002D190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.comK
                                Source: saBSI.exe, 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000000.1974718176.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3574570108.000000002D190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com
                                Source: servicehost.exe, 00000017.00000002.3574570108.000000002D190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com;
                                Source: installer.exe, 00000013.00000003.2298743769.0000022446E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.comAWS
                                Source: installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.comhttps://analytics.apis.mcafee.com&skn=Failed
                                Source: installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.comhttps://analytics.apis.mcafee.comContent-Type:
                                Source: installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.comhttps://analytics.apis.mcafee.comPUT/mosaic/2.0/product-web/am/v
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8021000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8021000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.reasonsecurity.com/rav-dist/packages/ReasonLabs-EPP-x64-v5.30.4.7z
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDDF0000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2435092759.00000207EE748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/gossip/gossip-ch-partner?output=fxjson&appid=mca&source=yahoo_mcafe
                                Source: servicehost.exe, 00000017.00000003.2435092759.00000207EE748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/gossip/gossip-ch-partner?output=fxjson&appid=mca&sourtV
                                Source: installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/mcafee%C2%AE-secure-search/enppghjcblldgigemljohkgpcompnjg
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/v
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/v1
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/v1/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/v1/g
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/v1/ge
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/v1/get
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://comipass.reasonsecurity.com/v1/getX
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config-beta.reasonsecurity.com/X
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.reasonsecurity.com/X
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757998077.0000000000899000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756258872.0000000000895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.2068020565.0000000005436000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2567299374.0000000005436000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.2046503801.0000000005431000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/T
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1698490474.0000000002520000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2557197839.0000000003500000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1708336351.0000000003490000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2558735453.00000000035CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png#
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.pngM
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.pngN
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.pngmA
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.pngq
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.0000000002430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1974049154.00000000053C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip2432
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipdg
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/images/880/update2/EN.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/images/880/update2/EN.png7
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/images/880/update2/EN.pngM
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1974049154.00000000053C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/images/880/update2/EN.pngO
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/f/WebAdvisor/images/880/update2/EN.pngO3
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1698490474.0000000002520000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2557197839.0000000003500000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1708336351.0000000003490000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.0000000002472000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/o
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1708336351.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/zbd
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.00000000024CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/zbd.
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.00000000024CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/zbdY
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net/zbdf
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1800028229.0000000005341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net:443/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1800028229.0000000005341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net:443/f/WebAdvisor/images/880/update2/EN.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.000000000536C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net:443/zbd
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.000000000536C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2dbdb0phbn9qb.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F94000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://electron-shell.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F94000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AAB000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://electron-shell.reasonsecurity.com/v1.4.2/ReasonLabs-v1.4.2.7z
                                Source: 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3099063497.00000135C09A2000.00000002.00000001.01000000.00000040.sdmp, Uninstall.exe, 0000000D.00000003.2056382460.0000000002754000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dahall/taskscheduler
                                Source: 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                                Source: 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                                Source: servicehost.exe, 00000017.00000002.3603961084.000001FFEDEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
                                Source: servicehost.exe, 00000017.00000002.3603961084.000001FFEDEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla/webcompat-reporter
                                Source: servicehost.exe, 00000017.00000002.3603961084.000001FFEDEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla/webcompat-reporterdj
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.000000000752B000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008C8000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.2046672586.0000000005401000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2566897354.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gsf-fl.softonic.com/361/738/abda546ab2fc780789a74d376a5f1f4ceb/WeChatSetup.exe?Expires=17171
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005340000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000916000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hello.softonic.com/privacy-policy
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hello.softonic.com/privacy-policyion
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hello.softonic.com/terms-of-use
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcG
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mca
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcaf
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.1
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.c
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.co2F
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/RoGF
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Roo
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/Abo
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/Abou
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutU
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.asp
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?i
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=a
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eWD
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eu5D
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eul
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000090F000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000913000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000916000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eulal/legal.htmlEC6-6A8301C7413A
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eulaxE
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUsT
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafeek
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafep
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000916000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756258872.0000000000890000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757998077.000000000088F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://images.sftcdn.net/images/t_app-icon-s
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000000.1697705413.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecurity.co
                                Source: Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AAB000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logziop.reasonsecurity.comX
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mcafee.com/
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mcafee.com/m
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/platform/packages/essential?utm_source=rav_uninstall&utm_medium=home_website_
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/platform/products/rav/privacy-policy?utm_source=rav_antivirus_installer
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/platform/products/rav/terms?utm_source=rav_antivirus_installer
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.000000000536C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesd1cdb8fa208cbf28300ff7afb2831ae5cc56317724
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.2068020565.0000000005436000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2567299374.0000000005436000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.2046503801.0000000005431000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesm/rsSth
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesm/rsStubActivator.exe
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesm/rsStubActivator.exehD
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesm/rsStz
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiest.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiest.net/f/WebAdvisor/images/880/update2/EN.pngO
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies~
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.000000000536C000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000090A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/rav_online_security_policies
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/rav_online_security_policiese
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/rav_online_security_policiese0
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/rav_online_security_policiesehD
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/rav_online_security_policiesf7afb2831ae5cc56317724g
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/rav_online_security_policiestmlV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/rav_online_security_policiestmlr.pngupdate2/EN.png
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.000000000088C000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1708336351.0000000003490000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.00000000074A7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://risecodes.com/privacy
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.000000000088C000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1708336351.0000000003490000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.00000000074A7000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2544607215.0000000000195000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://risecodes.com/terms
                                Source: saBSI.exe, 00000006.00000003.2013792271.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.0000000003190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/0
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/V
                                Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013759142.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455366395.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.00000000031EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013759142.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2027249596.0000000003208000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2027758191.000000000320C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
                                Source: saBSI.exe, 00000006.00000003.2027652866.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2027738754.00000000059F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
                                Source: saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml3
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlO
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmli
                                Source: saBSI.exe, 00000006.00000003.2027249596.0000000003208000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2027758191.000000000320C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml
                                Source: saBSI.exe, 00000006.00000003.2027652866.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2027738754.00000000059F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml/
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000317D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000317D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.000000000317D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml/prod
                                Source: saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478548020.0000000005A42000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455366395.00000000031E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013759142.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455366395.00000000031E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.I-
                                Source: saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454848093.000000000320C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.00000000031F0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.0000000003190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454504012.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454637878.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455366395.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2087904267.0000000005A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlL
                                Source: saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlWJ
                                Source: saBSI.exe, saBSI.exe, 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2478548020.0000000005A42000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013792271.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000000.1974718176.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000003.2013792271.0000000003190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2000012310.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013792271.00000000031A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xmlUH
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013759142.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455366395.00000000031E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xmlT
                                Source: saBSI.exe, 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000000.1974718176.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
                                Source: regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json$
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json%
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json&
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json&:
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json-
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json.
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json.;
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json/?
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json0240510203524ZF
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json2
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json2:
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json3
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json3.6.1.4.1.4146.1.2
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json4?
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json7
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json7.1v=
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json:;
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json;/
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json?
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonA?
                                Source: regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonC
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonCK
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonD
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonD:
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonE
                                Source: regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonG
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonG%v
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonI
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonIFIER=I
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonM
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonP
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPD
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPath=C:
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPb
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonQ
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonR
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonR:
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonS
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonV
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonZ
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json_
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonc
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsond
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsond:i
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonessor.luc
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsong
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonh
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonig.luc
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonisallowed
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonj
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonk
                                Source: regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonl
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonluc
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonp
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonp:
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonr
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsons
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsontoItXPKK
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonu
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonuce
                                Source: servicehost.exe, 00000017.00000003.2432599104.00000207EE703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonv
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonw
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsony
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json~:S
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454848093.000000000320C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
                                Source: saBSI.exe, 00000006.00000003.2454504012.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454637878.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2087904267.0000000005A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
                                Source: saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
                                Source: saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455366395.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.00000000031EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
                                Source: saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlB
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binaryA
                                Source: saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsiseon
                                Source: saBSI.exe, 00000006.00000002.2477013407.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2478411515.00000000059F0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2087904267.0000000005A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/898/
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/898/64/installer.exe
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2087904267.0000000005A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
                                Source: saBSI.exe, 00000006.00000003.2454504012.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2477013407.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454637878.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454175366.0000000005A37000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2444537454.0000000005A37000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455066759.0000000005A26000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2087904267.0000000005A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/WebAdvisor/Win/1.2/181/1/dataConfig.cab
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/WebAdvisor/Win/update_product.xml
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/WebAdvisor/Win/update_product.xmlsearchM32~
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa-
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
                                Source: saBSI.exe, 00000006.00000003.2454504012.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454637878.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2087904267.0000000005A1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
                                Source: saBSI.exe, 00000006.00000003.2122463092.0000000005A76000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDDF0000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2374717219.000001FFEDDFD000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/win/ca/update.xml
                                Source: servicehost.exe, 00000017.00000002.3607804090.00000207EE2C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/win/ca/update.xmlFailed
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa1
                                Source: regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa5
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa6
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa;
                                Source: regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saG
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saR=
                                Source: saBSI.exe, 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000000.1974718176.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sadB
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sadows_
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sae
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saeB
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sag
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2495336169.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDCE6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/san
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sang
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sao8f
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saozilla.org.xpi
                                Source: regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saq
                                Source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2286589668.0000022446C94000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2298743769.0000022446E3B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmp, installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2270538414.0000022446C98000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saupdater.exeWebAdvisor_Updaterthreat.api.mcafee.comheron_tok
                                Source: servicehost.exe, 00000017.00000003.2495583235.000001FFEDD22000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saurnal
                                Source: regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sax
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/BSI/bsi_abtest.xmlWarning
                                Source: saBSI.exe, 00000006.00000003.2088006187.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/bsi/4.1.1/install.xmlg
                                Source: saBSI.exe, 00000006.00000002.2477013407.0000000003203000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2455204576.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/update/post_install.xmltribution
                                Source: servicehost.exe, 00000017.00000003.2375921574.000001FFEDE33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/WebAdvisor/Win/update_product.xml
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0L
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/R
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/Re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/Rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/Reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/Reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/Reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonL
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLa
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLab
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-D
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DN
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-s
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-se
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-set
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.e
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.ex
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.exe
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.exe?
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.exe?i
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.exe?id
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.exe?id=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-V
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VP
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-s
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-se
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-set
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.e
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.ex
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?o
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oi
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=2
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&d
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dt
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=t
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=tr
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=tru
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&p
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&pt
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&i
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&id
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&id=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecu
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0621000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.co
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0591000.00000004.00000800.00020000.00000000.sdmp, component0.exe, 00000005.00000002.3145337309.00000292C0621000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/R
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/Re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/Rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/Reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/Reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/Reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonL
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLa
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLab
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-D
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DN
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-s
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-se
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-set
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.e
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.ex
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0591000.00000004.00000800.00020000.00000000.sdmp, component0.exe, 00000005.00000000.1949671998.00000292BE792000.00000002.00000001.01000000.0000000B.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.exe
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.exe?
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.exe?i
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.exe?id
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.exe?id=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-E
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EP
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-s
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-se
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-set
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setup
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setup.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setup.e
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setup.ex
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0591000.00000004.00000800.00020000.00000000.sdmp, component0.exe, 00000005.00000000.1949671998.00000292BE792000.00000002.00000001.01000000.0000000B.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setup.exe
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setup.exe?dui=9e146be9-c76a-4720-bcdb-53011b87bd06&
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-EPP-setup.exeX
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-V
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VP
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-s
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-se
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-set
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.e
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.ex
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0591000.00000004.00000800.00020000.00000000.sdmp, component0.exe, 00000005.00000000.1949671998.00000292BE792000.00000002.00000001.01000000.0000000B.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?o
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oi
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=2
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&d
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dt
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=t
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=tr
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=tru
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&p
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&pt
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&i
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&id
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&id=
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000090F000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeIE
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeR
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeU
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeVE
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeafb2831ae5cc5631772432
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeges/880/update2/EN.png
                                Source: component0.exe, 00000005.00000002.3145337309.00000292C0591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com:443/ReasonLabs-EPP-setup.exe?dui=9e146be9-c76a-4720-bcdb-53011b87b
                                Source: 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://system.data.sqlite.org/
                                Source: 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://system.data.sqlite.org/X
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.a
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.an
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.ana
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.anal
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analy
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A81AF000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analyt
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analyti
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytic
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-d
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-da
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-dat
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.i
                                Source: RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.io
                                Source: RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.io/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.io/X
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.ioX
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8021000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.ioYTD2bje3MpZmRHfvPqjEhgac5rqRkvTdeZLa&4?y
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud-beta.reasonsecurity.comX
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ud.reasonsecurity.comX
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/live
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/u
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/up
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/upd
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/upda
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/updat
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/update
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update-beta.reasonsecurity.com/v2/updateX
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.r
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.re
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8021000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.rea
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reas
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reaso
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reason
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasons
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonse
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsec
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecu
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecur
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecuri
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurit
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F94000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/
                                Source: rsSyncSvc.exe, 0000000B.00000002.3571167388.000001FEF2F10000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/live
                                Source: rsSyncSvc.exe, 0000000B.00000002.3571167388.000001FEF2F19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/live-bn:ReasonLabs-dt:10
                                Source: rsSyncSvc.exe, 00000009.00000002.2035855661.000001C0C4F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/live-dt:10
                                Source: rsSyncSvc.exe, 00000009.00000002.2035855661.000001C0C4F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/liveP2
                                Source: rsSyncSvc.exe, 00000009.00000002.2035855661.000001C0C4F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/liveP=p
                                Source: rsSyncSvc.exe, 0000000B.00000002.3571167388.000001FEF2F10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/livelivee
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/u
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/up
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/upd
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/upda
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/updat
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/update
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v2/updateX
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007564000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007572000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wechat.en.softonic.com&Filename=WeChatSetup.exe
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.000000000246B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wechat.en.softonic.com&Filename=WeChatSetup.exeLINK
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wechat.en.softonic.com&Filename=WeChatSetup.exec.com&Filename=WeChatSetup.exe
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.000000000246B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wechat.en.softonic.com&Filename=WeChatSetup.exel
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.000000000244D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wechat.en.softonic.com/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2551383758.00000000024D1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wechat.en.softonic.comA
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www%.mcafee%.com/consumer/.
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www%.siteadvisor%.com/mav/install%?product=mav&type=60days
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www%.siteadvisor%.com/mav/install%?product=mav&type=60days;
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www%.siteadvisor%.com/mav/install%?product=mav&type=perpetual
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www%.siteadvisor%.com/mav/install%?product=mav&type=perpetualC
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www%.siteadvisor%.com/mav/install%?product=sc&type=perpetual
                                Source: servicehost.exe, 00000017.00000002.3570446725.000000002D070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www%.siteadvisor%.com/mav/install%?product=sc&type=perpetualC
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-productskE
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policyK
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy7
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.forbes.com/sites/forbestechcouncil/2022/07/13/why-do-hacks-happen-four-ubiquitous-motiva
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238844505.0000022446A07000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2245710278.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289610124.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2231080596.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2213298002.0000022446991000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2274268789.00000224469F9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2220409392.0000022446A01000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2238984981.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2276357578.00000224469F7000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241512951.00000224469F8000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2294350580.0000022446A00000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2243796296.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2282084799.00000224469F4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2239013560.00000224469EA000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2216416373.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2291610205.00000224469E9000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2278852743.0000022446A0E000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2265750470.0000022444BD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2237353189.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2246002983.0000022446A11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                                Source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                                Source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=%s
                                Source: installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://www.google.com/search?q=%sSoftware
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002660000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000000.1706614187.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/cNF
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/con
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consum
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.00000000075A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consume
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2558735453.00000000035CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/e
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2558735453.00000000035CD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-u
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/pol
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/g$D
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/gl
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/glob
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/globa
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/l
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/le
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/lega
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.htm0
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000090F000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000913000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.000000000088C000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000916000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.0000000000919000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.0000000000919000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2255409083.0000022444B83000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2255093915.0000022446C97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.ht~
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007596000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/l
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007596000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/le
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007544000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007572000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlb2831a
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlj
                                Source: installer.exe, 00000012.00000003.2210732752.00000186D8D17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/nl-nl/policy/legal.html
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000019.00000003.2365211637.0000000002D14000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html$
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html(
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html.
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html1nlt
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html6
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html96
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html:
                                Source: regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html?
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlC7
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlF
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlJ
                                Source: saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlM
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlN
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlR
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlV
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlf
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlg
                                Source: servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlh
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlo9v
                                Source: servicehost.exe, 00000017.00000002.3601393673.000001FFEDE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlo;v
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlv
                                Source: servicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlw
                                Source: servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html~
                                Source: installer.exe, 00000012.00000003.2210732752.00000186D8D17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/legal
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.co~
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.c
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.co
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com
                                Source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/X
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002660000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000000.1706614187.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
                                Source: installer.exe, 00000013.00000003.2298743769.0000022446D15000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2299484433.0000022446A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.siteadvisor.com
                                Source: installer.exe, 00000013.00000003.2244196814.0000022446C9C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2244391274.0000022446AA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.siteadvisor.com/ff/install

                                Key, Mouse, Clipboard, Microphone and Screen Capturing

                                barindex
                                Yara detected LaZagne password dumper
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405705

                                E-Banking Fraud

                                barindex
                                Yara detected IcedID
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Njrat
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Quasar RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected RevengeRAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\elam\rselam.catJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\elam\rselam.cat (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rselam.catJump to dropped file

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Yara detected Nemty Ransomware
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Wannacry ransomware
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Reads the Security eventlog
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\rsWSC
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Reads the System eventlog
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\rsWSC
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Writes a notice file (html or txt) to demand a ransom
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile dropped: C:\Program Files\McAfee\Temp1361141607\jslang\eula-en-US.txt -> encryption key for your account secure because without them you may lose access to your data. you are solely responsible and liable for any activity that occurs under your account, including by anyone who uses your account. if there is any unauthorized use or access to your account, you must let us know immediately. we are not responsible for any loss caused by unauthorized use of or access to your account; however, you may be liable for any losses we or others suffer because of the unauthorized use. we do not have access to master passwords and cannot recover your encrypted data if you forget the master password for any password management feature or product. we offer both free and premium versions of our password and identity management software, and the free versions limit the maximum number of unique accounts (such as a website or application login) that you can store. if you have downloaded a premium version of the software at no cost during a promotion, then when the promotional period ends you will notJump to dropped file
                                Writes many files with high entropy
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1 (copy) entropy: 7.99597518735Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1.zip (copy) entropy: 7.99597518735Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe entropy: 7.99268446314Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ReasonLabs-EPP.7z entropy: 7.99998386038Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Temp\electron.7z entropy: 7.99999530372Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources.pak entropy: 7.99555496455Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\analyticsmanager.cab entropy: 7.99966205396Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\browserhost.cab entropy: 7.99940458789Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\browserplugin.cab entropy: 7.99921375745Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\downloadscan.cab entropy: 7.99971567747Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\eventmanager.cab entropy: 7.99961026418Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\logicmodule.cab entropy: 7.99963027056Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\lookupmanager.cab entropy: 7.99940721056Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\mfw-webadvisor.cab entropy: 7.99749591242Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\mfw.cab entropy: 7.99504677769Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\servicehost.cab entropy: 7.99683451054Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\settingmanager.cab entropy: 7.99942430965Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\taskmanager.cab entropy: 7.9996376975Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\uihost.cab entropy: 7.99722395671Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\uimanager.cab entropy: 7.99950321932Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\uninstaller.cab entropy: 7.99937886305Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\updater.cab entropy: 7.99943711138Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\wataskmanager.cab entropy: 7.99986130185Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\wssdep.cab entropy: 7.9988485709Jump to dropped file
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi entropy: 7.99707344308Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat entropy: 7.99856800924Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat entropy: 7.99349687059Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat entropy: 7.99878246729Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat entropy: 7.99906604364Jump to dropped file

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: Detects CactusTorch Hacktool Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: Detects PowerShell ISESteroids obfuscation Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: Detects Empire component - file Invoke-EgressCheck.ps1 Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: Detects PowerShell content designed to retrieve passwords from host Author: ditekSHen
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Detects a tool used by APT groups - file PwDump.exe Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Detects NoPowerShell hack tool Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Monero mining software Author: Christiaan Beek | McAfee ATR Team
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: HackTool_MSIL_SharPersist_2 Author: unknown
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects Quasar RAT Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects Quasar RAT Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects RevengeRAT malware Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects Bandook RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects BlackShades RAT Author: Brian Wallace (@botnet_hunter)
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects BlueBanana RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects Bozok RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects CyberGate RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects Imminent RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects PoisonIvy RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects ShadowTech RAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects xRAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detects BeyondExec Remote Access Tool - file rexesvr.exe Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: rule to hit on the xored doublepulsar shellcode Author: patrick user
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: rule to hit on the xored doublepulsar dll injection shellcode Author: patrick user
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: 9002 code features Author: Seth Hardy
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: 9002 Identifying Strings Author: Seth Hardy
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: xRAT Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: ShadowTech Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Bandook Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: BlueBanana Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Imminent Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: PoisonIvy_2 Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: CyberGate Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: CSIT_14003_03 Author: unknown
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: gh0st Author: https://github.com/jackcr/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detetcs the Nanocore RAT and similar malware Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Bozok Author: Kevin Breen <kevin@techanarchy.net>
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Regla para detectar Tesla con md5 Author: CCN-CERT
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Regla para detectar Ransom.Satana Author: CCN-CERT
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Regla para detectar el dropper de Ransom.Satana Author: CCN-CERT
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Regla para detectar Ransom.Satana Author: CCN-CERT
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Regla para detectar el dropper de Ransom.Satana Author: CCN-CERT
                                Yara detected DarkComet
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Drops large PE files
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile dump: rsAppUI.exe.8.dr 166021264Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00646220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,6_2_00646220
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC374BB0 RegCreateKeyExW,RegCloseKey,OutputDebugStringW,OpenSCManagerW,OpenServiceW,CloseServiceHandle,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC374BB0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC39E4D0 WTSGetActiveConsoleSessionId,ProcessIdToSessionId,OpenProcess,OpenProcessToken,CloseHandle,GetLastError,DuplicateTokenEx,CloseHandle,CreateProcessAsUserW,CloseHandle,WaitForSingleObject,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC39E4D0
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040351C
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,12_2_0040351C
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,13_2_0040351C
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\elam\rsElam.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\system32\drivers\rsCamFilter020502.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\system32\drivers\rsCamFilter020502.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\system32\drivers\rsKernelEngine.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\system32\drivers\rsElam.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\system32\drivers\rsKernelEngine.sys
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsEngineSvc.exe.log
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile deleted: C:\Windows\System32\drivers\rsKernelEngine.sys
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AACEE56_3_05AACEE5
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AACEE56_3_05AACEE5
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AACEE56_3_05AACEE5
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AACEE56_3_05AACEE5
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00644F506_2_00644F50
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00648FB06_2_00648FB0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006470D96_2_006470D9
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0064F1106_2_0064F110
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006673B06_2_006673B0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067D5406_2_0067D540
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006818406_2_00681840
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00663AC06_2_00663AC0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067FFE06_2_0067FFE0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006781906_2_00678190
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006883A06_2_006883A0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067A5406_2_0067A540
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006906606_2_00690660
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C86096_2_006C8609
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0062A6106_2_0062A610
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006847C06_2_006847C0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006D68E06_2_006D68E0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006828A06_2_006828A0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006B09196_2_006B0919
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006D09926_2_006D0992
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006D0AB26_2_006D0AB2
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006B0B4B6_2_006B0B4B
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00622B006_2_00622B00
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00686D436_2_00686D43
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006AADD06_2_006AADD0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006B0DB06_2_006B0DB0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00658EA06_2_00658EA0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0062CF406_2_0062CF40
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0067F1506_2_0067F150
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0066D2C06_2_0066D2C0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006BB3406_2_006BB340
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006B933A6_2_006B933A
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006254006_2_00625400
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0068B4F06_2_0068B4F0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C14AF6_2_006C14AF
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006876026_2_00687602
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0062F8306_2_0062F830
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006CD8E06_2_006CD8E0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006B390B6_2_006B390B
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00683A306_2_00683A30
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0065FB406_2_0065FB40
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00653C506_2_00653C50
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0064BCB06_2_0064BCB0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00627D106_2_00627D10
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_00406C5F7_2_00406C5F
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BAD5A208_2_00007FFD9BAD5A20
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BAC297D8_2_00007FFD9BAC297D
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC3481E8_2_00007FFD9BC3481E
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC343E58_2_00007FFD9BC343E5
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC3A0158_2_00007FFD9BC3A015
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC387D28_2_00007FFD9BC387D2
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC352F18_2_00007FFD9BC352F1
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC3B6A08_2_00007FFD9BC3B6A0
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC3461C8_2_00007FFD9BC3461C
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC32E088_2_00007FFD9BC32E08
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC34CEC8_2_00007FFD9BC34CEC
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC305188_2_00007FFD9BC30518
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC3A4DC8_2_00007FFD9BC3A4DC
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC300788_2_00007FFD9BC30078
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC3BC818_2_00007FFD9BC3BC81
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC343FF8_2_00007FFD9BC343FF
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC392AD8_2_00007FFD9BC392AD
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC391408_2_00007FFD9BC39140
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC370C48_2_00007FFD9BC370C4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3771C09_2_00007FF7DC3771C0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC374BB09_2_00007FF7DC374BB0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3F0D549_2_00007FF7DC3F0D54
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC37B5E09_2_00007FF7DC37B5E0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3D9DA09_2_00007FF7DC3D9DA0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3F65D49_2_00007FF7DC3F65D4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3836609_2_00007FF7DC383660
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC37F6E09_2_00007FF7DC37F6E0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3FF6D49_2_00007FF7DC3FF6D4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DC76C9_2_00007FF7DC3DC76C
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3E9F809_2_00007FF7DC3E9F80
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3E61809_2_00007FF7DC3E6180
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3D9FA49_2_00007FF7DC3D9FA4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3EAFBC9_2_00007FF7DC3EAFBC
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3F28709_2_00007FF7DC3F2870
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3F18689_2_00007FF7DC3F1868
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC37A0809_2_00007FF7DC37A080
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DB8249_2_00007FF7DC3DB824
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3EE0249_2_00007FF7DC3EE024
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3F68509_2_00007FF7DC3F6850
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DB1089_2_00007FF7DC3DB108
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3E40B09_2_00007FF7DC3E40B0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3A29609_2_00007FF7DC3A2960
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC39C9909_2_00007FF7DC39C990
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3959909_2_00007FF7DC395990
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3D99909_2_00007FF7DC3D9990
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3ED18C9_2_00007FF7DC3ED18C
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3FF1889_2_00007FF7DC3FF188
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3E69349_2_00007FF7DC3E6934
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3941409_2_00007FF7DC394140
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3FD1EC9_2_00007FF7DC3FD1EC
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3F11E89_2_00007FF7DC3F11E8
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DA1B09_2_00007FF7DC3DA1B0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3889D09_2_00007FF7DC3889D0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3792F09_2_00007FF7DC3792F0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3E63149_2_00007FF7DC3E6314
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3A6AD09_2_00007FF7DC3A6AD0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DCB709_2_00007FF7DC3DCB70
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3D9B949_2_00007FF7DC3D9B94
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DC3349_2_00007FF7DC3DC334
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC387B309_2_00007FF7DC387B30
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DA3B49_2_00007FF7DC3DA3B4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3CE4309_2_00007FF7DC3CE430
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DB4A09_2_00007FF7DC3DB4A0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC39E4D09_2_00007FF7DC39E4D0
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_00406C5F12_2_00406C5F
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_00406C5F13_2_00406C5F
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_6B251BFF13_2_6B251BFF
                                Source: C:\Windows\System32\fltMC.exeProcess token adjusted: Load Driver
                                Source: C:\Windows\System32\wevtutil.exeProcess token adjusted: Security
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: String function: 00007FF7DC38E250 appears 58 times
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: String function: 00007FF7DC373810 appears 34 times
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: String function: 00007FF7DC371DB0 appears 68 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 006A9600 appears 61 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 006A8E31 appears 79 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 00668650 appears 192 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 006A85BF appears 56 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 00631BE0 appears 67 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 006C4231 appears 31 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 006A8DFE appears 111 times
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: String function: 006A8713 appears 374 times
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6712 -ip 6712
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                                Source: installer.exe.6.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 28097920 bytes, 132 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 988 datablocks, 0x1 compression
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000000.1697984545.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs wechat-3.9.7-installer_ae-GFz1.exe
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002958000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs wechat-3.9.7-installer_ae-GFz1.exe
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.2574258255.0000000002288000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs wechat-3.9.7-installer_ae-GFz1.exe
                                Source: wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FE35000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs wechat-3.9.7-installer_ae-GFz1.exe
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: CACTUSTORCH date = 2017-07-31, hash3 = a52d802e34ac9d7d3539019d284b04ded3b8e197d5e3b38ed61f523c3d68baa7, hash2 = 0305aa32d5f8484ca115bb4888880729af7f33ac99594ec1aa3c65644e544aea, hash1 = 314e6d7d863878b6dca46af165e7f08fedd42c054d7dc3828dc80b86a3a9b98c, author = Florian Roth, description = Detects CactusTorch Hacktool, reference = https://github.com/mdsecactivebreach/CACTUSTORCH, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: PowerShell_ISESteroids_Obfuscation date = 2017-06-23, author = Florian Roth, description = Detects PowerShell ISESteroids obfuscation, reference = https://twitter.com/danielhbohannon/status/877953970437844993, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: Empire_Invoke_EgressCheck date = 2016-11-05, hash1 = e2d270266abe03cfdac66e6fc0598c715e48d6d335adf09a9ed2626445636534, author = Florian Roth, description = Detects Empire component - file Invoke-EgressCheck.ps1, reference = https://github.com/adaptivethreat/Empire
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePassword author = ditekSHen, description = Detects PowerShell content designed to retrieve passwords from host
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: cachedump date = 2016-09-08, hash2 = e38edac8c838a043d0d9d28c71a96fe8f7b7f61c5edf69f1ce0c13e141be281f, author = Florian Roth, description = Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe, reference = http://goo.gl/igxLyF, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = cf58ca5bf8c4f87bb67e6a4e1fb9e8bada50157dacbd08a92a4a779e40d569c4
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: PwDump_B date = 2016-09-08, hash1 = 3c796092f42a948018c3954f837b4047899105845019fce75a6e82bc99317982, author = Florian Roth, description = Detects a tool used by APT groups - file PwDump.exe, reference = http://goo.gl/igxLyF, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: HKTL_NoPowerShell date = 2018-12-28, hash1 = 2dad091dd00625762a7590ce16c3492cbaeb756ad0e31352a42751deb7cf9e70, author = Florian Roth, description = Detects NoPowerShell hack tool, reference = https://github.com/bitsadmin/nopowershell
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: MINER_monero_mining_detection date = 2018-04-05, actor_group = Unknown, actor_type = Cybercrime, author = Christiaan Beek | McAfee ATR Team, description = Monero mining software, malware_family = Ransom:W32/MoneroMiner, rule_version = v1, malware_type = miner
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPEDMatched rule: HackTool_MSIL_SharPersist_2 rev = FireEye, md5 = 98ecf58d48a3eae43899b45cec0fc6b7
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Backdoor_Nitol_Jun17 date = 2017-06-04, hash1 = cba19d228abf31ec8afab7330df3c9da60cd4dae376552b503aea6d7feff9946, author = Florian Roth, description = Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_Bandook date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Bandook RAT, reference = http://malwareconfig.com/stats/bandook
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_BlackShades date = 01.04.2014, author = Brian Wallace (@botnet_hunter), description = Detects BlackShades RAT, reference = http://blog.cylance.com/a-study-in-bots-blackshades-net, family = blackshades
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_BlueBanana date = 01.04.2014, filetype = Java, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects BlueBanana RAT, reference = http://malwareconfig.com/stats/BlueBanana
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_Bozok date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Bozok RAT, reference = http://malwareconfig.com/stats/Bozok
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_CyberGate date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects CyberGate RAT, reference = http://malwareconfig.com/stats/CyberGate
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_Imminent date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Imminent RAT, reference = http://malwareconfig.com/stats/Imminent
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_PoisonIvy date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects PoisonIvy RAT, reference = http://malwareconfig.com/stats/PoisonIvy
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_ShadowTech date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects ShadowTech RAT, reference = http://malwareconfig.com/stats/ShadowTech
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: RAT_xRAT date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects xRAT, reference = http://malwareconfig.com/stats/xRat
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: BeyondExec_RemoteAccess_Tool date = 2017-03-17, hash1 = 3d3e3f0708479d951ab72fa04ac63acc7e5a75a5723eb690b34301580747032c, author = Florian Roth, description = Detects BeyondExec Remote Access Tool - file rexesvr.exe, reference = https://goo.gl/BvYurS, license = https://creativecommons.org/licenses/by-nc/4.0/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: doublepulsarxor_petya date = 2017-06-28, author = patrick user, description = rule to hit on the xored doublepulsar shellcode, reference1 = https://www.boozallen.com/s/insight/publication/the-petya-ransomware-outbreak.html, reference2 = https://www.boozallen.com/content/dam/boozallen_site/sig/pdf/white-paper/rollup-of-booz-allen-petya-research.pdf, company = booz allen hamilton, hash = 64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: doublepulsardllinjection_petya date = 2017-06-28, author = patrick user, description = rule to hit on the xored doublepulsar dll injection shellcode, reference1 = https://www.boozallen.com/s/insight/publication/the-petya-ransomware-outbreak.html, reference2 = https://www.boozallen.com/content/dam/boozallen_site/sig/pdf/white-paper/rollup-of-booz-allen-petya-research.pdf, company = booz allen hamilton, hash = 64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: APT9002Code author = Seth Hardy, description = 9002 code features, last_modified = 2014-06-25
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: APT9002Strings author = Seth Hardy, description = 9002 Identifying Strings, last_modified = 2014-06-25
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: xRAT date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/xRat
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: ShadowTech date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/ShadowTech
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Bandook date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/bandook
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: BlueBanana date = 2014/04, filetype = Java, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/BlueBanana
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Imminent date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/Imminent
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: PoisonIvy_2 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/PoisonIvy
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: CyberGate date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/CyberGate
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: CSIT_14003_03 Description = Flying Kitten Installer, Reference = http://blog.crowdstrike.com/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten, Date = 2014/05/13, Author = CrowdStrike, Inc
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: gh0st author = https://github.com/jackcr/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Nanocore_RAT_Gen_1 date = 2016-04-22, author = Florian Roth, description = Detetcs the Nanocore RAT and similar malware, score = e707a7745e346c5df59b5aa4df084574ae7c204f4fb7f924c0586ae03b79bf06, reference = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Bozok date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/Bozok
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: TeslaCrypt author = CCN-CERT, description = Regla para detectar Tesla con md5, version = 1.0
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Ransom_Satana author = CCN-CERT, description = Regla para detectar Ransom.Satana, version = 1.0
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Ransom_Satana_Dropper author = CCN-CERT, description = Regla para detectar el dropper de Ransom.Satana, version = 1.0
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Ransom_Satana_1 author = CCN-CERT, description = Regla para detectar Ransom.Satana, version = 1.0
                                Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPEDMatched rule: Ransom_Satana_Dropper_2 author = CCN-CERT, description = Regla para detectar el dropper de Ransom.Satana, version = 1.0
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
                                Source: RAVEndPointProtection-installer.exe.7.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: classification engineClassification label: mal100.rans.troj.spyw.evad.mine.winEXE@94/2422@0/17
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040351C
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,12_2_0040351C
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,13_2_0040351C
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_004049B1 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,7_2_004049B1
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: OutputDebugStringW,GetModuleFileNameW,OpenSCManagerW,CreateServiceW,ChangeServiceConfig2W,StartServiceW,CloseServiceHandle,CloseServiceHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,RegisterServiceCtrlHandlerExW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,CreateEventW,OutputDebugStringW,GetLastError,SetServiceStatus,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,WaitForSingleObject,OutputDebugStringW,OutputDebugStringW,CloseHandle,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,SetEvent,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC3771C0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00634C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,6_2_00634C8E
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00635C1E CoCreateInstance,OleRun,6_2_00635C1E
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00655318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,6_2_00655318
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3771C0 OutputDebugStringW,GetModuleFileNameW,OpenSCManagerW,CreateServiceW,ChangeServiceConfig2W,StartServiceW,CloseServiceHandle,CloseServiceHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,RegisterServiceCtrlHandlerExW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,CreateEventW,OutputDebugStringW,GetLastError,SetServiceStatus,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,WaitForSingleObject,OutputDebugStringW,OutputDebugStringW,CloseHandle,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,SetEvent,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC3771C0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC374BB0 RegCreateKeyExW,RegCloseKey,OutputDebugStringW,OpenSCManagerW,OpenServiceW,CloseServiceHandle,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC374BB0
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeMutant created: \Sessions\1\BaseNamedObjects\Global\_rsStubExecute
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7584:120:WilError_03
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeMutant created: NULL
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6216:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4168:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4960:120:WilError_03
                                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6712
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeFile created: C:\Users\user\AppData\Local\Temp\is-V29R7.tmpJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE (Name=&apos;rsAppUI.exe&apos; OR Name=&apos;ReasonLabs.exe&apos;) AND CommandLine Like &apos;%EPP%&apos;
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ParentProcessId FROM Win32_Process WHERE ProcessId = 5304
                                Source: C:\Windows\SysWOW64\WerFault.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE (Name=&apos;rsAppUI.exe&apos; OR Name=&apos;ReasonLabs.exe&apos;) AND CommandLine Like &apos;%EPP%&apos;
                                Source: C:\Windows\SysWOW64\WerFault.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE (Name=&apos;rsAppUI.exe&apos; OR Name=&apos;ReasonLabs.exe&apos;) AND CommandLine Like &apos;%ReasonEDR%&apos;
                                Source: C:\Windows\SysWOW64\WerFault.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ParentProcessId FROM Win32_Process WHERE ProcessId = 5184
                                Source: C:\Windows\SysWOW64\WerFault.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = &apos;rsAppUI.exe&apos; AND CommandLine Like &apos;%EPP%&apos;
                                Source: C:\Windows\SysWOW64\WerFault.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ParentProcessId FROM Win32_Process WHERE ProcessId = 5184
                                Source: C:\Windows\SysWOW64\WerFault.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = &apos;rsAppUI.exe&apos; AND CommandLine Like &apos;%EPP%&apos;
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE (Name=&apos;rsAppUI.exe&apos; OR Name=&apos;ReasonLabs.exe&apos;) AND CommandLine Like &apos;%EPP%&apos;
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE (Name=&apos;rsAppUI.exe&apos; OR Name=&apos;ReasonLabs.exe&apos;) AND CommandLine Like &apos;%ReasonEDR%&apos;
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ParentProcessId FROM Win32_Process WHERE ProcessId = 5184
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = &apos;rsAppUI.exe&apos; AND CommandLine Like &apos;%EPP%&apos;
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ParentProcessId FROM Win32_Process WHERE ProcessId = 5184
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = &apos;rsAppUI.exe&apos; AND CommandLine Like &apos;%EPP%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%klekeajafkkpokaofllcadenjdckhinm%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%fheoggkfdfchfphceeifdbepaooicaho%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%fdhgeoginicibhagdmblfikbgbkahibd%&apos;
                                Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeWMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT * FROM Win32_ProcessStartTrace
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeWMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT * FROM Win32_ProcessStartTrace
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
                                Source: installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ParentChild VALUES(?, ?, ?);
                                Source: installer.exe, 00000013.00000003.2275885624.0000022446C91000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2221929534.0000022446C91000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446C95000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446C99000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                Source: installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM ParentChild;DELETE FROM Settings WHERE ParentID=?;Settings_INDEX_PID_NAMEUPDATE Settings SET SettingName = ? WHERE ParentID = ? AND SettingName = ?;SettingsUPDATE Settings SET SettingType=?, Setting=? WHERE ParentID=? AND SettingName=?;ParentChildINSERT INTO Settings VALUES(?, ?, ?, ?);
                                Source: installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE ParentChild SET Name = ? WHERE ParentID = ? AND Name = ?;
                                Source: installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE Settings(ParentID INT, SettingName VARCHAR(40), SettingType INT, Setting BLOB);DELETE FROM ParentChild WHERE ParentID=?;
                                Source: installer.exe, 00000013.00000003.2275885624.0000022446C91000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2221929534.0000022446C91000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446C95000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446C99000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                                Source: installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM Settings;CREATE INDEX Settings_INDEX_PID_NAME ON Settings (ParentID ASC, SettingName ASC);
                                Source: wechat-3.9.7-installer_ae-GFz1.exeVirustotal: Detection: 20%
                                Source: 40kgqfax.exeString found in binary or memory: "C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\40kgqfax.ex
                                Source: Uninstall.exeString found in binary or memory: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\nsmD772.tmp\
                                Source: Uninstall.exeString found in binary or memory: "C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\nsmD772.tmp
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-sk-SK.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-sr-Latn-CS.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-pt-BR.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-pt-PT.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-ru-RU.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-zh-TW.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-sv-SE.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-tr-TR.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-zh-CN.js
                                Source: installer.exeString found in binary or memory: wa-install.css
                                Source: installer.exeString found in binary or memory: wa-install.html
                                Source: installer.exeString found in binary or memory: wa-ui-install.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-cs-CZ.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-da-DK.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-en-US.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-es-ES.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-es-MX.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-de-DE.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-el-GR.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-hr-HR.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-hu-HU.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-it-IT.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-fi-FI.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-fr-CA.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-fr-FR.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-nb-NO.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-nl-NL.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-pl-PL.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-ja-JP.js
                                Source: installer.exeString found in binary or memory: jslang\wa-res-install-ko-KR.js
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeFile read: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe "C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe"
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp "C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp" /SL5="$1043C,837551,832512,C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe"
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240601225827&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=&se=true" -i
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess created: C:\Users\user\AppData\Local\Temp\40kgqfax.exe "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silent
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeProcess created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe "C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silent
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
                                Source: unknownProcess created: C:\Program Files\ReasonLabs\EPP\Uninstall.exe "C:\Program Files\ReasonLabs\EPP\Uninstall.exe" /auto-repair=RavStub
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeProcess created: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe "C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe" /auto-repair=RavStub
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6712 -ip 6712
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 1320
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeProcess created: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe "C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe" /auto-repair=RavStub
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1361141607\installer.exe "C:\Program Files\McAfee\Temp1361141607\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
                                Source: unknownProcess created: C:\Program Files\McAfee\WebAdvisor\servicehost.exe "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\runonce.exe "C:\Windows\system32\runonce.exe" -r
                                Source: C:\Windows\System32\runonce.exeProcess created: C:\Windows\System32\grpconv.exe "C:\Windows\System32\grpconv.exe" -o
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\wevtutil.exe "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
                                Source: C:\Windows\System32\wevtutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\fltMC.exe "fltmc.exe" load rsKernelEngine
                                Source: C:\Windows\System32\fltMC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Program Files\McAfee\WebAdvisor\uihost.exe "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\wevtutil.exe "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
                                Source: C:\Windows\System32\wevtutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsWSC.exe "C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
                                Source: unknownProcess created: C:\Program Files\ReasonLabs\EPP\rsWSC.exe "C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
                                Source: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
                                Source: unknownProcess created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe "C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp "C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp" /SL5="$1043C,837551,832512,C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240601225827&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=&se=true" -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess created: C:\Users\user\AppData\Local\Temp\40kgqfax.exe "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silentJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeProcess created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe "C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silentJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.infJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\wevtutil.exe "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\fltMC.exe "fltmc.exe" load rsKernelEngineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\wevtutil.exe "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsWSC.exe "C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe "C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -iJump to behavior
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeProcess created: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe "C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe" /auto-repair=RavStub
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6712 -ip 6712
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6712 -ip 6712
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 1320
                                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1361141607\installer.exe "C:\Program Files\McAfee\Temp1361141607\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
                                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Program Files\McAfee\WebAdvisor\uihost.exe "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
                                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\runonce.exe "C:\Windows\system32\runonce.exe" -r
                                Source: C:\Windows\System32\runonce.exeProcess created: C:\Windows\System32\grpconv.exe "C:\Windows\System32\grpconv.exe" -o
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeProcess created: unknown unknown
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: winhttpcom.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: webio.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: msftedit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: windows.globalization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: bcp47mrm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: globinputhost.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dataexchange.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: d3d11.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dcomp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: dxgi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: explorerframe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: zipfldr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpSection loaded: shdocvw.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: webio.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: dwrite.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: taskschd.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: xmllite.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: powrprof.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: umpdc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: version.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: urlmon.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: powrprof.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: winhttp.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: iertutil.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: srvcli.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: netutils.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: umpdc.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: version.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: urlmon.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: powrprof.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: winhttp.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: iertutil.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: srvcli.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: netutils.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: umpdc.dll
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: userenv.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: propsys.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: dwmapi.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: oleacc.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: ntmarta.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: version.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: shfolder.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: wldp.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: profapi.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: windows.fileexplorer.common.dll
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeSection loaded: iertutil.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: dwmapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: cryptbase.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: oleacc.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: ntmarta.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: shfolder.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscoree.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: cryptsp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: rsaenh.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: cryptbase.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: dwrite.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: msvcp140_clr0400.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: dnsapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: winnsi.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: wbemcomn.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: amsi.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: taskschd.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: xmllite.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: powrprof.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: umpdc.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: wtsapi32.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: winsta.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: rasapi32.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: rasman.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: rtutils.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mswsock.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: winhttp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: rasadhlp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: fwpuclnt.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: secur32.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: schannel.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mskeyprotect.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: ntasn1.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: ncrypt.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: ncryptsslp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: msasn1.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: gpapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: ntmarta.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: urlmon.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: iertutil.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: srvcli.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: netutils.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeSection loaded: mscorjit.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeSection loaded: cabinet.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: apphelp.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: winhttp.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: userenv.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: msasn1.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: wldp.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: profapi.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: winsta.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: cabinet.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: gpapi.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: webio.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: mswsock.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: winnsi.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: sspicli.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: schannel.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dll
                                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                                Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile written: C:\Program Files\ReasonLabs\EPP\SecurityProductInformation.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpWindow found: window name: TSelectLanguageFormJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpAutomated click: OK
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpAutomated click: Accept
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpAutomated click: Accept
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpWindow detected: HYPERLINK "https://risecodes.com/terms" Terms of UseHYPERLINK "https://risecodes.com/privacy" Privacy PolicyHYPERLINK "https://hello.softonic.com/terms-of-use" End User License AgreementHYPERLINK "https://hello.softonic.com/privacy-policy" Privacy PolicyThis will download WeChat to your computer click "Next" to continue.Welcome to WeChat Download Manager&NextCancel
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPPJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Uninstall.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\uninstall.icoJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\CommonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\ClientJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\localesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resourcesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_100_percent.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_200_percent.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\icudtl.datJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSEJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSES.chromium.htmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\af.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\am.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ar.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\bg.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\bn.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ca.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\cs.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\da.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\de.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\en-GB.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\en-US.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es-419.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\et.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fa.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fi.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fil.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\gu.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\he.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hi.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hu.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\id.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\it.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ja.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\kn.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ko.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\lt.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\lv.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ml.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\mr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ms.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\nb.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\nl.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pl.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-BR.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-PT.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ro.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ru.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sk.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sl.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sv.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sw.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ta.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\te.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\th.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\tr.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\uk.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ur.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\vi.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\zh-CN.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\zh-TW.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources.pakJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asarJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar.sigJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\snapshot_blob.binJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\v8_context_snapshot.binJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\versionJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader_icd.jsonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\d3dcompiler_47.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\ffmpeg.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libEGL.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libGLESv2.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vulkan-1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPPJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Uninstall.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ReasonLabs-EPP.7zJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\amd64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDRJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elamJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\uiJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpackedJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electronJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-coreJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modulesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftwareJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapiJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuildsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modulesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftwareJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapiJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuildsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-stateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuildsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\rselam.catJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\rsElam.infJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\manifest.jsonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsClient.Protection.Microphone.dll.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsHelper.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsRemediation.exe.configJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\SecurityProductInformation.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Signatures.datJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asarJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.sigJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\manifest.jsonJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\WhiteList.datJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.infJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\amd64\KernelTraceControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\amd64\msdia140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64\KernelTraceControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64\msdia140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ARM64\rsYara-ARM64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\BouncyCastle.Crypto.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Dia2Lib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\KernelTraceControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msdia140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msvcp140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140_1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Dia2Lib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\OSExtensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.JSON.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.AppContext.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Console.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Data.Common.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Data.SQLite.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Pipes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Http.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Ping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Requests.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Security.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Sockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ObjectModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Reader.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Writer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Claims.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Principal.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.SecureString.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Thread.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Timer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.ValueTuple.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\TraceReloggerLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\Uninstall.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\EDR\x64\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\elam\rsElam.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\InstallerLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\mc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Bcl.HashCode.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.FastSerialization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Registry.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.TaskScheduler.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\NAudio.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\netstandard.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsAssistant.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsAtom.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsBridge.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsBuild.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsClient.Protection.Microphone.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsDatabase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Application.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngine.Wsc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsFrame.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsHelper.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsJSON.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsLitmus.A.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsLitmus.S.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsLogger.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsPerformance.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsRemediation.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsServiceController.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsTime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsWSC.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\rsWSCClient.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.AppContext.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Console.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Data.Common.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Data.SQLite.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.DirectoryServices.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Globalization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.Pipes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Http.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Ping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Requests.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Security.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.Sockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ObjectModel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Reflection.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Resources.Reader.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Resources.Writer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.AccessControl.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Claims.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Principal.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.Principal.Windows.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Security.SecureString.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Thread.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Threading.Timer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.ValueTuple.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ui\EPP.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\7z64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\ext_x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\lz4_x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsCamFilter020502.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsJournal-x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.sysJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\x64\SQLite.Interop.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\uninstall.icoJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EDRJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EDR\amd64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EDR\x64Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\ReasonLabs-EPP.7z
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\x64
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\evntdrv.xml
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rselam.cat
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rsElam.inf
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\manifest.json
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsClient.Protection.Microphone.dll.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exe.config
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\SecurityProductInformation.ini
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\Signatures.dat
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.sig
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\manifest.json
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\WhiteList.dat
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsKernelEngine.inf
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\KernelTraceControl.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\msdia140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\KernelTraceControl.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\msdia140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\rsYara-ARM64.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\BouncyCastle.Crypto.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\Dia2Lib.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\KernelTraceControl.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\msdia140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\msvcp140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\vcruntime140.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\vcruntime140_1.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Dia2Lib.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.FastSerialization.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Win32.Primitives.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\netstandard.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\OSExtensions.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDirectory created: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReasonLabs-EPPJump to behavior
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: certificate valid
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic file information: File size 1771256 > 1048576
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: rsAtom.pdb source: 40kgqfax.exe, 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3098035990.00000135C0912000.00000002.00000001.01000000.0000003F.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A81AF000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2058447523.0000000002752000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\ServiceHost.pdbu source: installer.exe, 00000013.00000003.2270538414.0000022446C98000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\SettingManager.pdb source: installer.exe, 00000013.00000003.2275885624.0000022446E14000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main@2\Build\x64\Release\caller_dll.pdb source: installer.exe, 00000013.00000000.2211589353.00007FF7F59B2000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: D:\a\rsStubActivator\rsStubActivator\rsStubActivator\obj\Release\net462\rsStubActivator.pdb source: component0.exe, 00000005.00000000.1949671998.00000292BE792000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: rsTime.pdb source: 40kgqfax.exe, 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2062756455.0000000002751000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdbGCTL source: installer.exe, 00000013.00000003.2268070159.0000022446C9C000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3609400317.00000207EE450000.00000002.00000001.00040000.00000043.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\BrowserHost.pdbe source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\LogicModule.pdb source: installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb$ source: installer.exe, 00000012.00000002.2405961965.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp, installer.exe, 00000012.00000000.2178276489.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdb source: installer.exe, 00000013.00000003.2268070159.0000022446C9C000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3609400317.00000207EE450000.00000002.00000001.00040000.00000043.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\RavStub\obj\Release\RavStub.pdb source: 40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb< source: 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, rsSyncSvc.exe, 00000009.00000000.2034173626.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 00000009.00000002.2036031681.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000000.2035333427.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000002.3575391594.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\x64\Release\ArchiveUtility.pdb source: 40kgqfax.exe, 00000007.00000003.1984584453.000000000273C000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2055745503.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\ServiceHost.pdb source: installer.exe, 00000013.00000003.2270538414.0000022446C98000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsJSON.pdbHG source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: rsServiceController.pdb source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\TaskManager.pdb source: installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsStub\rsStub\rsStubLib\obj\Release\rsStubLib.pdb source: 40kgqfax.exe, 00000007.00000003.1991680879.000000000273E000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2834700953.00000135A6892000.00000002.00000001.01000000.0000003C.sdmp, Uninstall.exe, 0000000D.00000003.2061926480.0000000002756000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\TaskManager.pdb{ source: installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdbSHA256 source: 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3099063497.00000135C09A2000.00000002.00000001.01000000.00000040.sdmp, Uninstall.exe, 0000000D.00000003.2056382460.0000000002754000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\BrowserHost.pdb source: installer.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb source: installer.exe, 00000012.00000002.2405961965.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp, installer.exe, 00000012.00000000.2178276489.00007FF69075B000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdb source: installer.exe, 00000013.00000003.2286589668.0000022446C94000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsDatabase.pdb source: 40kgqfax.exe, 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2059111756.000000000275C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: 40kgqfax.exe, 00000007.00000003.1988000695.0000000002731000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057940034.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIManager.pdb source: installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000000.1974718176.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\Installer.pdb source: installer.exe, 00000013.00000000.2211260970.00007FF7F5926000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\LookupManager.pdb source: installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb@ source: 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: 40kgqfax.exe, 00000007.00000003.1987258534.0000000002736000.00000004.00000020.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2057435922.000000000275B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\Uninstaller.pdb source: installer.exe, 00000013.00000003.2298743769.0000022446E3B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdb source: 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3090043199.00000135C06C2000.00000002.00000001.01000000.0000003D.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8655000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdbu source: installer.exe, 00000013.00000003.2286589668.0000022446C94000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net452\Microsoft.Win32.TaskScheduler.pdb source: 40kgqfax.exe, 00000007.00000003.1985949157.0000000002734000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3099063497.00000135C09A2000.00000002.00000001.01000000.00000040.sdmp, Uninstall.exe, 0000000D.00000003.2056382460.0000000002754000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\EventManager.pdb source: installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsJSON.pdb source: 40kgqfax.exe, 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3091227950.00000135C07C2000.00000002.00000001.01000000.0000003E.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A848C000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\Dev3\Elam\4\rsElam\x64\Release\rsElam.pdb source: RAVEndPointProtection-installer.exe, 00000008.00000002.3092202963.00000135C08BB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\rsSyncSvc\rsSyncSvc\x64\Release\rsSyncSvc.pdb source: 40kgqfax.exe, 00000007.00000003.1993599729.0000000002738000.00000004.00000020.00020000.00000000.sdmp, rsSyncSvc.exe, 00000009.00000000.2034173626.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 00000009.00000002.2036031681.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000000.2035333427.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, rsSyncSvc.exe, 0000000B.00000002.3575391594.00007FF7DC407000.00000002.00000001.01000000.00000012.sdmp, Uninstall.exe, 0000000D.00000003.2064111905.000000000275E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rsLogger.pdbx source: 40kgqfax.exe, 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.3090043199.00000135C06C2000.00000002.00000001.01000000.0000003D.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A8655000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe, 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\AnalyticsManager.pdb source: installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\LookupManager.pdbG source: installer.exe, 00000013.00000003.2250130903.0000022446CBD000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3630636317.00007FFDF1004000.00000002.00000001.01000000.00000027.sdmp

                                Data Obfuscation

                                barindex
                                Yara detected ReflectiveLoader
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPED
                                Source: is-7FAI5.tmp.1.drStatic PE information: 0xA024B15D [Sat Feb 20 18:01:01 2055 UTC]
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00672B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,6_2_00672B30
                                Source: 40kgqfax.exe.5.drStatic PE information: real checksum: 0x1e9d3e should be: 0x1dccb3
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp.0.drStatic PE information: real checksum: 0x31e124 should be: 0x3174f1
                                Source: is-7FAI5.tmp.1.drStatic PE information: real checksum: 0x15863 should be: 0x185d1
                                Source: System.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x39be
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: real checksum: 0x1b5901 should be: 0x1b3740
                                Source: wechat-3.9.7-installer_ae-GFz1.exeStatic PE information: section name: .didata
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp.0.drStatic PE information: section name: .didata
                                Source: saBSI.exe.1.drStatic PE information: section name: .didat
                                Source: installer.exe.6.drStatic PE information: section name: _RDATA
                                Source: ArchiveUtilityx64.dll.7.drStatic PE information: section name: _RDATA
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpCode function: 1_2_0019D8A4 push eax; iretd 1_2_0019D8A5
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeCode function: 5_2_00007FFD9BAA2D6F push ebx; retf 5_2_00007FFD9BAA2D72
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeCode function: 5_2_00007FFD9BAA00BD pushad ; iretd 5_2_00007FFD9BAA00C1
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AAC561 push esi; retf 6_3_05AAC582
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AAC561 push esi; retf 6_3_05AAC582
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AAC561 push esi; retf 6_3_05AAC582
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_3_05AAC561 push esi; retf 6_3_05AAC582
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006A8DDB push ecx; ret 6_2_006A8DEE
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006D7CFD push ecx; ret 6_2_006D7D12
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeCode function: 8_2_00007FFD9BC3D108 push eax; ret 8_2_00007FFD9BC3D109
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_6B2530C0 push eax; ret 13_2_6B2530EE
                                Source: RAVEndPointProtection-installer.exe.7.drStatic PE information: section name: .text entropy: 7.672717019783964

                                Persistence and Installation Behavior

                                barindex
                                Creates files in the system32 config directory
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsEngineSvc.exe.log
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Data.Common.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\NAudio.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\nl-NL\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Xml.XPath.XDocument.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\elam\rsElam.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.WebSockets.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.InteropServices.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.AccessControl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.SecureString.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\da-DK\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Threading.Tasks.Parallel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\is-7FAI5.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Collections.NonGeneric.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ARM64\KernelTraceControl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Text.RegularExpressions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Resources.Reader.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msvcp140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\hr-HR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\d3dcompiler_47.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.Pipes.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\ffmpeg.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Globalization.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Threading.ThreadPool.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Requests.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEngine.Utilities.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Security.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ru-RU\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Principal.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\nb-NO\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsClient.Protection.Microphone.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Collections.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fr-FR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.Sockets.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fi-FI\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsServiceController.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Xml.ReaderWriter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.Principal.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Http.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.ReaderWriter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Xml.XmlSerializer.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.ObjectModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.DirectoryServices.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Globalization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.NameResolution.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Linq.Queryable.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Contracts.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libEGL.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\rsJournal-x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt-PT\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\OSExtensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0 (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\hi-IN\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsLitmus.A.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.CompilerServices.VisualC.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsDatabase.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Claims.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fil-PH\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Console.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Tools.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.ComponentModel.TypeConverter.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.Compression.ZipFile.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\rsServiceController.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Collections.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\TraceReloggerLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Encoding.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\SQLite.Interop.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsStubLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Dynamic.Runtime.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\lz4_x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\System32\drivers\rsKernelEngine.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Threading.Tasks.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sl\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsLogger.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Reflection.Extensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.AppContext.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Dia2Lib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsHelper.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\x64\SQLite.Interop.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\it-IT\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBCC5.tmp\System.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.Http.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\es-ES\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pl-PL\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.Ping.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.ComponentModel.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\MR83QL3Y\rsStubLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Reflection.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ARM64\msdia140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\amd64\vcruntime140_1.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\SQLite.Interop.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Bcl.HashCode.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsPerformance.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.ComponentModel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ru\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ArchiveUtilityx64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Globalization.Calendars.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\QWYTBVMQ\rsJSON.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsBridge.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140_1.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sv-SE\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsFrame.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Registry.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Principal.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Formatters.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ARM64\rsYara-ARM64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Threading.Timer.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\SQLite.Interop.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.FastSerialization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsAtom.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Xml.ReaderWriter.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\el-GR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vulkan-1.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libGLESv2.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Tracing.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\amd64\KernelTraceControl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\System32\drivers\rsElam.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt-BR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\netstandard.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\hu-HU\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.CompilerServices.Unsafe.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsSyncSvc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Threading.Overlapped.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Csp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsRemediation.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsLitmus.S.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\Uninstall.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Linq.Parallel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\I3CEK9OD\rsAtom.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Application.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.ObjectModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.MemoryMappedFiles.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsJSON.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Algorithms.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\System32\drivers\rsCamFilter020502.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.DriveInfo.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Reflection.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.TypeConverter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.WebHeaderCollection.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sl-SI\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.Claims.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Drawing.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\7z64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\SQLite.Interop.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\KernelTraceControl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.AppContext.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\cs-CZ\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsDatabase.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.AppContext.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.Extensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Uninstall.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Threading.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsWSC.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\amd64\msvcp140.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.WebHeaderCollection.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.InteropServices.RuntimeInformation.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.NetworkInformation.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\netstandard.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\TraceReloggerLib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsLogger.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Wsc.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ui\EPP.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Process.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.WebSockets.Client.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msdia140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\Uninstall.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Reflection.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Linq.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.Watcher.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Resources.ResourceManager.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.X509Certificates.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\x64\SQLite.Interop.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Data.SQLite.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEngine.JSON.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.Numerics.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ro-RO\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Ping.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeFile created: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Data.Common.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Globalization.Extensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.ObjectModel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.Http.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEngine.Loggers.Application.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.UnmanagedMemoryStream.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.Requests.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Linq.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Threading.Thread.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.TextWriterTraceListener.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\amd64\vcruntime140.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEDRLib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.TraceSource.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-TW\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsAssistant.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.Compression.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\_isetup\_setup64.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.Ping.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\Microsoft.Win32.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Linq.Expressions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\Microsoft.Diagnostics.FastSerialization.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Data.Common.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\31KME9I4\rsLogger.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.IO.IsolatedStorage.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Xml.XPath.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeFile created: C:\Users\user\AppData\Local\Temp\40kgqfax.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Principal.Windows.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ja-JP\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sk-SK\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Text.Encoding.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Security.Claims.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.FileVersionInfo.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Xml.XDocument.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.Security.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ko-KR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebHeaderCollection.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.Requests.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\amd64\msdia140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\Dia2Lib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.TypeConverter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\InstallerLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\de-DE\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\vi-VN\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Json.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.ComponentModel.EventBasedAsync.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Xml.XmlDocument.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\rsCamFilter020502.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.ValueTuple.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Console.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Threading.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsWSCClient.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Console.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Collections.Specialized.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\x64\ext_x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\mc.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsBuild.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\amd64\msdia140.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\id-ID\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Debug.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Text.Encoding.Extensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-CN\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.Handles.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Collections.Concurrent.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tr-TR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\Dia2Lib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Xml.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Net.Security.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\amd64\KernelTraceControl.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\th-TH\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.StackTrace.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\OSExtensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.JSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\System.Resources.Writer.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEngine.Core.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\System32\drivers\rsKernelEngine.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\System32\drivers\rsElam.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Windows\System32\drivers\rsCamFilter020502.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RAVEndPointProtection-installer.exe.logJump to behavior
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeFile created: C:\Program Files\ReasonLabs\EPP\InstallUtil.InstallLog
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeFile created: C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeFile created: C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeFile created: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-cs-CZ.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-da-DK.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-de-DE.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-el-GR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-en-US.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-es-ES.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-es-MX.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-fi-FI.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-fr-CA.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-fr-FR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-hr-HR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-hu-HU.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-it-IT.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-ja-JP.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-ko-KR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-nb-NO.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-nl-NL.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-pl-PL.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-pt-BR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-pt-PT.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-ru-RU.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-sk-SK.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-sr-Latn-CS.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-sv-SE.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-tr-TR.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-zh-CN.txt
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1361141607\jslang\eula-zh-TW.txt

                                Boot Survival

                                barindex
                                Creates an autostart registry key pointing to binary in C:\Windows
                                Source: C:\Windows\System32\rundll32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce GrpConv
                                Installs Task Scheduler Managed Wrapper
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeFile created: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\Microsoft.Win32.TaskScheduler.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.TaskScheduler.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeFile created: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile created: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rsCamFilter020502Jump to behavior
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3771C0 OutputDebugStringW,GetModuleFileNameW,OpenSCManagerW,CreateServiceW,ChangeServiceConfig2W,StartServiceW,CloseServiceHandle,CloseServiceHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,RegisterServiceCtrlHandlerExW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,CreateEventW,OutputDebugStringW,GetLastError,SetServiceStatus,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,WaitForSingleObject,OutputDebugStringW,OutputDebugStringW,CloseHandle,SetServiceStatus,OutputDebugStringW,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW,OutputDebugStringW,SetServiceStatus,OutputDebugStringW,SetEvent,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC3771C0
                                Source: C:\Windows\System32\rundll32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce GrpConv
                                Source: C:\Windows\System32\rundll32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce GrpConv
                                Source: C:\Windows\System32\rundll32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce GrpConv
                                Source: C:\Windows\System32\rundll32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce GrpConv

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Hides that the sample has been downloaded from the Internet (zone.identifier)
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeFile opened: C:\Program Files\ReasonLabs\EPP\Uninstall.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Tries to open files direct via NTFS file id
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: NULL
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00660540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,6_2_00660540
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
                                Source: C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\runonce.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Yara detected AntiVM3
                                Source: Yara matchFile source: 0000002C.00000002.3597757506.0000018CADA56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeMemory allocated: 292BEAC0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeMemory allocated: 292D8590000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeMemory allocated: 135A6680000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeMemory allocated: 135BFEF0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeMemory allocated: 2443FF20000 memory reserve | memory write watch
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeMemory allocated: 24459990000 memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207EE080000 memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207EE360000 memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207EE380000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207EE4A0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207EE8F0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207EEA80000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207FF310000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207FF430000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 207FF4F0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeMemory allocated: 246C6FB0000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeMemory allocated: 246E0860000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeMemory allocated: 1C37E530000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeMemory allocated: 1C37EB80000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeMemory allocated: 29994D40000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeMemory allocated: 299AE780000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeMemory allocated: 18CACE20000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeMemory allocated: 18CC54B0000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeMemory allocated: 1EB80D50000 memory reserve | memory write watch
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeMemory allocated: 1EB9A710000 memory reserve | memory write watch
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00634C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,6_2_00634C8E
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeWindow / User API: threadDelayed 3821Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeWindow / User API: threadDelayed 5496Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWindow / User API: threadDelayed 6357
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWindow / User API: threadDelayed 3413
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeWindow / User API: threadDelayed 747
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeWindow / User API: threadDelayed 456
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeWindow / User API: threadDelayed 4318
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeWindow / User API: threadDelayed 5471
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Client.Messages.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Data.Common.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\nl-NL\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.StackTrace.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Security.AccessControl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\TraceReloggerLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\ZFMGNPGZ\rsAtom.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Collections.NonGeneric.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Win32.Registry.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Text.RegularExpressions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Resources.Reader.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msvcp140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\nl-NL\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Core.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Contracts.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.UnmanagedMemoryStream.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.FileSystem.Watcher.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ObjectModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Data.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Loggers.Business.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XPath.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.JSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsYara-x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Principal.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\nb-NO\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tr-TR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Requests.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Thread.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Ping.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Process.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\7OPUBZPR\rsStubLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fr-FR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.Compression.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.FileVersionInfo.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Cryptography.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsServiceController.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Xml.ReaderWriter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Text.Encoding.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.UDI.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.ReaderWriter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Quarantine.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Drawing.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsLogger.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.ObjectModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Globalization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Net.NameResolution.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Linq.Queryable.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Contracts.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Globalization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libEGL.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Dynamic.Runtime.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Data.Common.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.Pipes.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\x64\rsJournal-x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.FileSystem.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Security.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.NameResolution.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt-PT\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\hi-IN\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Updater.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsLitmus.A.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Dia2Lib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Runtime.CompilerServices.VisualC.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsDatabase.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Claims.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fil-PH\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsAssistant.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.IO.Compression.ZipFile.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\rsServiceController.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Collections.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsLitmus.S.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Claims.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\mc.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\msdia140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Win32.Registry.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.AppContext.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\it-IT\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Collections.Specialized.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XmlDocument.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Dynamic.Runtime.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Windows\System32\drivers\rsKernelEngine.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pt-BR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\9ECZR43H\rsJSON.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\KernelTraceControl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Diagnostics.FastSerialization.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsBridge.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.OnAccess.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\FLAHXFQW\rsServiceController.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Dia2Lib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\KernelTraceControl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\sv-SE\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Loggers.Application.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XPath.XDocument.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ValueTuple.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.AppContext.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.UDI.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Sockets.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\Dia2Lib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Text.RegularExpressions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\it-IT\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.WebHeaderCollection.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ComponentModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\fr-FR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\EPP.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Net.Ping.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.ComponentModel.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\MR83QL3Y\rsStubLib.dllJump to dropped file
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dllJump to dropped file
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Serialization.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.IO.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\SQLite.Interop.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.WebSockets.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\Microsoft.Bcl.HashCode.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsPerformance.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Performance.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\lz4_x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.ComponentModel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ARM64\rsYara-ARM64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ArchiveUtilityx64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.OnDemand.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Globalization.Calendars.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\QWYTBVMQ\rsJSON.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsBridge.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140_1.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sv-SE\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsLitmus.A.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Security.Principal.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Formatters.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\SQLite.Interop.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\rsAtom.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Requests.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\TraceReloggerLib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.BTScan.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt-BR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Csp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Linq.Parallel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsKernelEngine.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\I3CEK9OD\rsAtom.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Edr.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.ObjectModel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsAssistant.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\amd64\KernelTraceControl.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ro-RO\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.IO.MemoryMappedFiles.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\NAudio.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Resources.Reader.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\rsJSON.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Http.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Windows\System32\drivers\rsCamFilter020502.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsPerformance.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Reflection.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.TypeConverter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Ransomware.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\sl-SI\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Globalization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sl-SI\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\lookupmanager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Tasks.Parallel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.ReaderWriter.dll (copy)Jump to dropped file
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscD733.tmp\System.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Needle.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\x64\7z64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\msvcp140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.AppContext.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Tasks.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsDatabase.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Runtime.Extensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.AppContext.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Loggers.Application.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.FastSerialization.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\amd64\msvcp140.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLogger.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Globalization.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\BouncyCastle.Crypto.dll (copy)Jump to dropped file
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.WebHeaderCollection.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsAtom.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Net.NetworkInformation.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\de-DE\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsServiceController.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\TraceReloggerLib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Camera.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\mc.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\rsYara-x64.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\amd64\msdia140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\elam\rsElam.sys (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\F62C0C22\rsStubLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsHelper.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\id-ID\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Reflection.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Reflection.Extensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Linq.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.Compression.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.X509Certificates.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Resources.ResourceManager.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSCClient.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\x64\SQLite.Interop.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRLib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Collections.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.IsolatedStorage.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Utilities.Browsers.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Net.Http.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.IO.UnmanagedMemoryStream.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\rsEngine.Loggers.Application.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Net.Requests.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\amd64\vcruntime140.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsTime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.ReaderWriter.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\rsEDRLib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ComponentModel.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.TraceSource.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\EPP.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.IO.Compression.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\_isetup\_setup64.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Collections.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Serialization.Xml.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.TextWriterTraceListener.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Http.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\Microsoft.Diagnostics.FastSerialization.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ComponentModel.EventBasedAsync.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Ransomware.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ValueTuple.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sk-SK\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\hi-IN\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Security.Claims.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Core.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Net.Requests.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\Dia2Lib.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Utilities.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\zh-TW\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Reflection.Primitives.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\zh-CN\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pt-PT\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Linq.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Bcl.HashCode.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\vi-VN\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Json.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.ComponentModel.EventBasedAsync.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\x64\rsCamFilter020502.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XmlSerializer.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.ValueTuple.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Helper.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Console.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Timer.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Reflection.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Collections.NonGeneric.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsWSCClient.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Collections.Specialized.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XDocument.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.DirectoryServices.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\x64\ext_x64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngineSvc.Proxy.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Resources.ResourceManager.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\mc.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Data.Common.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsClient.Protection.Microphone.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ARM64\KernelTraceControl.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\amd64\msdia140.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Features.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Debug.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsBridge.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rsElam.sysJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Claims.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Text.Encoding.Extensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Tracing.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\Temp1361141607\resource.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Principal.Windows.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Data.Common.dllJump to dropped file
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\eventmanager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\cs-CZ\RavStub.resources.dllJump to dropped file
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\wataskmanager.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ArchiveUtilityx64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\msdia140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Runtime.Handles.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tr-TR\RavStub.resources.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Win32.TaskScheduler.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.Detections.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Xml.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\amd64\KernelTraceControl.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EDR\System.Diagnostics.StackTrace.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeDropped PE file which has not been started: C:\Program Files\ReasonLabs\EPP\EDR\OSExtensions.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_6-88611
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeAPI coverage: 4.7 %
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp TID: 5076Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp TID: 2476Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe TID: 3052Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe TID: 2812Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe TID: 5776Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe TID: 3796Thread sleep count: 3821 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe TID: 3796Thread sleep count: 5496 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe TID: 6852Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe TID: 5776Thread sleep time: -60000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe TID: 2160Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe TID: 1104Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 1284Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 2380Thread sleep count: 6357 > 30
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 2380Thread sleep count: 3413 > 30
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 1284Thread sleep time: -60000s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 1284Thread sleep time: -49985s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 1284Thread sleep time: -43313s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 3496Thread sleep time: -2767011611056431s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe TID: 1284Thread sleep time: -39969s >= -30000s
                                Source: C:\Program Files\McAfee\Temp1361141607\installer.exe TID: 3740Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exe TID: 6228Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe TID: 5104Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe TID: 7532Thread sleep count: 747 > 30
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe TID: 7564Thread sleep count: 456 > 30
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe TID: 7516Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe TID: 7668Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe TID: 7760Thread sleep count: 4318 > 30
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe TID: 7752Thread sleep count: 5471 > 30
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe TID: 7844Thread sleep time: -27670116110564310s >= -30000s
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe TID: 7336Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe TID: 7788Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp FullSizeInformationJump to behavior
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405C4D
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_0040689E FindFirstFileW,FindClose,7_2_0040689E
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_00402930 FindFirstFileW,7_2_00402930
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,12_2_00405C4D
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_0040689E FindFirstFileW,FindClose,12_2_0040689E
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeCode function: 12_2_00402930 FindFirstFileW,12_2_00402930
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,13_2_00405C4D
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_0040689E FindFirstFileW,FindClose,13_2_0040689E
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeCode function: 13_2_00402930 FindFirstFileW,13_2_00402930
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00692782 VirtualQuery,GetSystemInfo,6_2_00692782
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 60000
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 49985
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 43313
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeThread delayed: delay time: 39969
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-1P17I.tmpJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extractJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efD
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -Microsoft Hyper-V Guest Infrastructure Driver
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Microsoft Hyper-V Virtual PCI Bus
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Microsoft Hyper-V Generation Counter
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1974049154.00000000053C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: saBSI.exe-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efD
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.000000000087C000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008C8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2027375667.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2013792271.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2476207416.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.1990191574.000000000319D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2088006187.000000000319D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: component0.exe, 00000005.00000002.3150730054.00000292D8E35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                Source: wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \2{"v":"0.1","l":"US","i":{"cu":"https://gsf-fl.softonic.com/361/738/abda546ab2fc780789a74d376a5f1f4ceb/WeChatSetup.exe?Expires=1717169192&Signature=a1b2e1fb37cfd75df9c990a1d13923f9be834f58&url=https://wechat.en.softonic.com&Filename=WeChatSetup.exe","ct":"WeChat","cp":"https://hello.softonic.com/privacy-policy","ctu":"https://hello.softonic.com/terms-of-use","cl":"https://images.sftcdn.net/images/t_app-icon-s,f_jpg,w_100,c_scale/p/ef5b43e0-99eb-11e6-8b29-00163ec9f5fa/324590374/wechat-logo.png","ch":"SEM|EN_UK_DSA|paid","ca":"v5.83","cf":"wechat-3.9.7-installer.exe","cpi":"","cps":"","cd":"","cpr":"","cpp":"","cfl":"Shlishi21May10","cj":"+1","cb":"ch","cod":"","ctp":"","cep":""},"f":{"m":2,"x":"2025-04-19T02:58:27.616Z","a":"fa70","d":"17"},"o":[{"ad":{"n":"","f":"ZB_RAV_Cross_Solo_Soft","o":"RAV_Cross"},"ps":{"i":"RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png","dn":"RAV Antivirus","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -i","r":["ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware VMCI Bus Driver
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Microsoft Hyper-V VHDPMEM BTT Filter
                                Source: component0.exe, 00000005.00000002.3138790288.00000292BE92D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %Microsoft Hyper-V Storage Accelerator
                                Source: component0.exe, 00000005.00000002.3150730054.00000292D8E35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}q
                                Source: RAVEndPointProtection-installer.exe, 00000008.00000002.3092202963.00000135C086F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Program Files\ReasonLabs\EPP\Uninstall.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C70B4 IsDebuggerPresent,OutputDebugStringW,6_2_006C70B4
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00645204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,6_2_00645204
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00634C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,6_2_00634C8E
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006D7BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C6_2_006D7BC0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_00672B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,6_2_00672B30
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006BE8FE mov eax, dword ptr fs:[00000030h]6_2_006BE8FE
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C7C6A mov eax, dword ptr fs:[00000030h]6_2_006C7C6A
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C7CF2 mov eax, dword ptr fs:[00000030h]6_2_006C7CF2
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C7CAE mov eax, dword ptr fs:[00000030h]6_2_006C7CAE
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C7D23 mov eax, dword ptr fs:[00000030h]6_2_006C7D23
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_0063463F GetProcessHeap,6_2_0063463F
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess token adjusted: Debug
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess token adjusted: Debug
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeProcess token adjusted: Debug
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeProcess token adjusted: Debug
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006A9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_006A9018
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006A93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_006A93F2
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006AD453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_006AD453
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006A9586 SetUnhandledExceptionFilter,6_2_006A9586
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3D2A10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF7DC3D2A10
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3DE3BC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF7DC3DE3BC
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Yara detected Powershell decode and execute
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, type: DROPPED
                                Yara detected Powershell download and execute
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240601225827&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=&se=true" -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeProcess created: C:\Users\user\AppData\Local\Temp\40kgqfax.exe "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silentJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.infJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\wevtutil.exe "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\fltMC.exe "fltmc.exe" load rsKernelEngineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\wevtutil.exe "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xmlJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsWSC.exe "C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -iJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe "C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -iJump to behavior
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6712 -ip 6712
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 1320
                                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeProcess created: unknown unknown
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
                                Source: C:\Windows\System32\runonce.exeProcess created: C:\Windows\System32\grpconv.exe "C:\Windows\System32\grpconv.exe" -o
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006A9215 cpuid 6_2_006A9215
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: GetLocaleInfoW,6_2_006C45DA
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_006CC952
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_006CC907
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_006CC9ED
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_006CCA80
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: GetLocaleInfoW,6_2_006CCCE0
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_006CCE06
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: GetLocaleInfoW,6_2_006CCF0C
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_006CCFDB
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: GetLocaleInfoEx,6_2_006A7E28
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_006C3F6D
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,9_2_00007FF7DC3FC5E4
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,9_2_00007FF7DC3FC1B8
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLocaleInfoEx,OutputDebugStringW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC3889D0
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoW,9_2_00007FF7DC3F0258
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_00007FF7DC3FCA1C
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoEx,9_2_00007FF7DC3D1AEC
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_00007FF7DC3FCC00
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoEx,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC389C90
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: GetLocaleInfoEx,_invalid_parameter_noinfo_noreturn,9_2_00007FF7DC39FC30
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,9_2_00007FF7DC3FC514
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: EnumSystemLocalesW,9_2_00007FF7DC3EFCC0
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductIdJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\mainlogo.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\RAV_Cross.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\WebAdvisor.png VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsStubLib.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsLogger.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsJSON.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsAtom.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\Microsoft.Win32.TaskScheduler.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\d99d309a\00b6d669_67a7da01\rsStubLib.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsJSON.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\6c0cfe7b\b26fbcdf_98b4da01\rsJSON.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsLogger.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\b6385ea2\0420cddf_98b4da01\rsLogger.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsAtom.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\a50de39d\139f09df_98b4da01\rsAtom.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsServiceController.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\db1e4adc\3b47d4df_98b4da01\rsServiceController.DLL VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsStubLib.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsLogger.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsJSON.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsAtom.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\Microsoft.Win32.TaskScheduler.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\5269db96\00b6d669_67a7da01\rsStubLib.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsJSON.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\a6d8052f\b26fbcdf_98b4da01\rsJSON.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsLogger.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\2970adb0\0420cddf_98b4da01\rsLogger.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsAtom.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\ef55c892\139f09df_98b4da01\rsAtom.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsServiceController.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\2f62e0c4\3b47d4df_98b4da01\rsServiceController.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\5269db96\00b6d669_67a7da01\rsStubLib.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\5269db96\00b6d669_67a7da01\rsStubLib.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsJSON.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\cc03229d\dddb94fe_98b4da01\rsJSON.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLogger.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\c1f6dfcf\1651aafe_98b4da01\rsLogger.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsAtom.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\214e2583\65867bfd_98b4da01\rsAtom.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsServiceController.dll VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\c6a246bc\c73cb6fe_98b4da01\rsServiceController.DLL VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsWSC.exe VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsWSC.exe VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Application.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\System.Net.Http.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Application.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsLogger.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsDatabase.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsJSON.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\BouncyCastle.Crypto.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsTime.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsAtom.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\System.Net.Http.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsBuild.Runtime.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsServiceController.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsWSCClient.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EPP\System.ValueTuple.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeQueries volume information: C:\Program Files\ReasonLabs\EDR\rsEDRLib.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Windows\System32\runonce.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeCode function: 6_2_006C4619 GetSystemTimeAsFileTime,6_2_006C4619
                                Source: C:\Program Files\ReasonLabs\Common\rsSyncSvc.exeCode function: 9_2_00007FF7DC3F65D4 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,9_2_00007FF7DC3F65D4
                                Source: C:\Users\user\AppData\Local\Temp\40kgqfax.exeCode function: 7_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040351C
                                Source: C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior

                                Stealing of Sensitive Information

                                barindex
                                Yara detected GhostRat
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected IcedID
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected LaZagne password dumper
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, type: DROPPED
                                Yara detected Mini RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Njrat
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135c07c0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 45.0.rsEDRSvc.exe.1eb809f0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135c0910000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.0.rsWSC.exe.246c6c60000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135bd6dd9b0.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135bd6dd9b0.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 44.2.rsEngineSvc.exe.18cad3d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 44.2.rsEngineSvc.exe.18cad460000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135c06c0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.0.rsEngineSvc.exe.29994ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 45.2.rsEDRSvc.exe.1eb9b0b0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.2.rsEngineSvc.exe.299966a0000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.2.rsEngineSvc.exe.299966d0000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.2.rsEngineSvc.exe.299afd60000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000002B.00000002.2445610095.00000299967CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2493242434.000001EB9B0B2000.00000002.00000001.01000000.00000034.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002C.00000002.3596734872.0000018CAD462000.00000002.00000001.01000000.00000046.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.3098035990.00000135C0912000.00000002.00000001.01000000.0000003F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2449940365.00000299AFD62000.00000002.00000001.01000000.00000032.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.3091227950.00000135C07C2000.00000002.00000001.01000000.0000003E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002C.00000002.3594911747.0000018CAD3D2000.00000002.00000001.01000000.00000044.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2445133513.00000299966A2000.00000002.00000001.01000000.00000030.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2059111756.000000000275C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2445298252.00000299966D2000.00000002.00000001.01000000.00000031.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2480472755.000001EB827A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2062756455.0000000002751000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2835298854.00000135A81AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.3090043199.00000135C06C2000.00000002.00000001.01000000.0000003D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000000.2462802097.000001EB809F2000.00000002.00000001.01000000.00000033.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2835298854.00000135A8655000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000000.2430008911.0000029994AC2000.00000002.00000001.01000000.0000002F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2854690041.00000135BD1C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2058447523.0000000002752000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000000.2393001707.00000246C6C62000.00000002.00000001.01000000.0000002A.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Loggers.Business.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\rsServiceController.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Camera.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\rsJSON.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\rsJSON.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\mc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Needle.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\I3CEK9OD\rsAtom.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsServiceController.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsTime.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.Messages.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Wsc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\QWYTBVMQ\rsJSON.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Utilities.Browsers.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Edr.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnDemand.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Data.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Features.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.API.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Updater.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\rsServiceController.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Programs.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Detections.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSCClient.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsHelper.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsServiceController.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Helper.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Ransomware.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Performance.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsRemediation.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.UDI.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Quarantine.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsBridge.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Self.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\rsServiceController.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsWSCClient.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsBridge.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsTime.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.JSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Wsc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSC.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.JSONInterface.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\mc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\31KME9I4\rsLogger.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnAccess.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.BTScan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\InstallerLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\InstallerLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.JSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Extension.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Microphone.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.Proxy.dll, type: DROPPED
                                Yara detected Quasar RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected RevengeRAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected WebMonitor RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
                                Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                                Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exeFile opened: C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences
                                Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED

                                Remote Access Functionality

                                barindex
                                Yara detected GhostRat
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected IcedID
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Mini RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected Njrat
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135c07c0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 45.0.rsEDRSvc.exe.1eb809f0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135c0910000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.0.rsWSC.exe.246c6c60000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135bd6dd9b0.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135bd6dd9b0.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 44.2.rsEngineSvc.exe.18cad3d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 44.2.rsEngineSvc.exe.18cad460000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.RAVEndPointProtection-installer.exe.135c06c0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.0.rsEngineSvc.exe.29994ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 45.2.rsEDRSvc.exe.1eb9b0b0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.2.rsEngineSvc.exe.299966a0000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.2.rsEngineSvc.exe.299966d0000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 43.2.rsEngineSvc.exe.299afd60000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000002B.00000002.2445610095.00000299967CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2493242434.000001EB9B0B2000.00000002.00000001.01000000.00000034.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002C.00000002.3596734872.0000018CAD462000.00000002.00000001.01000000.00000046.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.3098035990.00000135C0912000.00000002.00000001.01000000.0000003F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2449940365.00000299AFD62000.00000002.00000001.01000000.00000032.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.3091227950.00000135C07C2000.00000002.00000001.01000000.0000003E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002C.00000002.3594911747.0000018CAD3D2000.00000002.00000001.01000000.00000044.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2445133513.00000299966A2000.00000002.00000001.01000000.00000030.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2059111756.000000000275C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2445298252.00000299966D2000.00000002.00000001.01000000.00000031.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2480472755.000001EB827A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2062756455.0000000002751000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2835298854.00000135A81AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.3090043199.00000135C06C2000.00000002.00000001.01000000.0000003D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000000.2462802097.000001EB809F2000.00000002.00000001.01000000.00000033.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2835298854.00000135A8655000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000000.2430008911.0000029994AC2000.00000002.00000001.01000000.0000002F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.2854690041.00000135BD1C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.2058447523.0000000002752000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000000.2393001707.00000246C6C62000.00000002.00000001.01000000.0000002A.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Loggers.Business.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\rsServiceController.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Camera.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\rsJSON.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\rsJSON.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\mc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Needle.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\I3CEK9OD\rsAtom.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsServiceController.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsTime.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.Messages.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Wsc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\QWYTBVMQ\rsJSON.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Utilities.Browsers.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Edr.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnDemand.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Data.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Features.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.API.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Updater.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\rsServiceController.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Programs.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Detections.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSCClient.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsHelper.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsServiceController.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Helper.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Ransomware.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Performance.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsRemediation.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.UDI.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Quarantine.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsBridge.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Self.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\rsServiceController.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsDatabase.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsWSCClient.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsBridge.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsTime.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.JSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Wsc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSC.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.JSONInterface.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\mc.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsAtom.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\31KME9I4\rsLogger.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnAccess.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.BTScan.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\InstallerLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\InstallerLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.JSON.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Extension.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Microphone.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsLogger.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.Proxy.dll, type: DROPPED
                                Yara detected Quasar RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected RevengeRAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED
                                Yara detected WebMonitor RAT
                                Source: Yara matchFile source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                1
                                Software                                		Acquire Infrastructure1
                                Valid Accounts                                		11
                                Windows Management Instrumentation                                		1
                                LSASS Driver                                		1
                                LSASS Driver                                		21
                                Disable or Modify Tools                                		1
                                OS Credential Dumping                                		12
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		1
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                Data Encrypted for Impact
                                CredentialsDomainsDefault Accounts2
                                Native API                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory4
                                File and Directory Discovery                                		Remote Desktop Protocol1
                                Browser Session Hijacking                                		2
                                Encrypted Channel                                		Exfiltration Over Bluetooth1
                                System Shutdown/Reboot
                                Email AddressesDNS ServerDomain Accounts2
                                Command and Scripting Interpreter                                		1
                                Valid Accounts                                		1
                                Valid Accounts                                		3
                                Obfuscated Files or Information                                		Security Account Manager58
                                System Information Discovery                                		SMB/Windows Admin Shares1
                                Data from Local System                                		SteganographyAutomated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts11
                                Scheduled Task/Job                                		34
                                Windows Service                                		11
                                Access Token Manipulation                                		2
                                Software Packing                                		NTDS1
                                Query Registry                                		Distributed Component Object Model1
                                Clipboard Data                                		Protocol ImpersonationTraffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts12
                                Service Execution                                		11
                                Scheduled Task/Job                                		34
                                Windows Service                                		1
                                Timestomp                                		LSA Secrets61
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled Task11
                                Registry Run Keys / Startup Folder                                		11
                                Process Injection                                		1
                                DLL Side-Loading                                		Cached Domain Credentials51
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
                                Scheduled Task/Job                                		1
                                File Deletion                                		DCSync2
                                Process Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job11
                                Registry Run Keys / Startup Folder                                		143
                                Masquerading                                		Proc Filesystem1
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Valid Accounts                                		/etc/passwd and /etc/shadow2
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                                Modify Registry                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd51
                                Virtualization/Sandbox Evasion                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
                                Access Token Manipulation                                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                                Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers11
                                Process Injection                                		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
                                Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
                                Hidden Files and Directories                                		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood
                                Identify Business TempoBotnetHardware AdditionsPythonHypervisorProcess Injection1
                                Regsvr32                                		Credential API HookingDomain GroupsExploitation of Remote ServicesRemote Email CollectionExternal ProxyTransfer Data to Cloud AccountReflection Amplification
                                Identify RolesWeb ServicesMasquerade as Legitimate ApplicationJavaScriptValid AccountsDynamic-link Library Injection1
                                Rundll32                                		Brute ForceCloud GroupsAttack PC via USB ConnectionEmail Forwarding RuleMulti-hop ProxyExfiltration Over Web ServiceEndpoint Denial of Service

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1450567 Sample: wechat-3.9.7-installer_ae-G... Startdate: 02/06/2024 Architecture: WINDOWS Score: 100 199 Malicious sample detected (through community Yara rule) 2->199 201 Multi AV Scanner detection for submitted file 2->201 203 Yara detected PureLog Stealer 2->203 205 20 other signatures 2->205 12 wechat-3.9.7-installer_ae-GFz1.exe 2 2->12         started        15 Uninstall.exe 2->15         started        17 rsEngineSvc.exe 2->17         started        21 5 other processes 2->21 process3 dnsIp4 135 C:\...\wechat-3.9.7-installer_ae-GFz1.tmp, PE32 12->135 dropped 23 wechat-3.9.7-installer_ae-GFz1.tmp 5 24 12->23         started        137 C:\Users\user\AppData\Local\...\Uninstall.exe, PE32 15->137 dropped 139 C:\Users\user\AppData\Local\...\System.dll, PE32 15->139 dropped 28 Uninstall.exe 15->28         started        165 44.206.168.227 AMAZON-AESUS United States 17->165 167 13.32.99.30 AMAZON-02US United States 17->167 141 C:\ProgramData\...\SignaturesYSS.dat.tmp, data 17->141 dropped 143 C:\ProgramData\...\SignaturesYSS.dat, data 17->143 dropped 145 C:\ProgramData\...\SignaturesYS.dat.tmp, data 17->145 dropped 147 5 other malicious files 17->147 dropped 207 Creates files in the system32 config directory 17->207 209 Tries to harvest and steal browser information (history, passwords, etc) 17->209 211 Tries to open files direct via NTFS file id 17->211 30 uihost.exe 21->30         started        32 WerFault.exe 21->32         started        file5 signatures6 process7 dnsIp8 187 18.172.112.22 MIT-GATEWAYSUS United States 23->187 189 18.66.121.153 MIT-GATEWAYSUS United States 23->189 191 3 other IPs or domains 23->191 119 C:\Users\user\AppData\Local\...\saBSI.exe, PE32 23->119 dropped 121 C:\Users\user\...\component1.zip (copy), Zip 23->121 dropped 123 C:\Users\user\AppData\...\component1 (copy), Zip 23->123 dropped 131 4 other files (none is malicious) 23->131 dropped 227 Writes many files with high entropy 23->227 34 component0.exe 14 5 23->34         started        37 saBSI.exe 10 8 23->37         started        41 WerFault.exe 23->41         started        125 C:\Users\user\AppData\Local\...\rsTime.dll, PE32 28->125 dropped 127 C:\Users\user\AppData\Local\...\rsLogger.dll, PE32 28->127 dropped 129 C:\Users\user\AppData\Local\...\rsJSON.dll, PE32 28->129 dropped 133 50 other files (4 malicious) 28->133 dropped 229 Installs Task Scheduler Managed Wrapper 28->229 43 RAVEndPointProtection-installer.exe 28->43         started        231 Tries to harvest and steal browser information (history, passwords, etc) 30->231 45 Conhost.exe 32->45         started        file9 signatures10 process11 dnsIp12 91 C:\Users\user\AppData\Local\...\40kgqfax.exe, PE32 34->91 dropped 47 40kgqfax.exe 112 34->47         started        169 104.18.21.226 CLOUDFLARENETUS United States 37->169 171 52.26.75.78 AMAZON-02US United States 37->171 173 2.16.164.104 AKAMAI-ASN1EU European Union 37->173 93 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 37->93 dropped 213 Writes many files with high entropy 37->213 51 installer.exe 37->51         started        175 20.189.173.20 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 41->175 95 C:\Users\user\AppData\Local\...\rsAtom.DLL, PE32 43->95 dropped 97 C:\Users\user\...\rsServiceController.DLL, PE32 43->97 dropped 99 C:\Users\user\AppData\Local\...\rsJSON.DLL, PE32 43->99 dropped 101 494 other files (52 malicious) 43->101 dropped 215 Installs Task Scheduler Managed Wrapper 43->215 217 Tries to harvest and steal browser information (history, passwords, etc) 43->217 file13 signatures14 process15 file16 149 C:\Users\user\AppData\Local\...\rsTime.dll, PE32 47->149 dropped 151 C:\Users\user\AppData\Local\...\rsLogger.dll, PE32 47->151 dropped 153 C:\Users\user\AppData\Local\...\rsJSON.dll, PE32 47->153 dropped 161 50 other files (4 malicious) 47->161 dropped 193 Installs Task Scheduler Managed Wrapper 47->193 53 RAVEndPointProtection-installer.exe 39 499 47->53         started        155 C:\Program Files\McAfee\...\installer.exe, PE32+ 51->155 dropped 157 C:\Program Files\McAfee\...\wssdep.cab, Microsoft 51->157 dropped 159 C:\Program Files\McAfee\...\wataskmanager.cab, Microsoft 51->159 dropped 163 18 other files (17 malicious) 51->163 dropped 195 Writes a notice file (html or txt) to demand a ransom 51->195 197 Writes many files with high entropy 51->197 58 installer.exe 51->58         started        signatures17 process18 dnsIp19 177 18.66.102.87 MIT-GATEWAYSUS United States 53->177 179 18.213.148.86 AMAZON-AESUS United States 53->179 185 2 other IPs or domains 53->185 103 C:\Users\user\...\rsServiceController.DLL, PE32 53->103 dropped 105 C:\Users\user\AppData\Local\...\rsJSON.DLL, PE32 53->105 dropped 107 C:\Users\user\AppData\Local\...\rsAtom.DLL, PE32 53->107 dropped 115 439 other files (56 malicious) 53->115 dropped 219 Installs Task Scheduler Managed Wrapper 53->219 221 Drops large PE files 53->221 223 Writes many files with high entropy 53->223 225 Hides that the sample has been downloaded from the Internet (zone.identifier) 53->225 60 rsWSC.exe 53->60         started        63 rsEngineSvc.exe 53->63         started        65 rsEDRSvc.exe 53->65         started        75 6 other processes 53->75 181 44.236.121.164 AMAZON-02US United States 58->181 183 23.197.126.143 AKAMAI-ASN1EU United States 58->183 109 C:\Program Files\McAfee\...\uihost.exe, PE32+ 58->109 dropped 111 C:\Program Files\McAfee\...\servicehost.exe, PE32+ 58->111 dropped 113 C:\Program Files\McAfee\...\e10ssaffplg.xpi, Zip 58->113 dropped 117 18 other files (none is malicious) 58->117 dropped 67 regsvr32.exe 58->67         started        69 regsvr32.exe 58->69         started        71 regsvr32.exe 58->71         started        73 regsvr32.exe 58->73         started        file20 signatures21 process22 signatures23 233 Reads the Security eventlog 60->233 235 Reads the System eventlog 60->235 77 regsvr32.exe 67->77         started        79 regsvr32.exe 69->79         started        237 Creates an autostart registry key pointing to binary in C:\Windows 75->237 81 runonce.exe 75->81         started        83 conhost.exe 75->83         started        85 conhost.exe 75->85         started        87 3 other processes 75->87 process24 process25 89 grpconv.exe 81->89         started       

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                wechat-3.9.7-installer_ae-GFz1.exe12%ReversingLabs
                                wechat-3.9.7-installer_ae-GFz1.exe20%VirustotalBrowse

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Program Files\McAfee\Temp1361141607\installer.exe0%ReversingLabs
                                C:\Program Files\McAfee\Temp1361141607\installer.exe0%VirustotalBrowse
                                C:\Program Files\McAfee\Temp1361141607\resource.dll0%ReversingLabs
                                C:\Program Files\McAfee\Temp1361141607\resource.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\browserhost.exe0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\browserhost.exe0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\eventmanager.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\eventmanager.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\logicmodule.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\logicmodule.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\lookupmanager.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\lookupmanager.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exe0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exe0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\resource.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\resource.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\servicehost.exe0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\servicehost.exe0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\settingmanager.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\settingmanager.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\taskmanager.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\taskmanager.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\uihost.exe0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\uihost.exe0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\uimanager.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\uimanager.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\uninstaller.exe0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\uninstaller.exe0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\updater.exe0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\updater.exe0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\wataskmanager.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\wataskmanager.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll0%VirustotalBrowse
                                C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll0%ReversingLabs
                                C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll0%VirustotalBrowse

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                No Antivirus matches

                                Domains and IPs

                                Contacted Domains

                                No contacted domains info

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://shield.reasonsecurity.com/ReasonLabs-DNS-seRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-sRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    https://www.reasonsecurity.RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                      https://config.rRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        https://logziop.reasonsecRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=trRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            https://www.mcafee.com/consumer/v/wa-how.html.saBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              https://.servicebus.windows.net//messages?timeout=60&api-version=2014-01&skn=Failedinstaller.exe, 00000013.00000003.2298743769.0000022446E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.exRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  https://ud-beta.reasonsecurityRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.pngmAwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000919000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oipRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        https://shield-dev.reasonsecurity.com/ReasonLabs-DNS-setup.eRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          https://config.reasoRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            https://shield.reasonsecurity.com/RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&pRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                https://ud-beta.reasonsecuritRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  https://www.mcafee.com/consumer/v/wa-how.html(servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    https://www.mcafee.com/consumer/en-us/policy/legal.htmljwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      https://shield-dev.reasRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        https://www.mcafee.com/consumer/v/wa-how.html$servicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          https://sadownload.mcafee.com:443/products/WebAdvisor/Win/update_product.xmlservicehost.exe, 00000017.00000003.2375921574.000001FFEDE33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dtaRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              https://track.analytics-data.RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                https://update-beta.reasonsecurity.com/v2/RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  https://comipass.reasonsecurityRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    https://update-beta.reasonsecurityRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      https://www.reasonsecurity.cRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        https://shield.reasonsecurity.com/rsStubActivator.exeRwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          https://sadownload.mcafee.com/products/sa/bsi/win/binary/saBSI.exe, 00000006.00000003.2454504012.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2454637878.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2122640684.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2087904267.0000000005A1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            https://www.mcafee.com/consumer/v/wa-how.htmlRservicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              https://shield-dev.reasonsecurity.com/ReRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oiRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  https://www.mcafee.com/consumer/v/wa-how.htmlMsaBSI.exe, 00000006.00000002.2476207416.000000000313D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    https://update.reasonseRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      https://www.mcafee.com/consumer/v/wa-how.htmlNservicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        https://track.analyticsRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          https://shield.reasonsecurity.com/rsStubActivator.exeUwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            https://update-beta.reaRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              https://wechat.en.softonic.com&Filename=WeChatSetup.exewechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007564000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2568368745.0000000007572000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                https://www.mcafee.com/consumer/v/wa-how.htmlJservicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    https://logziop.reasonsecurity.cRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      https://www.innosetup.com/wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1701741532.0000000002660000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.exe, 00000000.00000003.1704164763.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000000.1706614187.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                                                        https://www.mcafee.com/consumer/v/wa-how.htmlFservicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          https://sadownload.mcafee.com:443/products/SA/v1/bsi/4.1.1/install.xmlgsaBSI.exe, 00000006.00000003.2088006187.0000000003203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            https://shield.reasonsecurcomponent0.exe, 00000005.00000002.3145337309.00000292C0621000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              https://shield.reasonsecurity.com/ReasonLabs-VPN-setupRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                https://www.mcafee.com/consumer/en-us/policy/global/legawechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  https://github.com/mozilla-services/screenshotsservicehost.exe, 00000017.00000002.3603961084.000001FFEDEB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    https://www.mcafee.com/consumer/v/wa-how.html?regsvr32.exe, 0000001A.00000003.2370785792.0000000000E1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      https://reasonlabs.com/platform/packages/essential?utm_source=rav_uninstall&utm_medium=home_website_40kgqfax.exe, 00000007.00000003.1983912988.0000000002731000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F1B000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000008.00000000.2021009787.00000135A62C2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000000D.00000003.2055187028.0000000002756000.00000004.00000020.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.00000244419BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        https://update-beta.reasonsecurity.RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          https://www.mcafee.com/consumer/v/wa-how.html:servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            https://www.mcafee.com/consumer/v/wa-how.html6servicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              https://shield.reasonsecurity.com/ReasonLabs-VPN-setuRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                https://track.analyticRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  https://update.reasoRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.pngNwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      https://shield-dev.reasonsecurity.com/ReaRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        https://shield.reasonseRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.pngMwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            https://update-beta.reRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              https://config-beta.rRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  https://config.reaRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://update-beta.reasonsecurRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://www.mcafee.com/consumer/v/wa-how.htmlfservicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://www.mcafee.com/consumer/v/wa-how.htmlgservicehost.exe, 00000017.00000003.2493717795.000001FFEDD0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://www.mcafee.com/consumer/v/wa-how.htmlhservicehost.exe, 00000017.00000003.2377679521.000001FFED20A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://home.mcafee.com/Root/AboutUs.aspx?id=eulwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757361640.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1755991728.0000000000907000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1772564401.000000000091D000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://www.avast.com/privacy-policyKwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://www.reasonsecurity.com/XRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    https://home.mcafwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://shield.reasonsecurity.com/rsStubActivator.exeges/880/update2/EN.pngwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.0000000000906000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://reasonlabs.com/policies~wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2546295197.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1756065159.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1757479689.00000000008EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://update.reasonsecurity.com/RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            https://shield.reasonsecurity.com/ReasonLabs-DNS-setup.eRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://www.google.com/favicon.icoinstaller.exe, 00000013.00000003.2221929534.0000022446D4D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217184939.0000022446C97000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2241909301.0000022446DE0000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2233780227.0000022446DFF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2279756236.0000022446D75000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2292123965.0000022446C9D000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 00000017.00000002.3628991095.00007FFDF0C1E000.00000002.00000001.01000000.00000024.sdmpfalse
                                                                                                                                                                                                https://www.mcafee.com/consumer/v/wa-how.htmlVservicehost.exe, 00000017.00000002.3600486749.000001FFEDC7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://config.reRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    https://update-beta.reasonRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&ptl=7&iRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://shield.reasonsecurity.com/ReasonLabs-DNS-setuRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          https://ud.reaRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            https://update.reasonsecurity.com/v2/updRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://d2dbdb0phbn9qb.cloudfront.net/zbdwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1708336351.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                https://update.reasonsecurity.com/v2/upRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://shield.reasonsecurity.com/ReasonLabs-VPN-setup.exe?oip=26&dta=true&RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    https://update.reasonsRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      https://d2dbdb0phbn9qb.cloudfront.net/f/RAV/images/ZB_RAV_Bisli_Logo_bcg_V2/DOTPS-588/EN.png#wechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000002.2564985562.0000000005390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://shield-dev.reasonsecurity.com/ReasonLabs-VPN-setRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          https://ud.reasRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            https://config-beta.reasonsecuriRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              https://electron-shell.reasonsecurity.comRAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A7F94000.00000004.00000800.00020000.00000000.sdmp, RAVEndPointProtection-installer.exe, 00000011.00000002.3607744432.0000024441AAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                https://reasonlabs.com/rav_online_security_policiesehDwechat-3.9.7-installer_ae-GFz1.tmp, 00000001.00000003.1773020247.000000000091D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  https://secure.comodo.com/CPS0LRAVEndPointProtection-installer.exe, 00000008.00000002.3100385150.00000135C0C38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    https://update.reasonsecurity.com/v2/RAVEndPointProtection-installer.exe, 00000008.00000002.2835298854.00000135A84E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      http://crl3.digiceinstaller.exe, 00000013.00000003.2253712172.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2217431676.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2289117576.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2262291160.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2263492137.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2268436630.00000224469DB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000013.00000003.2288756225.00000224469DB000.00000004.00000020.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        2.16.164.104
                                                                                                                                                                                                                                        		unknownEuropean Union
                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                        18.66.102.87
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                        13.224.189.105
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        151.101.1.91
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                        20.189.173.20
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                        104.18.21.226
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        13.32.99.30
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        104.102.38.56
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                        18.172.112.22
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                        18.213.148.86
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                        199.232.194.133
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                        44.206.168.227
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                        23.197.126.143
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                        44.236.121.164
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        18.66.121.153
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                        13.35.58.80
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        52.26.75.78
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                        Analysis ID:1450567
                                                                                                                                                                                                                                        Start date and time:2024-06-02 04:57:27 +02:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 14m 44s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:50
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:wechat-3.9.7-installer_ae-GFz1.exe
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal100.rans.troj.spyw.evad.mine.winEXE@94/2422@0/17
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 66.7%
                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 56%
                                                                                                                                                                                                                                        • Number of executed functions: 128
                                                                                                                                                                                                                                        • Number of non-executed functions: 156
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                        • Execution Graph export aborted for target component0.exe, PID 5440 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target installer.exe, PID 2300 because there are no executed function
                                                                                                                                                                                                                                        • Execution Graph export aborted for target wechat-3.9.7-installer_ae-GFz1.tmp, PID 6712 because there are no executed function
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                        03:58:56Task SchedulerRun new task: EPPHealthCheck path: C:\Program Files\ReasonLabs\EPP\Uninstall.exe s>/auto-repair=RavStub
                                                                                                                                                                                                                                        23:00:30API Interceptor872x Sleep call for process: rsEngineSvc.exe modified

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\analyticsmanager.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 1819745 bytes, 2 files, at 0x44 +A "\analyticsmanager.dll" +A "\analyticsmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 165 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1841185
                                                                                                                                                                                                                                        Entropy (8bit):7.999662053959488
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:FOsg7Dhv2QFuRRPqdHuBwjBmqc80nm+1b1wMSDl6DGk62Gi1dYlJetT0lIwg6jwx:16hvi3+TCUdkZ1dYOtT0lIwf59SX
                                                                                                                                                                                                                                        MD5:DC4E5A62F9C5B04C8D3D20DB961371F5
                                                                                                                                                                                                                                        SHA1:12FB6AC6D3722A8BCE60F77CA808E5959DE95E02
                                                                                                                                                                                                                                        SHA-256:F43F800D8D85D7C5AF3BBFA5B2EA13D183BE8E8AD57F7A7FA4475BF603A693E9
                                                                                                                                                                                                                                        SHA-512:C684D5C877045855DF3CEFFA525DFFBC53D55B3559D1DCA19E10C586F2DB7085CB395A6F933ECCF8F2248E6338DCBAD294B54014F1BEFB6B2534879413AA3531
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....a.......D...........................a....S....................R........X\t .\analyticsmanager.dll.......R....Xnt .\analyticsmanager.manifest....Q.+..[...0 H....@d.5.....Vo..zc*...T..b.....X.Q.g..i.3 m..L...kw7.n}.i..n.....v......Zi.3....+.83+.>.....7..g.._.g.f....@,,..y...@P.dx.Y...m/u.28...3..6.z..mKE..\..#....Z,.i.-$8.i....&.e.A..@....:!.A........N......A..).(."0............r...g]b$....8.Z..C........rC.h.<Y.......^.>..z...../...d.R......~.....}...o>..... .zw.q.k...u.........j.ucu.....^U.-...n..+..1sou..&.U.&9R...&...x.N...?ul..$....P.R....P..I..*.'..^.I_.?...T.b...b.QO...wo.S.]...S,..L[pY=.7.e*K....{.S.3.o..v.........'...6P.nE..K_..$..{o.....,..$d_.X=..X......?..|..u...%...BHs..?*..q.4.&{5v^E.;.....%..W...d+.m^.P.....|...*._....}.j.-.......v.tlg..D......N....x..C.l!...n|.........|:.,.i.[.[.~......g.6}l...6l......w.....#...............>[4;.c.d.k.................>.b....PN...Z.....i{MNS.'....{O.v.z...../...7...gk.k4].3....9.....e6..[._..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\analyticstelemetry.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 38576 bytes, 54 files, at 0x44 +A "\analyticstelemetry.manifest" +A "\context\analyticscontextconfig.luc", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60016
                                                                                                                                                                                                                                        Entropy (8bit):7.90865352678138
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:uAfuvZkkVyMIzWiF4/7hUJNbfOkk4iXMxlC7MxKu:j8DHs4/7hUJNa/4hC+
                                                                                                                                                                                                                                        MD5:1D8F7C95A72A600B371E819B678BE0F0
                                                                                                                                                                                                                                        SHA1:7D544961DEE72463F43AFE8FDADD7A5BBB14A75F
                                                                                                                                                                                                                                        SHA-256:27F810A794170A97E430DC29A26169DEC6BCEA373EE000785AC089CAC058770A
                                                                                                                                                                                                                                        SHA-512:95987DD1F3E2DE393C9F5C201B89FE4A24D6581D7A036AD5124D5D9CCB9DF76ADA28DFF504F87BB6ABCB1B1D7A4832FB57E4204E6E5C9A882BFC823E7F3189A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF............D...........6....................S..................Z..........X|t .\analyticstelemetry.manifest.e...Z......X.p .\context\analyticscontextconfig.luc._..........X.p .\context\analyticswpssetting.luc............X.p .\context\analyticswsswps.luc.....:#.....X.p .\context\browserinformation.luc.0...H6.....X.p .\context\browserversion.luc.....x:.....X.p .\context\contexthandler.luc......<.....X.p .\context\externalutilityfunction.luc......?.....X.p .\context\featuretrackingfeature.luc......Z.....X.p .\context\hashedmachineid.luc.....9^.....X.p .\context\msspstatus.luc.O....f.....X.p .\context\samrecoverable.luc.....Yi.....X.p .\context\sequencenumber.luc.R...ak.....X.p .\context\subscriptionexpirydate.luc.R....m.....X.p .\context\subscriptionstatus.luc......r.....X.p .\context\subscriptiontype.luc.Y....t.....X.p .\context\suitestatus.luc.....xw.....X.p .\context\wpssubscriptionexpirydate.luc.F...Py.....X.p .\context\wpssubscriptionstatus.luc.@....{.....X.p .\context\wpssubscr

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\balloon_safe_annotation.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3166
                                                                                                                                                                                                                                        Entropy (8bit):7.890916051269147
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                                                                                        MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                                                                                        SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                                                                                        SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                                                                                        SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\browserhost.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 1212826 bytes, 8 files, at 0x44 +A "\browserhost.exe" +A "\browserhost.manifest", flags 0x4, number 1, extra bytes 20 in head, 114 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1234266
                                                                                                                                                                                                                                        Entropy (8bit):7.9994045878869215
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:Nyv4qVR0sKStjMsKu2r4xm6cH5Y+IE5jhuSoPhDNh8O11+dVQ:Njq70ItjMu2Uf6O1qjsIdVQ
                                                                                                                                                                                                                                        MD5:EF297EE03D8EA0240A1821BCACCC1BB1
                                                                                                                                                                                                                                        SHA1:01825EE74143242054E399D7DCD89C1E2EDB692E
                                                                                                                                                                                                                                        SHA-256:B0004747C1DA4EE30F93065BDDDA1E471338F07024D06E912CDF281333F7A0F3
                                                                                                                                                                                                                                        SHA-512:AC13A462E29B015990E2511EEC9D8A3B6E224666B815A746294039296832A2699EA0F666B1A41EFBE84FE145F213DF297624CA69FEC5F41533C247C289D3CB8D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF............D................................S..............r...._8........Xmt .\browserhost.exe..-..._8....Xyt .\browserhost.manifest.f...&.8....X.e .\edge.com.mcafee.webadvisor.json.e.....8....X.e .\edge.com.mcafee.webadvisor_v2.json......8....X.e .\webadvisor.mcafee.chrome.extension.json.L.....8....X.e .\webadvisor.mcafee.firefox.extension.json......8....X.e .\webadvisor_v2.mcafee.chrome.extension.json.K.....8....X.e .\webadvisor_v2.mcafee.firefox.extension.json........[...C ....P.. "....y.m*.~...m^jym.*y-.jy,M*y-M*ym]*8m]*y,M)y,L%y-M*8-]*9,]*9,\.8,.)4"D4VDxfX......{......ko..$.....#`.1e......H.m...+...s5...5.V.Q..T...R...M^M...er..N..R(..+ (D..W.J@../.3`@. M.@P...A.....BC.5eVFE...x..r.9.].A.P.Z[E..H}...@...X......cY....Gx.xy..._[6./.>w..,.sz.M...e;x..,......H....sG..;Ps.17....<.1....+.........~x.c.........x..n.N..{..M%........._?.B.....\4^..:#.r{...}w.o....pI.......]..x..{=.I..h....x2')..;*..7/.kw\.....GG...w..T.\.,..xq..k.....}.....E>.{#....[:...;...j..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\browserplugin.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 5067375 bytes, 2 files, at 0x44 +A "\browserplugin.manifest" +A "\e10ssaffplg.xpi", flags 0x4, number 1, extra bytes 20 in head, 183 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5088815
                                                                                                                                                                                                                                        Entropy (8bit):7.999213757451378
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:98304:tPHFmpsj52dThuYOyYoURVZJpQmNqNRVgxrXB+xzcf/FvFWz+hN4WDQcg7j:t/FmSj4qjRVZnVNqNRVuUoftv0mS
                                                                                                                                                                                                                                        MD5:3AFC7A2ED10D7804EE588A669A154AB2
                                                                                                                                                                                                                                        SHA1:B5CC1D0EB51E389FD5C49A0FF354CA576E402F7D
                                                                                                                                                                                                                                        SHA-256:F7F7C0FABE6D53A3E09AEB38648302523CDAE1EFB427205661C5567257156313
                                                                                                                                                                                                                                        SHA-512:B3D4770CB4F9C7CA98F2D655DC7BFEAC06E49CABF6934A043C92E9B8959994CAE55006190E88F9684DD747E26A060DE80C38B922A15A0F03D0325F2915F23C34
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....oRM.....D...........................oRM..S.............................Xyt .\browserplugin.manifest.xU[........X.t .\e10ssaffplg.xpi...[..Z..[...............*.D..]..qwwwwwpw.P.....\p.].....U.........6....u.b.N....7..K.. .q.)'.......Z.'O.@.._2..0...fH;..J..R..q2TSN.....o....(............5D.U.5.{d.y...:....U...T.U.."(...5....?..1e..l.K.c..LM......-.4..))..!...P..=...,+.....k.CG..+...i'.m+...L.* ....31-/,....._....,..-.4....-.a...U.57.~cG^l..%.@.o....L.............._&......_.5.Yt....ou.U..Vb>..9....D.....$...O.)...G.:............)%.?z.....Z}.].~....Q.$.............L..3....r.....x.......c...z..?..../U........5vf.v......_.........._.E.....k.....u.a..y..Jz...f..w'.C..b.......2...kc\.\..0......._.0.....Lc.K?...!.........4.v....k....6{./....?..$.lj.Y....c......3ef..?...........y.u.um.i..i}qq...e.....l.K...R....q..g.........T.GG.JH......l,..2.0~,~.1.,-...Z....[........+.}.....m?......X....~....4..g....y.._{.........j....Q.....zR`\.s,-+...........y.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\downloadscan.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 2248913 bytes, 3 files, at 0x44 +A "\downloadscan.manifest" +A "\win32\downloadscan.dll", flags 0x4, number 1, extra bytes 20 in head, 200 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2270353
                                                                                                                                                                                                                                        Entropy (8bit):7.999715677469091
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:49152:IGbgpm9nY7/XxnELz/lBCWi6NBl5hQpOECpWDXjtU19Rxyash:IGP6XxA/BdNBThQpOE7m1dyH
                                                                                                                                                                                                                                        MD5:830597A39C23A1D6234EF1EB5F9476E2
                                                                                                                                                                                                                                        SHA1:EBB05CFB80DA8A6D95B4123833F6B7F0C9230328
                                                                                                                                                                                                                                        SHA-256:DCE5DC71A095B82388B5945DDBDFED67A25686DF0E89A3EF64681EB6A85743DA
                                                                                                                                                                                                                                        SHA-512:7AA363FFBB13CBF35DB4DA3CA5C56588CAB5737B8EACEA273BA0F94C7014C849F0F080B6FDFA7A72D4981AF6F4FC3AEC9C5B173E0A744C9B28CD597B8C7784ED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF.....P".....D............................P"..S.............................Xwt .\downloadscan.manifest...........X't .\win32\downloadscan.dll..*5.......Xmt .\x64\downloadscan.dll.8t..`...[.... h,...@C.5..P.......?.".Cj...4.#O.Z?q.S.0O..Z.~2.5.]-.O\L.<2J2>.J....E..n....M..u.i...&.[.....*..0..w....w...y..l...@.U...%\..bommo.cs...........2..s%......t..Y...nA_..@.9'.4.T@...9..2.z&..............]Y...?..\...,..4y.d..J.\..x!A....$.^1.0...2^.v'.H.X.#S...f....5.T.*.\p.....%;...[.[....b..fm.z.7.'n......>..x.f.7.......+...}.|.OM..p.q...\4.Ku......[..a...|.qaYw.3..~8q_.d...q.-_...~..2.G...=.^.]..Ox.X.b..../...RMI.+|.....x.6... O.,..[.._|.x..g..../....?.........._....?...b_+..9.q.#..........%....$n.7....._.>......r..vg....?.co.......G|.7.yU.&c..-.n..3..S.@S...xH.......D.~.......Z...&.i.'.+._........_t...k...e..=Y9......>....]..?N...w.G....!.g............>qv...M..._.......G}..o.?.....o}I.O.m.}.......=wq..V.-`J.O.7.`_.7e....J.._.........L....|7|

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\eventmanager.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 1557599 bytes, 2 files, at 0x44 +A "\eventmanager.dll" +A "\eventmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 138 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1579039
                                                                                                                                                                                                                                        Entropy (8bit):7.999610264182365
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:49152:qMTFDcJsiPtsp4inLHHEQmlAwNES4qshrV:qMTFD4a4iLEQmlhNb2h
                                                                                                                                                                                                                                        MD5:4D640A7698CE8A63BE145717D1384BB7
                                                                                                                                                                                                                                        SHA1:2ABA5A5D24B66CB49DA317311B8A531F993A170F
                                                                                                                                                                                                                                        SHA-256:DE0B3DE2AF79A643E4B7712563A486786F470574792AB2E655AEEB20686AC116
                                                                                                                                                                                                                                        SHA-512:F268C6CF2C638CA16AAFA26C2DA8CF7822C0FF2415D56DF31EA91A2D79380012EF388E7A67BE508C4F5F5A2F6D54E3C4CA3EE26EE7C4AEB576C69FFFC49BE25B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF...._.......D..........................._....S....................D........Xmt .\eventmanager.dll.......D....Xrt .\eventmanager.manifest.c+.5j+..[...5 H....@..4.......K......K.:.rQ.M..\....v.....,.:..f.[.].nN;:...tM.S:.:....:....u............{=.v.g........5... ....442..Z.R:.$V.2cg..j.f..n.o..el..H.>..SSj.kAAj.#[.l..H-(.mb..&...A.!........................H........+.9.>....O..K?.rY.#.*..tT.D#.W...B.......2Gen.H...:'...f.g..5=...U.]...?....~.v.un.^.|...7a......|....7x.[...V^....t.v\s....un.8.......u~7.c...>.......c.R.../.........n;GF......i.;;{.J.y....r......v..;........@.......t............K...2...~.M.,ZGO.w]fe.z..EYg.,...~bOkj......^Z.L..>k..............C..'I./Kts....;../p2*..z..........#...m-...S..fv....v._..;j.w.Fh.o.=...j......9.....p.M..g.j..........h2...t..r.O.Z..>....].......y.H...v...o.[.g......{..oA.T..}2T.a.X..L3.?..M.C......;...;..../....7...q.....o..b...sBW..6....+.7;.~C.;8....a....s5#..3]...V..U.m.-r..c.h.z#....t.G...a

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\icon_complete.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3219
                                                                                                                                                                                                                                        Entropy (8bit):7.7127647052020425
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:ek20QaOtG6FvySCYWm8yAxvU+LblYFv2tct:eQQaOwhS8m8yH+flLtct
                                                                                                                                                                                                                                        MD5:4A09448B224F83F4E6D36AEC9FF4DA1E
                                                                                                                                                                                                                                        SHA1:CC42250CAF610210EFF2904B1A08630A0888AB2F
                                                                                                                                                                                                                                        SHA-256:911215D1ADA8D78A33F6ED9A3740A0652BE74EFA34ED22AE569D143F9B3B5040
                                                                                                                                                                                                                                        SHA-512:390587FA96D17112CA7EC1ADFE2BA103FE39E980A35A2D4C7A3B6BCF4DE9E95B200DDCEE3C4B6C34899DE51F20F9635D41259558C77CF24279D26264DA953E2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEF9F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFAF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEF7F71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEF8F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>d.8.....IDATx..kL.W.....Z(....h5>J....T,...4U...h.I..&~...`..hc......"h.. X.....m...Q....%...........'..ta.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\icon_failed.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3390
                                                                                                                                                                                                                                        Entropy (8bit):7.74331289225542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:ek2J8fBtCIc5eJXe1TDiotN45Myx7n6v9+j0ZH:e98fB8vcJqVUtx+9+j0p
                                                                                                                                                                                                                                        MD5:AEE9C26A50511C3E4196C28662BCE665
                                                                                                                                                                                                                                        SHA1:ADF6DA6EE3EAAD88E8EF1C9C07505AEFFDE89B57
                                                                                                                                                                                                                                        SHA-256:0E2904A557F79BCE71A47BFB03E49FA9C5B54C7855017B54143EA2214501BFE6
                                                                                                                                                                                                                                        SHA-512:F90AA520FD9308C502B857C4425BF6CF6E12C401EA4B538534E58655448232CF797AA9A9BA60B0932DBAFC28EE925D22BED6740DF82BB02C5C99EF851389F783
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEFDF71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFEF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFBF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEFCF71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..*.....IDATx..klTU...v..--/5.<.J...."F.aD.HQ4..(...j.P.a...?T ..F...........5..... ..jU..Q#.V(.]g...w.g.n.$.m

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\icon_laptop.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 100 x 73, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1511
                                                                                                                                                                                                                                        Entropy (8bit):7.072392857408681
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:YQ1hepWwjx82lY2T3JbVvdgqud1oUUyJ3Vnf//XPtGiLBVa470GoqF0ynT6/at8a:YuccNn2Vw7znJ3BvPtnLW5qF0yTUa6fC
                                                                                                                                                                                                                                        MD5:4D3A0258CF71A406CB7669FBE3FBEB2E
                                                                                                                                                                                                                                        SHA1:0811273369EADF2604DB3C53426F85FE74B785E4
                                                                                                                                                                                                                                        SHA-256:C156050A5D788BAD7D8F36482072B44A23F502F23C5F9198F6EB1EB066765DEE
                                                                                                                                                                                                                                        SHA-512:837A275BC63DD19F5F8553E056C5EAF257D530A54E0EC386BB28B0A515CA58929E3464612C30D9E7034ACF7473119E03B00EBAB26B220391330FEF12BC087973
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...d...I............tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:3EBDD818F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:3EBDD819F71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFFF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDF00F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..}....UIDATx..K.Q..sj-HT...X..t.Z.P.A$...v...._.-]DAkG....#.B....dr.(..@.*......-y.......<H.......{..^.\NA|h..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\installer.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2990000
                                                                                                                                                                                                                                        Entropy (8bit):6.51169381697672
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:qZODnkJSBApMNBe65LjwmeKxTQDAPwazuZbdQ:uTSBHBe65LjwfKFsKuZ6
                                                                                                                                                                                                                                        MD5:B2B02A72E98408C9E0EBD5036BD7A092
                                                                                                                                                                                                                                        SHA1:6D95B41EE0B8D6445E8D52048B4013AFAF78109C
                                                                                                                                                                                                                                        SHA-256:B2C1AD8AF3439BC7458130400BD213DD3DB5AEE8F49E295027C97B11DBE6BF58
                                                                                                                                                                                                                                        SHA-512:B74AFA38D91F41B0FFD445999905D6A2F2A88BD796B0CED6C55DB10DE62C7EE468CC27E94F701BCA59CFA6819B22869CE33193446CEC0DB69ECCEC1DFE85654F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........\1.h2b.h2b.h2b..1c.h2b..7cMh2b0.6c.h2b0.1c.h2b0.7c.h2bS.7c.h2b..7c.h2b..6c.h2b..3c.h2b.h2b.h2b^.6c.h2b.h3b.j2b..;c.h2b..2c.h2b...b.h2b.h.b.h2b..0c.h2bRich.h2b................PE..d....~>f.........."....$.f...".......8.........@..............................-.......-...`........................................... .$..... ......0$.8h....".8K....,.......-.........p.......................(...p...@..................... ......................text...nd.......f.................. ..`.rdata..J............j..............@..@.data...t.... !.......!.............@....pdata..8K...."..L....!.............@..@.didat........$.......".............@..._RDATA..\.... $.......".............@..@.rsrc...8h...0$..j....".............@..@.reloc........-..0...R,.............@..B................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jquery-1.9.0.min.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):93205
                                                                                                                                                                                                                                        Entropy (8bit):5.288204890649224
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTdT:fY8MaW2c+UELKUqnAdiW
                                                                                                                                                                                                                                        MD5:43A2DD1096DAAAD91A40C9C9AA026DCC
                                                                                                                                                                                                                                        SHA1:FA185F0ADE30817D20EC16EF71647832765403A9
                                                                                                                                                                                                                                        SHA-256:E22BCF04CD56AB92742DF9D02E4BB460A378C7E1FD58B2EB3972E989983A540C
                                                                                                                                                                                                                                        SHA-512:531002C093133D5253C6869DEB92230CFE851B223CC9F23F5F91306AED3FBA9FDD2CC516335E361B5C362A2AAF2571633F7812678E9BD99AB9716ACFC73469F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-cs-CZ.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2374), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):74892
                                                                                                                                                                                                                                        Entropy (8bit):3.810713515135319
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:MtrgKi7KxT98/9UIBtIFbxb6EFNBRV25JWavzs87n37ebyUDfIjGv:hs91bzNx0JWGsiUDwy
                                                                                                                                                                                                                                        MD5:1B9315871686DAD6605594BF62598D65
                                                                                                                                                                                                                                        SHA1:F77F3B4EC5DCF958462B30565A30493752448836
                                                                                                                                                                                                                                        SHA-256:CF035D6E4292EA8F4F99363F5C92665D480E9A0CC53B1ABDFEDA29AE4F1708D4
                                                                                                                                                                                                                                        SHA-512:860696F6D2268F320E9D3719DB21F0F2E5A8D9BD7EEDAB81FB9B2E33637F3857F082029FF4EF3C888CB77DD11C648543413AA70265B3885C8F07A7D16C8E47CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..L.i.c.e.n...n... .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .s.o.f.t.w.a.r.e. .I.n.t.e.l.........D...k.u.j.e.m.e. .z.a. .v.y.u.~.i.t... .b.e.z.p.e...n.o.s.t.n...h.o. .s.o.f.t.w.a.r.u. .a. .s.l.u.~.e.b. .s.p.o.l.e...n.o.s.t.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .(.d...l.e. .j.e.n. .. S.o.f.t.w.a.r.e.. ).,. .k.t.e.r... .p.o.s.k.y.t.u.j.e. .j.e.j... .s.t.o.p.r.o.c.e.n.t.n... .v.l.a.s.t.n...n... .d.c.e.Y.i.n... .s.p.o.l.e...n.o.s.t. .M.c.A.f.e.e... .T.o.t.o. .j.e. .p.r...v.n... .u.j.e.d.n...n... .m.e.z.i. .v...m.i. .a. .n.a.a... .s.p.o.l.e...n.o.s.t..... .I.n.s.t.a.l.a.c... .n.e.b.o. .p.o.u.~.i.t...m. .S.o.f.t.w.a.r.u. .v.y.j.a.d.Y.u.j.e.t.e. .s.o.u.h.l.a.s. .s. .p.o.d.m...n.k.a.m.i. .u.j.e.d.n...n...,. .p.r.o.t.o. .s.i. .j.e. .p.e...l.i.v... .p.Y.e...t...t.e... .........T.a.t.o. .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .S.o.f.t.w.a.r.e. .I.n.t.e.l. .(.d...l.e. .j.e.n. .. S.m.l.o.u.v.a.. ). .u.p.r.a.v.u.j.e. .v.a.a.e. .p.r...v.a. .k. .p.o.u.~.i.t... .S.o.f.t.w.a.r.u.,. .j.e.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-da-DK.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2582), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):91776
                                                                                                                                                                                                                                        Entropy (8bit):3.4529510483598287
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:nVNCGgfhrLJT5kmiYjC8DZ9p7WmTg5MSItM7Q1cTm/diaa8mwQUIqetIHi7M6X6R:nVNCGgfhpTziY2Ol7FtD0aa8mWe9+PuM
                                                                                                                                                                                                                                        MD5:8C5BBFF937D23FB94766574F7DADA009
                                                                                                                                                                                                                                        SHA1:00FFB6B097530704E0742866322BC7637CDDDF7A
                                                                                                                                                                                                                                        SHA-256:222DC9A05ABE46B8B698D35F27B47D5DF34ABA63FF9EF539196A4DD69EB94B1C
                                                                                                                                                                                                                                        SHA-512:574A96F146F3BA2C9460D22497521871E512DBA6CB5913FB316364DF3694E1CC9851CED00AF17C3156026F60CB816EFA9CF05D982C04C90D0A59EB55208CD347
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..L.i.c.e.n.s.a.f.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.,. .f.o.r.d.i. .d.u. .b.r.u.g.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .s.o.f.t.w.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".S.o.f.t.w.a.r.e.n.".).,. .d.e.r. .l.e.v.e.r.e.s. .a.f. .M.c.A.f.e.e.,. .s.o.m. .e.r. .e.t. .h.e.l.e.j.e.t. .d.a.t.t.e.r.s.e.l.s.k.a.b. .a.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.f.t.a.l.e. .m.e.l.l.e.m. .o.s. .. .i.n.s.t.a.l.l.a.t.i.o.n. .e.l.l.e.r. .o.p.r.e.t.t.e.l.s.e. .a.f. .a.d.g.a.n.g. .t.i.l. .v.o.r.e.s. .S.o.f.t.w.a.r.e. .b.e.t.y.d.e.r.,. .a.t. .d.u. .a.c.c.e.p.t.e.r.e.r. .d.i.s.s.e. .v.i.l.k...r.,. .s... .d.u. .b.e.d.e.s. .l...s.e. .d.e.m. .o.m.h.y.g.g.e.l.i.g.t... .........I. .d.e.n.n.e. .l.i.c.e.n.s.a.f.t.a.l.e. .f.r.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".A.f.t.a.l.e.n.".). .g.e.n.n.e.m.g...s. .d.i.n.e. .r.e.t.t.i.g.h.e.d.e.r. .t.i.l. .a.t. .b.r.u.g.e. .S.o.f.t.w.a.r.e.n.,. .b.e.g.r...n.s.n.i.n.g.e.r. .f.o.r. .d.e.n.n.e. .b.r.u.g.,. .v.o.r.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-de-DE.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (3216), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):104206
                                                                                                                                                                                                                                        Entropy (8bit):3.4915396500324105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Sw8jufxOksgk9WB2s9JIEwSKjKmDwwy0U6QVMsaXSTLgaP3FGt:FahQVk
                                                                                                                                                                                                                                        MD5:47DE4A9A5028CC8773F0E3F0CFAB6B27
                                                                                                                                                                                                                                        SHA1:F893FED5B974359FD10207D55EB1C577E134C688
                                                                                                                                                                                                                                        SHA-256:852EDBCAFFF1009097B0F58B8066B639CEDC2AE29B8E613975F1785DD174A35B
                                                                                                                                                                                                                                        SHA-512:C034ADA19F85C58C65CBBB971A05BB9390D631207E8A8E92FDA8B434EDCF3A8395BD51C82B774CED7D9C8BD0DF21E2DD308DFE3DBDD2308D0597C407E1DE3852
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g.........V.i.e.l.e.n. .D.a.n.k.,. .d.a.s.s. .S.i.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .S.o.f.t.w.a.r.e. .u.n.d. .D.i.e.n.s.t.e. .(.. S.o.f.t.w.a.r.e.. ). .n.u.t.z.e.n.,. .d.i.e. .v.o.n. .M.c.A.f.e.e.,. .e.i.n.e.r. .h.u.n.d.e.r.t.p.r.o.z.e.n.t.i.g.e.n. .T.o.c.h.t.e.r.g.e.s.e.l.l.s.c.h.a.f.t. .v.o.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.,. .b.e.r.e.i.t.g.e.s.t.e.l.l.t. .w.e.r.d.e.n... .D.i.e.s. .i.s.t. .e.i.n. .r.e.c.h.t.s.k.r...f.t.i.g.e.r. .V.e.r.t.r.a.g. .z.w.i.s.c.h.e.n. .u.n.s.. m.i.t. .d.e.r. .I.n.s.t.a.l.l.a.t.i.o.n. .o.d.e.r. .d.e.m. .Z.u.g.r.i.f.f. .a.u.f. .u.n.s.e.r.e. .S.o.f.t.w.a.r.e. .s.t.i.m.m.e.n. .S.i.e. .d.i.e.s.e.n. .B.e.d.i.n.g.u.n.g.e.n. .z.u... .L.e.s.e.n. .S.i.e. .s.i.e. .d.e.s.h.a.l.b. .b.i.t.t.e. .a.u.f.m.e.r.k.s.a.m. .d.u.r.c.h... .........D.i.e.s.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g. .(.. V.e.r.t.r.a.g.. ). .u.m.f.a.s.s.t. .I.h.r.e. .R.e.c.h.t.e. .z.u.r. .N.u.t.z.u.n.g. .d.e.r. .S.o.f.t.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-el-GR.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2776), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):103714
                                                                                                                                                                                                                                        Entropy (8bit):4.0545031462892975
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:7NPKnckk7Va7/ZYluLyBO/mw5rMpNVjX7MYeFz8cq:lKB5rMdX4/a
                                                                                                                                                                                                                                        MD5:49005DF4EF7EDD0ABF3F210A3C97294F
                                                                                                                                                                                                                                        SHA1:8B77E18651221CC685871253D8014C05FD232D45
                                                                                                                                                                                                                                        SHA-256:F88995A0F9C30A5329C779CE2053A01EB98A3E01D37D83643051232B2A6B008F
                                                                                                                                                                                                                                        SHA-512:284B4CA0617BE51EA0FE5D14285747916A33BD875681F0FD5B26417CF27CE1B1516F2D56D1CA3CC6825E05AAC3A81AA40DF9CCB4647101A44AAC7CAC8B54EFB8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................ ............. ............. ..................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y............... ......................... ....... ............................. ................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. ................... ).,. ....... ............... ... .M.c.A.f.e.e.,. ....... ....................... ..................... ................... ....... .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ... ............... ................. ....... ............. ................. ............... ..... ......... ....... .......... .. ....................... ... ..................... ....... ..................... ....... ....................... ....... ..................... ..... ......... ................. ...........,. ................. ....... ....................... ..... ......... ................... ....................... ........... ............... ............... ............. ............. .....................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-en-US.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2456), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):85990
                                                                                                                                                                                                                                        Entropy (8bit):3.4531387024147993
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:/F7Fw4sT8hXmsqSrobeIT6f9BMaR4EYtI7F5T:aoj
                                                                                                                                                                                                                                        MD5:4A06F74178E2992E9B7D04173DD91109
                                                                                                                                                                                                                                        SHA1:0A5B11C47C53CFAAFF14D4E7A41F71B8BF199C43
                                                                                                                                                                                                                                        SHA-256:889C1FCF347CD3B4647A4221BD3ECB00139047146BF331F6F7D39D0889846BFF
                                                                                                                                                                                                                                        SHA-512:4B6D2A5B227B9B5F49BA382AF9F8D5F99F917D5F9B9AFF9CAF7C242C1932CD549A3881886BCD4CD481A11B1ABBF90002FC1243D33AF90FE0A8E747B8B81D84F2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t.........T.h.a.n.k. .y.o.u. .f.o.r. .u.s.i.n.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.o.f.t.w.a.r.e. .a.n.d. .s.e.r.v.i.c.e.s. .(.. S.o.f.t.w.a.r.e.. ).,. .p.r.o.v.i.d.e.d. .b.y. .M.c.A.f.e.e.,. .a. .w.h.o.l.l.y. .o.w.n.e.d. .s.u.b.s.i.d.i.a.r.y. .o.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.h.i.s. .i.s. .a. .l.e.g.a.l. .a.g.r.e.e.m.e.n.t. .b.e.t.w.e.e.n. .u.s.. i.n.s.t.a.l.l.i.n.g. .o.r. .a.c.c.e.s.s.i.n.g. .o.u.r. .S.o.f.t.w.a.r.e. .m.e.a.n.s. .y.o.u. .a.r.e. .a.g.r.e.e.i.n.g. .t.o. .t.h.e.s.e. .t.e.r.m.s.,. .s.o. .p.l.e.a.s.e. .r.e.a.d. .t.h.e.m. .c.a.r.e.f.u.l.l.y... .........T.h.i.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t. .(.. A.g.r.e.e.m.e.n.t.. ). .c.o.v.e.r.s. .y.o.u.r. .r.i.g.h.t.s. .t.o. .u.s.e. .t.h.e. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.c.t.i.o.n.s. .o.n. .t.h.a.t. .u.s.e.,. .o.u.r. .r.i.g.h.t. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .r.e.n.e.w. .a.n.d. .c.h.a.r.g.e. .y.o.u. .f.o.r. .p.a.i.d. .v.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-es-ES.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100834
                                                                                                                                                                                                                                        Entropy (8bit):3.4283715559489414
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQC:Jg/5R9WPzzC3cix5kzYdZ+vQNQOVw
                                                                                                                                                                                                                                        MD5:754394A04D86F573885F7688DFE8CD60
                                                                                                                                                                                                                                        SHA1:32C4A2018F5B273A8EE7FFBE53F3D9256DC4A45D
                                                                                                                                                                                                                                        SHA-256:5CDCA8FA283715CC1E2E28BCA58DE90F2FFA72BD4D066847451776E1EAF75E30
                                                                                                                                                                                                                                        SHA-512:5D399346FD22246E75AF40568386CB26D147F26E1B921F048D1E2916CCF6455C5614B6C5A9B12620F7F017982FB2E1468D19E51AD115DCB77E4367A36389B2AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-es-MX.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100834
                                                                                                                                                                                                                                        Entropy (8bit):3.427920166965757
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQR:Jg/5R9WPzzC3cix5kzYdZ+vQNQOh
                                                                                                                                                                                                                                        MD5:5C60E15388686B4BA7E50549EE54AD82
                                                                                                                                                                                                                                        SHA1:D123CD4250F2375BB9C2671E82AC56BE6ECF2E42
                                                                                                                                                                                                                                        SHA-256:E890EADBDC04E2B394CF45FAEDBF14AF7A9A3AAE24DD7C522A31C5C6AB89EC85
                                                                                                                                                                                                                                        SHA-512:76E8B71C2C7EF7109FE66061CF959A10568BFEA28614E42BFF36C6EE3BFCA6DEAD76905DDE2B1F63E88154C90EC4796054DFFB7D1824836070B55AE48DF4A40C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-fi-FI.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2621), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):90558
                                                                                                                                                                                                                                        Entropy (8bit):3.4503164395314267
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:HE2oXLv8VtIG4O4mPf5lC66AlB1Fd+NlLVlbH2ZuWUh/C:Hl4gtI24cf5c6J7l8vWUhq
                                                                                                                                                                                                                                        MD5:A716B62741817D4D26020F468FFB7534
                                                                                                                                                                                                                                        SHA1:ABCDEFC5B36D27D9598E338DA69BF9DFCDDC056E
                                                                                                                                                                                                                                        SHA-256:3D339578F7E356B688545BC411F380E40ED630807792DDCAEE685C15418824BF
                                                                                                                                                                                                                                        SHA-512:FFFBE8399EBDE086E206466A10DD4005C0A714CC678B8E9A94914C4B95E65724D7C1F83ABECA92AEF8D0F181791E86AF3127C9B92D44B27EB5186674980796CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s.........K.i.i.t.o.s.,. .e.t.t... .v.a.l.i.t.s.i.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .o.h.j.e.l.m.i.s.t.o.n. .j.a. .p.a.l.v.e.l.u.t. .(.. o.h.j.e.l.m.i.s.t.o.. ).,. .j.o.t.k.a. .t.a.r.j.o.a.a. .M.c.A.f.e.e.,. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.i.n. .k.o.k.o.n.a.a.n. .o.m.i.s.t.a.m.a. .t.y.t...r.y.h.t.i..... .T...m... .o.n. .l.a.i.l.l.i.n.e.n. .s.o.p.i.m.u.s. .m.e.i.d...n. .j.a. .k...y.t.t...j...n. .v...l.i.l.l..... .A.s.e.n.t.a.m.a.l.l.a. .t.a.i. .k...y.t.t...m...l.l... .o.h.j.e.l.m.i.s.t.o.a.m.m.e. .s.i.t.o.u.d.u.t. .n...i.h.i.n. .e.h.t.o.i.h.i.n.,. .j.o.t.e.n. .o.n. .t...r.k.e.....,. .e.t.t... .l.u.e.t. .n.e. .h.u.o.l.e.l.l.i.s.e.s.t.i... .........T...m... .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s. .(.. s.o.p.i.m.u.s.. ). .p.i.t..... .s.i.s...l.l.....n. .k...y.t.t...j...n. .o.i.k.e.u.d.e.t. .o.h.j.e.l.m.i.s.t.o.n. .k...y.t.t.....n.,. .t...t... .k...y.t.t..... .k.o.s.k.e.v.a.t. .r.a.j.o.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-fr-CA.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100074
                                                                                                                                                                                                                                        Entropy (8bit):3.457122276211369
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9Nel:YwrsE2KdYmfwqjlK2BZVqCChcw07
                                                                                                                                                                                                                                        MD5:DCAF9463D1F1CDE4CBFA44763B3F1A99
                                                                                                                                                                                                                                        SHA1:D91A06AD028D5ADCE2AB7CF6DEFCE41EB39105C5
                                                                                                                                                                                                                                        SHA-256:7DE90793769D6736D71D1B1D7FEF464340E0F940FAE3A4EF3A758885FE8601C4
                                                                                                                                                                                                                                        SHA-512:43C517F708631436631BE5983D1241BE0D80BBE1E29707AE021F97E0C87DDE003517901A2EEB2964AA4A2DC56A1AF5755C1FF58ED9007DA53F854D2C93643283
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-fr-FR.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100074
                                                                                                                                                                                                                                        Entropy (8bit):3.4567077131647905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9Ne1:YwrsE2KdYmfwqjlK2BZVqCChcw0L
                                                                                                                                                                                                                                        MD5:04ADF4B20F60B043644E672AB51C2615
                                                                                                                                                                                                                                        SHA1:13A3225B2B10956CEF4FA7ABD754783674FA498D
                                                                                                                                                                                                                                        SHA-256:5A02665D84996472728159DF56ABA89EBCFCCEDAB9DB02F84932BF1753024D8A
                                                                                                                                                                                                                                        SHA-512:5C5C4ED67566C9087891CFFF1150F7C396DDE4D4B934A137B2134A65C0491AD4AF1C87841717454940464D2BEBB112ACB896850BC508B952C33EFC12AD38277B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-hr-HR.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2677), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):87744
                                                                                                                                                                                                                                        Entropy (8bit):3.587800662613001
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:4D5AY14mQom+cQuoy8H5Zo3ij63ydrXxYM+gDUC5lBvt4UgmsiyePIOKw:3jelDB1vp
                                                                                                                                                                                                                                        MD5:A4E57915C2C7EB22C7B090DEC283C942
                                                                                                                                                                                                                                        SHA1:81B7210C5B7A0CD5024E85ECE752D19A53D22405
                                                                                                                                                                                                                                        SHA-256:9F48CC92B9A3078BDFF8BCA3A23CB1A4AB583D6FE810C6768CEC6062B6FEA233
                                                                                                                                                                                                                                        SHA-512:C5EFE3D756D7BB7EE83DBAEFF48AB080E0258D21E244B5809960498F40C47931A66A6E29C1ED16630D9E43BCD7476CA4B1B53CD6B148785AA88718F377456E2E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.v.e.r.".).,. .k.o.j.i. .i.s.p.o.r.u...u.j.e. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .t.v.r.t.k.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s.. i.n.s.t.a.l.i.r.a.n.j.e. .i.l.i. .p.r.i.s.t.u.p. .n.a.a.e.m. .S.o.f.t.v.e.r.u. .z.n.a...i. .d.a. .s.e. .s.l.a.~.e.t.e. .s. .n.j.e.g.o.v.i.m. .u.v.j.e.t.i.m.a.,. .p.a. .v.a.s. .m.o.l.i.m.o. .d.a. .i.h. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.t.e... .........O.v.a.j. .L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".U.g.o.v.o.r.".). .o.b.u.h.v.a...a. .v.a.a.e. .p.r.a.v.o. .n.a. .k.o.r.i.a.t.e.n.j.e. .S.o.f.t.v.e.r.a.,. .o.g.r.a.n.i...e.n.j.a. .u. .n.j.e.g.o.v.o.m. .k.o.r.i.a.t.e.n.j.u.,. .n.a.a.e. .p.r.a.v.o. .n.a. .a.u.t.o.m.a.t.s.k.o. .o.b.n.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-hu-HU.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2782), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):98690
                                                                                                                                                                                                                                        Entropy (8bit):3.6855988336178376
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:3+Y5qMxXdv62/0ojFC0hQY+eUbM5wbg6u+sWOvm1SeWN3CBw4bZKMoBwAbCxpI1c:zsGDmMeh
                                                                                                                                                                                                                                        MD5:55DB321C0E473CE5FC63DC9F0D2EA03B
                                                                                                                                                                                                                                        SHA1:02D409AAF735344C1C0AB2578BB0C8A123DFFD29
                                                                                                                                                                                                                                        SHA-256:30BBB221B85BBC75D860417B9E714D3149A80330AF2FD770EB384C5294F5AE9A
                                                                                                                                                                                                                                        SHA-512:909E37F2E857E3B88A5CA9A885FD1B6BB034D33BA6751E8D3AA2B86BE4728A5D294E6933822DB9EE9AA96C2790685510C2A77796EDC8AA891A4907D0ED365F9D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s.........K...s.z...n.j...k.,. .h.o.g.y. .a.z. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .t.e.l.j.e.s. .t.u.l.a.j.d.o.n... .l.e...n.y.v...l.l.a.l.a.t.a.,. .a. .M.c.A.f.e.e. ...l.t.a.l. .k...n...l.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.z.o.f.t.v.e.r.t. ...s. .s.z.o.l.g...l.t.a.t...s.o.k.a.t. .(.. S.z.o.f.t.v.e.r.. ). .h.a.s.z.n...l.j.a... .E.z. .a. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .e.g.y. .k...z...t.t...n.k. .l...t.r.e.j...t.t. .j.o.g.i. .m.e.g...l.l.a.p.o.d...s. .. .a. .S.z.o.f.t.v.e.r...n.k. .t.e.l.e.p...t...s.e. .v.a.g.y. .a. .S.z.o.f.t.v.e.r...n.k.h...z. .v.a.l... .h.o.z.z...f...r...s. .a.z.t. .j.e.l.e.n.t.i.,. .h.o.g.y. ...n. .e.g.y.e.t...r.t. .a. .s.z.e.r.z.Q.d...s.b.e.n. .f.o.g.l.a.l.t. .f.e.l.t...t.e.l.e.k.k.e.l.,. .e.z...r.t. .o.l.v.a.s.s.a. .e.l. .f.i.g.y.e.l.m.e.s.e.n. .a.z.o.k.a.t... .........A.z. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .(.. S.z.e.r.z.Q.d...s.. ). .a. .S.z.o.f.t.v.e.r. .h.a.s.z.n...l.a.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-it-IT.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2974), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):103642
                                                                                                                                                                                                                                        Entropy (8bit):3.4105471735867425
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:D+piF3I9T9qL1rEINLBC7LcfZJJSMqHDYCebssNKlU8rmjVHJkItVdM1OrzjH:6/c16yjdM1OT
                                                                                                                                                                                                                                        MD5:97E26EC75E79439EB860C4B80C723E06
                                                                                                                                                                                                                                        SHA1:62A5797FE4A004F54FB2102362C5F07B5CE42B57
                                                                                                                                                                                                                                        SHA-256:BC90C94905FB951F6E63074BAA25A3DA6C0D5627B82DBECC9474B84AACAB20E0
                                                                                                                                                                                                                                        SHA-512:CBC66ADEF8EA1DD0E75122CEFB805E51999F287301D2332532E089D450B2580302E20832B230EDAF01661794F873051C30FD4BD232AF7EB4CA482ED45B1EAF56
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..C.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.z.i.e. .p.e.r. .a.v.e.r. .s.c.e.l.t.o. .d.i. .u.t.i.l.i.z.z.a.r.e. .i. .s.o.f.t.w.a.r.e. .e. .i. .s.e.r.v.i.z.i. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".). .f.o.r.n.i.t.i. .d.a. .M.c.A.f.e.e.,. .c.o.n.s.o.c.i.a.t.a. .i.n.t.e.r.a.m.e.n.t.e. .c.o.n.t.r.o.l.l.a.t.a. .d.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .I.l. .p.r.e.s.e.n.t.e. .d.o.c.u.m.e.n.t.o. .c.o.s.t.i.t.u.i.s.c.e. .u.n. .c.o.n.t.r.a.t.t.o. .l.e.g.a.l.e. .t.r.a. .n.o.i. .e. .l.'.u.t.e.n.t.e... .L.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .o. .l.'.a.c.c.e.s.s.o. .a.i. .n.o.s.t.r.i. .S.o.f.t.w.a.r.e. .i.m.p.l.i.c.a. .l.'.a.c.c.e.t.t.a.z.i.o.n.e. .d.i. .q.u.e.s.t.i. .t.e.r.m.i.n.i. .d.a. .p.a.r.t.e. .d.e.l.l.'.u.t.e.n.t.e.,. .c.h.e. .p.e.r.t.a.n.t.o. ... .t.e.n.u.t.o. .a. .l.e.g.g.e.r.l.i. .c.o.n. .a.t.t.e.n.z.i.o.n.e... .........I.l. .p.r.e.s.e.n.t.e. .c.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.t.o.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-ja-JP.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (1234), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41412
                                                                                                                                                                                                                                        Entropy (8bit):5.771046464477923
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8bY257pwJE0xJUhghf/3Gkojyef4ktbfR/KSCDpKIb5MhOI:8E257OJE0ighfSyKtbfxapg
                                                                                                                                                                                                                                        MD5:0E8C2883A37D702CE30B938931A1C803
                                                                                                                                                                                                                                        SHA1:F8DA867E6FA20C274F7CF2F8F7E16538EE201CB6
                                                                                                                                                                                                                                        SHA-256:B8BA7129D3C757DD5CA34E933A99D429C0AE9C0310396E138688DA32567875F1
                                                                                                                                                                                                                                        SHA-512:779A41B1A35EDE8BF312DBEEE93601F3F7F6981CBFB6FCC6E5162F8B8E26ECD847F4E58955B045C5912B175A049F58567D21DD7F8E93417EECFB21F384C5A6E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .n0hQM..Q.P[.O>yg0B0.0 .M.c.A.f.e.e.L0.c.OY0.0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..0.0.0.0.0.0J0.0s0.0.0.0.0...0.0.0.0.0.0.0.0...0)R(uD0_0`0M0B0.0L0h0F0T0V0D0~0Y0.0 .,gQY.}o0J0.[.ih0S_>yh0n0..k0.}P}U0.0.0.l.vj0QY.}g0Y0.0J0.[.io0.0S_>yn0.0.0.0.0.0.0.0.0.0.0.0.0.0~0_0o0]0.0k0.0.0.0.0Y0.0S0h0k0.0.0.0,gQY.}n0ag.Nk0.T.aW0_0h0.0j0U0.0~0Y0n0g0.0,gQY.}.0.0O0J0...0O0`0U0D0.0 .........S0n0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}.f...0,gQY.}.0..o0.0J0.[.in0.0.0.0.0.0.0.O(u)j.0.O(u6RP..0.0.0.0.0.0.0n0.g.Q.0.0.0.0.0~0_0o0_j...0..R.vk0.f.eJ0.0s0...Y0.0S_>yn0)j)R.0J0.0s0S_>yh0J0.[.in0..k0zv.uY0.0.S..'`n0B0.0.}.Nn0.N..k0.[Y0.0J0.[.in0.T.ak0d0D0f0....W0f0D0~0Y0.0 ....j0.0,gQY.}h0h0.0k0J0.[.ik0i.(uU0.0.0.0S_>yn0.0.0.0.0.0.0k0..Y0.0.X.f..h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.j.a.p.a.n.e.s.e./.i.n.d.e.x...h.t.m....0+T.0...Rag.Nx0n0.0.0.0L0+T~0.0f0D0~0Y0.0 ..T.Vyr.gn0ag.No0,gQY.}

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-ko-KR.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (1439), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46328
                                                                                                                                                                                                                                        Entropy (8bit):5.585862126035491
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:iLBTRAz/+e7qDm/7QgTt2Bk6baOLFureI5mIxFRlKi3l+:iLnAz/+e+DmzQgZ2BdblJsSi3l+
                                                                                                                                                                                                                                        MD5:DCB88E6EF1827D9FCEBED9656334DA6A
                                                                                                                                                                                                                                        SHA1:0DF4492E59C7DFCECBCE9156B239C262FA130804
                                                                                                                                                                                                                                        SHA-256:AA104F1DEA724768B459DC307473CBA10C97E854EAFBA0E5D5909C262459D39B
                                                                                                                                                                                                                                        SHA-512:A733F75D035644B620A4F42502EE727FD2114AE29D5853253B5610934EFCC0EB20B947AC5975E0F38DEAB2989E09D92CA37B5F7887AD38ECD78454E8F0EFFC13
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.X. ...a. .... .....x. .M.c.A.f.e.e..... .....X.. .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......... ... ...D...(.t.X. .. ......... ).|. .....t. ...T... .....i..... .t..@. .....@. ...... ...t.X. ..... ..}...... .....X. .........|. .$.X.X.p... .a.8...X.. ...@. .t. ..}. .}..... ..X.X.. ...t...\.,. .}...D. ...X. .J... .}.<...0. ......... .........t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.(.t.X. .. .}.. ).@. ......... ..... .....,. ......... .....X. ...\. .p.t.,. .........X. . .. .....t.. .0..... ...t. ....<.\. ..}.D. .1...X.. ......... ...a.D. ...l.`. ... .... .....X. .....,. ...... .....@. ...... ...t... .....`. ... .... .....X. ...... ...\. ...X.X. ..X. .....D. ........ .t. .8...... ...X.... ........ .t. ..... ..}.D. .l.1.X.. .\. .....x. ....\. ..... ..}. .}...(...:. ...x.......8. .H..8.,. .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-nb-NO.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2743), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84476
                                                                                                                                                                                                                                        Entropy (8bit):3.447091163501246
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKQ/s+p6jdIuRMPNGZJq7ALa/jcuqqRp5Q9:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKn
                                                                                                                                                                                                                                        MD5:6A75473F6F49A47956F107BA3E5E0EB5
                                                                                                                                                                                                                                        SHA1:7A67B9D8F607E7FF2300B3BA85C096E576A5F9F3
                                                                                                                                                                                                                                        SHA-256:6973C59317714C26CBE12CA55F592C8085687B80E5FA8B7DD02512570D95E8F7
                                                                                                                                                                                                                                        SHA-512:491EB933A374440C5AEE77694C4700DCA658CD1863FB0DD0763C350843CB5EAA94EC21CD55716A1C0165A6E75E3F5313BACB378C81B4D18F0A2894B8FE3B34CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..L.i.s.e.n.s.a.v.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.k. .f.o.r. .a.t. .d.u. .b.r.u.k.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .p.r.o.g.r.a.m.v.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".p.r.o.g.r.a.m.m.e.t.).,. .l.e.v.e.r.t. .a.v. .M.c.A.f.e.e.,. .e.t. .h.e.l.e.i.d. .d.a.t.t.e.r.s.e.l.s.k.a.p. .a.v. .I.n.t.e.r. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.v.t.a.l.e. .m.e.l.l.o.m. .o.s.s. .. .i.n.s.t.a.l.l.a.s.j.o.n. .e.l.l.e.r. .b.r.u.k. .a.v. .v...r. .p.r.o.g.r.a.m.v.a.r.e. .b.e.t.y.r. .a.t. .d.u. .g.o.d.t.a.r. .d.i.s.s.e. .v.i.l.k...r.e.n.e.,. .s... .l.e.s. .d.e.m. .n...y.e... .........D.e.n.n.e. .l.i.s.e.n.s.a.v.t.a.l.e.n. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".a.v.t.a.l.e.n.".). .d.e.k.k.e.r. .d.i.n. .r.e.t.t. .t.i.l. ... .b.e.n.y.t.t.e. .p.r.o.g.r.a.m.v.a.r.e.n.,. .b.e.g.r.e.n.s.n.i.n.g.e.r. .p... .d.e.n.n.e. .b.r.u.k.e.n.,. .v...r. .r.e.t.t. .t.i.l. .a.u.t.o.m.a.t.i.s.k. .f.o.r.n.y.e.l.s.e. .o.g. .t.a. .b.e.t.a.l.t. .f.o.r. .b.e.t.a.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-nl-NL.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2801), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100578
                                                                                                                                                                                                                                        Entropy (8bit):3.442188256938267
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OQ/9KbnOOfNlk/R5OVUR5Oh/RKe/HEUnOZVOsf6jzytJpjIzGeQRV22n3sT58jQ5:U
                                                                                                                                                                                                                                        MD5:FC3A3FFA0E15C963C5B3DA827AA071A7
                                                                                                                                                                                                                                        SHA1:5113286D53F488BCAB46D63A4FED520F4372B10D
                                                                                                                                                                                                                                        SHA-256:F7573E6027619EEAB9BD84EB1BBD01107F1689125922341F26C14152123FD3A4
                                                                                                                                                                                                                                        SHA-512:6B3CCBD8F7CCA459220DFF114180E1ED887507625E3616FDB0C0567012DE271A859567CF0DD230B84AA0F21696C4CB3AAE017BB52F3A246CDF7D4DE0AC895735
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.a.n.k. .u. .v.o.o.r. .h.e.t. .g.e.b.r.u.i.k. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.-.s.o.f.t.w.a.r.e. .e.n. .-.d.i.e.n.s.t.e.n. .(.'.S.o.f.t.w.a.r.e.'.).,. .a.a.n.g.e.b.o.d.e.n. .d.o.o.r. .M.c.A.f.e.e.,. .e.e.n. .v.o.l.l.e.d.i.g.e. .d.o.c.h.t.e.r.o.n.d.e.r.n.e.m.i.n.g. .v.a.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.i.t. .i.s. .e.e.n. .j.u.r.i.d.i.s.c.h.e. .o.v.e.r.e.e.n.k.o.m.s.t. .t.u.s.s.e.n. .o.n.s... .D.o.o.r. .o.n.z.e. .S.o.f.t.w.a.r.e. .t.e. .i.n.s.t.a.l.l.e.r.e.n. .e.n. .t.e. .o.p.e.n.e.n.,. .g.e.e.f.t. .u. .a.a.n. .d.a.t. .u. .a.k.k.o.o.r.d. .g.a.a.t. .m.e.t. .d.e.z.e. .v.o.o.r.w.a.a.r.d.e.n... .L.e.e.s. .z.e. .d.u.s. .z.o.r.g.v.u.l.d.i.g... .........D.e.z.e. .L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.'.O.v.e.r.e.e.n.k.o.m.s.t.'.). .b.e.s.c.h.r.i.j.f.t. .u.w. .r.e.c.h.t.e.n. .o.m. .d.e. .S.o.f.t.w.a.r.e. .t.e. .g.e.b.r.u.i.k.e.n.,. .d.e. .b.e.p.e.r.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-pl-PL.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2967), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):101850
                                                                                                                                                                                                                                        Entropy (8bit):3.7338612836897473
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:dnEmLzXswPaPfzO8liJQIKQ42HzLMH7scwS3/80GIrKQ+QE:ayXeQ
                                                                                                                                                                                                                                        MD5:A845A7917FAF964E30A60DEC1E217EDA
                                                                                                                                                                                                                                        SHA1:D2D1A6E56C8076F1CD53E30F989529B18E17B647
                                                                                                                                                                                                                                        SHA-256:B28EAE059A07E2123443A114230F397B5909EDBF3CCA70DA61078EE86B03605C
                                                                                                                                                                                                                                        SHA-512:A87840D34AE8E45034118008FA17397A07C02447A9986A481685F06CE547ECAEF404C4A8A1638520D2121C79332F72FA5E73C5F3C48BC4711C38DD9821F80FC2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..U.m.o.w.a. .l.i.c.e.n.c.y.j.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.z.i...k.u.j.e.m.y. .z.a. .k.o.r.z.y.s.t.a.n.i.e. .z. .o.p.r.o.g.r.a.m.o.w.a.n.i.a. .i. .u.s.B.u.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.z.w.a.n.y.c.h. .d.a.l.e.j. .. O.p.r.o.g.r.a.m.o.w.a.n.i.e.m.. ). .o.f.e.r.o.w.a.n.y.c.h. .p.r.z.e.z. .M.c.A.f.e.e.,. .s.p...B.k... .z.a.l.e.|.n...,. .k.t...r.e.j. .w.y.B...c.z.n.y.m. .w.B.a.[.c.i.c.i.e.l.e.m. .j.e.s.t. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N.i.n.i.e.j.s.z.y. .d.o.k.u.m.e.n.t. .s.t.a.n.o.w.i. .u.m.o.w... .p.r.a.w.n... .m.i...d.z.y. .n.a.m.i. .a. .U.|.y.t.k.o.w.n.i.k.i.e.m. .. .z.a.i.n.s.t.a.l.o.w.a.n.i.e. .n.a.s.z.e.g.o. .O.p.r.o.g.r.a.m.o.w.a.n.i.a. .l.u.b. .u.z.y.s.k.a.n.i.e. .d.o. .n.i.e.g.o. .d.o.s.t...p.u. .j.e.s.t. .r...w.n.o.z.n.a.c.z.n.e. .z. .z.a.a.k.c.e.p.t.o.w.a.n.i.e.m. .n.i.n.i.e.j.s.z.y.c.h. .w.a.r.u.n.k...w.,. .w. .z.w.i...z.k.u. .z. .c.z.y.m. .p.r.o.s.i.m.y. .o. .u.w.a.|.n.e. .z.a.p.o.z.n.a.n.i.e. .s.i... .z. .t.r.e.[.c.i... .d.o.k.u.m.e.n.t.u... ...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-pt-BR.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2603), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):91306
                                                                                                                                                                                                                                        Entropy (8bit):3.465143388203298
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:f8Wc1lp2b6cXQJ6rHcTCGXPF3zzhTOJpy0WlLyd5S+tKIbTw3ZurbNlar+wHmCYt:f7HceS+3bTrb/R6mdyqpn
                                                                                                                                                                                                                                        MD5:107FD20D8AE47521C2DCF1F005825221
                                                                                                                                                                                                                                        SHA1:FA351607321B95751351641A8D4C9FFDFF33C791
                                                                                                                                                                                                                                        SHA-256:CDB8BC4542BC489A36E57AB41A4659D6772E5E53E1CD935B698DE85E62734B67
                                                                                                                                                                                                                                        SHA-512:5BFB2CC991E311490640AAE70E007B12408BAA0620E1C722102817939E7A2FD263D9A4F974570F2763B95045A8465FED4163AE5E27826B6091BE5EA0EE58546F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........A.g.r.a.d.e.c.e.m.o.s. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".).,. .f.o.r.n.e.c.i.d.o. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .i.n.t.e.g.r.a.l. .d.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. ... .u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .n...s.:. .a.o. .i.n.s.t.a.l.a.r. .o.u. .a.c.e.s.s.a.r. .n.o.s.s.o. .S.o.f.t.w.a.r.e.,. .s.i.g.n.i.f.i.c.a. .a. .s.u.a. .c.o.n.c.o.r.d...n.c.i.a. .c.o.m. .e.s.t.e.s. .t.e.r.m.o.s.,. .d.e. .f.o.r.m.a. .q.u.e. .v.o.c... .d.e.v.e. .l...-.l.o.s. .c.o.m. .a. .m...x.i.m.a. .a.t.e.n.....o... .........E.s.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.o.".). .c.o.b.r.e. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.....e.s. .a. .e.s.s.e. .u.s.o.,. .o. .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-pt-PT.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2536), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96486
                                                                                                                                                                                                                                        Entropy (8bit):3.4740376449378534
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:GfDawY1TqufUqhbQGb0jiATGoeQmiBKTVIsFdN:2DetT
                                                                                                                                                                                                                                        MD5:8B69144F30459FA2C9013BD939EDF1EC
                                                                                                                                                                                                                                        SHA1:BE4E972789A84EAF288E4DB277F10B6C9D53C1A2
                                                                                                                                                                                                                                        SHA-256:2C26A802A1237FE53CF8E27A4B85AFEB18F0F478DC9234101004D8980F936F13
                                                                                                                                                                                                                                        SHA-512:F57A8CD3A76C69EB0FAAA51CF2B4D840FBD19F4557D70295264095D95A4C56303068FED2090A95E12F5DD5ADCA30BDDF3AC3254E636A592965FD685CCDB740AE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........O.b.r.i.g.a.d.o. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ). .f.o.r.n.e.c.i.d.o.s. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .t.o.t.a.l.m.e.n.t.e. .d.e.t.i.d.a. .p.e.l.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .d.o.c.u.m.e.n.t.o. .c.o.n.s.i.s.t.e. .n.u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .a.m.b.a.s. .a.s. .p.a.r.t.e.s.. a.o. .i.n.s.t.a.l.a.r. .o.u. .a.o. .a.c.e.d.e.r. .a.o. .n.o.s.s.o. .S.o.f.t.w.a.r.e. .e.s.t... .a. .c.o.n.c.o.r.d.a.r. .c.o.m. .o.s. .p.r.e.s.e.n.t.e.s. .t.e.r.m.o.s.,. .p.o.r. .i.s.s.o.,. .l.e.i.a.-.o.s. .a.t.e.n.t.a.m.e.n.t.e... .........O. .p.r.e.s.e.n.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. C.o.n.t.r.a.t.o.. ). .i.n.c.l.u.i. .o.s. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-ru-RU.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2934), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):105274
                                                                                                                                                                                                                                        Entropy (8bit):3.9251282338166447
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Zrlkl/OV57V/gTNKukdeCNCaM2sJCX7Zh7Ft7yvFsknxFFNZ6AJTaFkke2bnMBqZ:JfRpOEZhc8LSQ0PnmEY
                                                                                                                                                                                                                                        MD5:C6D01D39C252AF92DC219430A3D95BBE
                                                                                                                                                                                                                                        SHA1:3836792C1DBACD45BF90BE886F05B4EAC6895FC3
                                                                                                                                                                                                                                        SHA-256:BA1EC14255D71CC9DD6FCCC15D709F185DAE8C0950602DBA8F17EFC76AC78E12
                                                                                                                                                                                                                                        SHA-512:CF7EC0D821390837D0F9B18985FD4E2FD3DF7793F51DE4111DCB23EBC433753835127FBF3237A6DE1A1770EFF3B5410295FA3B9DCBDAC480BBC5C1749201907F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....8.F.5.=.7.8.>.=.=.>.5. .A.>.3.;.0.H.5.=.8.5. .4.;.O. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........;.0.3.>.4.0.@.8.<. ...0.A. .7.0. .8.A.?.>.;.L.7.>.2.0.=.8.5. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .8. .A.;.C.6.1. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(."...@.>.3.@.0.<.<.=.>.5. .>.1.5.A.?.5.G.5.=.8.5.".).,. .?.@.5.4.>.A.B.0.2.;.O.5.<.K.E. .:.>.<.?.0.=.8.5.9. .M.c.A.f.e.e. .. .4.>.G.5.@.=.5.9. .:.>.<.?.0.=.8.5.9.,. .=.0.E.>.4.O.I.5.9.A.O. .2. .?.>.;.=.>.9. .A.>.1.A.B.2.5.=.=.>.A.B.8. .:.>.@.?.>.@.0.F.8.8. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ...0.=.=.K.9. .4.>.:.C.<.5.=.B. .?.@.5.4.A.B.0.2.;.O.5.B. .N.@.8.4.8.G.5.A.:.>.5. .A.>.3.;.0.H.5.=.8.5. .<.5.6.4.C. .=.0.<.8... .#.A.B.0.=.>.2.:.0. .8.;.8. .4.>.A.B.C.?. .:. .=.0.H.5.<.C. ...@.>.3.@.0.<.<.=.>.<.C. .>.1.5.A.?.5.G.5.=.8.N. .>.1.>.7.=.0.G.0.N.B. ...0.H.5. .A.>.3.;.0.A.8.5. .A. .C.A.;.>.2.8.O.<.8. .M.B.>.3.>. .A.>.3.;.0.H.5.=.8.O.,. .?.>.M.B.>.<.C. .2.=.8.<.0.B.5.;.L.=.>. .>.7.=.0.:.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-sk-SK.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2701), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):89572
                                                                                                                                                                                                                                        Entropy (8bit):3.734010092620597
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:plH9miYwq9hpeKK283X97rpcvXctx1qDQDupSMeylm5Wq0FGQueLS9FpSzvFgxSG:pPfqU7AcD1/DmDqOrS9FpkXvaGOtdZ
                                                                                                                                                                                                                                        MD5:99613E0D33F2FBD4B8BDAF4AAA3114BA
                                                                                                                                                                                                                                        SHA1:EB3CEB8C86E9CB1D8EB96AA102430D9C4764AF44
                                                                                                                                                                                                                                        SHA-256:13FFE33FCFB7BFEFDD2BDBAB10B1912C38E26B912D088B134568FA38B8667432
                                                                                                                                                                                                                                        SHA-512:147476729468D9B895DFEAEAEE4FCC3C5AE00C6743279BC5EA508D6F1D935B19FAD19831BC818AFDBCB3816F326E600FA2FA87DF5F264DB811189B06326A7995
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........a.k.u.j.e.m.e. .v...m. .z.a. .p.o.u.~...v.a.n.i.e. .s.o.f.t.v...r.u. .a. .s.l.u.~.i.e.b. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v...r.. ).,. .p.o.s.k.y.t.o.v.a.n...c.h. .s.p.o.l.o...n.o.s.e.o.u. .M.c.A.f.e.e.,. .k.t.o.r... .j.e. .d.c...r.s.k.o.u. .s.p.o.l.o...n.o.s.e.o.u. ...p.l.n.e. .v.l.a.s.t.n.e.n.o.u. .s.p.o.l.o...n.o.s.e.o.u. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.o.t.o. .j.e. .p.r...v.n.a. .z.m.l.u.v.a. .m.e.d.z.i. .n.a.m.i. .. .i.n.a.t.a.l...c.i.o.u. .a.l.e.b.o. .p.r...s.t.u.p.o.v.a.n...m. .k. .n...a.m.u. .S.o.f.t.v...r.u. .s...h.l.a.s...t.e. .s. .t...m.i.t.o. .p.o.d.m.i.e.n.k.a.m.i.,. .t.a.k.~.e. .s.i. .i.c.h.,. .p.r.o.s...m.,. .p.o.z.o.r.n.e. .p.r.e.....t.a.j.t.e... .........T...t.o. .L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(...a.l.e.j. .l.e.n. .. Z.m.l.u.v.a.. ). .s.a. .v.z.e.a.h.u.j.e. .n.a. .v.a.a.e. .p.r...v.a. .n.a. .p.o.u.~...v.a.n.i.e. .S.o.f.t.v...r.u.,. .o.b.m.e.d.z.e.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-sr-Latn-CS.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2634), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):88356
                                                                                                                                                                                                                                        Entropy (8bit):3.577381104662905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:1PXzqxuAlAEnb93roW/JxeTYZ9/sn7/87/FXoQEHVX/Z0S/j+r:dWVkTmR1z
                                                                                                                                                                                                                                        MD5:E661E2D55D72790EDA534B1221786646
                                                                                                                                                                                                                                        SHA1:E867F0D1D683AB0F95166D79CAD3356DE50DFA61
                                                                                                                                                                                                                                        SHA-256:25DF842F87773BD1B3CA62081368723DC7489056AB322A2C00C9F86BB8B712A7
                                                                                                                                                                                                                                        SHA-512:80329098878CE56540CB9B5C32EBDC652ECB92F0F09C2D70F56FC1292F2C0BCE869FC5F00C9C540D2912E569BA8B2FE088724484CC99E247F34B60909C271A33
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .v.a.m. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v.e.r.. ).,. .k.o.j.i. .o.b.e.z.b.e...u.j.e. .k.o.m.p.a.n.i.j.a. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s. .. .i.n.s.t.a.l.i.r.a.n.j.e. .n.a.a.e.g. .S.o.f.t.v.e.r.a. .i.l.i. .p.r.i.s.t.u.p.a.n.j.e. .n.j.e.m.u. .z.n.a...i. .d.a. .p.r.i.h.v.a.t.a.t.e. .o.v.e. .u.s.l.o.v.e.,. .p.a. .i.h. .s.t.o.g.a. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.j.t.e... .........O.v.a.j. .U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. U.g.o.v.o.r.. ). .p.o.k.r.i.v.a. .v.a.a.a. .p.r.a.v.a. .d.a. .k.o.r.i.s.t.i.t.e. .S.o.f.t.v.e.r.,. .o.g.r.a.n.i...e.n.j.a. .t.o.g. .k.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-sv-SE.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2632), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):89704
                                                                                                                                                                                                                                        Entropy (8bit):3.503741042960555
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:dcFeHhjwanoMWVOjxKI+psB/YgpnuIbVGmJVJ:WFCwKWsQgpB
                                                                                                                                                                                                                                        MD5:886136D39A6F98C692DFDAA121E4C584
                                                                                                                                                                                                                                        SHA1:57F7421A863C6035F67396D7D51166E5348ABCBE
                                                                                                                                                                                                                                        SHA-256:7ABE26D94557839A373B33C7C75AC2CDD9BF8E86CE4E38069BD54B54F084C064
                                                                                                                                                                                                                                        SHA-512:50B27989CD64448ED69F666A760D4BA92AA082F8B87D6D5F27A9A12A805075FC72AA9BBA1E75CDFBB61752E5BE2E89C50975123796D0BBE25938FF9A5687D7D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.c.k. .f...r. .a.t.t. .d.u. .a.n.v...n.d.e.r. .p.r.o.g.r.a.m.v.a.r.a.n. .o.c.h. .t.j...n.s.t.e.r.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. P.r.o.g.r.a.m.v.a.r.a.n.. ). .f.r...n. .M.c.A.f.e.e.,. .e.t.t. .h.e.l...g.t. .d.o.t.t.e.r.b.o.l.a.g. .t.i.l.l. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N...r. .d.u. .i.n.s.t.a.l.l.e.r.a.r. .e.l.l.e.r. .a.n.v...n.d.e.r. .P.r.o.g.r.a.m.v.a.r.a.n. .g.o.d.k...n.n.e.r. .d.u. .a.u.t.o.m.a.t.i.s.k.t. .v.i.l.l.k.o.r.e.n.,. .s... .l...s. .n.o.g.a. .i.g.e.n.o.m. .d.e.m. .f...r.s.t... .D.e.t.t.a. ...r. .e.t.t. .b.i.n.d.a.n.d.e. .j.u.r.i.d.i.s.k.t. .a.v.t.a.l. .o.s.s. .e.m.e.l.l.a.n... .........D.e.t.t.a. .L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. A.v.t.a.l.e.t.. ). .r.e.g.l.e.r.a.r. .d.i.n.a. .r...t.t.i.g.h.e.t.e.r. .i. .s.a.m.b.a.n.d. .m.e.d. .a.n.v...n.d.n.i.n.g. .a.v. .P.r.o.g.r.a.m.v.a.r.a.n.,. .e.v.e.n.t.u.e.l.l.a. .b.e.g.r...n.s.n.i.n.g.a.r. .i. .a.n.v...n.d.n.i.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-tr-TR.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (2527), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):89572
                                                                                                                                                                                                                                        Entropy (8bit):3.7627210068202963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:U4WLetFwU8STnnWH0I9fkl7+JaRtbJHGdnC2vJfPI9n9AkllkhZBYziG/xJd8oSq:UjLetFwbSTnnWH0IdkN+JaRt0dnC2xIj
                                                                                                                                                                                                                                        MD5:2217F74E9F003671ADBAC8D055A3F1F6
                                                                                                                                                                                                                                        SHA1:499507CE8750430BFD25A4C0E381BA3ECBF96C1E
                                                                                                                                                                                                                                        SHA-256:0E0456C078979F26655ABAF50CD574F419A7D90C2EEC543C998850FA67C7D6D5
                                                                                                                                                                                                                                        SHA-512:E643605997587CD9D70FD9973BEBC8FEF19DAF5D0FBBE7A4A6CE2EC57AC01D12DD618471B918F26561E7BFBF69FD886620B8A94A65B3EF0D1078C0BEA49F4ED1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.. 1.n. .y...z.d.e. .y...z. .i._.t.i.r.a.k.i. .o.l.a.n. .M.c.A.f.e.e. .t.a.r.a.f.1.n.d.a.n. .s.a...l.a.n.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .y.a.z.1.l.1.m.1. .v.e. .h.i.z.m.e.t.l.e.r.i.n.i. .(.. Y.a.z.1.l.1.m.. ). .k.u.l.l.a.n.d.1...1.n.1.z. .i...i.n. .t.e._.e.k.k...r. .e.d.e.r.i.z... .Y.a.z.1.l.1.m.1.m.1.z.1.n. .k.u.r.m.a.n.1.z. .v.e.y.a. .Y.a.z.1.l.1.m.1.m.1.z.a. .e.r.i._.i.m. .s.a...l.a.m.a.n.1.z. .a.r.a.m.1.z.d.a.k.i. .b.u. .y.a.s.a.l. .s...z.l.e._.m.e.n.i.n. .i.l.g.i.l.i. .h...k...m.l.e.r.i.n.i. .k.a.b.u.l. .e.t.t.i...i.n.i.z. .a.n.l.a.m.1.n.a. .g.e.l.e.c.e...i.n.d.e.n.,. .l...t.f.e.n. .b.u.n.l.a.r.1. .d.i.k.k.a.t.l.i.c.e. .o.k.u.y.u.n... .........0._.b.u. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i. .(.. S...z.l.e._.m.e.. ). .Y.a.z.1.l.1.m.1.n. .k.u.l.l.a.n.1.l.m.a.s.1.n.a. .i.l.i._.k.i.n. .h.a.k.l.a.r.1.n.1.z.1.,. .s...z. .k.o.n.u.s.u. .k.u.l.l.a.n.1.m.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-zh-CN.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (873), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27048
                                                                                                                                                                                                                                        Entropy (8bit):6.793562820451332
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dGlhiqpYn3S6kZ5pZsM1SDo9P0VSpjzjW+EpgLDR5CCaGdYZ:dWDuIVZsM19DjzjW+EpgLN5qvZ
                                                                                                                                                                                                                                        MD5:539DA3E7EFA61CA003036C47AE564299
                                                                                                                                                                                                                                        SHA1:A98283530200B44530B6E4B1C0308EF591A69EBF
                                                                                                                                                                                                                                        SHA-256:CB5F9B4A083F41817BC4E1A211DE842DA0FEBB0EA8BB1610873F67602F3B0886
                                                                                                                                                                                                                                        SHA-512:C4FB6DC6F0A206DC838211A5D603B68B1B52FB8B064BCA9757D279A2E622710390246C5B86D1DE0523855F77D7C9BDD378C16A2DC79F5CAD87554933D22A3C5A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS...........a"..`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. ..vhQD.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. .o..N.T.g.R... o..N. ...0 ../f.`.N.b.NKN...v.l._OS.....[..b....b.N.v. o..N. ..sSh.:y.`.T.a..Nag>k...Vdk...N.~.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS..... OS... ...m.v.`.O(u. o..N. .vCg)R.0.O(uP.6R.0.b.N.R.~..v^1\. o..N. .v.N9.Hr,g.b.R...T.`6e9..vCg)R...N.S.`.T.a....N...Q.b.NKN...S...N.u.v.NUO.N...0 .,gOS...S+T.b.N.v...y.X.fI{D..Rag>k.v...c .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.s.i.m.p.l.i.f.i.e.d./.i.n.d.e.x...h.t.m.).....Nag>k._.....v^qQ.T.g.b..(u.N.`.v,g.l._OS...0 ..V.[/.0W:Syr.[.vag>kMO.NOS...v.g.T.Nag.0 ..........Y.g.`*g.n .1.8. ..\...l.g.`.v6r.k.b.v.b.N...N.N._{.HQ.c.S,gOS..v^.Nh..`.{.t. o..N. ...v.T.a...`.N._.O(u. o..N. .b.T.b.N.c.O.`.v*N.N.Oo`.0 .........1......c.S,gOS...T.O9e .. .US.Q. .c.S. .c...b.[.. o..N. ..sSh.:y.`.eag.N.T.a.S,g

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\eula-zh-TW.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (904), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27300
                                                                                                                                                                                                                                        Entropy (8bit):6.852662061965087
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:RLcNdFNy9pQbexWBTeP5s8FmxoFfEgQSPsxFHMOKQZgTmLL/ytmq/u:Rcf6w3BKx/hagQSPsxtKjTmr
                                                                                                                                                                                                                                        MD5:68A5B67741DE8DEED325B78080114401
                                                                                                                                                                                                                                        SHA1:9492DE10E97CF26D410C5EF294AE675A1FC46A31
                                                                                                                                                                                                                                        SHA-256:7DFC20D3C1FEAA6E7B2E1A46C9A9724592C9095D29C552194DFCB47333C7BA6F
                                                                                                                                                                                                                                        SHA-512:1004215B3A5CB46B411745ECC5550F9C323187D09EBCD6109FBDF6725E02F3E4C70DC56640C52174FB8488FEF646C246D0BC1E143BCDF94593C75A27929D2CDA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}.........a...`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .hs.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......g.R...0...0...0 .../f.`...b.PKN...v.l._.T.} .. ..[..bX[.S.b.P.v.0...0..sSh.:y.`.T.a...N.h>k...Vdk..N0}.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}...0.T.}.0...m..`.O(u.0...0.v.k)R.0.O(uP.6R.0.b.P..R.~..&N1\.0...0.v.N..Hr,g.b.R...T.`6e...v.k)R...N.S.`.T.a..N..N...zl.b.PKN...S.."u.u.v.NUO-rp..0 ..b.P.].S.b.b.P.v...y.kr..fI{D..R.h>k.v#.P} .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.t.r.a.d.i.t.i.o.n.a.l./.i.n.d.e.x...h.t.m.)......N.h>k._.....&NqQ.T.i.bi.(u.e.`.v,g.l._.T.}.0 ..W.[/.0W@Syr.[.v.h>kMO.e.T.}.v.g._.N.h.0 ..........Y.g.`*g.n .1.8. .rk...l.g.`.v6r.k.b.vw..N...N.P._..HQ.c.S,g.T.}&N.Nh..`.{.t.0...0...v.T.a...`.N..AQ1..O(u.0...0.b.T.b.P.c.O.`.v.P.N....0 .........1......c.S,g.T.}.T.O9e .. ..c.N.0.c.S.0.c...b.[..0...0..sSh.:y.`!q.h

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2553
                                                                                                                                                                                                                                        Entropy (8bit):5.583055926564366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3HNBDTz+QdnA/jlE7Nijs371IguQgUlKKGgDlpfkPlC0RbglexOX0wJUGl3nuEIL:3th+y0+7Nks3pIg3lKelpfUlC0lglOOE
                                                                                                                                                                                                                                        MD5:6F83220FFBC9D63142D4BD9110251A12
                                                                                                                                                                                                                                        SHA1:86B092B384CFF8FEB359D3280605CE948FAC551F
                                                                                                                                                                                                                                        SHA-256:B7C6FF5D419680C94636E4ECE120773D7A686BD85F6C1E34047DAC7B082DCEFF
                                                                                                                                                                                                                                        SHA-512:6677ECFDEBB15C24746405CB4F3CD4FCB3D2384CB8EE36BDE8B8F21FA778AABB9113513E887FAC5D3F015CB3A8BA7D8DC8E8649F1DFBB6C7062FD00A111510DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. smlouva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "P.e.etl(a) jsem si licen.n. smlouvu a souhlas.m s n..",.. //{0} - Company name.. THANK_YOU: "D.kujeme, .e jste si vybrali aplikaci {0}.",.. INSTALL: "Nainstalovat",.. CANCEL: "Zru.it",.. RETRY: "Zkusit znovu",.. //{0} - Product name.. PROGRESS_TITLE: "Aplikace {0} poskytuje rady ohledn. va.. bezpe.nosti kdekoli na internetu.",.. PROGRESS_SUBTITLE: "Prob.h. instalace...",.. COMPLETE_TITLE: "V.born.! Aplikace byla nainstalov.na a bude v.m poskytovat rady ohledn. bezpe.nosti na internetu.",.. COMPLETE_SUBTITLE: "V.e je p.ipraveno.",.. COMPLETE_LAUNCH: "Otev..t prohl..e.",.. ERROR_OS_REQUIREMENTS: "V instalaci nelze pokra.ovat, proto.e opera.n. syst.m nespl.uje minim.ln. po.adavky na syst.m. Aktualizujte ho a zkuste to znovu.",.. ERROR_BROWSER_REQUIREMENTS: "V instalaci nelze pokra.ovat, proto.e prohl..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2347
                                                                                                                                                                                                                                        Entropy (8bit):5.344633797507811
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:37b55gOog4oPO9iEY+0f0t9IcvuZ1Mv9gfdmBnoaljshJdoJ+vOZZOsOhRss1oza:37jG4f0vI6y1K9gf4lszQ/sfKzMVsLCV
                                                                                                                                                                                                                                        MD5:5D07DB299A2147852EF5D0AEB0C4D4EB
                                                                                                                                                                                                                                        SHA1:AB661CBB76C33B6D7D2696B2F500645872FB75BD
                                                                                                                                                                                                                                        SHA-256:945E06BC7ECB665E16CBD613025AEA13A0F03CBB3EB97C6928822E53666811BA
                                                                                                                                                                                                                                        SHA-512:43CFEDC839AD7F439597E758AF709810715EC8DBDA7607007D1E6F56CF4189F57DF36ACA608BD85626605C02306BB2889C46E47436D03BEBCC66DE631185B64D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licensaftale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har l.st og er indforst.et med licensaftalen",.. //{0} - Company name.. THANK_YOU: "Tak, fordi du valgte {0}",.. INSTALL: "Installer",.. CANCEL: "Annuller",.. RETRY: "Pr.v igen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhedsr.dgiver, uanset hvor du f.rdes p. nettet.",.. PROGRESS_SUBTITLE: "Installerer ...",.. COMPLETE_TITLE: "Fint. Vi har installeret din personlige onliner.dgiver.",.. COMPLETE_SUBTITLE: "Klar til start",.. COMPLETE_LAUNCH: ".bn browseren",.. ERROR_OS_REQUIREMENTS: "Installationen kan ikke forts.tte, da operativsystemet ikke lever op til minimumssystemkravene. Opdater, og pr.v igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen kan ikke forts.tte, da browseren ikke lever op til minimumssystemkravene. Opdater browseren, og pr.v igen.",.. ERROR_VERSION: "Der er allerede installeret e

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2600
                                                                                                                                                                                                                                        Entropy (8bit):5.255067116698152
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3BYBnLb7UozPrEqx8LL+79IAbBblfBWE6ToivxPEbgHIhygeCovzxkI+o5EREXVI:3BwbkLv+5Ik5lfgq8xAgj/Jvzyi2mCIu
                                                                                                                                                                                                                                        MD5:2F213E1F2FF65EC970B9953D8B44C8BA
                                                                                                                                                                                                                                        SHA1:7E6D1ADF1DD77F86250750007AD0835DD0694910
                                                                                                                                                                                                                                        SHA-256:646DD95542B2AA664E9F6CFF966EA9B2E7189B0C287DFA39DE2CB6B7E92449B8
                                                                                                                                                                                                                                        SHA-512:FA6FA2163F708877FBB8BB18D711B17139219D2A223B7CA1ADE42993E7E45586A9AB73C8D939F0969840D4D7E773AC058DD5F1C3B571ECDAE9D7646601B3F24B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lizenzvertrag",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ich habe den Lizenzvertrag gelesen und stimme ihm zu",.. //{0} - Company name.. THANK_YOU: "Vielen Dank f.r Ihren Download von {0}",.. INSTALL: "Installieren",.. CANCEL: "Abbrechen",.. RETRY: "Erneut versuchen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ist Ihr pers.nlicher Sicherheitsberater f.r das Internet.",.. PROGRESS_SUBTITLE: "Installation l.uft...",.. COMPLETE_TITLE: "Sehr gut. Ihr pers.nlicher Online-Berater wurde installiert.",.. COMPLETE_SUBTITLE: "Fertig",.. COMPLETE_LAUNCH: "Browser .ffnen",.. ERROR_OS_REQUIREMENTS: "Ihre Installation kann nicht fortgesetzt werden, da Ihr Betriebssystem nicht den Mindestsystemanforderungen entspricht. Aktualisieren Sie es, und versuchen Sie es erneut.",.. ERROR_BROWSER_REQUIREMENTS: "Ihre Installation kann nicht fortgesetzt werden, da Ihr Browser nicht den Mindestsystemanforderungen entspr

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3909
                                                                                                                                                                                                                                        Entropy (8bit):4.955336413520008
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:3x8Ii5SdfTMcIa1KgRfSVl7C8mrs/0wzEjMBGrmvw:3V3dfTMcv1Kg5Wluc0wzMy2mY
                                                                                                                                                                                                                                        MD5:B11257A4695A3CDE837F02F36DB2AB12
                                                                                                                                                                                                                                        SHA1:B45A91D7DCE91B8E0BC18AD5AA29816B3ECC5C39
                                                                                                                                                                                                                                        SHA-256:7D7FCE54A0C4E288EDDADA6A0481D7049732853B514B9773C0C3BAD068A7138D
                                                                                                                                                                                                                                        SHA-512:91EDF85039FA6B4DE88FDE22DABA80470253B6B70B9693A2153C1C4FC04FCA467AF172F6D20F6FDBEC982FE3F82B255AA575435AC29CF02D6A0823A5FE7EB75B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "........ ...... ......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "....... ... .......... .. ........ ...... ......",.. //{0} - Company name.. THANK_YOU: "............ ... ......... .. {0}",.. INSTALL: "...........",.. CANCEL: ".......",.. RETRY: ".........",.. //{0} - Product name.. PROGRESS_TITLE: ".. {0} ..... . .......... ... ......... ......... ... ........... ......... ............ ... Internet.",.. PROGRESS_SUBTITLE: "..............",.. COMPLETE_TITLE: "......! ............. ... ......... ... ........ ... Internet.",.. COMPLETE_SUBTITLE: "..... .......",.. COMPLETE_LAUNCH: "....... ............ ..........",.. ERROR

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2294
                                                                                                                                                                                                                                        Entropy (8bit):5.282420457573034
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3TmE5KPHEAvhhIDX6uSBf15aN+conkQt5SfEZhozWZIMJJZh49yoT:33pAphIzqfE+c63ZhozqxJZhSVT
                                                                                                                                                                                                                                        MD5:E2188608C300715200C838E410D69AAE
                                                                                                                                                                                                                                        SHA1:F4230BB335900EF838664B35DFCD3DAA4B75C165
                                                                                                                                                                                                                                        SHA-256:22E43A37509854E0FEBAC146BA3B3D56C5B0B373974D16358455E77648175358
                                                                                                                                                                                                                                        SHA-512:70D86284D22352E318E59A482F29EF660F89AB23AB9AFF7ED5F87073FCA0316DD4960CE84675F1EF37B8A9034EC35767D3C0C2B042F7DBDDB0ACBE720BFD2471
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "License Agreement",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "I have read and agree to the License Agreement",.. //{0} - Company name.. THANK_YOU: "Thank you for choosing {0}",.. INSTALL: "Install",.. CANCEL: "Cancel",.. RETRY: "Try Again",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is your personal safety advisor wherever you go online.",.. PROGRESS_SUBTITLE: "Installing...",.. COMPLETE_TITLE: "Great! We've installed your personal online advisor.",.. COMPLETE_SUBTITLE: "Ready to go",.. COMPLETE_LAUNCH: "Open my browser",.. ERROR_OS_REQUIREMENTS: "Your installation cannot continue because your operating system does not meet the minimum system requirements. Please update it and try again.",.. ERROR_BROWSER_REQUIREMENTS: "Your installation cannot continue because your browser does not meet our minimum system requirements. Please update your browser and try again.",.. ERROR_VERSION: "You already hav

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2408
                                                                                                                                                                                                                                        Entropy (8bit):5.232833728602373
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3Cx17WnI7bV3mE7NISJvjOfQ2e5loiPLtjCE6zs/vmzuIoJoPl3YQ:3CxB1F337NISUfa5loiRv6AnmzuLJoPh
                                                                                                                                                                                                                                        MD5:63EC908BE10096D6B4163739654FC81C
                                                                                                                                                                                                                                        SHA1:4FC4AE68319E02813CF73B2A0A4359603A6C03AD
                                                                                                                                                                                                                                        SHA-256:DE4897FD40222A53E006CB4FA7AD75A0F779959A5D2CC1BEC321578C0A6030C8
                                                                                                                                                                                                                                        SHA-512:3BB1571CEE474D6B1B428D29878617448329D88B6FB2AFC09EB41E36775824368B13DE9AE761E155ADFD6E55B0ECEFBCB7D043B9F409B670F5855556B137D7B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Acuerdo de licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Acuerdo de licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por haber elegido {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Vuelva a intentarlo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es su asesor de seguridad personal para la navegaci.n online.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: ".Genial! Hemos instalado su asesor online personal.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "La instalaci.n no puede continuar porque el sistema operativo no cumple los requisitos m.nimos necesarios del sistema. Actual.celo y vuelva a intentarlo.",.. ERROR_BROWSER_REQUIREMENTS: "La instalaci.n no puede continuar porque el navegador no cumple los requisitos m.nimos necesarios del sistema. Actualice el navegador y

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2426
                                                                                                                                                                                                                                        Entropy (8bit):5.235616829312733
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3Cx17JnI7bVAEc+JJNISJvjOfQ2e5loiPLtjCE6aH/vmzuIoJoPl3i1:3CxBOFNc2JNISUfa5loiRv6aHnmzuLJL
                                                                                                                                                                                                                                        MD5:069048394A9EF2CB96024F4ECD52C795
                                                                                                                                                                                                                                        SHA1:5C1478B5987581EF31B499007EDCC3B28D23AD51
                                                                                                                                                                                                                                        SHA-256:89C2C97970F95C7249D7BE979DAF3C8E6D589074C6953228186BEF9B31742C25
                                                                                                                                                                                                                                        SHA-512:54B56F20316085AF02D72AFB79AF4D99CE9B08D07B7EF71E0E5EE91C713E56C260988B6A6B81A8ACB7182FEEC8B113DB309BE476BC5E8C980BEB3DB3F008F5FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Acuerdo de licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Acuerdo de licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por elegir {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Vuelva a intentarlo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es su asesor de seguridad personal para la navegaci.n en l.nea.",.. PROGRESS_SUBTITLE: "Instalando.",.. COMPLETE_TITLE: ".Excelente! Hemos instalado su asesor de seguridad personal en l.nea.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "La instalaci.n no puede continuar porque el sistema operativo no cumple los requisitos m.nimos necesarios del sistema. Actual.celo y vuelva a intentarlo.",.. ERROR_BROWSER_REQUIREMENTS: "La instalaci.n no puede continuar porque el navegador no cumple los requisitos m.nimos necesarios del sistema. Actualice

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2464
                                                                                                                                                                                                                                        Entropy (8bit):5.3280391518879195
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:346H/PfLPVPEajg9IYxDT8i2LKxp8iElfSAnTi7D3/btDM57L6Tsq3sGozCAJIvs:3txsGUIYxHvxZIfLnT03DC5vlqc1zC6v
                                                                                                                                                                                                                                        MD5:1AE7940A53088FBE99A5ACF5F4617405
                                                                                                                                                                                                                                        SHA1:E94FC684F8736AEF6E2543006CE9CCB84C1CDC8D
                                                                                                                                                                                                                                        SHA-256:6328BCF9C96860957FC000C03EDB88722D4E9A41726AC20D6CF41D75FDC54818
                                                                                                                                                                                                                                        SHA-512:9ED2319C60D2C84272E73C4E1F5A633644AD2F8F55C074BDDF83702C1F015354AD1E76EAB461B1F29FD1EE41CE02485D9C13848EA4A963BE1ECD06EDC4A3DC02
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "K.ytt.oikeussopimus",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Olen lukenut k.ytt.oikeussopimuksen ja hyv.ksyn sen.",.. //{0} - Company name.. THANK_YOU: "Kiitos, ett. valintasi on {0}",.. INSTALL: "Asenna",.. CANCEL: "Peruuta",.. RETRY: "Yrit. uudelleen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} on henkil.kohtainen turvallisuusavustajasi, kun k.yt.t verkkoa.",.. PROGRESS_SUBTITLE: "Asennetaan.",.. COMPLETE_TITLE: "Hienoa! Henkil.kohtainen verkkoavustajasi on asennettu.",.. COMPLETE_SUBTITLE: "Valmis k.ytett.v.ksi",.. COMPLETE_LAUNCH: "K.ynnist. selain",.. ERROR_OS_REQUIREMENTS: "Asennusta ei voi jatkaa, koska k.ytt.j.rjestelm.si ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. k.ytt.j.rjestelm. ja yrit. uudelleen.",.. ERROR_BROWSER_REQUIREMENTS: "Asennusta ei voi jatkaa, koska selaimesi ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. selain ja yr

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2783
                                                                                                                                                                                                                                        Entropy (8bit):5.253204023782801
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3XYTQm7+XFcEqEmfX8IEKOIgkPgPjynfHzz8zq5n3k+HGjKm9bQErQz4YxkLzEtY:3XFVZxmfX8IX/gwfHz4zotKtrgxwzUh4
                                                                                                                                                                                                                                        MD5:220A48E6F9F418AB8B528CABB0461E66
                                                                                                                                                                                                                                        SHA1:B49F326867FB76142A17D2840383BE33283572EE
                                                                                                                                                                                                                                        SHA-256:B82B37DB0CD44F66E8E17CB60DCD94848E23475923348270F7FFFABF2A47B5E6
                                                                                                                                                                                                                                        SHA-512:45AF7E0373DA6E38D4BD859E35C87CCB71A996C6D8131994AAE84B9BF93C8175B2B224EDCC85CC5D1F06F2ACADD3E3DE815454A3287FBC104426960B81E623B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrat de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et approuv. le contrat de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installation",.. CANCEL: "Annuler",.. RETRY: "R.essayez",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit. lorsque vous naviguez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Tr.s bien! Nous avons install. votre conseiller personnel en mati.re de s.curit. en ligne.",.. COMPLETE_SUBTITLE: "Pr.t au lancement",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Il est impossible de poursuivre l'installation, car votre syst.me d'exploitation ne satisfait pas . la configuration minimale requise. Veuillez le mettre . jour et essayer de nouveau.",.. ERROR_BROWSER_REQUIREMENTS: "Il est impossible de poursuivre l'installatio

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2672
                                                                                                                                                                                                                                        Entropy (8bit):5.283376487823955
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3skZTOo+8CFRhEq5wkQ8I5yb7npX3uyb6FpYE3Kfjvz75B8g5DVdNABqbkyETa4S:3skOdRqM/Q8I5W7duW64sKfjvz1mmzX/
                                                                                                                                                                                                                                        MD5:829C6A307C5A90F19267948145E0438B
                                                                                                                                                                                                                                        SHA1:39FD683D27299ED6E4DC97EA9533FD6461D6DA71
                                                                                                                                                                                                                                        SHA-256:5C2CD2C485B07F2F36FB8ECD9C0080851212009D2F18DAC3C95E645B58C58CE3
                                                                                                                                                                                                                                        SHA-512:BFC7C3FB9C936947BB5EBFD5D7D77C1829508A4F6D577AED1AD1FA77D445EDA2D786C6511C3262565047F5905FF97DAFC52991E44D9F37031199F37A666A3352
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Accord de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et j'accepte l'accord de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installer",.. CANCEL: "Annuler",.. RETRY: "R.essayer",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit. o. que vous vous trouviez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Tr.s bien. Nous avons install. votre conseiller en ligne personnel.",.. COMPLETE_SUBTITLE: "Pr.t",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Votre installation ne peut pas se poursuivre car votre syst.me d'exploitation ne correspond pas . la configuration syst.me minimale requise. Mettez-le . jour et essayez . nouveau.",.. ERROR_BROWSER_REQUIREMENTS: "Votre installation ne peut pas se poursuivre car votre navigateur ne correspond pas .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2472
                                                                                                                                                                                                                                        Entropy (8bit):5.350994231007747
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:353pQsd9EjihC7lRIZYwfChm7gg7oG9RMGbm6O6IgXvzU6MIIJC52jdCMJ:3bdYjQgrIBfvMg7JruJgfzU6MIGC52x/
                                                                                                                                                                                                                                        MD5:046F982D6BEA5119DB3B0FFBFC2D3A9C
                                                                                                                                                                                                                                        SHA1:228934BA08CFE1518DB26692077EFF21CDEBBF71
                                                                                                                                                                                                                                        SHA-256:32D88864B6B689712570D175D8EE3A31E04BA77C560C8EC404320E54FCEE0B1D
                                                                                                                                                                                                                                        SHA-512:291CB83821CA7011DB39439FBB38DCF93AFC0F9A62EC49D184158551B53BB46B0852E552BAA1101030424DF5EA94F52ECB49565117C3655D6D6EF4E80126E4F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencni ugovor",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao/la sam i prihva.am Licencni ugovor",.. //{0} - Company name.. THANK_YOU: "Zahvaljujemo .to ste odabrali tvrtku {0}",.. INSTALL: "Instaliraj",.. CANCEL: "Odustani",.. RETRY: "Poku.ajte ponovno",.. //{0} - Product name.. PROGRESS_TITLE: "{0} va. je osobni savjetnik o sigurnosti neovisno o tome gdje se nalazite na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Sjajno! Instalirali smo va.eg osobnog savjetnika na mre.i.",.. COMPLETE_SUBTITLE: "Spremno za rad",.. COMPLETE_LAUNCH: "Otvori moj preglednik",.. ERROR_OS_REQUIREMENTS: "Instalaciju nije mogu.e nastaviti jer va. operacijski sustav ne ispunjava minimalne preduvjete sustava. A.urirajte ga i poku.ajte ponovno.",.. ERROR_BROWSER_REQUIREMENTS: "Instalaciju nije mogu.e nastaviti jer va. preglednik ne ispunjava minimalne preduvjete sustava. A.urirajte p

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2712
                                                                                                                                                                                                                                        Entropy (8bit):5.515007946438886
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3tLzMpIEAIQIsOGfHgoZciWDBMK+Q4L8NPpTWzn9jIaLe78C6VQ9:3dy1AIQIafrCiMBMK48NPpazndBe7AVO
                                                                                                                                                                                                                                        MD5:A0CE12A95FD8E925937FF1BDD6A0940C
                                                                                                                                                                                                                                        SHA1:E48E9A6E55A5F0928434E3F76F8CE9845422D7E6
                                                                                                                                                                                                                                        SHA-256:14C72F4DBDC624BA00ACEEF1FB63C9817E801FA2588B5C4125BD9AF2E2B32613
                                                                                                                                                                                                                                        SHA-512:59682A2FFF9B1D9B00878B8831996F67341D6475AAA206C62598B5C27765806C4A3D32BD0369801A93175A862A152D26217D92693112EB3FADA7969733A4F6E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencmeg.llapod.s",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Elolvastam .s elfogadom a Licencmeg.llapod.st",.. //{0} - Company name.. THANK_YOU: "K.sz.nj.k, hogy a(z) {0} mellett d.nt.tt",.. INSTALL: "Telep.t.s",.. CANCEL: "M.gse",.. RETRY: "Pr.b.lkozzon .jra",.. //{0} - Product name.. PROGRESS_TITLE: "{0} az .n szem.lyi tan.csad.ja, aki mindenhova .nnel tart az interneten.",.. PROGRESS_SUBTITLE: "Telep.t.s...",.. COMPLETE_TITLE: "Rendben. Szem.lyi tan.csad.j.nak telep.t.se sikeresen befejez.d.tt.",.. COMPLETE_SUBTITLE: "Haszn.latra k.sz",.. COMPLETE_LAUNCH: "B.ng.sz. megnyit.sa",.. ERROR_OS_REQUIREMENTS: "A telep.t.s nem folytat.dhat, mivel az oper.ci.s rendszer nem felel meg a minim.lis rendszerk.vetelm.nyeknek. Hajtsa v.gre a friss.t.st, majd pr.b.lkozzon .jra.",.. ERROR_BROWSER_REQUIREMENTS: "A telep.t.s nem folytat.dhat, mivel a b.ng.sz. n

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2394
                                                                                                                                                                                                                                        Entropy (8bit):5.273234756793247
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3UWhiWDdQoGoIt/EqRw0+KIbpxLWpuKf/XG+E6lGN5/5wZplY8547w6ZzE+IR1uJ:3dqrt820KInL9KfO+Evf5y0jZzNG1u0o
                                                                                                                                                                                                                                        MD5:6D2FF123E8CAFB9BC0558832D03DCF78
                                                                                                                                                                                                                                        SHA1:6B012D0B5DFE705A5895BBE00EEAD226D1477049
                                                                                                                                                                                                                                        SHA-256:EEF20A106EF95DB5383DEE157C95BF47987388E2CCDDB16EFB94B03E7C3E6376
                                                                                                                                                                                                                                        SHA-512:E213469B7B803E3EDB3F2196D68243D8BC8A00388628801865DD0976D62A536A11EC1844A2E52AE67D31A7CBF9A00E877F4085C55AF1C5BD6FECDD780AFBADB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contratto di licenza",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ho letto e accetto il contratto di licenza",.. //{0} - Company name.. THANK_YOU: "Grazie per aver scelto {0}",.. INSTALL: "Installa",.. CANCEL: "Annulla",.. RETRY: "Riprova",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . il tuo consulente sulla sicurezza personale quando sei online.",.. PROGRESS_SUBTITLE: "Installazione in corso...",.. COMPLETE_TITLE: "Perfetto! Abbiamo installato il tuo consulente sulla sicurezza online personale.",.. COMPLETE_SUBTITLE: "Pronto all'uso",.. COMPLETE_LAUNCH: "Apri browser",.. ERROR_OS_REQUIREMENTS: "L'installazione non pu. proseguire poich. il sistema operativo non soddisfa i requisiti minimi di sistema. Aggiornalo e riprova.",.. ERROR_BROWSER_REQUIREMENTS: "L'installazione non pu. proseguire poich. il browser non soddisfa i requisiti minimi di sistema. Aggiorna il browser e riprova.",.. ERROR_VE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3042
                                                                                                                                                                                                                                        Entropy (8bit):5.651559802574649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3wGDxx6nDARECJhlFV0Inu4+nc4sf79U6MwMiWBmxjGlmDr2hvuskl2KzYzKIKvN:3wwT6c62zFV0InOnKf726pEm2mqvSZzN
                                                                                                                                                                                                                                        MD5:F47F9E5C36DA5B99A4769F2AEEF8D37A
                                                                                                                                                                                                                                        SHA1:070F6B27C6FD437B4D5DF9D18D4273D749ED2D3B
                                                                                                                                                                                                                                        SHA-256:08E43E5C1A284F905589C23D926C40E8CBDE6DDA78951271FED01512CF31B612
                                                                                                                                                                                                                                        SHA-512:75B638FD04E9F67142B40C982A454EF95BCC27473C2F9C5E9EDF3235DEFF0787FE3C9E1230D816254B0635EA382465D5F719180EA9920E85B80B6BC526AE0BC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "......................",.. //{0} - Company name.. THANK_YOU: "{0} ...................",.. INSTALL: "......",.. CANCEL: ".....",.. RETRY: "...",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ...................................",.. PROGRESS_SUBTITLE: "..............",.. COMPLETE_TITLE: "....... ........... ...................",.. COMPLETE_SUBTITLE: "........",.. COMPLETE_LAUNCH: "........",.. ERROR_OS_REQUIREMENTS: "....................... ....................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2602
                                                                                                                                                                                                                                        Entropy (8bit):5.831644314643136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3SvoaWNG4EaECInqhq5fqYb26FugHU98U5MmilHU5n9HU5MKzpNKI6iUIX2z01:3S84Fa9Inqhq5fLjFF0WU5Mmi5U5nRUr
                                                                                                                                                                                                                                        MD5:CC841D140886FEE491F32845443D3A78
                                                                                                                                                                                                                                        SHA1:ECE4ADEF87A0ACB9ED9A122B4FECD8B44B473DE8
                                                                                                                                                                                                                                        SHA-256:464D76D3315C74F8C1844ECEE2CCFBCFD10478DE27DC6EB081825C526C5C193A
                                                                                                                                                                                                                                        SHA-512:DF155722C3D92BF938FB975C30587B0619CBC824FF27A427CEB500A6D44744AA6BB36CF9C50FE4E8C495133534EF6A2BCE0655059C2580CCA2DCEF88D3B5CCBD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "... ..",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "... ... .. .. ......",.. //{0} - Company name.. THANK_YOU: "{0} ... ... ... ......",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: ".. ..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}. .. .... .. .. .. ... .......",.. PROGRESS_SUBTITLE: ".. ....",.. COMPLETE_TITLE: "....! .. ... .... .......",.. COMPLETE_SUBTITLE: "... ... .....",.. COMPLETE_LAUNCH: ". .... ..",.. ERROR_OS_REQUIREMENTS: "..... .. ... ... .... .... ... ... . ..... ..... ...... .. .......",.. ERROR_BROWSER_REQUIREMENTS: "..... .. ... ... .... ...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2387
                                                                                                                                                                                                                                        Entropy (8bit):5.322241729749718
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3795VOotrOcpVDEY4IRw0/9IcBVFDqFafj8Kae0QJhGd/i+GFPxWj0ssjzr9cIUy:37R7pVgzCw0VIaVFuFaf3l5QAfjzrKZy
                                                                                                                                                                                                                                        MD5:1C4105C9D902290BB660B270F029995F
                                                                                                                                                                                                                                        SHA1:96FC7160A129DD7BEB2C425CEFDC6731D0585D05
                                                                                                                                                                                                                                        SHA-256:7E9DDC9C9DB9800F87DB49BD2F4B18B15D2F6155A0295DD01B74E43A0834235C
                                                                                                                                                                                                                                        SHA-512:863A4CD97282F68E619B31758155C3FD313BB6ADEC546A6DE3D1862D976144A33C5D2BA5E32BD0C8C355E7C5C51439C7B298EF78F06B92769AF28F7359079F8C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisensavtale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har lest og godtar lisensavtalen",.. //{0} - Company name.. THANK_YOU: "Takk for at du har valgt {0}",.. INSTALL: "Installer",.. CANCEL: "Avbryt",.. RETRY: "Pr.v p. nytt",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhetsr.dgiver n.r du er p. Internett.",.. PROGRESS_SUBTITLE: "Installerer..",.. COMPLETE_TITLE: "Flott! Vi har installert din personlige Internett-r.dgiver.",.. COMPLETE_SUBTITLE: "Klar til . sette i gang",.. COMPLETE_LAUNCH: ".pne nettleseren min",.. ERROR_OS_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi operativsystemet ikke oppfyller minimum systemkrav. Oppdater det og pr.v p. nytt.",.. ERROR_BROWSER_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi nettleseren ikke oppfyller minimum systemkrav. Oppdater nettleseren og pr.v p. nytt.",.. ERROR_VERSION: "Det ser ut til at d

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2494
                                                                                                                                                                                                                                        Entropy (8bit):5.219172682762626
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3HZ/GOx7kopP4IeGyEY/n40AcTI3k7JWxXDk7JdIXrf24+0nB7v7lRbY2ID6XVUO:3Hb+nAqjAkI3WcxXDWPIXrfwkBD9i6X1
                                                                                                                                                                                                                                        MD5:342D009CCBC58295AAD31F9475D3D6D5
                                                                                                                                                                                                                                        SHA1:EB3CB3BD3A9A19819E9E397FEC23BB37A3FF3344
                                                                                                                                                                                                                                        SHA-256:8A2328030D33D83953717A4D2D26E2319F11EB732C992484F7B8E23F55DF904F
                                                                                                                                                                                                                                        SHA-512:CCA21454E3D8AE4BC91C685E172E11A478F27B8D407557EA0F9DE50C27AFAFFD1843482852895DB4E9C4F53543E3B1C26BC5A661DCF76E41E0E148C57FB6DFFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licentieovereenkomst",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ik heb de Licentieovereenkomst gelezen en ga ermee akkoord",.. //{0} - Company name.. THANK_YOU: "Hartelijk dank dat u hebt gekozen voor {0}",.. INSTALL: "Installeren",.. CANCEL: "Annuleren",.. RETRY: "Opnieuw proberen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is uw persoonlijke veiligheidsadviseur waar u ook online gaat.",.. PROGRESS_SUBTITLE: "Installeren...",.. COMPLETE_TITLE: "Fantastisch! We hebben uw persoonlijke online adviseur ge.nstalleerd.",.. COMPLETE_SUBTITLE: "U bent klaar om te beginnen",.. COMPLETE_LAUNCH: "Open mijn browser",.. ERROR_OS_REQUIREMENTS: "Uw installatie kan niet worden voortgezet omdat uw besturingssysteem niet voldoet aan de minimale systeemvereisten. Werk het bij en probeer het opnieuw.",.. ERROR_BROWSER_REQUIREMENTS: "Uw installatie kan niet worden voortgezet omdat uw browser niet voldoet aan onze mi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2589
                                                                                                                                                                                                                                        Entropy (8bit):5.547167815308863
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:31Mp2pQa6EiVoNIGz2wizAsferOrW6IjW1FRHZZ8z0h0hXigYDzgzI77cclvND9j:3r+0iVQI5wJsf8GW6IjqfHZchygYDzgQ
                                                                                                                                                                                                                                        MD5:6DAA2EB9E3B6D9E0D3F81D065A56FD65
                                                                                                                                                                                                                                        SHA1:B4814597983AAADD45A0FF68CC7593C267FB142D
                                                                                                                                                                                                                                        SHA-256:7B967E6B1A9B3B0483AC4A6029A9AED3732B7015573719375FD680653013CB74
                                                                                                                                                                                                                                        SHA-512:471E124305EF00529C6722B506F8DDF006FE010B430C2D5E2D2D60A99B12E664CBA77D0E3CD812B66A12FC99E924FBBA01764952FA1D06BED1311E1F32E153C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Umowa licencyjna",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Potwierdzam znajomo.. warunk.w umowy licencyjnej i akceptuj. je.",.. //{0} - Company name.. THANK_YOU: "Dzi.kujemy za wybranie firmy {0}",.. INSTALL: "Zainstaluj",.. CANCEL: "Anuluj",.. RETRY: "Spr.buj ponownie",.. //{0} - Product name.. PROGRESS_TITLE: "Program {0} to Tw.j osobisty doradca bezpiecze.stwa online.",.. PROGRESS_SUBTITLE: "Instalowanie...",.. COMPLETE_TITLE: ".wietnie. Tw.j osobisty doradca bezpiecze.stwa online zosta. zainstalowany.",.. COMPLETE_SUBTITLE: "Gotowe",.. COMPLETE_LAUNCH: "Otw.rz przegl.dark.",.. ERROR_OS_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, poniewa. system operacyjny nie spe.nia minimalnych wymaga. systemowych. Zaktualizuj system i spr.buj ponownie.",.. ERROR_BROWSER_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, poniewa. przegl.darka nie spe.nia minimalnych wymaga. systemow

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2414
                                                                                                                                                                                                                                        Entropy (8bit):5.299993722021728
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:30pLnIOYwREtajaI1BKraNfZwe6GcIe+LLCEHxg5aozFVI1rJqPvJ:3VI68jaIjNf9F3Hwbz3aJqPvJ
                                                                                                                                                                                                                                        MD5:BEF0DB23F85CF7E1918E5BC44747D940
                                                                                                                                                                                                                                        SHA1:E227E3212B3625BD790425F25FB8B7A4C22F1C4C
                                                                                                                                                                                                                                        SHA-256:F465DB5A542C428CF684AB54C88D779A0748504F6B60F9DC68E4E6DB161C7027
                                                                                                                                                                                                                                        SHA-512:FD878571BDF0BC57515B20306ADDB9F1A5899E2620F7759EDA04265811DF4B4804AFBD7C04BAC877C421D199F0F54503BCFE0981CF4791CFC7FDD7A41EE58153
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Li e concordo com o Contrato de Licen.a",.. //{0} - Company name.. THANK_YOU: "Obrigado por escolher {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar novamente",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . o seu assessor de seguran.a personalizado onde quer que voc. navegue.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: "Excelente! O seu assessor online personalizado foi instalado.",.. COMPLETE_SUBTITLE: "Pronto para come.ar",.. COMPLETE_LAUNCH: "Abrir meu navegador",.. ERROR_OS_REQUIREMENTS: "A instala..o n.o pode continuar. Seu sistema operacional n.o atende aos requisitos m.nimos do sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "A instala..o n.o pode continuar. Seu navegador n.o atende aos requisitos m.nimos do sistema. Atualize o navegador e tente novamente.",.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2407
                                                                                                                                                                                                                                        Entropy (8bit):5.28324188686346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:30pgnIuAGE6y4IvQdKVvNfwSe6GfIhq+L1w9V5eEHp4aUzFy5JI1rJqPlEqdWo/:3uhX6y4IvQdUlfKF3PHHp4DziaJqPlE8
                                                                                                                                                                                                                                        MD5:A8D908EF11B6E6827318D03027A59853
                                                                                                                                                                                                                                        SHA1:894C65E390685AF298675AFCD2D1108B13BD9600
                                                                                                                                                                                                                                        SHA-256:0F64B9AB19FE8C5C7C6607B6E41E3C6EA37042FE9107AB4DA2774C058CB0BFD8
                                                                                                                                                                                                                                        SHA-512:CC0C2D78CEB2EC8EF66CED5D2972293253145D3BE9BF4597856B2FD64169DC81F0681E0AAC223B4705508FD53FA8350EFD9B78EC22FDA30A6FBE04593ED746C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Li e concordo com o Contrato de Licen.a",.. //{0} - Company name.. THANK_YOU: "Obrigado por escolher a {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar Novamente",.. //{0} - Product name.. PROGRESS_TITLE: "O {0} . o seu assistente de seguran.a pessoal quando navega online.",.. PROGRESS_SUBTITLE: "A instalar...",.. COMPLETE_TITLE: ".timo! Instal.mos o seu assistente pessoal online.",.. COMPLETE_SUBTITLE: "Pronto a utilizar",.. COMPLETE_LAUNCH: "Abrir o meu browser",.. ERROR_OS_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu sistema operativo n.o cumpre os requisitos m.nimos do sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu browser n.o cumpre os nossos requisitos m.nimos do sistema. Atualize o seu browser e ten

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3518
                                                                                                                                                                                                                                        Entropy (8bit):4.980400611470048
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:3UVaCuKa+4I4QashQrsyfb6yJBvr8/zsPoSBRbB+E:3UVMKaN91jb6yg/z2oSBRVJ
                                                                                                                                                                                                                                        MD5:BF7A97275E6D3C3A1A04385F3F8886DB
                                                                                                                                                                                                                                        SHA1:CA585A7FD8E3F03445855C31CEDB147E64FB4D4B
                                                                                                                                                                                                                                        SHA-256:96DD6E164702E07A9CCAACD4ECD6DA91E11193F0C7D2137EA7917042C1FA7D1F
                                                                                                                                                                                                                                        SHA-512:1DF91ABE3ABAEBFEC23394E3CE5EAF796CCD95526EBD3CE68FECE384E0EDDA4ADE37808A6982D21900A22A0F0EDF044C031A7E3AD3D98AC8B38FC59F74F7EC4A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "............ ..........",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".... ......... . ....... ....... ............. ..........",.. //{0} - Company name.. THANK_YOU: ".......... ... .. ..... {0}",.. INSTALL: "..........",.. CANCEL: "......",.. RETRY: "......... .......",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . ... ...... ........ .. ........ ............ . ..........",.. PROGRESS_SUBTITLE: "............",.. COMPLETE_TITLE: ".......! ...... ........ .. ........ ............ ...........",.. COMPLETE_SUBTITLE: "... ......",.. COMPLETE_LAUNCH: "....... .......",.. ERROR_OS_REQUIREMENTS: "......... .......... ..........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2503
                                                                                                                                                                                                                                        Entropy (8bit):5.599125488841342
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3KUCaDVRZIB0HHEFYdVXIBJSoAcJSjAKf+EPnAn9kwk8Aw7JmERmPezlU8IPJicJ:3K94Bu0HkFoXImoArjAKf+EPnAnewk8i
                                                                                                                                                                                                                                        MD5:08A88764BC54366519712AFA77281B14
                                                                                                                                                                                                                                        SHA1:AAA6E388B7A382E252B17C8A2727A01A5597FF93
                                                                                                                                                                                                                                        SHA-256:9D3A89DB1B1488981A8D4DF098E04D84038BCA2FA131027AC9554D3C3F9AFF85
                                                                                                                                                                                                                                        SHA-512:FF9BC34AAF789A260C7DA7543F1BEAFFFDCB6799DD5093D512D6CECDEC73CB00EC46B28DB89A9FD26FE50EF70A794EFAB3D4A32BBA36387A0212241B2B84E99E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. zmluva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pre..tal(-a) som si licen.n. zmluvu a s.hlas.m s .ou",.. //{0} - Company name.. THANK_YOU: ".akujeme, .e ste si zvolili {0}",.. INSTALL: "In.talova.",.. CANCEL: "Zru.i.",.. RETRY: "Sk.si. znova",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je v.. osobn. bezpe.nostn. poradca pri va.ich potulk.ch internetom.",.. PROGRESS_SUBTITLE: "In.taluje sa...",.. COMPLETE_TITLE: "Skvel.! Osobn. poradca online je nain.talovan..",.. COMPLETE_SUBTITLE: "Hotovo",.. COMPLETE_LAUNCH: "Otvori. prehliada.",.. ERROR_OS_REQUIREMENTS: "V in.tal.cii nie je mo.n. pokra.ova., preto.e opera.n. syst.m nesp..a minim.lne syst.mov. po.iadavky. Aktualizujte ho a sk.ste to znova.",.. ERROR_BROWSER_REQUIREMENTS: "V in.tal.cii nie je mo.n. pokra.ova., preto.e prehliada. nesp..a minim.lne syst.mov. po.iadavky. Aktuali

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2366
                                                                                                                                                                                                                                        Entropy (8bit):5.377529074885516
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3iWxpQUZMEji4CqYBIInphvGEfD/cTdRCcegQ6DRjRSGnzUwMIIJLQ5omtn:3ikbTjBrGIAH7fD/cpUdiRcGnzUwMIA0
                                                                                                                                                                                                                                        MD5:1D59151978EDB5243B5FB2D1D65BC06D
                                                                                                                                                                                                                                        SHA1:AF7C1604BC7D3C92884E3BD1C6216310314F1C33
                                                                                                                                                                                                                                        SHA-256:1AB8E10FE1E87EF88C26902275FB1ABC88E714FAE6E1888765737681EC13A519
                                                                                                                                                                                                                                        SHA-512:DA3BD8C452C67050330BC3D48AE489D90754952EE6AE8040D99AEEFF93C41EAA007BE5A8BC7BB22C7B279107A738EA87062D3B254A3CF23CCD93A79D2F1A1895
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Ugovor o licenciranju",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao/la sam i saglasan/na sam sa ugovorom o licenciranju",.. //{0} - Company name.. THANK_YOU: "Hvala vam .to ste odabrali {0}",.. INSTALL: "Instaliraj",.. CANCEL: "Otka.i",.. RETRY: "Poku.ajte ponovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va. li.ni savetnik kada god ste na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Odli.no! Instalirali smo va. li.ni savetnik na mre.i.",.. COMPLETE_SUBTITLE: "Spremno je",.. COMPLETE_LAUNCH: "Otvori pregleda.",.. ERROR_OS_REQUIREMENTS: "Instalacija ne mo.e da se nastavi zato .to sistem ne ispunjava minimalne zahteve. A.urirajte i poku.ajte ponovo.",.. ERROR_BROWSER_REQUIREMENTS: "Instalacija ne mo.e da se nastavi zato .to pregleda. ne ispunjava minimalne zahteve sistema. A.urirajte pregleda. i poku.ajte ponovo.",.. ERROR_VERSION: "Ve. imat

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2265
                                                                                                                                                                                                                                        Entropy (8bit):5.384815060230753
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3Ud6ODtNYPmAEYSwxFjIcvFLcFafDyMC/4ekY3+rh7sK0MCoO0oz/wrIfGEzjZsI:30DNcnIiFgFaf+imYJOvz4rCRV
                                                                                                                                                                                                                                        MD5:E78439F6F4B4708602625E4A72FE8F9D
                                                                                                                                                                                                                                        SHA1:1C5974A46847D65292BA9A430909CF0034EBA254
                                                                                                                                                                                                                                        SHA-256:17F548A03E9F64DBB946DCCFD8D9C54FA178CC4893C4A08C292A9A5DB038BFBF
                                                                                                                                                                                                                                        SHA-512:14FAC327E1C7DFC78E97AEB139DC2676113E71FB962A4103DED145B780FD6B040673962F8AB243B5D4A1267D84D4A00C4939199F52C8D3FFFE3597B5EF7DCA94
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licensavtal",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jag har l.st och godk.nner licensavtalet",.. //{0} - Company name.. THANK_YOU: "Tack f.r att du valde {0}",.. INSTALL: "Installera",.. CANCEL: "Avbryt",.. RETRY: "F.rs.k igen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} .r din personliga s.kerhetsr.dgivare online.",.. PROGRESS_SUBTITLE: "Installerar...",.. COMPLETE_TITLE: "Perfekt. Vi har installerat din personliga r.dgivare online.",.. COMPLETE_SUBTITLE: "Klar att anv.nda",.. COMPLETE_LAUNCH: ".ppna min webbl.sare",.. ERROR_OS_REQUIREMENTS: "Installationen avbr.ts eftersom ditt operativsystem inte uppfyller systemkraven. Uppdatera och f.rs.k igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen avbr.ts eftersom din webbl.sare inte uppfyller systemkraven. Uppdatera webbl.saren och f.rs.k igen.",.. ERROR_VERSION: "En nyare version av programvaran .r redan installerad p.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2564
                                                                                                                                                                                                                                        Entropy (8bit):5.490091438528594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3DdmZCox80uGgE+dh70Ij+AUJBI+AxuzfvF57ybqEmpwAY3LgMseo44oU+Wz7kjJ:3kwoK0v+dhYIjMs5uzf7g5ue5Lgz6CXG
                                                                                                                                                                                                                                        MD5:05CC66347F07D6016A6266200949DF60
                                                                                                                                                                                                                                        SHA1:1599786111CE4780FEA8D5426D82E07DD3993201
                                                                                                                                                                                                                                        SHA-256:130DFBE1493ABCDCCE97774F996A976FE1A995E6F9EED59DA1E16CBE7BBCED24
                                                                                                                                                                                                                                        SHA-512:CB2EBDD25D6A2B536A948C345C542D7BEC9C35692A78FAAC9F264F870221234C432BED324611BAD220B563B3D34B7301AF6E2EF9FB730B82F8BB76BFFA77BDFA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisans S.zle.mesi",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Lisans S.zle.mesi'ni okudum ve kabul ediyorum",.. //{0} - Company name.. THANK_YOU: "{0}'yi se.ti.iniz i.in te.ekk.rler",.. INSTALL: "Y.kle",.. CANCEL: ".ptal",.. RETRY: "Yeniden Dene",.. //{0} - Product name.. PROGRESS_TITLE: "{0} Internet'te her an yan.n.zda olan ki.isel g.venlik dan..man.n.zd.r.",.. PROGRESS_SUBTITLE: "Y.kleniyor...",.. COMPLETE_TITLE: "Harika! Ki.isel .evrimi.i dan..man.n.z. y.kledik.",.. COMPLETE_SUBTITLE: "Kullan.ma haz.r",.. COMPLETE_LAUNCH: "Taray.c.m. a.",.. ERROR_OS_REQUIREMENTS: "..letim sisteminiz minimum sistem gereksinimlerini kar..lamad...ndan y.kleme i.lemine devam edilemiyor. L.tfen g.ncelleyin ve tekrar deneyin.",.. ERROR_BROWSER_REQUIREMENTS: "Taray.c.n.z minimum sistem gereksinimlerimizi kar..lamad...ndan y.kleme i.lemine devam edilemiyor. L.tfen t

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2044
                                                                                                                                                                                                                                        Entropy (8bit):6.279635522276187
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3oeWvFbBQLSECfPnIuDfC9lI2S1lZmYDbVzzIKg+bq2cmO:3obrYzCnnIuDfC9lIZmuRzzY+lcmO
                                                                                                                                                                                                                                        MD5:5C006F633594BE32EA846EAABA28EFAC
                                                                                                                                                                                                                                        SHA1:313416B877495151AA1DC4F7E606212E57B8C7F5
                                                                                                                                                                                                                                        SHA-256:A58CE6C9D3D5F2C7E3BB45B8EDF2FD69E29BD50A8C9EB96A672D8BAA4E07C7D9
                                                                                                                                                                                                                                        SHA-512:BBD45F569D93EF47A259D68C55BF2232BD35A09947202353C092C31595E9D4AE4146A49B1DC0CE2FEBA581A07E4F5160FFA774041F0EC2B8E4EE4B02A7C79C6E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "...........",.. //{0} - Company name.. THANK_YOU: ".....{0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}.................",.. PROGRESS_SUBTITLE: ".......",.. COMPLETE_TITLE: "...! ............",.. COMPLETE_SUBTITLE: "....",.. COMPLETE_LAUNCH: ".......",.. ERROR_OS_REQUIREMENTS: "....................... .........",.. ERROR_BROWSER_REQUIREMENTS: "...................... ..........",.. ERROR_VERSION: "...................",.. ERROR_FAIL: ".......... ....",.. ERROR_DU

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-install-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2196
                                                                                                                                                                                                                                        Entropy (8bit):6.290888542443718
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3/svnWuIBR1EwNsIb5w6fIPlBZWe2jeemIuzlJIeqwjhPcMJu:3/Cw4wmIZfIPlBcaeJuzXjqwjNcv
                                                                                                                                                                                                                                        MD5:4D50B043B9E92727C9974973D6C5D3FE
                                                                                                                                                                                                                                        SHA1:A3754621B014AD825F43EA3D3DD8B1750A9B164E
                                                                                                                                                                                                                                        SHA-256:C5BC5FF5CC64BC643220F2149BC74BF9FD9524B231FFF518AC40C3FCA0269236
                                                                                                                                                                                                                                        SHA-512:CBAFD790828A062534E1AFDAF61B0640D59D172A09A09626899A9266AE592684DC34DBAC192934B49E9C5E7A9AA97C4601014D3D69766BA1F62F8EB520CC2ADD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "............",.. //{0} - Company name.. THANK_YOU: "..... {0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "....",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ...................",.. PROGRESS_SUBTITLE: ".......",.. COMPLETE_TITLE: ".... ..............",.. COMPLETE_SUBTITLE: ".......",.. COMPLETE_LAUNCH: ".....",.. ERROR_OS_REQUIREMENTS: "......................... ...........",.. ERROR_BROWSER_REQUIREMENTS: "........................ ................",.. ERROR_VERSION: ".................",.. ERROR_FAIL: ".

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):716
                                                                                                                                                                                                                                        Entropy (8bit):5.603466386701819
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRTos4SxQrKOCj:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9t
                                                                                                                                                                                                                                        MD5:8794C890BD2E81943C82C292F66F3667
                                                                                                                                                                                                                                        SHA1:3B4C2828FD3DAB4F81A8C31B1D4317970A19712F
                                                                                                                                                                                                                                        SHA-256:074AC361DD559BAD3396B7D2BBAB1DD617F0D703F1F9EDD187A01A70E5469C4F
                                                                                                                                                                                                                                        SHA-512:A092DDCA133709C3E07A59FF231F97ED03FAAE2DF99D819E92B0D49CDB0A832CB8C913405C438A7A9322466BC41D5BDD9D392EB8FA0100A8D15910239EE86082
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//A33A9CEAAE4D249C0FFCF86B46DD3CFE7CFED92C807371FAAD24F10184439BD12196A90CAD70144F27B4D1487BF8C1647F83CB050B21FF0689425EE4A0E9E96D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):728
                                                                                                                                                                                                                                        Entropy (8bit):5.561213207315339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bikzbkLwT5zxjAHo8wN9wuRToIDlUMJMlE9:7e9SlNLiafLYFv9KO4dWIOHo8wN9ZR0g
                                                                                                                                                                                                                                        MD5:A051DAA9B5606E594E4CD75E82068988
                                                                                                                                                                                                                                        SHA1:7AFC13E52ADC302A9E3835FC418A8ABB501957D9
                                                                                                                                                                                                                                        SHA-256:0F18C38792BB96A8CD3F11E91E8F8C05C463D7755945D5D0630C459A6EE90995
                                                                                                                                                                                                                                        SHA-512:341F223CDF8F49FB8CC8126B610026949E9171F85B24970E797F5EB75D3CAE9EC6C066B94DA62283972C57737D80C77241DE02B238D0B078FC012AFFC961B027
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//775927AF51C58C15181597C0E40C51FFB2B46720C140702E55EDD759C98B1BBB9BB1BB67EBC5319E66CEC6C06F4E63D92929522DEBA419907802E4311F4B6AB1++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):695
                                                                                                                                                                                                                                        Entropy (8bit):5.546960598972389
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRToh88JwGdOO:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZRw
                                                                                                                                                                                                                                        MD5:4CA73911A8549309C48D4E2DBCCD384A
                                                                                                                                                                                                                                        SHA1:D5E3B5C8D2C4353315B93EF16DA69F8E6F7445F6
                                                                                                                                                                                                                                        SHA-256:145DB2CDB5B8FD781A5F84E84A57CDA055A47551DC291D3335ED695E459AEDED
                                                                                                                                                                                                                                        SHA-512:8E9DBAD8225952584310480BF67DE048C2FD27D6EC7776F30F5EFB3C5821AB60513618B7E98BCEC0BAB954BC5197154CE03A6965E64D506C190E0A8EC2EE6AA4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//37B600152353029B4EE0D51C5F5DC779FA4154C41F9E987CBBF78A388CF7EAD941C181F0D37CD82E6A42E1523AF2D045963BF87889701AF7027EEA10566B41D7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):750
                                                                                                                                                                                                                                        Entropy (8bit):5.75038358315992
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRTo2ma+apHkGKb:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9Q
                                                                                                                                                                                                                                        MD5:6FE7F9625E2B43D3DFA72219A32CD797
                                                                                                                                                                                                                                        SHA1:AAA18255C4C9228FAAC221451CC599881DFE99F0
                                                                                                                                                                                                                                        SHA-256:99DB09DCA477A43E3C1230DED9DB306527A648BC9CDD1FE4D11396EECBC4E8A3
                                                                                                                                                                                                                                        SHA-512:F60D3F083BB557ADA563E07568ADBA9E81BA9FEA3A385F9C57BE02B313DFF4AAB51A2B3EA42CC3B23BEFD3385A67C43BBA39098D711819B04226E397FF618E8D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//5D3C085C46ADBA2C87236F283C7F7A6F9F8528F5D95484748AD517E395A273333B09FFE5C5AD7832E2A2AECCDA0A44E491DE1E4FCE209B0AF2F79D34A9089B03++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):688
                                                                                                                                                                                                                                        Entropy (8bit):5.5148376008517355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRTouGQN:7e9SlNLiafLYFv9KO4zkCWIoT9ZRxT
                                                                                                                                                                                                                                        MD5:96F06BCE2F8241D3FAA99D215D5165E9
                                                                                                                                                                                                                                        SHA1:6CC4465149BA689E6509BA85C199C357DA5E76B9
                                                                                                                                                                                                                                        SHA-256:E6806211EC82E58650186D6CA0E2586158031052AFB622AF8D669B6DF8B10586
                                                                                                                                                                                                                                        SHA-512:294C816E99BFEB230C629FC90CA4DEC3E969731B25D0DC252A833C914AAED54E686005F875284488EC6432555EBA23C63DA0C27E05A0EF0B23CFFEE85603D2F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//B470C7AAF5FDD24BBF32F7476686D802B0DDD7A2E27E19E227FC11A318F1F178EE4A187DD27F062D9068D7C9D3AF476F7739316C707BFE1246DBE8BCCB582598++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.53027365887532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToFVoEmUo/GbXn:7e9SlNLiafrFv9KO40gnWIqgV9ZR2Vo+
                                                                                                                                                                                                                                        MD5:6B40E984877643345441286818FD3E70
                                                                                                                                                                                                                                        SHA1:72C8EBFC44446664E55F7789FCEA06CA1B18DF44
                                                                                                                                                                                                                                        SHA-256:B49C9D62E2060E3BBFAF24ECC36016322B8E11A11CDFEAF1BCD5AC34605AE51F
                                                                                                                                                                                                                                        SHA-512:0542309BAB98597D6DE4608B2F14DECD65322D8517F9D9D95D7169EF5E9A1DAEECD9ED0894D8621B0AAFE9AAE58BB5DF95D8E49EDAC8404FDD527F961CD466B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BFC1DB273BDD11606013A9CE4642C9329CA41AD21F8C5F38531ECDD48BE2385679A485CD0BCFACF2455A2D5D9F53158546E6970F6E6C56ACBC14DB30A9FB7FB0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.524664431479274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToJcdLRDonXqU0Xn:7e9SlNLiafrFv9KO40gnWIqgV9ZRHdVd
                                                                                                                                                                                                                                        MD5:06DD08181921F52A83115283267E31C2
                                                                                                                                                                                                                                        SHA1:34E1A98CAC15200DACF84A5C4EAAE3C48769F48A
                                                                                                                                                                                                                                        SHA-256:36C38D7E0367F32F8A4390424B826F337E3717AF61610D3B6DE7355735252DE2
                                                                                                                                                                                                                                        SHA-512:804FD02DC4B162A9D25A8F395E904100CD87073DE18AAB1941E56571BAB2EDC4904FCEA4FE3AA9DE27DA85EC723CFDAE0AFC6FE981E07EFA3992A4E90E56EEFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//754B3DBDEB13314364EEB697D5B6FCC9D319892836CC4544C9D93068886BD51329DF441F3502D2BEA4DD61E90BF9BABABFDF8DBDC811D9B264B26A0CD94D3A62++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):692
                                                                                                                                                                                                                                        Entropy (8bit):5.516986272783081
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biu6gbkLwT5zxjAHo88WN9wuRTo8pcqxFaSRa:7e9SlNLiafsv9KO4RWIOHo8Z9ZR1cIav
                                                                                                                                                                                                                                        MD5:3C20435CCED9E2BECB29CAB56E69538B
                                                                                                                                                                                                                                        SHA1:406AEED3490CAAE193A4944197A3C682DEE6A427
                                                                                                                                                                                                                                        SHA-256:E0691F6FFCC80E2D932F5E32A9825BD7C4ABFC929C2DA9F74BC432F50AB8142A
                                                                                                                                                                                                                                        SHA-512:B472AD0D1AC7196F070CEB9E7D23ED70EBE5F6B2065C53FA98F0B1E10E9C9986CA8612DB622DBBAA938BBAB8AE0E5DD7D62CB03B864CFCC8FEBE840EA5102A0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0645A2C63F8874B2644CB688496CC128F3D37ADF4FC5C554ACED68A88DA43DABEF8D1954B6DD7DF54AD1137215CE6B6683F5A9571F7336393F5858DE05A9DAC2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710
                                                                                                                                                                                                                                        Entropy (8bit):5.554042069584347
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRTounXHUyEe:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRv7
                                                                                                                                                                                                                                        MD5:779EA85FBBF62C1510D3E05AB20C26EC
                                                                                                                                                                                                                                        SHA1:A57E416890AD142307798E99AAFF5E2F3BE4EEC0
                                                                                                                                                                                                                                        SHA-256:DBB25AEB94E9C422846AC42C27EEC7E640F1319EDD2AFFC2FD5567CC6B4A6B40
                                                                                                                                                                                                                                        SHA-512:A068B003B7F34147F770415F2934F03E4693197542897CC9BAB4E11C7155630B8A4F1AC2E50EF07C59FA5551E86C0D94872E55303F39212AE582310DB6777C14
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9E70D09B967A834FE69317BA4B5B2CDCA5AC0F8BA4BCE75D9F9BDA71C2AFC01B14569FD2CB1D7E039B498BB092871C7EE39C6108057E2C26BF900E4805FC2775++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710
                                                                                                                                                                                                                                        Entropy (8bit):5.541459694602625
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRTo7NoqnUXLpKn:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRaD
                                                                                                                                                                                                                                        MD5:638D9816DE2A345FA16AE761F050A6AE
                                                                                                                                                                                                                                        SHA1:532A74ACD0DDF25BE6045AAD208641E89709CE68
                                                                                                                                                                                                                                        SHA-256:08098B71086F96092F73853EF83B8A022A91C47E63898F30B844A9E743C972D9
                                                                                                                                                                                                                                        SHA-512:0AE92E9CA59CF34623952AC68E61ACD46F09EE74BBD0CAF2CACA87D93DF7503C953229FDDF39E497FC1A0295F5A54EEB658E49690A95D0AB79FE4C4FA4C89627
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6F7E8BC63672E5124455E40C6A50391F50FF34D1A21C9CC76B56B5DDC555534CC35BD263EF7C7A12E42D75356E165C5A39E0AA148F5F8A7BDE6016BA541E147F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):703
                                                                                                                                                                                                                                        Entropy (8bit):5.556912313975577
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRToUePBNIm2Xg:7e9SlNLiaflv9KO43BoWIVT9ZRzdQ
                                                                                                                                                                                                                                        MD5:0354889B640A12B309CC946C5354C21B
                                                                                                                                                                                                                                        SHA1:022A64BFDF5B8F2D679A6E156C152507498E16AA
                                                                                                                                                                                                                                        SHA-256:E1541C5B527D9D1E3A8811D5A6A7C507A8603416043B053CA97C288209BB8A4F
                                                                                                                                                                                                                                        SHA-512:72EA0BE258BA654EDDC88CB869FD0942ED95BAB5CB406E6B7F51B85446C2907E318C794D19B45D5D4FCD22A8A17459E903D95AB61FDDF2A02D90B272A0886295
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BD9F914B7A0128058D12F3AC184833E8A377909F9AA32B164D1780B4F12C26513CB70BE7383900D24E79F5DFC4F0B91CD6E9656E92B21310D6C6A3CDCCEB2021++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):699
                                                                                                                                                                                                                                        Entropy (8bit):5.595019305091011
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRTozXbVNVXc/yP:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwv4
                                                                                                                                                                                                                                        MD5:2CDA0C30A354370C38A338217D211433
                                                                                                                                                                                                                                        SHA1:E9847A549D61A27ABC0ED964FD5274CE0445A353
                                                                                                                                                                                                                                        SHA-256:2386382712EE52F5FBECA3B47504F3D4B5A4721A7D04A1E778F2E26E87F8C19D
                                                                                                                                                                                                                                        SHA-512:3619B598B49B9988EC39E1E3D6157F20657F89D01CC28D429DB0D7437190BFBAAF4059B5474140D28D4DD955DF16F019686B47D58E515CAA2AE81A93C55073B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//B646A3402844D34E1A3BA92A3ECDCFB4D75F7956083C08493BAC3027813F5D2321C77A171338350B777AE9128F7DF21D1E437C0236713F2161F293A88ACF137C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):697
                                                                                                                                                                                                                                        Entropy (8bit):5.5303189627766365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNkbkLwT5zxjm79wuRToHMqjKVYVPT/idrr1n:7e9SlNLiafVv9KO4akWIo79ZRlqjKG/8
                                                                                                                                                                                                                                        MD5:7EB6790A46F59D57836EB565C8660794
                                                                                                                                                                                                                                        SHA1:DD58C46B3B5F26B17928EDE27D1A8E906B545634
                                                                                                                                                                                                                                        SHA-256:69B6D743C89B74E2C9E84D16C528D200CC2DA5CB664B0A42EDB63EDAAFB2C31C
                                                                                                                                                                                                                                        SHA-512:F6ED66EAC521E498E00C489C851D33B923160B13AD843393634F90D62737D2F41F676A19384C8574962766619B3E32A6EAFEB176C78E81E5E5163B4EBB7735F9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E9BE2387F2CDBC3D449C22604AD71B570D5065387929BCD0066BA637E8BA9FE83771F4F1EA6F7C81CD037BAD09A8DCDE212A3E4D7A5EAA079206B856D67B6B39++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):808
                                                                                                                                                                                                                                        Entropy (8bit):5.724439798276386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZRDZNZU34F:K9fLdICdfA49XLAWIOfUHFz3ZJ
                                                                                                                                                                                                                                        MD5:07FDBD0D28F682026EEBC7916F698498
                                                                                                                                                                                                                                        SHA1:CDD412C22D0D717EA237AEBB8290191FE06CB248
                                                                                                                                                                                                                                        SHA-256:BF7E520F826F1B040E673EB83D63F59335E19555B8D30E13DB5D292BE76E65FE
                                                                                                                                                                                                                                        SHA-512:15BB86ADE7D71AD2FBD33735D6FF39C0B2E22E87D82FB4B3658BF777D0138AFD8F7A1C584441787782EEEAD50F30C0B170FE4E9033A4AE6AA374BC1F9A361324
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7783325CA0B03097EBECF6759CE913AB93310E7D91DC918C9BA143A6ADA9FE7E0F2EF884278D3A99A8FC3097885BEB1D9FF0CF7E6AE5F0A3979CD545BE514079++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):742
                                                                                                                                                                                                                                        Entropy (8bit):5.824735575206991
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRTopvNWL2zXkK7h:7e9Ed13isnfVtv9kc4sWIViQ9ZRmz9h
                                                                                                                                                                                                                                        MD5:E8C5D1545F9A393D61EFD20253BF601B
                                                                                                                                                                                                                                        SHA1:B0BB63E52182556570FE309FE544C58833AA3246
                                                                                                                                                                                                                                        SHA-256:3A7D35147BE6D99B49508736EB75272896262B026B84DCAA2B549F3B4DFDB4CE
                                                                                                                                                                                                                                        SHA-512:B753B23CA68DC1D4A3ADEAD1B85B74A0A5C2EEC4E7A441AAB2C206C474FC2892F156B02B9046807BF962824940C044E05F875DFAE1F4BF492F75F3B036391114
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D23508851469B0EA5EED19A4C0E5034E8AA911B017BE0301EAC8EC7767872C403759927A82BAD01581A53086B63B596E8A716496FDDEECFBF302529D7FCE4548++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):696
                                                                                                                                                                                                                                        Entropy (8bit):5.556600355543895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRTo3scybWLO:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZR1cG
                                                                                                                                                                                                                                        MD5:03F5F916ED430732D2218BB14B0B42DC
                                                                                                                                                                                                                                        SHA1:4D0EF8E67F16E6552DA5A74F45A1AFA8D56300A8
                                                                                                                                                                                                                                        SHA-256:5400F723BC1A0E3F88990BDEB6271BB676FAA6EA6517EB6FC89609357CB7438C
                                                                                                                                                                                                                                        SHA-512:2F457D2C3059DD51F948379AAC6E7A60E0AAA4DF17C3353963787A72DCA7B6D6DFDC000C5EB12F545B80231AF8703C69A8BD4FBE0D52C8EB81395B6E858D0E48
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//98255434BED62EA15F51E86E3B8DE2FA4C5ED375452638A40C358F773F990D4A535C2EF1B49A47703266BCFF789DC96D2BC830BE3EB996D903CA66C70EE2BA29++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):746
                                                                                                                                                                                                                                        Entropy (8bit):5.612753891806925
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biqLEnbkLAWB2CT5zxjAHo8CW9AWB2CuRToHWRsVWsO:7e9SlNLiafyv9KO4zLEnWtB26OHo8CWk
                                                                                                                                                                                                                                        MD5:775D563614C64FD3F82E7DAE40FA502E
                                                                                                                                                                                                                                        SHA1:FF27DAF15836E916D1E45F7EC26A92CF4BD9B64F
                                                                                                                                                                                                                                        SHA-256:A7344FC245049318767A5397C3B9E36A975201559F2B829D9B1B7B0F4370EA6C
                                                                                                                                                                                                                                        SHA-512:8FB67852EA2A891379F7EC062D3013FA6065E6A015984795D01BC26953DD2B4C15A1FDA59AAEB080CE4CFF233EF376AFC26C51B0A6243794602804795D60CB37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//727E9C732B0CD944FB705156A8CE66E8FD455712F1D580E15CE2F39E0B8C824793BC1475EC46937EE451EFE3565A81D88B2B1679C803A536DDC6FCDBDCD984C7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):709
                                                                                                                                                                                                                                        Entropy (8bit):5.54596132666323
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRTo/aSb8+viScjC3GxL:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRGW
                                                                                                                                                                                                                                        MD5:F16C62EC1EBC7863FCAAD41304A250FE
                                                                                                                                                                                                                                        SHA1:4A15712ACE684882C40E47DC8827A12768A56FA7
                                                                                                                                                                                                                                        SHA-256:8A4D1AC4E1A0272C147173CFF86711028FB8D0CD944D98DAD8CC013C462C8EBF
                                                                                                                                                                                                                                        SHA-512:9B50630AED63B9A7F274626AAA6169293E80B5BD2675F3C573307DFE3B2F4ED44CF26FC940D8E887F0DD5704186434A567590E6137D210988778D6322063C7DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0D7B3AB56D641A87696C4D7861802CB559C2F1BE08BFF6F2E435DEFBE8F7ECFC73135DDD88EAAE9F2CB34E783D1FAD68739D4EC473D6CB2CF389DA4B49EC967F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.5527621729689685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRToVoHGqQhWngT:7e9SlNLiafBv9KO40HWIOHo8K9ZRpmqE
                                                                                                                                                                                                                                        MD5:28785D55CAEB93DC4DAB0E948BB295B8
                                                                                                                                                                                                                                        SHA1:B05E40516159DE35EE28E69E9027C7EEB217F53D
                                                                                                                                                                                                                                        SHA-256:299E921BF57E002F61B4831B666DDC3B67A4BDC53ED42EA28DD3F6221D44DEE9
                                                                                                                                                                                                                                        SHA-512:BE3E4BA37FEE694D8F1F535822E557A325891B0FEF100F37C907D9CE09C6E53C3959BCEF5EE7A31266DB4EFD92B910888C93F44B47A978E1F69F96434F8314B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6384AD8AD4D850A59D39F3DF8D3E6FFC05FBFC8FFB3AFE45226E4F6BE153C05D14FD4108A00C5732762890D6B5A991E32590D693E6BE198229630DC131620C87++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.561157492608534
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmuybkLwT5zxjmkf9wuRToSQwCeO:7e9SlNLiafBv9KO40nWIoK9ZR7O
                                                                                                                                                                                                                                        MD5:6E9EBAC171792EF5C6F675889922D4E3
                                                                                                                                                                                                                                        SHA1:7EC4E4E9A6C05FEAD73A3CF0C0B30D599AC7DF94
                                                                                                                                                                                                                                        SHA-256:6C5A8D69D2FD38010862BE52AE391308663CE074F6B0E044F67C60A873F02812
                                                                                                                                                                                                                                        SHA-512:5341A9DC69DB49FEA4E7B82C02D57DBF51C549DC02B23E0FCEC7AF077552534249F8502044776D9BB0987EF12E1321A3A22EC0BC2A171FCFAAEF5380A188623A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//58A82BDC7983BE1E70FE02354721ED75ADD01428ED2050CA7791180C6104C112BB5DB8E540169E5C91C0073A6773072B0F6BC2A1396F9FB25F73547F67070B8A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):751
                                                                                                                                                                                                                                        Entropy (8bit):5.737759761884001
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kf96v9LuO4biq0epiXbkLwT5zxjhKgE9wuRTo3xP0XPUXR1wvE7nn:7e9SlNLiafUv9KO4zrWWISt9ZR6xP0KD
                                                                                                                                                                                                                                        MD5:E5366F92DC09135D4640ABB48E3D98D5
                                                                                                                                                                                                                                        SHA1:9924C9AA3F6A5B53E0682F2C9047D9DCD3825D12
                                                                                                                                                                                                                                        SHA-256:2D800754132F08AC208F3295F5EB6A3ECA08732CAB0DF5C146FFBC4B3864CC28
                                                                                                                                                                                                                                        SHA-512:094A4A7A669CC338B33867470A0D0ACC3A79959DEDAB1054557F2CC262287A5844481D0154DCAAE713D82F3C3F2CB999474AF848A53A54CDE2F9FEF51130CEA3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//DBACDB75FBA39FBC15B351D433142ED25DB2AC0B412CECD79AF5708967C1C7BCA3374D5C31A7810DE779A2376DF88FC613485DE7403C105FEFCAAE13F10E164D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):719
                                                                                                                                                                                                                                        Entropy (8bit):5.625409797709229
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRToFyChIAZqXh:7e9SlNLiafNv9KO4uWIOHo8+9ZRCyhAC
                                                                                                                                                                                                                                        MD5:4230B155E5353C646812C4B20A90A814
                                                                                                                                                                                                                                        SHA1:9C2A64A9AD57DAE5FC6D236E1A68FDB84F98F1BD
                                                                                                                                                                                                                                        SHA-256:068D918BE3BF86CB7DF6DF57E46437AC3444D8EA517F9198F80D454A5FB16D5C
                                                                                                                                                                                                                                        SHA-512:A63B3886C005C976A2FEB66103D1B5B0747D378E03F3591D98FB0458C50825B971D8CE4932AA0088EB28374AB9646B3F791BDF997C9B835EF81807D01D28EB64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1698D976D7AC87F831659B59C60859AD6FBC935CCC12576FB6028F661C7F8E9DDCEE146AF5511923D30C7B2C5D2C545F1D4EDBE57ED8FF9EB69DF309F3F67480++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):706
                                                                                                                                                                                                                                        Entropy (8bit):5.560681855604894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToeS+5biFKh:7e9SlNLiaflv9KO4cjWIVT9ZR8+51h
                                                                                                                                                                                                                                        MD5:379010E8E69CD46B7ED701D46C0274E8
                                                                                                                                                                                                                                        SHA1:26385C67C579AABA0126B71F0DE2CF7A4CE42139
                                                                                                                                                                                                                                        SHA-256:C73D7384F7D7468922ADE76DF21C28BD82AAC84E3183A5ADD983A635B5B0599B
                                                                                                                                                                                                                                        SHA-512:32686912626F89BBAB1739B18DA936DA20F70245D7524346C10C1F80E8C6463D291F2C0D04C9FBE79A37FE7158A8C673A51E142215C7BC9C23E3777ABF9D3459
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//81BC8CD8174ABC72C657AA1ACCD80081D790AABC38287E28008535C781AE076513523744D7D80A922489EC406F62A5F8430F7B5DBD6D02646433F82C562FA6F2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):690
                                                                                                                                                                                                                                        Entropy (8bit):5.551835977982428
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRToCBdA1urQhJI+wJ:7e9SlNLiafLYFv9KO4JGWIof9ZRpKG/
                                                                                                                                                                                                                                        MD5:3BBBA0177E49E07313D7AFA2D56FEB5B
                                                                                                                                                                                                                                        SHA1:B8A9ABA78CF68595606290E647D63EA61266DD1F
                                                                                                                                                                                                                                        SHA-256:FA7E940E883699DDA4C7F68408C33824574039570B0F238BEC73ADF54DF7A8F0
                                                                                                                                                                                                                                        SHA-512:4B6F2AD8C339877CB6CA20A3178007752E4AF7DBFABE58D00A234FDAB6A9888A310A93159A06576CA8D323FE37C650C5C7B77D4B7C6877628DFB1DEB2ADDDAE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0B8440823AF6C68D538110EDF9B1057AB7F8C1344531F24CBC5959C7227B25E29BA23672DABAAF461F65B9F65E0E1368C143B4C026F21027AC9EE578336A7147++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):696
                                                                                                                                                                                                                                        Entropy (8bit):5.55794047416744
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRTo8n0YPgWMkBhADQPh:7e9SlNLiafGv9KO48QWIuv9ZRvn0RK28
                                                                                                                                                                                                                                        MD5:824BCE38448D0B743D4476B8370F2C3E
                                                                                                                                                                                                                                        SHA1:E838BEBD1F9DC325B9E45627049D12C482095D0B
                                                                                                                                                                                                                                        SHA-256:5055352E2F168228580BB4A56319D9B6598FE1C100D324E10F7648376ADFD126
                                                                                                                                                                                                                                        SHA-512:B0D3C64B42845A0F0AF4FBFA3E48652236B1E2B971B4F92C11A998854BF3D7EDF619FAD422CFB8A9B1A9129151895580E6D6B5D15A4936C32BD4F2DC0A7E9AE6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BA08A3B8359F502901E7D31E0480037E54351C96475E3E93E59079DA9A82A2DC78686CBD1579E3ACE9B26C82C069D2AFBBF896D32619BF9378E06BFCDBD2C09B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):713
                                                                                                                                                                                                                                        Entropy (8bit):5.910535895650701
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSuKxi7s6kfF6v9bgbiE4ebkLwT5zxjtDYv9wuRTo+sCfxRVc:7e9uui7s/fsv9bg/HWIv49ZRxZfxQ
                                                                                                                                                                                                                                        MD5:88A78221CC6E88E6DB37C449A1D1AEB5
                                                                                                                                                                                                                                        SHA1:9017C3F33738B08F6A99D567D57BE297E2E02F7C
                                                                                                                                                                                                                                        SHA-256:501566824AAC07EE52296D3410F9CBEF3834CE71624510E51228C25C6D26E084
                                                                                                                                                                                                                                        SHA-512:F77DB85E5F805EB1EC5BF4019F13091551B52794CFEAB3C878781E0142F6DCA951DD091BA013D19F03DED6A86CDDDBD5223D33143029919980D10A8DB63A571C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3FD962EDECC3B234D81E83329F4821B544341288A1BCDFBBFD54E680F6B982CC48E6C1257714B94C9335E839FF08DD1CE27166E81DDCE3CC0F2B71563A6EF948++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):694
                                                                                                                                                                                                                                        Entropy (8bit):5.710761896835509
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRToflpU1PM0Rhn:7e9SlNLiafsv9KO4d1WIG49ZR9n
                                                                                                                                                                                                                                        MD5:2657FD5592A96D8AECB301F21F28887D
                                                                                                                                                                                                                                        SHA1:4D890B88E4C6FEEE10A2DA20C8616E4E35C8BCB2
                                                                                                                                                                                                                                        SHA-256:E43BEE2A6045B1703EBA1101350E3205FE3E7F734E7EF69B37303F72684CA9FB
                                                                                                                                                                                                                                        SHA-512:1218C8EE669D316DD247830058B4DE225870377AA5362E3DDE8A52E756210BE19C428F8A22875DC5D66A6C7E3C5ED9F12FD237CBC4DE42EBA2881A2424BD2F6D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//779C74F28EF2D51F12A816128E5A3064780E7FA615050C896D51C037DB0E19D7BA8AC249CF54879EF4983799B68C53F507E053D3B9FF1911A15D49784F8475F4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\l10n.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 259160 bytes, 513 files, at 0x44 +A "\l10n.manifest" +A "\jslang\new-tab-res-toast-cs-CZ.js", flags 0x4, number 1, extra bytes 20 in head, 39 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):280600
                                                                                                                                                                                                                                        Entropy (8bit):7.93298350917189
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:do0zCRw+H4nrXkT8jChIorjjm2rd90XnAT524rr:2uyw+HUO8Mrv13CADn
                                                                                                                                                                                                                                        MD5:5CCC4C0645E5C35756C7A2E8BD6368F1
                                                                                                                                                                                                                                        SHA1:8FB2662037C528993EA3ED80C6384F7B2CFAFBFF
                                                                                                                                                                                                                                        SHA-256:3E3DF2DE1E9122E6F0C556E1FD557829A6F05C1D95E56EBFE7F25865825157C7
                                                                                                                                                                                                                                        SHA-512:63DA51CF8BEB96F7FA3D27BD62E6655870C8E193809848450CCDD36DD28765E240279AF744A54C586431E28CC02312C00BA439A205FE8725059927A3A316157E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....X.......D...........................X....S...........i..'..............Xst .\l10n.manifest.#..........X.t .\jslang\new-tab-res-toast-cs-CZ.js.#..........X.t .\jslang\new-tab-res-toast-da-DK.js.#..........X.t .\jslang\new-tab-res-toast-de-DE.js.#..........X.t .\jslang\new-tab-res-toast-el-GR.js.#...!......X.t .\jslang\new-tab-res-toast-en-US.js.#...D......X.t .\jslang\new-tab-res-toast-es-ES.js.#...g......X.t .\jslang\new-tab-res-toast-es-MX.js.#..........X.t .\jslang\new-tab-res-toast-fi-FI.js.#..........X.t .\jslang\new-tab-res-toast-fr-CA.js.#..........X.t .\jslang\new-tab-res-toast-fr-FR.js.#....".....X.t .\jslang\new-tab-res-toast-hr-HR.js.#....&.....X.t .\jslang\new-tab-res-toast-hu-HU.js.#...9).....X.t .\jslang\new-tab-res-toast-it-IT.js.#...\,.....X.t .\jslang\new-tab-res-toast-ja-JP.js.#..../.....X.t .\jslang\new-tab-res-toast-ko-KR.js.#....2.....X.t .\jslang\new-tab-res-toast-nb-NO.js.#....5.....X.t .\jslang\new-tab-res-toast-nl-NL.js.#....8.....X.t .\jslang\new-tab-re

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\logicmodule.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 1528797 bytes, 2 files, at 0x44 +A "\logicmodule.dll" +A "\logicmodule.manifest", flags 0x4, number 1, extra bytes 20 in head, 136 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1550237
                                                                                                                                                                                                                                        Entropy (8bit):7.999630270555075
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:ZTuuP9UjBassdZ91ABoZ2FvYwzmSR6RWen6Dk/npoAfaV+WrsQ8Jy/:ZfPCjE9vZ2vzl6RW6eFACSQ8c/
                                                                                                                                                                                                                                        MD5:9501B1366FEB857135E5D252618C1EEE
                                                                                                                                                                                                                                        SHA1:75C2463C0414BD7A446FAE59818B5E09079F1BF0
                                                                                                                                                                                                                                        SHA-256:2D0AE00ABB55E00F80A39A155272839D315F2C874CE597C3B2C49F89E8A34321
                                                                                                                                                                                                                                        SHA-512:05DDF40CC35A4D087033E9FA60C61E783E254D1D7F826078588A275502EA5F0AD68788213F73E8281262FACAABBC80F613215D2A1F876E89948B8835CD0A19F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF.....S......D............................S...S..................(|C........Xmt .\logicmodule.dll.....(|C....Xzt .\logicmodule.manifest.m:..h*..[...O ........5.....}_j.o..VX...X...[m.-.5;.DI.[..v.Y....t......:T.V.U-.....),..B.1....@3<....y{.....z..\....9...&.$-9.s..R...u.``......ee......m...#.*.H......8B...".0..GV+.dd.D...$...RH....i.:.7.o....s..y..........*.3#.;{...o.o..}..9......6_......*S.....B...bb.$."+@..I.R..$....E.@X.....=...z..D&..@y........x.....:#9.o...F....1.yz..@...4d.hX..].~..v...f=...F.e...:.4n.$3...(t..4D.5.N.....+Y.;..y.>.e...W.P.!...Cxk......6.}!.6.K..'.=d...N.........dl...o.f.?.R......h= ......X..B....N.s..4b..Z.....~G..=.......g..Z,m.....^\<..u6......?....'`U.V.6.|..z`.n.xZ...:Km..&....%z..q.u8.;.M....<+8......q...b..zW^[B..k.3M...|....,.>.@.k.z..j.h...I...@........R?....u..v....~.`\.^{...{..r-.Yg..m....uu..P...v......Z.U..a.a.|W...'....l.v.~..>..g.o...m[Fm....oUt..H.z....>UW..o.(t.....U....=....0$.q.*=.........#..C.@*Ag.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\logicscripts.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 37587 bytes, 20 files, at 0x44 +A "\logicscripts.manifest" +A "\logic\aj_logic.luc", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):59027
                                                                                                                                                                                                                                        Entropy (8bit):7.928603007372189
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Do0PgPT012RM/oOgIjhDvYFGBQIIrGg4icxB7NxT:Do1L0gNfKXBQIISg4lr
                                                                                                                                                                                                                                        MD5:3B9B80964BBFECAC64F133B8969A7AFC
                                                                                                                                                                                                                                        SHA1:3BCD2415169B348BBC88B23285E71AC898C7C617
                                                                                                                                                                                                                                        SHA-256:1883BB949ED1F2F180A418B06745168A7123B378339F6BFCCAAE7A1ACBDBFBF6
                                                                                                                                                                                                                                        SHA-512:8CA928177F69B5238639C5E11DBFDC02FD1D2BD46E3FF72C67F24965CB754C16FF72AF730A2E31CCF95390FD41E03C354353BBDE68711A7F76FC4B38681136FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF...........D...............................S.............................X{t .\logicscripts.manifest............X{t .\logic\aj_logic.luc............X{t .\logic\base_provider.luc............X{t .\logic\edge_onboarding.luc.v..........X{t .\logic\ff_monitor.luc......<.....X{t .\logic\logic_loader.luc......C.....X{t .\logic\miscutils.luc.#'...V.....X{t .\logic\oem_business_logic.luc.}...)}.....X{t .\logic\providers_selector.luc.l}.........X{t .\logic\ss_logic.luc..'.........X{t .\logic\tests_logic.luc......).....X{t .\logic\type_tag_utils.luc......2.....X{t .\logic\usage_calculation.luc......:.....X{t .\logic\oem_utils\affid_monitor.luc.0...[?.....X{t .\logic\oem_utils\oem_util.luc......A.....X{t .\logic\oem_utils\oem_utils_wps.luc.Q...~V.....X{t .\logic\oem_utils\oem_utils_wss.luc......_.....X{t .\logic\oem_utils\oem_util_selector.luc.o...ob.....X{t .\logic\providers\bing.luc..<...x.....X{t .\logic\providers\yahoo.luc..LZGZ/..[.... FNq...D34C.P..._.....t...I#79....t......u.6o.ws73d

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\lookupmanager.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 988221 bytes, 2 files, at 0x44 +A "\lookupmanager.dll" +A "\lookupmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 91 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1009661
                                                                                                                                                                                                                                        Entropy (8bit):7.999407210563558
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:ugI7i4+3WRSVfvT/K+ERsOWlzFPVvkus4Bi8kdJyooMIIQC:TbBWavLtERsOWfd8uBi8IrQC
                                                                                                                                                                                                                                        MD5:CCD008B192EF72A73B1CDE8E8DA62D9C
                                                                                                                                                                                                                                        SHA1:E907B1F670E0336FDC5085E30447B3ACCD932A3D
                                                                                                                                                                                                                                        SHA-256:7B6EDB3FF653A4E35D46B7DF1D38758BDF818DE7C11B58960933AA60D0B9906C
                                                                                                                                                                                                                                        SHA-512:089C1FF9947AE2ADD2700580CA9481BF4DEE7B258431BF8D25EFB4FE8682DDCA4F85956C3037919888C959A9A823889959DFCE1F9A1B84938DA5359DBBF39ABA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....=.......D...........................=....S..............[....L-........X]t .\lookupmanager.dll......L-....Xot .\lookupmanager.manifest........[..., .q...@2.0"....>....^.N....u^._..-p.T..=J..W..p.y.^i..K...R..=K>....8.<\...[..p.2.".4.E4UV...W.w;....w...|.I.t.$...&.......h......d..I.n..L...0.t.:..^...`.....Rv(.U..Q(.0....v.A.".E..P$B.............!.".....>..w...../.N.&d.s..........'..h?..zpQ/.<....U..).......7..}.|.......5.G.81..3.1.2Y....p.....y?..-..[....p.y.~8!o.M.x......7..C.8..,./{...u....^,..m..h...tO'.......^..........I..}....2h.j.7.y..s...>..(....:...\.).GK.K..c..i.Kc..z.....7.=......y..>..x..I02.?..........S/......'|.E~....w............6........_g..S\..tC5gk.....}..?.nL.u..h......E.d.?t7...{.....#..?.t.....OuM..Ox.Yr.<.......>...D.....'.gw...p..?].v?(pZ...&....J..C.\g?.......'_...S....p#v.]J.?.(...>.[....?...|.g(//....}.....j...~.K=d...[*.,:L$.\.&...~.....C,.K'..:..].}....~d...n...m.+........[P.?Y&..8.o.9.l..?...{........L....i....?ue.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\main_close_large.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 13 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):440
                                                                                                                                                                                                                                        Entropy (8bit):7.185064395828422
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7Jmynud+EVDvBXmY5j9yEhcZxAalEbKWwz:vyGbVDvxJ5alnWwz
                                                                                                                                                                                                                                        MD5:3F33BF7A71F1A94B30AD98121F2DC31F
                                                                                                                                                                                                                                        SHA1:533B933BACBAE375164518AF202EB90086BEFC44
                                                                                                                                                                                                                                        SHA-256:4D3581315F5AB93538BEE793BA9727FC9E8444E9B09773566C4BDF0C44618828
                                                                                                                                                                                                                                        SHA-512:4E768ABACB878A5F9BE79B91E9BC77778F62AA4ACAEC4A246AB3359E86FF685250A1BA9E7765CE5174A42E5936CFAC27CB381B505F92F30EBF4B43806848899C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................sBIT....|.d.....pHYs...........~.....tEXtCreation Time.10/1/14........tEXtSoftware.Adobe Fireworks CS6......IDAT(...1K.a..........+ht...".96..\....M..f..9........ n....~.KK..o..~..g{8.:...I..D%...^..6V......w<K.......z.?..dk2..p.G.U.&...?..U.].m.O....L2.o.`<,.....k....|....L...Q._.<.....?(...[...lW...O.6....Z....r.q....Nr..p2.d._.w...1....F.....@..x....x.X..T./.H..w./.yrd.......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\mcafee_pc_install_icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2052
                                                                                                                                                                                                                                        Entropy (8bit):7.890065571351557
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                                                                                        MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                                                                                        SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                                                                                        SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                                                                                        SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\mcafee_pc_install_icon2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7205
                                                                                                                                                                                                                                        Entropy (8bit):7.9471260512499375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                                                                                        MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                                                                                        SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                                                                                        SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                                                                                        SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\mcafeecerts.xml

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (2293), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):126293
                                                                                                                                                                                                                                        Entropy (8bit):5.969613768259596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:sY+8or+sWZ21Wzwtp31uRla7GTvfwjBobALAnr+sqDK7G3lq0lAE:dcPsjO31ui7GLjA8rPqDK7Gb
                                                                                                                                                                                                                                        MD5:D0CD30BD9B02F33B222FF8A846821D4B
                                                                                                                                                                                                                                        SHA1:DA85556707CB3FD59E08DF69017DF6BB82E52F62
                                                                                                                                                                                                                                        SHA-256:1CC3969AEF3DC3DC2330DB0386C6C27C09A58D078689D8D97D900A2B9ABE31A0
                                                                                                                                                                                                                                        SHA-512:6C1F9DE0897F02648638B26F20728C5F2E9822F8CAD232ED42ACC18F33AAE7E102C7A00E5D42B80C10E423DB937DC6AB783255342B12B0DB07B378508886C2ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" ?>..<Package Version="1">.. <Certificates>.. <Certificate Name="McAfee Trust:0">.. <Privilege>PRIVILEGE_IOCTL</Privilege>.. <Issuer>Microsoft Root Certificate Authority</Issuer>.. <Subject>Microsoft Code Signing PCA</Subject>.. <ValidFrom>20060125</ValidFrom>.. <ValidTo>20170125</ValidTo>.. <SerialNumber>6115082700000000000C</SerialNumber>.. <PublicKeyMD5>4A171B7E5701870357585DD1BAAD752C</PublicKeyMD5>.. <SHA1Thumbprint>FDD1314ED3268A95E198603BA8316FA63CBCD82D</SHA1Thumbprint>.. <Data>MIIGgTCCBGmgAwIBAgIKYRUIJwAAAAAADDANBgkqhkiG9w0BAQUFADBfMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMTI1MjMyMjMyWhcNMTcwMTI1MjMzMjMyWjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQDExpNaWNyb3Nv

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\mfw-mwb.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 10317 bytes, 6 files, at 0x44 +A "\mfw-mwb.manifest" +A "\packages\mwb\mwbhandler.luc", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31757
                                                                                                                                                                                                                                        Entropy (8bit):7.8184602661258396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EwuFWPcXB/Xxu5op6WU6ki2HPviQUDvY9qnAM+o/8E9VF0NyBy96ki29d1ikpJAl:EvWm1M5Sf2HiPvYAAMxkEf2PsWAMxkEY
                                                                                                                                                                                                                                        MD5:1753F1F1A623519D38631A1FF7237FB2
                                                                                                                                                                                                                                        SHA1:B3F2E94372D3BDBDE8C99593F68D93FD224999FF
                                                                                                                                                                                                                                        SHA-256:83F3E39419CC39AF3B448B12CE9223B9F1AB344D5FCE9C0BDDB8553EF8058CD4
                                                                                                                                                                                                                                        SHA-512:34A62B1C61EC80C07EF9DF669D7DE77BD671B801289F8BB2739F57F989281E96513489A90E9A5872EF949FFB559B2036E9EF4AFB4D6066921075B0D71EC66BC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....M(......D...........................M(...S..........m.......W..........Xvt .\mfw-mwb.manifest.....W......Xvt .\packages\mwb\mwbhandler.luc.3..........X.e .\packages\mwb\stop-video-alert-icon.png..*.." .....Xvt .\packages\mwb\wa-controller-mwb-checklist.js......J.....Xvt .\packages\mwb\wa-mwb-checklist.html......T.....X.e .\packages\mwb\wb-rocket-icon.png./.E..&ZV[......e..A..#..O...T.C.2.V.....Q..Rv#....mkH*...w..'..}+..;...D.\..@........k..$..!.Z.qp...4g...i....k.[y.{_KRf...:.~......y{_.72..unY.3.qcR"N..+.....-R...O...............w.w7.~...].\.$l...U.H....!..N.p....x|...|..a..Db.J.(.d*..A...+4i..F..!X..F...,.`.I....Qn.M&..`..Ca.%.R.HX.m....X...`k....i~.D.....7|.z~`.;-2..|e.{..d.#T.,pcTNp.#S..B.....2...i..]....B!..w.E..$N......3.7.'P4/...l.D..$|2|L.z..l7g22...(...-sH..I..../S.....;.2Q..?..._8F....%+Yf.i&..Cy.'.y*...EK.W.9.........K..2....Y.....e...`.(.y.d..."...*.O......*3 %Od.r...Dj.S.. ..-#d'........'....l.X.P.j_.]...4..O@.1.].......W.....9.j....N

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\mfw-nps.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 12604 bytes, 6 files, at 0x44 +A "\mfw-nps.manifest" +A "\packages\nps\clipboard.png", flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34044
                                                                                                                                                                                                                                        Entropy (8bit):7.838660318695978
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:XK/lm58W5rym2HiPvY/9AMxkEz0z2PspAMxkEZ:XK988iR4ikxX0z7xxt
                                                                                                                                                                                                                                        MD5:006ACD223A6F124B6D18DC54E518027D
                                                                                                                                                                                                                                        SHA1:CAD740D4F3228DDB9518A0BAAD6C75DD5765D88B
                                                                                                                                                                                                                                        SHA-256:22FFACD39AC79E89A2B90C4E7A4A7C7CF6D9C2E08E8E3821217770A727278B45
                                                                                                                                                                                                                                        SHA-512:8A21C1CDB957C1524122E992AF6F6919EE915A8602FB63195FE3CF77984CDCCBCFFA79DEA64FF87A8306D88B2BF79C4D18541468F5BFBCADCEFB082E6DB946B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....<1......D...........................<1...S..........Z.......P..........Xvt .\mfw-nps.manifest.k...P......X.e .\packages\nps\clipboard.png.-..........X.e .\packages\nps\info-16.png............Xvt .\packages\nps\npshandler.luc..j..{/.....Xvt .\packages\nps\wa-controller-nps-checklist.js............Xvt .\packages\nps\wa-nps-checklist.html....9.*..[..... .........3.7.K...,^a.......7.)..D^y..xyd$.J....W.....F......T.x+A..*.9.k%.]A....w:..%l.|C.I... {._P..........d..j.h~=I.]A.c...'.y...X.....\...c[3...1.7.jAM1-:X.[..Ks....mF.,.Z........k.nr_q$_."....A.;....>(.[.....l....6....2{M..L.l?..y.....5...QI.\..Y.}....,......A~.M$...3.B!..?...}.8....,.......e..c4t5}....w.....&~.1.......0~..........Q.Z.nL..u..O.|..O.M..^.7..%...._Go....../G.W......t.o.^......;....4....~.)6'.O...X..[.....B..~/s....~.~._V.7..6...k~..7.D.'........M....F.~_O..........(......_.x`....%.......sS.{..}~.....dIv.q..,.\....2.'..../.....A...%=.C?LI.B.....).1.cI.aHO.....%-..`(hi.!.R....0.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\mfw-webadvisor.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 902476 bytes, 196 files, at 0x44 +A "\mfw-webadvisor.manifest" +A "\packages\auxiliary\reset_handler.luc", flags 0x4, number 1, extra bytes 20 in head, 48 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):923916
                                                                                                                                                                                                                                        Entropy (8bit):7.997495912415702
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:PaJXOe1+AAgR8uGSdE2OnxhSPyJb8vu/j+bez1NYOyst+:PaJ+NgHbdcgk8dGmst+
                                                                                                                                                                                                                                        MD5:B180379055383F30732D39EB0269C79B
                                                                                                                                                                                                                                        SHA1:050DE5A6A4FD8297E31259F0E99343648D798A5D
                                                                                                                                                                                                                                        SHA-256:E53A3FE148A06433DB5F6B1C880A47836D7A55CABCC96EEECC1AC82DF95F8C90
                                                                                                                                                                                                                                        SHA-512:F8D60AB6C6F266D48CF828CCAE7D0B54381E49E8EBE5CEF6EF5A74A7158873627F378D7F6FDEE6E55CCF516CDE1876B442330723590454FD0982315C9755F351
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....L.......D...........................L....S..........F0..0..............Xut .\mfw-webadvisor.manifest............Xut .\packages\auxiliary\reset_handler.luc............X.e .\packages\builtin\balloon-arrow-right.png............X.e .\packages\builtin\balloon-arrow.png..5.........X.e .\packages\builtin\card_bg_image.png......N.....X.e .\packages\builtin\celebration_white_bg_color.gif.8...iJ.....X.e .\packages\builtin\close_icon.png.T....K.....X.e .\packages\builtin\dialog-balloon-logo.png..I...Q.....X.e .\packages\builtin\enable_ext_guide_ss.png..R.........X.e .\packages\builtin\enable_ext_guide_wa.png.d4.........X.e .\packages\builtin\enable_sideloaded_ext_guide.png..8.. #.....X.e .\packages\builtin\keep_changes_guide.png.W....[.....X.e .\packages\builtin\logomark_white.png.....<].....X.e .\packages\builtin\mcafee-logo-1.png.EP..Sc.....X.e .\packages\builtin\open_sideloaded_ext_alert_guide.png............X.e .\packages\builtin\progress_0.png............X.e .\packages\builtin\progre

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\mfw.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 296487 bytes, 54 files, at 0x44 +A "\mfw.manifest" +A "\core\class.luc", flags 0x4, number 1, extra bytes 20 in head, 33 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):317927
                                                                                                                                                                                                                                        Entropy (8bit):7.995046777687174
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:6144:u8fzK82ijeGxRjH/pTNDArMgkPiYYonSYuPCwvF5X1TpXE++5NkbS+h+1V45l:FzvRjp+hkPwYAzf+EbzE1K7
                                                                                                                                                                                                                                        MD5:6DA354DA78B5A7C52BE22572EB5EFC55
                                                                                                                                                                                                                                        SHA1:791B010349C7397157A97106B7336F008BCD5EFF
                                                                                                                                                                                                                                        SHA-256:638278C1247E614FCDCC34892738A8E43F39C0D8B44848B4DEBF9021E4888903
                                                                                                                                                                                                                                        SHA-512:53AAC6EAE168A28BE0CE4181A21633DB6B0A64E41673FFB8C0620D901CEA59A4BC59476BE85DA37834BA2FC61019A0E7EB82BD0A4D98DA9E3B42A0CFC3924C7F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....'.......D...........6...............'....S..........3...!..............Xut .\mfw.manifest............Xut .\core\class.luc..'..H......Xut .\core\dkjson.luc.....B2.....Xut .\core\handlers.luc.....M;.....Xut .\core\init.luc.2....D.....Xut .\core\json.luc.....%G.....Xut .\core\logger.luc......I.....Xut .\core\postinit.luc......M.....Xut .\core\priorityqueue.luc......R.....Xut .\core\triggeracceptor.luc......T.....Xut .\core\uiarbitratorhelper.luc.....Oc.....Xut .\core\uihandler.luc.u....h.....Xut .\core\uithreadexithandler.luc.Kw...l.....Xut .\core\win32helper.luc............Xut .\core\utils\browserutils.luc.r..........Xut .\core\utils\common_utils.luc.c..........Xut .\core\utils\packageutils.luc.....[......Xut .\core\utils\settingsdb.luc.}...T......Xut .\core\utils\stringutils.luc............Xut .\core\utils\telemetry.luc.^..........X.e .\packages\builtin\green_check.png..>.........X.e .\packages\builtin\icn_mshield.png......].....X.e .\packages\builtin\installer_background.png..l

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\resource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38328
                                                                                                                                                                                                                                        Entropy (8bit):6.3296688801046885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:pBr3M65R3Q2HiPvYXAMxkERVQ2Ps0UAMxkEDq:pt3xLg4isx1S7xxS
                                                                                                                                                                                                                                        MD5:5254CCD2156258B8E56D8D2E235FD2DC
                                                                                                                                                                                                                                        SHA1:749724E3180574AB238C74D5891ACC9B363B2EEF
                                                                                                                                                                                                                                        SHA-256:55AA4B5983444EF6E2D5D25E7298EB575AC4A945AA5E29FCA47A75AC1EE6D62A
                                                                                                                                                                                                                                        SHA-512:1F2627EAC246F3E52D38AC596D80B170E0CAB3F859F22E290F9AF6A8E44D8D1D5ED907717AEDEAB1814A086C3B546D713C1EB199C42B445D5B1E7FD7A366B757
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q=.0S..0S..0S..O...0S..OQ..0S.Rich.0S.........PE..L...)~>f...........!...$.....>...............................................`...... .....@.......................................... ..\:...........@...U..............p............................................................................rdata..|...........................@..@.rsrc...\:... ...<..................@..@............)~>f........q...............)~>f........................)~>f........l...............)~>f............................................RSDS.p"...I.%=......c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdb........................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\resourcedll.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 30232 bytes, 3 files, at 0x44 +A "\resource.dll" +A "\resourcedll.manifest", flags 0x4, number 1, extra bytes 20 in head, 5 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51672
                                                                                                                                                                                                                                        Entropy (8bit):7.920494071647311
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:GpvGL8wijt0Vr9frJqiiIyFLAAy7Knb2HiPvYZAMxkE8CF2PspAMxkEE:Kvg8NMJqpIoL5G6b4iyxQG7xxQ
                                                                                                                                                                                                                                        MD5:08B4E5D3F3B19BF35BE7E71F107C5E18
                                                                                                                                                                                                                                        SHA1:64672EFA144601751BDCD50F217B15C767A15DFB
                                                                                                                                                                                                                                        SHA-256:F39012B54BA8AB45AFEB81257FEE103D8E96F74EEE8ABFDAD1156DCE80F19254
                                                                                                                                                                                                                                        SHA-512:CB28690C7CF4AB22E849A8F3B3FC3E2DDDB971F0E51F32516DC6461ACDFE03E5B52A9694FB37210A41AA6D26FD61A31478F458FC0B3C23A43AAE0C14BA157536
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF.....v......D............................v...S.............................Xmt .\resource.dll............Xst .\resourcedll.manifest.4...p......X.e .\webadvisor.ico....l.6..[.... .fq..@.....@..;>...h.....ZH..C..E.KH$.%..JD....I)RI(Q*.E.m.@F........7~{.....$A..i.3..AR<..]..9....6.Y..f>zQ..whV..7.....n..a..}.xoY.(.b.!A! .d...?...t.. ..D#`E`..........9r....Hd@.E@"....P..h...6"....?.k...F...cy..(..K........B...c~O'.4.RE:m.8....E.s..C(q.."\\C...........V..49.4....d?Wj...pe/..-EeK.`\F...K[.T?.....z:8..1...0.......\..J.....;D....O..`..|..u..../...|.A4&....Xg';.\.|.A....,<.xZ..;l'M. .B.}B........../.X.2....9~FI......hxc....^.'S.t.....^]^Qs1.7......%f._...J..c..6...xc.r-.@...6.tv.~..P....LO...[.Dei?D.A.$6&fw..6.//...7...;.......'...AM_}..<......n.;.74.%}>/.<..c.._..^.....}..f.n.5...........0..=O..K...i..9.$.C.....|Gq" ...v.....>....._.k<..G....0>.....F[.D..1 a1..F.....2RaD.P..(c.F..Z..2pa...v?.....Pu./...i..}....C..s.^..1N.G....#Sz;..|.Xm...1C.~.......4@....V...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\servicehost.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 303751 bytes, 2 files, at 0x44 +A "\servicehost.exe" +A "\servicehost.manifest", flags 0x4, number 1, extra bytes 20 in head, 27 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):325191
                                                                                                                                                                                                                                        Entropy (8bit):7.996834510537515
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:6144:R17qYKB1HuwYYemnrgBxjYq1ATyres5QT9swAEs2DKhQJLKx745r:r7qYKB1dtn04qm/FTOwAEs2DKhWLbJ
                                                                                                                                                                                                                                        MD5:D2AC362FF38FEA03B7B06B8EC47CBED0
                                                                                                                                                                                                                                        SHA1:1DFC1D653C753FA0CF03F7277176FF539475D87C
                                                                                                                                                                                                                                        SHA-256:88A6F34CA571ECBCEFDB56CA59D1772CC4DB96856A67A3F4B00C4F4841919508
                                                                                                                                                                                                                                        SHA-512:0DC34DB6B73A58B10271F273E0CD4DA2CB0CD76895DEBEF5E7D7322AF4624049FD49ADF650E3346E18E32133F28393F8B5C2B67304D2BC7D88BECF9BCE47C90C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF............D................................S..................`k.........X[t .\servicehost.exe.....`k.....Xnt .\servicehost.manifest..t.&....[.... .....PC.$"....>.EF.I....g.def'pvF..}+ Bf5.8....\A.f.Mv...2(.....d.H......r..vkk.h.AD...........o.....]...._...].$....M)G.......4c.2.h6.q..p.U8...Z,...n..d.(`@/.$<@...|J.%k.O..0..... C.SPDT0..y........0..s..........V......Y...Y.M..l..gWM..Y......r....f.G9...Cc..1..x.1.<...(..72R.'..m...Z......*....>.w......{e..M'Op-.W...ew.o...feY....!...?oP......xq.x1..-'...D...78.I....f........]...v.......m&/...M...y.o..}...S.....N._3MkQG..%cy..;>[..yR...H.O.^........m=..r.6.O.....>.{.(..8/F..;.O-.E[...._... 1...9bT..7l..n.....".=..y..5.`.kJ._;..y..y.V}f...J..}..;..l.H..~....P.r..s.j..o..1j.....}...g\..;..YY|........H.T..sqv...}......Mq.........f......3.d..v...O........K.?.u..h........s?2.p...>....^o.D..?l.9`.....4..[....O=|..o......._.."Nr.QrR.............f..c..^<...U..H.6.............5.......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\settingmanager.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 785833 bytes, 2 files, at 0x44 +A "\settingmanager.dll" +A "\settingmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 63 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):807273
                                                                                                                                                                                                                                        Entropy (8bit):7.9994243096539694
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:jyvFd+ZKPYehddUkFr7llaMYXenAzFp7nc:2vb+ZTklgMYXeQzjc
                                                                                                                                                                                                                                        MD5:C0C685DD96B3F9A94A10197E4DFCC851
                                                                                                                                                                                                                                        SHA1:B8745C84E5A573B7A5349001213229D704579719
                                                                                                                                                                                                                                        SHA-256:6ED8C980565EF3F3A091E4A8CF314DDDCA86E38465B62450A9C6AB153811C8E2
                                                                                                                                                                                                                                        SHA-512:03E1D8835B2845D529EE54487B8FE2ABE63C82F28697BDD1115E2F7C40B24C0DF8CCA93E6B8D58B08E52BB4082F0131940917204EE552C85565AC7B515FBC492
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF............D................................S..............?...H..........Xit .\settingmanager.dll.....H......Xpt .\settingmanager.manifest.1.<;....[.... .....GR.C"....+}S.mu.M.T....&.vYIV]R....E6.....J..*.R..lP.q...?..2....}.....6....|...~..^..P.....43UU.`.V9.......^..p.....(".k@.z!2-."n.KY..k:v2h.P...q.. .AR....C.....e".0`...Cx.........................z.._.P...2.Fu..?.).#..mW.kg...Lkt.ypna...K......nG|.....q..d..2.O..x.5......9.5.K...8.|V.c./......;.v.-...=......W.}W.......}}G..x?g.>.?.....>D.+e.M....~...N..{.F.}...~j..8....K&......9.t-_]p.....]Kg}.r..og...i.....+....3......v..e.f..<.....V..o.k.Z. .....j......xz.........._......o.E...~*..}I..{s.p..Z.7=.#..N..?..z......Wm.O...m.2a_...?..#...|<.mw.p.?..>......,..t....Ew=.[....FW.>.....d.O....k....+......p.s..H....N.);|.]......;.O..........K;u.{..]......{.|...v....K9.u9..../..._.......~....G..0..K...-.}......?.|....s.ct.....{tt..z.L...1....................}<..+.~.y[w..I.5.c......{.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\taskmanager.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 1279869 bytes, 2 files, at 0x44 +A "\taskmanager.dll" +A "\taskmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 118 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1301309
                                                                                                                                                                                                                                        Entropy (8bit):7.999637697498624
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:xuPrEOR1frjDyZV1+3lgBZuiqVcw5m/h8fcrBkKwPNYUa09EMaQjzNP0sA/rbPty:MPnR1uZjLqt5m/BBkHYUaCEV8PlAvPty
                                                                                                                                                                                                                                        MD5:8CF6C31C071EE0B2D40BD3B573412BB2
                                                                                                                                                                                                                                        SHA1:D35907DC3C0A3DAB95E9283ED240F92D9447EAA8
                                                                                                                                                                                                                                        SHA-256:DDCCC80534F3A777BE411A85E123A1E9E5A027A667099DE9EB8079012B15C11D
                                                                                                                                                                                                                                        SHA-512:5B986DFCEEAD00DD4F6FEAF1D0C38E20F15148F5E57B1C13647AA788695F4EC082A1838B99C6D104359011BC2546C5ED10E6D3AA9F5BC4EBAD5C2776AA11DA56
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....}.......D...........................}....S..............v.....:........Xmt .\taskmanager.dll.@.....:....Xpt .\taskmanager.manifest...$.....[...= ....PC.$".......2...@.@T..$D.` *.fkL.F..` D.`h.$.....C.6[`..1w.5..Dv.-.i..N.B.m..=.b3'4DUUpgp.9.;...On..5..w...U..0.qu..C.[...i.2d*8.......QVj..V..P...N^(...a.$.....E.Q:....c......_.`..0B.............. 4.4de.P.w...........D...r.z^..H-*...8.q..n./=..g.8..n....W...x....z..{.kg.?n....?...%G....1....ca.8.[..!....B.hywl.....#......};.....yn.?+.q......n;..yw.h...?..qI#yz.O../.{.G<.E...i..~...h....wq.8.....}..?...p...,....?......-9y.n..|.Ggup..'.."..!^...].oO._...Q;....O...g.Km.}..3..(.g.?.......'........./..-..._./....T..>..>........._..c.x......zLGo.h.....v.yuz\.{|j...c..-.!ysA.m.h...[?....=9.g.......y.=..?.z..-..Y.....Q.....>.....U-......w.7...l........?........._q.......O.n|...)1W.s....oj.%..q?W....[~....3?./.[A......1.,W-M...~a........`.h.M..[?E..:?.?...c_un.9..^...I....Yn).pK..g.ly...&~...d..7+....=

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\telemetry.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 71086 bytes, 123 files, at 0x44 +A "\telemetry.manifest" +A "\dimensions\dimensionconfig.luc", flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):92526
                                                                                                                                                                                                                                        Entropy (8bit):7.923914299589199
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:GJk6Ss4QjgzVPjanY6r2vBOfQgACygr9pZ7N/GMwFlL4iH3xa7/gxsD:GJP2Qjij35OfQgwG3N/5w3L4mIjDD
                                                                                                                                                                                                                                        MD5:93D7BCC823AFF1FCB98F1A913DADEA1F
                                                                                                                                                                                                                                        SHA1:01256549663CEC9D6EB7E51D1D976111090F829F
                                                                                                                                                                                                                                        SHA-256:BF80C0E6F1B2ED8E7F2D72D8F4FDA1C6FDB35F60AA75914E8B4867175B981759
                                                                                                                                                                                                                                        SHA-512:CC428AD9705140631A527968C5BEF77ACC00ED927A13A5433360B6444F4D492514D89D9BB5B68244CFEAC8C1757F3C8ED95B0421B404BC3653903D0F6AC7100D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF............D...........{....................S..................@..........X{t .\telemetry.manifest.ym..@......X.p .\dimensions\dimensionconfig.luc......x.....X.p .\dimensions\dimensionhandler.luc......z.....X.p .\dimensions\dimensionprocessor.luc............X{t .\dimensions\version.luc............X.p .\events\eventformatter.luc............X.p .\events\eventhandler.luc.....(......X.p .\events\eventtransmitter.luc.....*......X.p .\events\handleonnavigate.luc............X.p .\events\sendonping.luc.p~..@......X.p .\events\telemetryconfig.luc............X.p .\events\telemetryhandler.luc............X{t .\events\version.luc...... .....X{t .\serializers\download_scan_ui.js......$.....X|t .\serializers\edgeonboarding.js......(.....X.p .\serializers\edgeonboarding.luc.<....+.....X|t .\serializers\edgesecuresearchonboarding.js.....j/.....X.p .\serializers\edgesecuresearchonboarding.luc.,...Z2.....X|t .\serializers\extensioninstallationtoast.js.]....6.....X{t .\serializers\fw_av_warning.js...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\uihost.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 298787 bytes, 2 files, at 0x44 +A "\uihost.exe" +A "\uihost.manifest", flags 0x4, number 1, extra bytes 20 in head, 27 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):320227
                                                                                                                                                                                                                                        Entropy (8bit):7.997223956711411
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:6144:VYWEWTZwXmZsAgxDBS+8yTlODJeT/Rtcj4lQo9MIraodc7/Ir81jYmHAcCJE4CUr:VYQwXmZsAgxDs+86lOsHcKCIraoVIF1S
                                                                                                                                                                                                                                        MD5:90A174F59AC31ACAFD2D4DF00A661EC4
                                                                                                                                                                                                                                        SHA1:483C58D8A0A4164E21CD503A805C42D95E62BC85
                                                                                                                                                                                                                                        SHA-256:96143A282E06A937A511619CABBA7CEF75B236B1E0C3E110B41EFBA47E9F2F9D
                                                                                                                                                                                                                                        SHA-512:77D389628EE12C1C55F591DAC3D0A1FC34AB684DBD3302DF4796D35A1BBD466D6518DCD1FD48B1EF07F2930E7B81BB2B04AD70B7D6254FA3DF2E0B981E2D0F05
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....#.......D...........................#....S..................@..........Xmt .\uihost.exe.-...@......Xst .\uihost.manifest...Y1. ..[.... h}...PC.%"....h....$../...$......./#.i.g(..i..`.@..Oh....3..........36:.;...x.l&!gg.d....U..>C?........sr `}"D.,.".!.{.. ...V,.4c.2.`*5`.E.5Ta.7q......L........z+.$.Ht"................N....*..*.?....59.e/=.=>.l.~._6.Fz.....7~.v..m..&.q..$...s..y.jn!.s..|..../..<.=q....o..<..|1\....wv.}.2JJ..c...xD?.....Uax...]..V..x.Q=...~._...W....0......Z..{<..$d.......v.G.dz./^.....z...6.....~.>..#6.?./.>vn-w.....w../.....r.t.{.7..........0..s....\/..7...;M.........<..au.......~...."a.C?...G|..%&...{.~...o. ..9..|yd~i.[......n..@.0...xz......;...u....9....\w..c+..k;.1..._.^n._J..?..c...8b...{......[v....v.......s......g.<...{\^...Sk..e.z...o...7k..w.j.Lk6.A.[7\....>..~3...|y.25._....3..C{..{.....75.5.?.....o......-......_......z....3......c....?.r..@..L..q..!...P..........7_....b.zx....z....g......{.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\uimanager.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 1763887 bytes, 2 files, at 0x44 +A "\uimanager.dll" +A "\uimanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 166 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1785327
                                                                                                                                                                                                                                        Entropy (8bit):7.999503219323347
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:49152:GIc4QY92ZrV7NYPe+3zYqlASQ6EZjzLK4plBp9T2:1jQBrXYXzYq6SQn9LVDpN2
                                                                                                                                                                                                                                        MD5:96E263C704EB690D769C95B1C34D03EA
                                                                                                                                                                                                                                        SHA1:6902E7C2F81C238A1A19994A2F22231204BAC752
                                                                                                                                                                                                                                        SHA-256:D1CCFA367F07A6E271ED67F1F3F8F3936EDFB6274D66A80086E9CDBB47931E0C
                                                                                                                                                                                                                                        SHA-512:A2E83FBE91C04305BCE0EED423C8E0831E4D98C07224AAF59D8FEB961F54ECED4E569B9BCCC751AF718E263945A2CDE0F3B3294A1A4DD61E6A437A1A7304B80A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF..../.......D.........................../....S...................~R........Xmt .\uimanager.dll.)....~R....Xst .\uimanager.manifest..|..><..[...S X....@.. "......m..}.nyl..yi..~.^nyh]^yhLnzi]n9in+9(\-9(L.9(]-y.Mny-].y)m_x(.-4c3DU4`vg......~..o..][.$...C..VE"ItXmg4.3.....U.J...G......TD.k..i..Hfn........Yci8Ba.x...=.c..Vb.`....|.."....P..&.R.A...D$@A.........!".."(....Y....2..2U..Rx.............u."-...............6j{....G.WI....W.<I....mH.Kg.u...kA:..t..7...v.n....O.. .<.......W.T.>...e....1.>..:......uJ,Z.6...F.t...lE.y.p.....^t...\...c....u.t'N/.|..k..^...C.L.E........m...y.........k5......MKO...~..=.....R..[......U]?.v.~..[.}F6..~..6....,........>.r.......P.?..]I.Z~...]...{.t.......c;_$.=...:W.j..S.k.}.....|..........(.:r.W.4....m..P.E]..V...?.........r...1.{]).r{.'..w0..Z.V..?.7....|.....U.k.7..n...~...._...&...A5...........[......z5....c..j.w..{.wf.;[gy.^...1..|....2.'.l....w?7.6.N................t...v.!L.iX.y..M.4....9.a....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\uninstaller.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 972838 bytes, 5 files, at 0x44 +A "\uninstaller.exe" +A "\uninstaller.manifest", flags 0x4, number 1, extra bytes 20 in head, 86 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):994278
                                                                                                                                                                                                                                        Entropy (8bit):7.999378863053224
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:523uSfpUsFxPaLNkvS77k7T4wEZokBs+F8VFNKXL:g3ucbPaec7k7UwEuCs8GNKXL
                                                                                                                                                                                                                                        MD5:2319C2AA297F5FCDD8956458F94D1A1E
                                                                                                                                                                                                                                        SHA1:E0C9A5398274BDBE17163200DF8B9200543B4DE5
                                                                                                                                                                                                                                        SHA-256:ADC108549827342AE93ED7163A61CCA1296824B3BE54E266DC5C779F8A7A87C0
                                                                                                                                                                                                                                        SHA-512:6778E179EE471C613947B729F6DEC579F6B50640B46336B97BAB5EE468371B681885058AF4CABF6842294E868A03D72FD6E10B76F181F2DEFB9E516CFD38716C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....&.......D...........................&....S..............V....O*........Xmt .\uninstaller.exe.u....O*....Xwt .\uninstaller.manifest..'...a*....Xvt .\wa-ui-uninstall.js.....s.*....Xvt .\wa-uninstall.css.......*....Xvt .\wa-uninstall.html.o5d8.*..[.... ...@S.$".....^VZ.NdD.`.~...~.BGE....JF.....eA..A..o.&lV,.<.A..A)H)..0..4cV.1.!.......33.....?.o]..qr;u..*..#X... Z_.6...S[.....K....]k..m[w.c$.K.oRc...N.c..Rjbc...f"...K&....J..Q.....A.Az.}...A1...*."...r..vi}..F.G.u....W..'(....r...4..E...F........A]P~%w..do..~.L..Q9......v.}.c......qu7..p.=...w.5.......6........N....n*^..f;....P&w...N... ..\.GQW......:lg..j....!M..W.......u'..}...<.*^.....M.r.e..N.....A.7.u.^n...T...g...i.~...|.W...Ad)Q....E.>W...sc......n...*...j.-h]..~.T...).......=&.mT...O.N...{......{%Y...Y:c...=].../Y..}..O~.E...._v~,..u.....w-......E...Brh...Y......r....nu>...eo..^.Q...o9....f.j.....6.%.k.P..;.Sl>...w..r....f.U1..s.{z...._.*...[.u>...Go..pUF.....`G=...8..N.J.\.....)pY:.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\updater.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 952639 bytes, 2 files, at 0x44 +A "\updater.exe" +A "\updater.manifest", flags 0x4, number 1, extra bytes 20 in head, 83 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):974079
                                                                                                                                                                                                                                        Entropy (8bit):7.99943711138124
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:HIXBgn8I89ee5dkjG6+jbo/ZuPY0qqp90CXwPb/n/9Yb6b7+d:N89PEjT+gRugV93xb7+d
                                                                                                                                                                                                                                        MD5:7B483CBD80605019BC216F9BABDEE9CF
                                                                                                                                                                                                                                        SHA1:EF89717FF63335BB0689B7AEA4ACBE512D291CB6
                                                                                                                                                                                                                                        SHA-256:4939F02AC5BEF2BF850DFDE34902DC84101125B0AC3CB0ED71B2DCB9459B833E
                                                                                                                                                                                                                                        SHA-512:924C0732FBFBE01DF6055973E2005DC084314EDC16867B32D9F7356AD24AD3756CC2BD8FFBBD5B50B5553EDF285A92C51C33B0682557E66227E89B95D04D3EDF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....?.......D...........................?....S..............S...hq)........Xmt .\updater.exe.....hq)....Xvt .\updater.manifest.....)..[.... XR...@C.$"....i.V_JJBV....I.F....WB..A.HdPQ `....Py/;8b^.... .FH.U#..)....4.2.b.............wy.s.'_....$R.(5..~ .....".uy.EQ6v..k..g..65i...vt9..p.J..h(5.....6...0.".L. "....O.....( `...........(."(..r./.9...AlIG.IdT=..?qE.................(.... ...2J'..f.t.2q...Jp..M....]+W.U...a.p.Wu\.a+|y...a..Em....xV$Zw.c9..m;K.vt........v....W..._u.Z.....b.i.0>..F....).|...$.?{..8.fj>*.e.U.2qF..'.W.K..V...Y....%S<+E..o..4.a..U.j.....J0.[...s...\...s4]..M.d..e..z...J,....^.wla.y.1/..rh...)...\.m...?d.rV.........u.Owai.n4..y.0h;/.O.$8..<X.e..:......`&+.~..Y9.D..*.^..&.....v5^.y6......3.m1...uv...1?..*.w%..........L..........w.>.J3..9....kSq..W..u6....z_.;_..;.............|.K..'.....x.,.....ik.......a..n....5n....xK'.|.7.|Y.H..z.-...'}.1.Mr:..f..._gM...30...%...`.t..<...E.R:.>.Nh~..h..v;.75.m.-...!....F%e....s.t.=.^-....n

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa-common.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34082
                                                                                                                                                                                                                                        Entropy (8bit):6.048810099348607
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZW:E9DDI6thXjez1jtn9
                                                                                                                                                                                                                                        MD5:BED2FF23927C34F86C480203AA7F87A0
                                                                                                                                                                                                                                        SHA1:90B1B32D7A9CEECCD555D674582CB8AEE64E8909
                                                                                                                                                                                                                                        SHA-256:9D7AC9A5AE897E993C0B6BAD468F56BF3B6CEFCFEAAD6FD2307CF8370945A2C2
                                                                                                                                                                                                                                        SHA-512:6538FEDBC2DCE5EAF944CBD18F93783CDBFDC2920726A3509D0686BD062793B422AE6C6F67DFB0C344AC3E084F8B1F10425FA4636D1BA0FBD9E2ACE86EA6AE83
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa-core.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26073
                                                                                                                                                                                                                                        Entropy (8bit):4.775338242696645
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:J+6T4vNmgN8t0+yycVCI6z0jG7RMDX4WUMRmvm/1x:IDIyNx
                                                                                                                                                                                                                                        MD5:764D5E9D902AD35DFB4655D22F836F9B
                                                                                                                                                                                                                                        SHA1:31AEC17A64B7D32438B2E58A1AEB8F388FA481FC
                                                                                                                                                                                                                                        SHA-256:8444823F2ABE9EAB852310641372093F3A8631D3B8B47753C8AE1C69B2AFEEF7
                                                                                                                                                                                                                                        SHA-512:589B8731C6A85DB22993597AED76D920C01E7AC2C7B4B394D5D5BF254CC9096E962097C0CAEF4ECF09940A2DAEBE18858665708884E65C6620E812BFF70FCCC0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa-install.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5549
                                                                                                                                                                                                                                        Entropy (8bit):4.066110247641768
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Uji+oLbHInScwC0oljdaLDb2nD6nu7aabv5k/yigIAMvda0hS/iS:rbonScwC0olMLDb2nD6nupbv5TbIAMc5
                                                                                                                                                                                                                                        MD5:F537A07AE7D570F52EE50643365B1FC9
                                                                                                                                                                                                                                        SHA1:F3EB5BF057F2F981123FEBFCC568741E4E0F8FFB
                                                                                                                                                                                                                                        SHA-256:2518B71F18A08AF85F79A3947C975A098346346750F0136891279B803F369529
                                                                                                                                                                                                                                        SHA-512:1DCA227E358932ADEE77011F3E0A949E20A402FE99AA71B204A2E1936EF9C159D8DDB39F1DD36E2A974369232CA59D703334833DAE72F2DEEF12C8EC48553F0E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. background-color: #ffffff;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....img {.. -ms-interpolation-mode: bicubic;..}....#wa-installer {.. width: 455px;.. height: 378px;.. border: solid 1px #BBC7E7;..}.... #wa-installer .header {.. height: 50px;.. display: table;.. width: 100%;.. background-color: #F5F6FA;.. border-bottom: solid 1px #BBC7E7;.. }.... #wa-installer .header > div {.. display: table-cell;.. }.... #wa-installer .header .title {.. padding-left: 15px;.. vertical-align: middle;.. }.... #wa-installer .header .close .button img {.. float: right;.. position: relative;.. vertical-align: top;.. padding: 4px;.. cursor: pointer;.. }.... #wa-installer .header .close .button {.. float: right;.. position: relative;.. top: 2px;..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa-install.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1222
                                                                                                                                                                                                                                        Entropy (8bit):5.1940162396320595
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:csYR7A2NVMz71Mz7FMzrVMzPVMz6LVMCo7jScXRg4t2H:3C7A2meCeiCoHhm4cH
                                                                                                                                                                                                                                        MD5:4F636E5B6A304F3484E86B7C6906AEF3
                                                                                                                                                                                                                                        SHA1:D98F67176752372AFF04826649C00DBA203CFBBC
                                                                                                                                                                                                                                        SHA-256:7199FE6B6A25CFAA309E7BF4CBC01E6104B3EACB4927072930E30487131E22A2
                                                                                                                                                                                                                                        SHA-512:C38B84424121F73C74CD91CEF6E8879AE3EB4B86A4A2EF5D577E2811527E08116563D6A846125653CC8051695BFF614B3BF81BB194E40A8D57125325F89E1ACA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=8" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-install.css" />.. <script type="text/javascript" src="wacore:jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-install-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:wa-utils.js"></script>.. <script type="text/javascript" src="wacore:wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-install.js"></script>..</head>..<body onselectstart="return false">.. <div id="wa-installer">.. <div class="header">.. </div>.. <div class="content">..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa-ui-install.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18662
                                                                                                                                                                                                                                        Entropy (8bit):3.8532610964247125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:GVtiO2qyGuMW2FnrjPfCfsdd5nwwCbvlOzNZLXQDCR1ZgpN7:GVXyRMBbOzCR1Q7
                                                                                                                                                                                                                                        MD5:EF7BC2C839DC47030099EE7B6109F4A6
                                                                                                                                                                                                                                        SHA1:0E1EBD96A417D223F3B1AEF637A499F3006DE953
                                                                                                                                                                                                                                        SHA-256:E3CE46EAD80BA41A531FF0744BA3A39012BC43453F2EA541F4690B47E39D5760
                                                                                                                                                                                                                                        SHA-512:8A176A5FEDF337449E7B7B04673EE804DD9D0F14F83EBBECF7C4EE28C0E981F421E4C81811224D3E1473B4729710FFB105D4E7D07623A5D7D7C60D00C4643F0E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Installer UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.INSTALL).get,.. _window = wa.Core.Window,.. _external = window.external;.... ui.Installer = function () {.. var buttonId = "wa-installer-button",.. _this = this,.. RC_INSTALL_ERROR = -1,.. RC_INSTALL_DOWNGRADE = -2,.... open = function () {.. _window.ready(function () {.. //check preconditions.. var productName = wa.Core.WebAdvisor.getProductName();.. if (!_external.CheckDoWeMeetOSRequirements()) {.. _external.SetInstallResult(RC_INSTALL_ERROR);.. _external.ShowMessageBox(_l("ERROR_TITLE_CANT_CONTINUE"),.. _l("ERROR_OS_REQUIREMENTS"));.. _instrument.log("Installer",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa-utils.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15448
                                                                                                                                                                                                                                        Entropy (8bit):4.445293661315933
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:BZwBjyfDzRj5csy4h11lidEaCaNz46UcEm7dO2qSFZC9OQ/Df:Wefpj5csy4DIE3oU6Um8r
                                                                                                                                                                                                                                        MD5:16C7A28A1836AF5710A14D43B7E8F6CD
                                                                                                                                                                                                                                        SHA1:9BDCAEC1345DB8F80D209D10509E7E148E5E5CD0
                                                                                                                                                                                                                                        SHA-256:235AE52CCAEA0000BEA5894F4733A1D94DB6A18490B578AA2B8BB3FF3D606117
                                                                                                                                                                                                                                        SHA-512:E9E1B419CD7C3C8221C2C0970AD385031688CCAD9E716F1FFAD7120CDE5315F4A92C53F2C9AA5CA81BB357C1E7FE125278563CD831A6688305C6EB68084B9D8E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_),.. pscoreToast: (typeof _pscoreToast_ !== "undefined" && _pscoreTo

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa_install_check.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):558
                                                                                                                                                                                                                                        Entropy (8bit):7.494810764492959
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                                                                                        MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                                                                                        SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                                                                                        SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                                                                                        SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa_install_check2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):785
                                                                                                                                                                                                                                        Entropy (8bit):6.380231936591206
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                                                                                        MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                                                                                        SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                                                                                        SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                                                                                        SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa_install_close.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):327
                                                                                                                                                                                                                                        Entropy (8bit):7.1140535970703365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                                                                                        MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                                                                                        SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                                                                                        SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                                                                                        SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa_install_close2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):272
                                                                                                                                                                                                                                        Entropy (8bit):6.591404605834916
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                                                                                        MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                                                                                        SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                                                                                        SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                                                                                        SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa_install_error.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):428
                                                                                                                                                                                                                                        Entropy (8bit):7.367179920202989
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                                                                                        MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                                                                                        SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                                                                                        SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                                                                                        SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa_logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5361
                                                                                                                                                                                                                                        Entropy (8bit):7.956335361585333
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                                                                                        MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                                                                                        SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                                                                                        SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                                                                                        SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wa_logo2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2938
                                                                                                                                                                                                                                        Entropy (8bit):7.909981061900822
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                                                                                        MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                                                                                        SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                                                                                        SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                                                                                        SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wataskmanager.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 2879403 bytes, 3 files, at 0x44 +A "\microsoftedgewebview2setup.exe" +A "\wataskmanager.dll", flags 0x4, number 1, extra bytes 20 in head, 165 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2900843
                                                                                                                                                                                                                                        Entropy (8bit):7.9998613018539695
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:49152:hy3xnx08sXqiQVLyAQ6l7xcha+PVhtnYsLeqiOTBFqfkjsXeOUpULw:8px08sXRzH6l7xktbLbvTBIfkwOOaUM
                                                                                                                                                                                                                                        MD5:A4DFA367963FD3E46210D3BD0B4102B1
                                                                                                                                                                                                                                        SHA1:9DD28C37AF5B86C1F20E52933CF9EA47DFE1FC60
                                                                                                                                                                                                                                        SHA-256:F4670F2DB3E33F2130B636AF2FAA495A52532EC304A58014AE2128242AEA5047
                                                                                                                                                                                                                                        SHA-512:339CA24709B5577FD3B20170C6B6E75D80F19408B67FB3188B5B9E1DE7A67A5FF2F5EB8002519BA9CA8609AEE0B30858FCA02CC455C5F4DB15F493A3F3FF8F6A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF......+.....D.............................+..S.................. ?.........X.t .\microsoftedgewebview2setup.exe..6. ?.....Xmt .\wataskmanager.dll.Q.....Q....Xqt .\wataskmanager.manifest......I..[........."S`$..........XY.....$.$B9f.....0`..u$.*.V..w..g;`.......l.........d*<.*......@H..E..F..h....m.l.m...sy;3...r.....g....~.....ml..<hm.......@y.`7m66..-Vp...[Xm......b..`...Zq..7...f.....71K4..\......#.TD.U.E.{{..f..]...BeD0 d"...t@@..A....pr....B0"`Qy.rS..>a.5..@..u...*n...D....7..W+=.W.h.~.[?..SQ}o..I4....*.....vQo..w.K.O.Uj./......Q.?....T.^...l..'P........>.1....-....../...~....y=.~e....c...nVX./..U....4.o....T..O.....;..R..!..`.{l.....Cr.?.7:.Q.....+5.....>Z...,j.|.....-..L..+0.<L}..Ecc...V9s.kq..u.8.KUb...7.w..l..d?..`....K..+Kc.h.=F...~...\...\F.....j3.<.g..r.4.\zO..v.-..;..:.\..wdH&....AU...z.....0W\ X.'5W.J`>...z.......}..dr.."...*V....H.EI..[.A`.$[.fS ...z...^.Ez.....9..h..'.....6../.ut..(.c....0.b*.....'.dz0.!.`.....F~Z.....y.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\webadvisor.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, single, 1207 bytes, 1 file, at 0x44 +A "\webadvisor.manifest", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22647
                                                                                                                                                                                                                                        Entropy (8bit):7.676634476414908
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:B4eoYQ6ki2HPviQUDvYI5AM+o/8E9VF0Ny0b6ki29d1ikgOvAM+o/8E9VF0Nyh3k:B4E2HiPvYGAMxkEB2Ps+AMxkESb
                                                                                                                                                                                                                                        MD5:354BA45BC1F16F0F644723E2660E3CA0
                                                                                                                                                                                                                                        SHA1:CDAB1B7A3CE71EB13EEC62B4CADC1EA5FEE6DA45
                                                                                                                                                                                                                                        SHA-256:B436CF419F88F409A7D27B43B5932C6E381C5B6A93A323B64051CD7C5EF59CE5
                                                                                                                                                                                                                                        SHA-512:E381FD66DBDC9B5D839B95556D0085D550C2A00BA1FB0430D41CA4BFD14C7DAC21EACA57EA393AD7E953940300DEB14679E9DB7A0FD54F9FE0729A4BE009E456
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF............D................................S..........i..................Xnt .\webadvisor.manifest.b#z(F...[......K..3.%C...f...>88.$..@..../\..f....m_9S/.n..)..p..@...Q..B.....+C......n.]x...$.w..o..K.{co..Y1.... 8F...i..y.... .....$B...@b..04j5.$...q...1........*\.&0...+fU...4v.Q.....3h.Z5.N.+..(g@m..k.....]...Ix.].)..*..m...r.}.KZ......:.@...V.o.#.(M..&.&A?J9rCw.d..4.#...ttH.H.T.%..>G...$.b..I..9!...`...w...NL%.....~.F....eQDs.>...2t.:L..e.D..M...j.Y1.B}.K(..X1...d<.7f...X.V....Y.f.V..N.7w.....@5......2.[..CV......X:.|D.b..#&...D.P4D..x._3"} .]a.....!..N.Ak..:.l.>Q........U.0f....S.%U......?...mm......9...\..\.W....gp..<.V4r.`.}........YRm............@..j....%...Z.8...A..j..>}...9.n...J3.#.A......<...o..k...7....V.[>..C.5P..s.g....^9.......f.p#V........;[.kn.^..:t...Up.z...%......y....K.u.9..}..E..5*...N.&.F......;..E....b.]wm..."Y.@....F.....t..~t?.<.$s7..\.6.-....>..+D+..3.k.EP...6..G..z..@>i. .....Y......qk..tn.-.8.$.rz... .....O.`....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\webadvisor.ico

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):99892
                                                                                                                                                                                                                                        Entropy (8bit):3.9749743269785345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                                                                                        MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                                                                                        SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                                                                                        SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                                                                                        SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\Temp1361141607\wssdep.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 579389 bytes, 3 files, at 0x44 +A "\wssdep.manifest" +A "\win32\wssdep.dll", flags 0x4, number 1, extra bytes 20 in head, 46 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):600829
                                                                                                                                                                                                                                        Entropy (8bit):7.998848570895185
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:lIRKqFg8BQQNWTWxyNCn0+VMct7D0IaIqas/8g+AfFsW8Efn+T:c1WmWWn0qBD0IVqas//eW8u+T
                                                                                                                                                                                                                                        MD5:784F7DF7907C8BBB77CFDEC26176B715
                                                                                                                                                                                                                                        SHA1:CF5792A14C9311E2B98A3122D59178FF536E4C2D
                                                                                                                                                                                                                                        SHA-256:4D49923AAAADF6A7DD4F9C093DBB6878A00363A3E0A18E5BCC54E61175AA8D80
                                                                                                                                                                                                                                        SHA-512:4E3EDADF6939FC8A6FD1ACEF72460D782397EF7A6E7ABCE7CA1A17B6E3E7BDDA54398091B6BE7547333D50B79F2FAA08DD02C17A53900A12D3C83E296B5CDE2E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....=.......D...........................=....S.............................Xxt .\wssdep.manifest............X't .\win32\wssdep.dll.p....".....Xmt .\x64\wssdep.dll...\.<..[...8..3.."C`3..k....]..4(.....FUZ..Ck...T....,. ....#e...#..'.;{...G'...*...j....AF2.I......f62eg#........G.C../..:u..u.N..yd..=..y...-y....o..v... ....h...6.BkKi6.Y...%..%...6+t...(..i2J+d."..d.i..'..'O.}......f..j........w...oo.....&....Hnj.6."..C.X.U.XQ.E.*.....K.B.@X.........M..}....&!d.l..^..F...t..e.3sk.*....~.e..O&{D.f..A_..=cS.......5>}....>.......6....?v.Otl.?...%...2.6..2...dZ.....WOz.e.5KS-b.bZ.]..V<r.......V..g...>.+.8...nJ.u......8..J2.....N$........(....]....1...5:S*9...$..Wq..........J/.{.Kmqb9.........G]....+...-Ns.{(..Q.nh.m...r.7]/.WG....[P.......Tf..rZ<..A....A..-{9.I...-...Glc;....OZ.u...u..;..5jh).z&{E.........".....N.............u..b.+duU.W/L.%..r.POL..ZfA..3&K.zL3...M.\OTL.i..)]=W+..Y....\.V..nd.V.....z...1'.2M$...^..s...$...Q.I..../-...61R

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\aviary_client.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1458), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1665
                                                                                                                                                                                                                                        Entropy (8bit):5.299957524025923
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:HL4WKW98d7lvOKi18GDAxJxFyWLcLBoHC85QsZKg:pKxd71OKincxJxMW08D
                                                                                                                                                                                                                                        MD5:1325BBAD2BB01570B527769E0AD7AFCF
                                                                                                                                                                                                                                        SHA1:7FE83FC3C9152EB433176481F1B09C6D77654F8B
                                                                                                                                                                                                                                        SHA-256:3D653E48C4CAC8C85C3D686EEEA27BA230D10BD49B44E72C69C0AAEBF279DF10
                                                                                                                                                                                                                                        SHA-512:199D8BF69E56D7CFC3AEFD6991AE0C8CDA0F2A632FCED126C51A7238EF62D7B6E70B47004AAF78BD5A6E28537D99650599266F410A7F3C9AC12C850C4FDBD58E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var aviary_client_fileVersion = "1.2.181"; ..function CreateAviaryClientHelper(){try{var a={Get:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.Get(d)}}catch(c){this._logError("Get exception: "+c.message)}return null},Set:function(c,d){if(this._aviaryPlugin){this._aviaryPlugin.Set(c,d)}},ToJsonString:function(){try{if(this._aviaryPlugin){return this._aviaryPlugin.ToJsonString()}}catch(c){this._logError("ToJsonString exception: "+c.message)}return null},GetDirtyFlag:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.GetDirtyFlag(d)}}catch(c){this._logError("GetDirtyFlag exception: "+c.message)}return true},Setup:function(){try{if(this._aviaryPlugin){return}var f=JSONManager.getSingleton("dictionary");var c=f.data;var d=c.product_settings;this._aviaryPlugin=getPluginFactory().Create("ContextItemAviaryStore");this._aviaryPlugin.Initialize(JSON.stringify(d));getScriptVariableStore().Set("ContextItemAviaryStore",this._aviaryPlugin)}

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\common.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (13833), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14033
                                                                                                                                                                                                                                        Entropy (8bit):5.342408631225737
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qtu3RAn5OgUkr5oAZ0hFrBhCHuBIeTGqU37nw+9RXSWV0ai:q43RAnblghz0eIH7nwYpV4
                                                                                                                                                                                                                                        MD5:144A8645F924580E833D56C442ACDEC9
                                                                                                                                                                                                                                        SHA1:25B4CE0D450DBDF87F854AD19D2EC027A3252086
                                                                                                                                                                                                                                        SHA-256:64F3218275D1D3A5A5B2643225728C44CD64A9E41F558AD150F7438E00B8B0A9
                                                                                                                                                                                                                                        SHA-512:7D64DBD260896223CA2F66C1800455A865153CFA6EB1A7E27006ECBBAE14A3A76A7C0540785DAC5D6684309005B8F7677C16B2E0A320D49523A649D0B65BE021
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var common_fileVersion = "1.2.181"; ..if(typeof JSON!=="object"){LoadScript("json2.js")}if(typeof enableAnalyticsSDKForUWP==="undefined"){enableAnalyticsSDKForUWP=false}var GetEngineSetting=function(b,a){return a};if(typeof GetSetting==="function"){GetEngineSetting=GetSetting}else{logInformation("Missing GetSetting function; will only use default settings (this is expected pre SDK.2.3)")}var GetEngineProperty=function(b,a){return a};if(typeof GetProperty==="function"){GetEngineProperty=GetProperty}else{logInformation("Missing GetProperty function; will only use default Properties (this is expected pre SDK.2.5)")}if(!enableAnalyticsSDKForUWP){LoadScript("logging.js")}var getSystemPlugin=function(){var a=getScriptVariableStore().Get("system");if(!a){a=getPluginFactory().Create("system");getScriptVariableStore().Set("system",a)}return a};Date.prototype.toISOString=function(a){try{function d(f){var e=String(f);if(e.length===1){e="0"+e}return e}var b=this.getUTCF

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\config_manager.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (842), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1050
                                                                                                                                                                                                                                        Entropy (8bit):5.3308262881228865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2VeEhIBolSPnrVCYJqPse4A7PWLb/X0rbjIfJNosj/fcIg:28EhDSPrHAPse4A7PW3/X2uosj8v
                                                                                                                                                                                                                                        MD5:2A57B3778C74AE74813C582C421E2B3F
                                                                                                                                                                                                                                        SHA1:8A26061D568A31F40A9B9F3FAAF07169B29BFDB6
                                                                                                                                                                                                                                        SHA-256:811306686B18AC1D3F4AC3BE033B9B2A0FAD47756EBD3B0DA732981807693020
                                                                                                                                                                                                                                        SHA-512:7B782F0C54BE0D9A179648B53D798FC977C6C4816DA5188C0DF23BFFE733B0447890FD288FDA48D9F67AD858DEC600D2A0F4ADE60C1DA18EA74B5C9FB7CF72CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var config_manager_fileVersion = "1.2.181"; ..function CreateEventConfig(){var a={getEvents:function(){var b=JSONManager.getSingleton("events");return b.data},getProfileNames:function(b){try{return this.getEvents()[b].profileNames}catch(c){return null}},getAttributeRules:function(b){try{return this.getEvents()[b].attributeRules}catch(c){return null}},getPriority:function(c){try{var b=this.getEvents()[c].priority;return b.toLowerCase()}catch(d){return""}},getDataSetNames:function(b){try{return this.getEvents()[b].datasets}catch(c){return[]}},_setEvent:function(d,b){try{return this.getEvents()[d]=b}catch(c){return[]}},getThrottleRule:function(b){try{return this.getEvents()[b].throttleRule}catch(c){logWarning("getThrottleRule: failed, cannot find throttle rule attached to "+b);return null}},_events:null};return a}ModuleManager.registerFactory("config_manager",CreateEventConfig);..//269916DD98552834BFB08C7C2DBF38F93397F34BCD7233EC8F33B0D2901D54943DA31E56165E4EE2

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\csp_client.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3383), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3587
                                                                                                                                                                                                                                        Entropy (8bit):5.298620762714509
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:39Brq8ECI+Vttye8xYAAkSynknNkTv5ApLCYnawFwklt48ZI3OU2k9qM4JCZ0urk:PrHEfqr6GpdL4RgI3OL8ACe0E9CI5
                                                                                                                                                                                                                                        MD5:76ED8D0EB457983AE7DC1E9CE0E2DF69
                                                                                                                                                                                                                                        SHA1:157DC04AF4C77C168A78248E0613D60FA3A7E6F6
                                                                                                                                                                                                                                        SHA-256:1C62B1F4BAF55818CF3C3869CF5A9DC2FD83F9C738EF9326A1636219EBC71D7C
                                                                                                                                                                                                                                        SHA-512:7A9222329543B7BA0CF7AF7685A26DAA7FB539C1395B42E4C795E86BBB6408E3DC7C0502A63E4EA5FAA4F71CE0C8689A9359E25A840C872729C9110FCE903B50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var csp_client_fileVersion = "1.2.181"; ..function CreateCSPClientHelper(){var a={getClientID:function(c){if(null==c){logError("Invalid (null) appID for CSP::GetClientID");return null}try{var b=this._getPlugin().GetClientID(c);if(!b){this._reportGetClientIDFailure()}return b}catch(d){logError("Failed to retrieve Client ID from CSP for '"+c+"': exception is '"+d.message+"'")}return null},reportEvent:function(b){},getPolicyItem:function(c,b,e){var d="policy_general_settings."+b;if(e){d="policy_general_settings."+e+"."+b}return this._queryPolicyItem(c,d)},getCachedData:function(c,b){try{return this._getPlugin().GetCachedData(c,b)}catch(d){logError("Failed to load cached data for appId='"+c+"', service='"+b+"': exception is '"+d.message+"'")}return null},_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("cspClient");try{var b={policy:"full_sdk_only"};this._plugin.Config(JSON.stringify(b));logNormal("CSP Client plugin configured to us

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_collector.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (13758), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13966
                                                                                                                                                                                                                                        Entropy (8bit):5.2090049632194315
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:eWRhWbpB4FRhL10g4fquSZHo7vwFCw43NvyLUPu1phBOeY4PZTIit6BU6wHAUJ6r:fmbpOFvY4WXo1tYQZTAhLhc0
                                                                                                                                                                                                                                        MD5:C0F8805AB18F2714D5407D77CA466165
                                                                                                                                                                                                                                        SHA1:3684896574EF06DC678ACEEFD4FA69F80B22E30D
                                                                                                                                                                                                                                        SHA-256:B9BE1DED5B76161372EB2B98528179E8D0AA8B73F7EAFAE3318B7F3CB6E8BF62
                                                                                                                                                                                                                                        SHA-512:53EF3C586DC660502F31CC31FF605241D1D6043F53C39EE3EE12633DDCD14B0B30A84BE16F20DEDBC647A58BE5B7BEDC22E807BA6265AB7A0898ACBA35E1BB58
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var data_collector_fileVersion = "1.2.181"; ..ModuleManager.set("uptime_tracker",function(){return{fetchFromDataDefinition:function(b){try{return null}catch(a){if(a.hasOwnProperty("message")){return"[Plugin method failed: "+a.message+"]"}else{return"[Plugin method failed]"}}}}}());var Create_data_collector=function(){var a={setup:function(){try{this._logInformation("Setup Started.");this._loadDefinitions();this._farmers=this._createFarmers(this);this._refreshers=this._createRefreshers(this);if(!this._farmers||!this._refreshers||!this._definitions){this._logError("Setup failed: farmers("+this._farmers+"). refreshers("+this._refreshers+"). definitions("+this._definitions+")");return}var c=[];for(var b in this._definitions){c.push(b)}this.markDataExpired(c);this._logInformation("Setup Done.")}catch(d){this._logError("Setup failed: "+d.message)}},get:function(h){try{var g=null;if(typeof h==="string"){g=h;h=[h]}if(!h instanceof Array){this._logWarning("get: items

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_items.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8960
                                                                                                                                                                                                                                        Entropy (8bit):3.7010716622460236
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Xvvu5bVDbDvhF/62/64N/6j89OywRq7ApAd31yycEMKlo/xJMx2m5H9MXYwfczyM:O/62/66/63xQ2m5dMoqMmOZ
                                                                                                                                                                                                                                        MD5:E9A5F604E451A4C240474457B6F5F775
                                                                                                                                                                                                                                        SHA1:DD5D46CF0A510C16D354096513F28C8F438B4C38
                                                                                                                                                                                                                                        SHA-256:D4B0031958C4B30AF517D6B22F76D22BF10EF19BBCE9A5A87D313717FB4CEF52
                                                                                                                                                                                                                                        SHA-512:A455B6AE58B94A390DC514B3B9A60161002AB138F3AD09CC56D9608DAA819146D41D66CBE56C40AB17AE84564B9EAA976D84DBFE1C0BBC3CF61E2B60C361F36D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "version": "1.2.181",.. "data": {.. "product_analytics_content_version": {.. "params": "getContentVersion",.. "rule": {.. "ruleName": "notNull".. },.. "source": "engineContext".. },.. "product_install_type": {.. "params": {.. "name": "is_loud_install",.. "scope": 0,.. "default": "UNKNOWN".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "product_affiliate_id": {.. "params": {.. "name": "*Affid",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "device_geo_id": {.. "params": {.. "name": "SystemGEO",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waS

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7140), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7341
                                                                                                                                                                                                                                        Entropy (8bit):5.27407171797532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:BSNaQstBT0ZVs64Hwxizhs2RS+R8Btmm9TsbYF0Rx:+WhxhLCPmn
                                                                                                                                                                                                                                        MD5:8957C96F2D8A5EAE05B1FFB5DAF15B8E
                                                                                                                                                                                                                                        SHA1:41DC6CCF5E2434E5ED67FF1EE7329E5FD16C0FA7
                                                                                                                                                                                                                                        SHA-256:1D97C9DB7F04860A7B9571532191F0D7FA3A43ACED30256ED99852851F107CB6
                                                                                                                                                                                                                                        SHA-512:682864682122B9FA199E3CA9EE7548433ABF1B010BC38A59B2A0AA32AE92F25E9920FB199C4CBD0F6C078E402DE22EE885B0FB18FE177E7D4B924571991A2D14
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var dataset_fileVersion = "1.2.181"; ..function CreateDataset(){function b(c){this._name=c;if(!this._name){throw"Dataset created with no name provided"}}b.prototype={initialize:function(d){try{if(!d){this._logError("No configuration defined");return false}var c=d.data_items;if(!c){this._logError("Invalid Data items. Config ("+JSON.stringify(d)+")");return false}this._itemsList=c;var f=d.refresh;this._setRefresh(f);this._logInformation("Initialization complete");return true}catch(g){this._logError("initialize: "+g.message);return false}},get:function(c){try{return this.getContent()[c]}catch(d){this._logError("get: "+d.message)}},getContent:function(){try{this._logInformation("getContent starting");this._logInformation("itemsList"+JSON.stringify(this._itemsList));var d=ModuleManager.getSingleton("data_collector");if(this.dirty){d.markDataExpired(this._itemsList);this.dirty=false}return d.get(this._itemsList)}catch(c){this._logError("getContent: "+c.message)}},

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset_da.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (6749), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6953
                                                                                                                                                                                                                                        Entropy (8bit):5.406901064256282
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:JE+7wzRBsvJdOwfwrsEkRvtPYiNsnWPVybI6gNzgMd7e6peMYs5mI98RGx:JE+7uoJdSwHlQit0ONzgC7us5mIme
                                                                                                                                                                                                                                        MD5:877309C597A1754C7CCCB61D7FB82320
                                                                                                                                                                                                                                        SHA1:04CEA4DFF078D64B4BC8F30C219039423FB483C3
                                                                                                                                                                                                                                        SHA-256:8EC7F3E1193864D6ECF6C38719F85511AB198B6506C4FBA601DDFB4D0B9FDE0F
                                                                                                                                                                                                                                        SHA-512:601BE3B231A89D41558C316C65A13DA13A7FA49603823F321B32190C1FF12A2210F965E0D343365D59B35291080EDD390A4F62B4FC638B384B195F49B7B54A5B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var dataset_da_fileVersion = "1.2.181"; ..var Create_dataset_da=function(){var a={dirty:true,load:function(){if(!this.dirty){return}setTimeout(1*60*60*1000,function(){this.dirty=true});logNormal("Loading dataset da");this._content={};var f=this._getTimeLastDA_Query();if(!f){logInformation("dataset_da: Failed reading query start value. Going to use 0 as start");f=0}var b=this._getTimeNow();if(!b){logError("dataset_da: Failed reading query end value. Going to quit loading the dataset.");return}var c=24*60*60;b=b-c;try{this._processRequests(this._da_queries,f,b);this._store_DA_QueryTime(b)}catch(d){logError("Failed to load the da dataset: exception is '"+d.message+"'");return}this.dirty=false},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{this.load();if(!this._content){return null}return this._content[b]}catch(c){logError

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\datasets_catalog.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1536
                                                                                                                                                                                                                                        Entropy (8bit):3.717699904609679
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:1r1GHkJZEwv0SD0FOZVYEsWElFcTduoLqr7QYrMKHqEQDsHdYrpFxG9sSFeJpK:HCEnvU2mEsWYFAnLqrtrMKKbDsHOrpFU
                                                                                                                                                                                                                                        MD5:CA4481199F1905633D8635ED4C4D9B2F
                                                                                                                                                                                                                                        SHA1:B151F60C430D398E9ED81399110D653D70F4BEB0
                                                                                                                                                                                                                                        SHA-256:83AA1C521E2FFE89D16B2EE44DD3678CAF95FC2567DB17263B97D87E2CE1BBA4
                                                                                                                                                                                                                                        SHA-512:E40ECBEB700E9A15195E83200F811EB3D2D120F83F860E37AE7FE57778E97DF2881776C00B5EA2C19D27B367F44B475AC4A86808B00DC616DAC5649F2A7C6539
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "version": "1.2.181",.. "data": {.. "default": {.. "data_items": [.. "product_analytics_content_version".. ],.. "refresh": {.. "useEngineDefaultTimeout": true.. }.. },.. "wa": {.. "data_items": [.. "product_version",.. "device_country_code",.. "product_subscription_type",.. "product_ab_test_group_id",.. "user_account_id",.. "product_productkey",.. "product_package_id",.. "device_platform_edition",.. "product_cpu_type",.. "device_platform_version",.. "product_install_type",.. "product_affiliate_id",.. "product_subscription_expiry_date",.. "device_geo_id",.. "user_global_reference_id",.. "device_id",.. "device_platform",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dictionary.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10174
                                                                                                                                                                                                                                        Entropy (8bit):4.056574499020934
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:dWOHdgzPqNxXciNwSmX2C6mWaSgkzRqU83ZPh4U:rgziHGazGVh4U
                                                                                                                                                                                                                                        MD5:95B93A03B8CB08AF09BD8D482EE0D29A
                                                                                                                                                                                                                                        SHA1:5349BAD7E28368B4705028EB34C8B04F6D3604E8
                                                                                                                                                                                                                                        SHA-256:8A5E81CCFEB1CB82E0496FEAC6506A75654C546ECC0239055EEA64CB63F5370E
                                                                                                                                                                                                                                        SHA-512:70865CC18B2CCFD9A0BA4C4E45E844A61E35342647F7BACE640C19D1B1C1F9122D8999EBA0B82046B5465C495E92D1C535A51DCF6732756ACD2C1C9A37A3EAD7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "version": "1.2.181",.. "data": {.. "event": {},.. "global": {.. "uniqueid": "hit_event_id",.. "uniqueidentifier": "hit_event_id",.. "feature": "hit_feature",.. "trigger": "hit_trigger",.. "interactive": "hit_engagement_interactive",.. "hit.interactive": "hit_engagement_interactive",.. "hit.user.initiated": "hit_engagement_userinitiated",.. "userinitiated": "hit_engagement_userinitiated",.. "desired": "hit_engagement_desired",.. "engagement.desired": "hit_engagement_desired",.. "useridentifier": "hit.userid",.. "label1": "hit_label_1",.. "label2": "hit_label_2",.. "label3": "hit_label_3",.. "label4": "hit_label_4",.. "label5": "hit_label_5",.. "label6": "hit_label_6",.. "metric1": "hit_metric_1",.. "metric2": "hit_metric_2",.. "metric3": "hit_met

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\emitter.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3654), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3855
                                                                                                                                                                                                                                        Entropy (8bit):5.20710916605884
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:4yk11hc+h8Md+O2SNyMZ5uGC2AjrkCOGnDila1:vk1I++Md+O2SNtC2WrkCOGnDila1
                                                                                                                                                                                                                                        MD5:6C8C011735FDC08793118C82D92DA4CB
                                                                                                                                                                                                                                        SHA1:CB7B4BA48AA9E669C3D83D2BFBC69F80AE0CC2BD
                                                                                                                                                                                                                                        SHA-256:4297BF13FF46485DB3A16C0E64C894B83C53CFBE0FC19227066F0E99B2623264
                                                                                                                                                                                                                                        SHA-512:A2F9E1E123B4D113582B7A422DB1CE67BCC4BD3513ECDA6A661B9D825D500FCC4BCE9C5404E4F58BCF136AFC5F4AF2AF9941831E5737D0818259718C3CF19B71
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var emitter_fileVersion = "1.2.181"; ..function createEmitter(b,a){function c(g,i){var h=getScriptVariableStore().Get(g);if(h){return h}try{h=getPluginFactory().Create(i)}catch(j){logError("Failed to create plugin: '"+i+"'")}try{getScriptVariableStore().Set(g,h)}catch(j){logError("Failed to set plugin '"+i+"' in store as '"+g+"'")}return h}try{var d={configure:function(g,e){this.profileName=g;this.profile=e;this.transportName=e.transport;this.transportConfiguration=e.transport_config;this.dataSetNames=e.datasets;this.enableRules=e.enableRules;this.throttleRule=e.throttleRule;this.throttleMultiplier=e.throttleMultiplier;this.maxDimensionLength=e.maxDimensionLength},send:function(h){try{if(!this._isEnabled()){logInformation("_isEnabled() returned false. Will not send data to "+this.transportName);return false}h=this._sanitize(h);if("csp"==this.transportName&&"1"==this._getPlugin(this.transportName).GetVersion()){return false}if(!this.initialized){var g=ModuleM

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\engine.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (11329), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11529
                                                                                                                                                                                                                                        Entropy (8bit):5.250907548570848
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:K8+1u9z1l8Le62L9s9Zs2JFsIOSsnQSRTPd3uXsx14jxN2FhvsC7PquQQHDmksFB:0e1LYpJyZQSRrdeXsx1AxNWFRddDmWM5
                                                                                                                                                                                                                                        MD5:85C7C5CCEED140146D877939FBB40750
                                                                                                                                                                                                                                        SHA1:B3C266846A70C3B3E79526A8E3D59FBED5E5AC02
                                                                                                                                                                                                                                        SHA-256:F7695E7C7B6B0A793F2E518494D343002E5AEE0E4F735949D46A853ECF0FC58C
                                                                                                                                                                                                                                        SHA-512:C3136DBCD763AB2F9BE0FCA42F4696ABD7183C7BFA06AB2C19A24D09C7816A9CF699570F6F7DCF3A4A4B9D5E749E7F6E8182DB79FCB84E13F99F2962F0B1404E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var engine_fileVersion = "1.2.181"; ..LoadScript("common.js");var _factoryManager=CreateFactoryManager();var ModuleManager=CreateModuleManager(_factoryManager);var JSONManager=CreateJSONManager();var StorageManager=CreateStorageManager();var PDManager=CreatePDManager();var RegistryStore=null;var setContentHeartbeatTimeout=function(b,a){var d=getScriptVariableStore().Get("heartbeattimerid");if(d){try{clearInterval(d)}catch(c){logWarning("setContentHeartbeatTimeout: Fail to clear timer id "+c.message)}}d=setTimeout(b,a);getScriptVariableStore().Set("heartbeattimerid",d)};var engine={defaultClientAnalyticsRegistry:GetEngineSetting("Analytics.Base.RegKey","HKLM\\SOFTWARE\\McAfee\\McClientAnalytics"),heartbeatTimestampKey:"analytics_content_heartbeat_timestamp",datasetsRefreshRate:60*60*1000,userId:null,createEventJson:function(c,a){try{a["Tracker.Type"]="event";return{UniqueIdentifier:c,type:"event",payload:a}}catch(b){logError("engine::createEventJson: Exceptio

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\error_transmitter.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2529), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2740
                                                                                                                                                                                                                                        Entropy (8bit):5.310758777564662
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:XURsQEqp22+r9sEDQgWenZsEXRiRmf3djAFzsEysEBQsEsFsEBMCnUGsEaffL/Tx:DQnp2fxsrsnZsEAEf3d0FzsFsfsHFszd
                                                                                                                                                                                                                                        MD5:BFB81A6C06296A0E3DB5D3ABCF633C76
                                                                                                                                                                                                                                        SHA1:C86B17B783EC3076F3E0D2BAEC8E6D0842DB52C2
                                                                                                                                                                                                                                        SHA-256:F5A8EF08DC65DD2E4B4E5769E445572B3F6F944BDDF4FF5E9ECB4100C084E5C2
                                                                                                                                                                                                                                        SHA-512:14A1E51CCCAEC42C2CAA85E0B70BFB31B663542A961FCF91BEB227B2CB6A2AE910C7A262A82D631FD269EA378A74181E0CC0066DED700FABFF658339EA8C64EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var error_transmitter_fileVersion = "1.2.181"; ..function CreateAnalyticsErrorTransmitter(){function a(){this.setup()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.messageName="analytics_event_error_occurrred";a.prototype.setup=function(){var c=ModuleManager.getSingleton("config_manager");var d=c.getProfileNames(this.messageName);if(!this.emitter&&d){this.profileName=d[0];this.emitter=this.retrieveEmitter(this.profileName)}};a.prototype._generate=function(c,e){var f={hit_event_id:this.messageName,hit_category_0:"Analytics.Event.Error",hit_trigger:c,hit_action:"Analytics.Event.Rule.Failed"};if(findObjectSize(e.type["ruleMismatch"])){f.hit_category_1="ruleMismatch";f.hit_label_0=JSON.stringify(e)}else{if(findObjectSize(e.type["ruleError"])){f.hit_category_1="ruleError";f.hit_label_0=JSON.stringify(e)}else{if(e.type["rejected"]){f.hit_category_1="rejected";f.hit_label_0=JSON.stringify(e)}}}var d=new Date();f["__record.created"]=d.toISOStr

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\event_handler.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (6709), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6916
                                                                                                                                                                                                                                        Entropy (8bit):5.333702053750348
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:7b+vdzkDCDfgTg3ZyHORvgaF22TYlpt3NnhYqBU3YYXCf/:skDgrouvgaF22TYlpdNnhVW3YK0/
                                                                                                                                                                                                                                        MD5:6772FD53C0B998E06A851503E851BD17
                                                                                                                                                                                                                                        SHA1:4B7426F7D2B3585BB9FCCC132F9A76C63D7290FE
                                                                                                                                                                                                                                        SHA-256:D8848D8334CE9117374DD12AEBC180D208FEC0F958B89664E85E83D45A7E2149
                                                                                                                                                                                                                                        SHA-512:CF410C8D5D49B6A2603818CD3AA093DC2AD8B4AF8F71069E36B7D706BB82C6C0508B0F9C2BAADD3B5D2C152693D8B4319520BD89062E96E39677B9568A3EC4BC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var event_handler_fileVersion = "1.2.181"; ..if(typeof dataManipulator!=="object"){LoadScript("common.js")}function CreateEventHandler(){var c={handleEvent:function(g){try{var h=JSON.parse(g);var f=h.type;if(("MessageBusPlugin"==f)||("InProcAPI Plugin"==f)){this._processMsgBusEvent(h.payload)}else{if("UWP_Event"==f){this._processAnalyticsAddRecord_v1(h)}else{logWarning("Unexpected message was rejected (unknown type): "+g)}}}catch(i){logError("Failed to process incoming event: exception = '"+i.message+"'")}},handleV1Record:function(e){this._processAnalyticsAddRecord_v1(e)},_processMsgBusEvent:function(h){try{var f=h.name;var k=h.payload;if(("Analytics.v1.AddRecord"==f)||("Analytics.AddRecord"==f)||("Analytics.Automation.AddRecord"==f)){return this._processAnalyticsAddRecord_v1(k)}var j=ModuleManager.getSingleton("data_collector");j.notifyMsg(f);var g=ModuleManager.getSingleton("observation_analytics");g.handle(f,k)}catch(i){logError("Failed to process message

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\events.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):134361
                                                                                                                                                                                                                                        Entropy (8bit):3.1600337530633746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0fzFRfzQO30XiSLXyM6dzYcUXgIo8RmsziMw6pl7tzBuWpCBwOCBwXzN3PKbDf8E:WvN0PXgOGPwBwhuV
                                                                                                                                                                                                                                        MD5:98F6DC778331E4029FB4B191D54FC985
                                                                                                                                                                                                                                        SHA1:84647C518329FF8C18F12C8B04A833C102BD03C9
                                                                                                                                                                                                                                        SHA-256:2BF53E32D9F91E0177C9BDC05DD9B3A236B3D0E6A41F2D5720F949DE9BDCEFB4
                                                                                                                                                                                                                                        SHA-512:AAB3F2C37628B1A0BB2563CF1532B310F75EC9CBD608EE3E4170DAA7F9CED8DB0F8379628C134A2C314023DE8BE1B76382DA04CED7867138084D4E3E1073B7FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "data": {.. "wa_advanced_protection_signals_impression": {.. "attributeRules": {.. "hit_action": {.. "meta": "screen_load",.. "ruleName": "override".. },.. "hit_category_0": {.. "meta": "Analytics",.. "ruleName": "override".. },.. "hit_engagement_interactive": {.. "meta": true,.. "ruleName": "override".. },.. "hit_feature": {.. "meta": "TBD",.. "ruleName": "override".. },.. "hit_label_0": {.. "meta": "success",.. "ruleName": "override".. },.. "hit_label_18": {.. "meta": "AdvancedProtectionSignals",.. "ruleName": "override".. },.. "hit_label_19":

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\hash128.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4059), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4260
                                                                                                                                                                                                                                        Entropy (8bit):5.611174413374786
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:/hGfe5Z6TQ25OkR/ZCpMJFU7Rz94+IFpRREbgMG6hxOIq4sU/G/HIGIkUNjYbah:/I14icRpVIbRybgMGyxOIq4sU+/oGIkE
                                                                                                                                                                                                                                        MD5:30DCF4CF45E8914CED95B9A7C012B7B9
                                                                                                                                                                                                                                        SHA1:B131D1710139B270C6C75A03B12D7615D4DD772E
                                                                                                                                                                                                                                        SHA-256:EDF4741A3F6E86889E6FC3FFAF2A1450678E2E16BD2D008E22DDE4A9AA44536F
                                                                                                                                                                                                                                        SHA-512:35044DC820842CBDF38FA41D5604ED0035D0339C0B05833F4BE10ED54FFAE4927F951AB3282C6EB83EE0275761CAB2363DAC7208ED2FD20492CFE950A4184ED2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var hash128_fileVersion = "1.2.181"; ..function CreateHasher128(){var a={hash128:function(s){function L(c,b){return(c<<b)|(c>>>(32-b))}function K(x,c){var G,b,k,F,d;k=(x&2147483648);F=(c&2147483648);G=(x&1073741824);b=(c&1073741824);d=(x&1073741823)+(c&1073741823);if(G&b){return(d^2147483648^k^F)}if(G|b){if(d&1073741824){return(d^3221225472^k^F)}else{return(d^1073741824^k^F)}}else{return(d^k^F)}}function r(b,d,c){return(b&d)|((~b)&c)}function q(b,d,c){return(b&c)|(d&(~c))}function p(b,d,c){return(b^d^c)}function n(b,d,c){return(d^(b|(~c)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(x){var H;var k=x.length;var d=k+8;var c=(d-(d%64))/64;var G=(c+1)*16;var I=Array(G-1);var b=0;var F=0;while(F<k){H=(F-(F%4)

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\json2.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3618), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3817
                                                                                                                                                                                                                                        Entropy (8bit):5.529217349892361
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:d6xjvqEYontqQYCNRqihKDMl1Q9/+slg60yvb0Pz/RlOZglybLnEl:lEKTGzg2sWqz+lybLEl
                                                                                                                                                                                                                                        MD5:8BB6763E626752B16CFD110B5453B3E6
                                                                                                                                                                                                                                        SHA1:E4A8DDF530A4D05072E39F182D806348ECCD8CFC
                                                                                                                                                                                                                                        SHA-256:F3661180451AEE65BB609B6A28489D32B7A8B928AF5094F518E2DCB0BE16003E
                                                                                                                                                                                                                                        SHA-512:6E0119E6BC077A8D9AEF5D96F3D774FE1F2D27EA209E8542DEB0D9D2AAF6F91F301D267FEDFE768B5253D9800A29CF13CE1F1CB232E7C8368D32797FE0B26AC9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var JSON2_fileVersion = "1.2.181"; ..if(typeof JSON!=="object"){JSON={}}(function(){var rx_one=/^[\],:{}\s]*$/;var rx_two=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;var rx_three=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;var rx_four=/(?:^|:|,)(?:\s*\[)+/g;var rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;var rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?"0"+n:n}function this_value(){return this.valueOf()}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null};Boolean.prototype.toJSON=this_value;Number.prototype.toJSON=this_valu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\logging.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3176), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3377
                                                                                                                                                                                                                                        Entropy (8bit):5.478774658651738
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:RXNGJtGJIGM+GtH5jnV+g2CdWVvDK1lEwJ2MPRp0WvIttWh:CJEJTMpzYVrKwMPv0WAtgh
                                                                                                                                                                                                                                        MD5:BB39BF60BBB5649F2E6AF73E03C801A9
                                                                                                                                                                                                                                        SHA1:BC7B877FA0069FE885951438C15F6F7C157E6F58
                                                                                                                                                                                                                                        SHA-256:974599BC2BB79BFBEE739957B73F79D94953D1D97048F75EFC1A172C4222427D
                                                                                                                                                                                                                                        SHA-512:12D5191D0620E04DC2DE5CDA2D5957E2CF4A97D4D664025F0035082C715C74033B832A5AFF9AF18E46552B44CCA06C9B3B2235F0A5B2EDF5249CC41934E770C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var logging_fileVersion = "1.2.181"; ..var debugEnable=false;function callerName(){var a=arguments.callee.toString();a=a.substr("function ".length);a=a.substr(0,a.indexOf("("));return a}function getLogger(){var b=getScriptVariableStore().Get("logging");if(b){return b}try{b=getPluginFactory().Create("logging");try{debugEnable=GetEngineProperty("Analytics.SDK.Script.Debug.Enable",debugEnable)}catch(a){}}catch(a){b={LogMessage:function(){},WriteToConsole:function(){},WriteToSyslog:function(){}}}getScriptVariableStore().Set("logging",b);return b}var LOG_SEVERITY_NORMAL=1;var LOG_SEVERITY_WARNING=2;var LOG_SEVERITY_INFORMATION=3;var LOG_SEVERITY_ERROR=4;var LOG_SEVERITY_CRITICAL=5;var SYSLOG_EMERG="emerg";var SYSLOG_ALERT="alert";var SYSLOG_CRITICAL="crticial";var SYSLOG_ERROR="error";var SYSLOG_WARN="warn";var SYSLOG_NOTICE="notice";var SYSLOG_INFO="info";var SYSLOG_DEBUG="debug";var logNormal=function(b){try{b=sanitizeLogMessage(b);getLogger().LogMessage(LOG_SE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mappings.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2160), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2362
                                                                                                                                                                                                                                        Entropy (8bit):5.3401536620120975
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Ob7j7XL5Zqjbtkp2yI4XNJEE+yqAUfOh6A+33SRWVCYAFET:I/IkxXn1+yQOh6D33vC1ET
                                                                                                                                                                                                                                        MD5:ADB684CA19D54C05B7032156B1B26823
                                                                                                                                                                                                                                        SHA1:EF6460CAB61E66C3A06D7DAC877D7D54BE7E871E
                                                                                                                                                                                                                                        SHA-256:33656F3B24C664F73A57AFEB2C7B705C825CBFEE9BF7585D7359CD663518AEA3
                                                                                                                                                                                                                                        SHA-512:93D5166883CED16E3CCFDB430B4D5021DE13434E08FC939B5C5E8A82EB0E252D79F0B34C02F07201E8CDF0C81AC95E5EC4E0E11A3164440EFC6D1ED3FE555653
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var mappings_fileVersion = "1.2.181"; ..function CreateMapping(){var a={eventMap:function(c,b){if(!(b in this._eventTable)){return c}return this._map(this._eventTable[b],c,true)},globalMap:function(b){return this._map(this._globalTable,b,true)},daMap:function(b){return this._map(this._daTable,b,true)},profileMap:function(c,b){if(!(b in this._profileTable)){return c}return this._map(this._profileTable[b],c,true)},getProfileTableStr:function(b){if(!(b in this._profileTableStr)){return"{}"}else{return this._profileTableStr[b]}},getFlippedProfileTable:function(c){if(!(c in this._profileTable)){logWarning("Requesting flipped table for invalid profile "+c);return{}}if(c in this._flippedProfileTable){return this._flippedProfileTable[c]}this._flippedProfileTable[c]={};for(var b in this._profileTable[c]){var d=this._profileTable[c][b];this._flippedProfileTable[c][d]=b}return this._flippedProfileTable[c]},_map:function(b,f,h){if(!b||!f||(typeof f!=="object")){logWarni

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mcutil.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1832), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2032
                                                                                                                                                                                                                                        Entropy (8bit):5.423419114482651
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:nb9YBy8KJU9hYErsYvZ5YxHqbWbb//yb07jcFl4ADv8TuScfRD:n5Y7MErvScaiNXScZD
                                                                                                                                                                                                                                        MD5:CE103C399CCC08F9AA5B0DBF88881E28
                                                                                                                                                                                                                                        SHA1:6774BDBE18B6D63BA790FF9A32822230FAA6E1C2
                                                                                                                                                                                                                                        SHA-256:4FC19203D995BF3543796193E60841B77EFB660D5A0D4C91201BC65ACB8E8354
                                                                                                                                                                                                                                        SHA-512:AF6574E53690A6141D028079B6ACD7E54AEE853D86C619AABA635FE3848D7DBB69C86754EE7C36874D42BB72B48AB08E38458FDB3B8C0382CAE9CAFDDB8038C6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var mcutil_fileVersion = "1.2.181"; ..function CreateMcUtilHelper(){var a={_logError:function(b){logError("mcUtil: "+b)},_logInfo:function(b){logInformation("mcUtil: "+b)},_getPlugin:function(){if(!this._plugin){var c=ModuleManager.getSingleton("data_collector");var b=c.get("analytics.sdk.version");if(b.match("^2.[0-5]")){this._logInfo("This SDK does not support mcUtil plugin. sdkVer("+b+")");return null}this._plugin=getPluginFactory().Create("mcUtil")}return this._plugin},_plugin:null,_hardwareId:null,_softwareId:null,storeHardwareAndSoftwareId:function(d){try{this._logInfo("storeHardwareAndSoftwareId - start");if(!this._getPlugin()){return}var b=d;if(!d){var h=ModuleManager.getSingleton("data_collector");var f=h.get("WSS.Hardware.ID");b=(f==="[ruleMismatch]")?true:false;this._logInfo("value: "+f);this._logInfo("storeValue: "+b)}if(!b){this._logInfo("Not going to storeValue");return}this._invokeGetMachineId();if(!this._softwareId){this._logError("storeHardw

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\observation_analytics.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1151), with CRLF, LF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2017
                                                                                                                                                                                                                                        Entropy (8bit):5.2643713576298214
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KvZEumJTxfCViKARzApkiNOVBdDzdzHbp5db5GFDvVd9MGZdozuIdvJEd:KvuusTxfCViK0zJD5zHVjb5GFDvfb5Iw
                                                                                                                                                                                                                                        MD5:B3AE304C1084A7D4B5CABF74C64458D8
                                                                                                                                                                                                                                        SHA1:A88D20205FA58ADB5ECEA1985593FFFA2DA1C417
                                                                                                                                                                                                                                        SHA-256:54A31A36672CCD6E11CF0BFFA1BBC08460BCC91CF1AABFCFECB0A939EA189AEC
                                                                                                                                                                                                                                        SHA-512:F72F45665522B40AFE6BDC228A2E179320E9D835C20725D5A1846CC206DD6428C7A5B84CAED666416642CCB894EC6BD7939AB3E332941145ED6339E239B86E2E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var observation_analytics_fileVersion = "1.2.181"; ..function getObservationAnalyticsEngine(){./*. * config format:. * 'Message.Name' : { // name of obsved message on messagebus that we will subscribe to. * 'map' : { // map from message keys --> analytic friendly keys. * 'Count' : 'Metric1', // ex. 'Count' : 123 --> 'Metric1' : 123. * 'Policy' : 'Event.Label' // ex. 'Policy' : 'XYZ' --> 'Event.Label' : 'XYZ'. * },. * 'default' : { // default values that are not specified in the obsved message. * 'hit_event_id' : 'XYZ'. * }. * }. */.var a=function(){var d=JSONManager.getSingleton("observability_datasets");if(!d){d={data:{}}}return d.data};var b=a();var c={start:function(){try{var d=getMessageBus();for(var f in b){d.Subscribe(f)}logDebug("observationEngine Started")}catch(g){logError("observationE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\operations.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (6480), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6684
                                                                                                                                                                                                                                        Entropy (8bit):5.337224061028135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jAk6WqZs6iqL5QaQldifjf9i/OCi8sdHvzqZ+SSf72NfoDc8H5sviXvq:jEb3UidGBdT
                                                                                                                                                                                                                                        MD5:572BDB31B5DEF5ECDCBBE9D0F8298167
                                                                                                                                                                                                                                        SHA1:13C1BD6AA368846990EAE0527C0E7B3B9B6F6560
                                                                                                                                                                                                                                        SHA-256:53A05779BA4FF6DA18FCA7D817516F2FFDC180DC00DA8E91AE8F472493E67FEE
                                                                                                                                                                                                                                        SHA-512:4D04D03F7DD01C407F2554AFDA61D1CB1924256C7C67ECF3F72AE656703B0148A57D906876E2D7ED73E4A9A574B2F5146A0BDD072FC367C2514F3FA30E3A87C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var operations_fileVersion = "1.2.181"; ..function CreateDataOperations(){var a={apply:function(c,b){try{if(!b){return c}if(!this._isValidValue(c)){this._logWarning("Invalid value Val("+c+"). Operation with operationConfig("+JSON.stringify(b)+") will not be applied");return null}return this[b.name](c,b.params)}catch(d){this._logError("operations:apply: Excption caught("+d.message+". Val("+c+"), operationConfig("+JSON.stringify(b)+")");return null}},noop:function(b){return b},equal:function(b,c){return b==c},isValueValid:function(b){return(b!="[not assigned]")&&(b!="[ruleMismatch]")&&(b!="[ruleError]")},notNull:function(b){return(b!=null)},validLen:function(b){if(!b){return null}try{b=JSON.parse(b)}catch(c){this._logError("validLen: value ("+b+") not an object, exception: "+c.message);b=[]}if(!(b instanceof Array)){this._logWarning("validLen: value not an array ("+b+").");b=[]}return b.length},lenEqual:function(b,c){return(this.validLen(b)==c)},lenGreater:fun

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\preprocessors.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (825), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1032
                                                                                                                                                                                                                                        Entropy (8bit):5.406672124511126
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:8eLYQI/YCqYJIAb2sFsn5caYyb2srq7Y4cbfsk0RrnsEeEc1Jntk2O:pLVI/xqIXbTFsKrybTAncbfl0Rrsn1Pk
                                                                                                                                                                                                                                        MD5:AEF9083AE508ECD909C4D1B26832761F
                                                                                                                                                                                                                                        SHA1:34DB0B9BF4F1949381C4397D03434DDEAF74BBF4
                                                                                                                                                                                                                                        SHA-256:E150DEEB702CC930402D7C5756E8DADF216F6FFFADD22E1C12C98E3DD5FFB92E
                                                                                                                                                                                                                                        SHA-512:B95970D7BAEBEC0BF538248960157D22D31CB0E912ADC11ADE890D9C45B923825FBC39FD8AE0D20AF27956D4B80D0FF94013B7438D94902C46EB60FECED7E698
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var preprocessors_fileVersion = "1.2.181"; ..function CreatePreprocessors(){var a={noop:function(b){return b},splitByComma:function(b){return b.split(",")},joinWithComma:function(b){return b.join(",")},sum:function(b){var d;for(var c in b){d=b[c]}return d},toInt:function(c){if(typeof(c)=="object"){for(var b in c){logConsole("toInt value="+c[b]+" parseInt:"+parseInt(c[b]));c[b]=parseInt(c[b])}return c}return parseInt(c)},toString:function(c){if(typeof(c)=="object"){for(var b in c){c[b]=c[b].toString()}return c}return c.toString()},toUpper:function(b){return b.toUpperCase()},apply:function(c,d){logConsole("rules type="+typeof(d)+" rule= "+d+" value="+c+" typeof(value)="+typeof(c));if(!d){return c}if(typeof(d)=="object"){for(var b in d){c=this.apply(c,d[b])}return c}return this[d](c)}};return a}ModuleManager.registerFactory("preprocessors",CreatePreprocessors);..//D9AD4ACE1BC0124B3BA656E014A50EA9D4D2D3F7739C91C96AE198CE73126023D2809CEE59018A9C678F901DDE34D55D3F

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\profile.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2283
                                                                                                                                                                                                                                        Entropy (8bit):4.215493750927689
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:HV9y51drjiTX2/mIQft9y51drGhImxs9y51druhmmC:bf2/dGTYs62X
                                                                                                                                                                                                                                        MD5:EFEE1A73FA907F3D0A6AC06D624BDC49
                                                                                                                                                                                                                                        SHA1:563B2AB8FF69694D52F96F100A7BF53719621DD1
                                                                                                                                                                                                                                        SHA-256:3C29F581572B84D9D184785120E31D5A0344234E4BFBB44942E658C330DF7C9A
                                                                                                                                                                                                                                        SHA-512:9B5276A40F88231C01B974E49894C414511F15A9C2551613B7106E8259AC21947FD86DD660A4A9DBB746935B53B6B6A9B3381C3C6785241821582259A3BE7AC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "version": "1.2.181",.. "data": {.. "profile_webadvisor_mosaic_100p": {.. "transport": "eh",.. "dictionary": "dictionary_wa_mosaic",.. "datasets": [.. "default",.. "wa".. ],.. "maxDimensionLength": 500000,.. "appid": "7b3ed1a8-7907-436a-ac6c-640bfd5db80c",.. "transport_config": {.. "apiVersion": "2014-01",.. "servicebusNamespace": "cu1pehnswebadvisor1",.. "eventHubPath": "new_wa",.. "sharedAccessKey": "IU1g+5XrDoldu/krnr8GDbVL/jHXoqZrH9alKG29J8Q=",.. "sharedAccessName": "new_wasend".. },.. "throttleRule": {.. "meta": 100,.. "ruleName": "dailyMax".. },.. "throttleMultiplier": 64.. },.. "profile_webadvisor_mosaic_kongapi_100p_qa": {.. "transport": "mosaic_api_v2",.. "dictionary": "dic

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\registry.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2785), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2987
                                                                                                                                                                                                                                        Entropy (8bit):5.391913933403757
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:WNToenoesA9R/io8udVQN7wfagenv7sboA+FNvf4uCmnWoGbA/WoGb5u4U7li2cC:yBVsuvsnvYc/UiWAWBun7hn
                                                                                                                                                                                                                                        MD5:5372B326CA29EC2DE36EF8F109502301
                                                                                                                                                                                                                                        SHA1:C3EEB4C2B4FAC9C4994248CF3D7F95D500C51F88
                                                                                                                                                                                                                                        SHA-256:03593C81230E51745836B2BCF35B3D908FC5B17841BF245B4D87ECAB67BFF653
                                                                                                                                                                                                                                        SHA-512:5FDC6490CAAA5A8461793870407D3A6E96271F552B5006C7AC8C8B8CC82B32B49FBF6391A8BFD98AC0C9B4E53B609366BF2E9543E2E733171F2CF600C06B18FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var registry_fileVersion = "1.2.181"; ..function CreateRegistryHelper(){var a={openKey:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode");return this._getPlugin().CreateReg(c)}logDebug("open registry in read mode");return this._getPlugin().OpenReg(c)},openKey64:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode (x64)");return this._getPlugin().CreateReg64(c)}logDebug("open registry in read mode (x64)");return this._getPlugin().OpenReg64(c)},queryValue:function(c,b){var g=false;try{if(typeof b==="boolean"){g=b}var f=this._getPlugin().QueryValue(c,g);return f}catch(d){logInformation("Failed to query "+(g?"obfuscated ":"")+"registry key '"+c+"': exception is '"+d.message+"'")}return null},setValue:function(d,f,b){var h=false;try{if(typeof b==="boolean"){h=b}var c=this._getPlugin().SetValue(d,f,h);if(!c){logDebug("registry.setvalue failed ("+d+", "+f+")")}return c}catch(g){logInfor

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rest_transport.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (6423), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6631
                                                                                                                                                                                                                                        Entropy (8bit):5.301476595849207
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:E8sCKa1ZC0CG20+M9wBFmGO1zadW9NvEPzs5C7c8a5dcQbefnLpNxSf:8B9Pzpqf
                                                                                                                                                                                                                                        MD5:1AC8A0EC5A66AD08CC9DF81972F571AD
                                                                                                                                                                                                                                        SHA1:0B27C814B04BCC1C45F442A3D5B0305A38885555
                                                                                                                                                                                                                                        SHA-256:AD9BE63E53A1885949B3EBD506C1C911539BE31584ACDFDC081FB022B55A645A
                                                                                                                                                                                                                                        SHA-512:9F200BAA040AD089D3DD4A965C39A71A3E594395EF087DA25D7BB96730DFE19CBC9DA582C696D048607C04DCF68DA295402953A64C6A908B3772E9CA72A91C3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var rest_transport_fileVersion = "1.2.181"; ..function RESTtransportPlugin(){this._plugin=null;this._requestHeaders={};this._url=null;this.RESTClientAvailable=false}RESTtransportPlugin.prototype=ModuleManager.create("transport_template");RESTtransportPlugin.prototype.constructor=RESTtransportPlugin;RESTtransportPlugin.prototype.GetVersion=function(){try{if(!this._plugin){return null}return this._plugin.GetVersion()}catch(a){}};RESTtransportPlugin.prototype._createRESTclientPlugin=function(){try{this._plugin=getPluginFactory().Create("RESTclient");if(!this._plugin){logError("RESTtransportPlugin:: Could not create RESTclient plugin");return false}return true}catch(a){logError("RESTtransportPlugin:: Failed to initialize the plugin for '"+name+"': exception is '"+a.message+"'");return false}};RESTtransportPlugin.prototype._setup=function(){try{this._url=this._config.url;if(!this._url){logError("Invalid (unspecified) URL for '"+this._name+"', version "+this.versi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rules.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3246), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3445
                                                                                                                                                                                                                                        Entropy (8bit):5.352977551180376
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:IM0Vnh1PJzvkXv3i/kYrAH6aEPhZf3a4BdaFBLYFpGbaaPYFpGbMmUpXjJbO8iR0:Xfpkq4qFypHrVdiSN5bYQhavJ+N
                                                                                                                                                                                                                                        MD5:6D3E819131969A13A1CB711251D35B84
                                                                                                                                                                                                                                        SHA1:800E3D54CED7EDC9E4DA86C5EDDFF916A67C8D44
                                                                                                                                                                                                                                        SHA-256:0C65B236AEF00DA1CB864D02C60F5DA6D071ACD977A836EBECFFC8FF1D0FB0D7
                                                                                                                                                                                                                                        SHA-512:5D97D85E70B9805907790AA8074D6D43A928CA9E4705717B0D515D873F9B33623FAEDE59F61BF4BFFF3EFC697C1C47514BD193F354BE80CCF82CFBF79E89D777
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var rules_fileVersion = "1.2.181"; ..function CreateRules(){LoadScript("sha256.js");var a={notNull:function(b,c){return(b!=null)},inRange:function(b,c){return(b>=c.min)&&(b<=c.max)},equal:function(b,c){return(b==String(c))},greater:function(b,c){return(b>c)},greaterEqual:function(b,c){return(b>=c)},less:function(b,c){return(b<c)},lessEqual:function(b,c){return(b<=c)},notEqual:function(b,c){return(b!=String(c))},startsWith:function(b,c){return !b.indexOf(c)},endsWith:function(b,c){return b.indexOf(c,b.length-c.length)!==-1},contains:function(b,c){return b.indexOf(c)!==-1},regex:function(c,f){try{var b=new RegExp(f);if(f.expr&&f.flags){b=new RegExp(f.expr,f.flags)}return b.test(c)}catch(d){logWarning("rules.regex exception: "+d.message);return false}},timestamp:function(b,c){if(!b){return false}return(new Date(b)).toISOStringms()==b},"in":function(c,d){for(var b in d){if(c==String(d[b])){return true}}return false},isType:function(b,c){return(typeof b===c)},isE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\sha256.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (709), with CRLF, LF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):37442
                                                                                                                                                                                                                                        Entropy (8bit):5.182556715531017
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aNLZ52t2LQdhrnY09gCZHAtV9EhhfVroWqAv:av5KUQ809gwHAlybqAv
                                                                                                                                                                                                                                        MD5:1F991FEE209172D247C3BE87A794819F
                                                                                                                                                                                                                                        SHA1:52974B066FB6AF6802A3C3A225710FE6C0B78260
                                                                                                                                                                                                                                        SHA-256:FC0F46A6495B9DB6789CAD245272125AE1D21D9A1AC823F663FA5D4D8DED39FC
                                                                                                                                                                                                                                        SHA-512:E5373D7BDD0D5C9697941ECD9ADD2752971ABE32A45519068A2B93B97A76578599854A71F6C5907025BF7E9FC8432EE55F81187421601DD3ECD3DC654C9BCF7F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var sha256_fileVersion = "1.2.181"; ../*.Copyright (c) 2008-2017, Brian Turek.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. * Neither the name of the the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from this. software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTABI

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\subdb.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (663), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):862
                                                                                                                                                                                                                                        Entropy (8bit):5.488970807055558
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ZmeV5IOd09ODopDwLgmjNnbi1W7xzBtxR:hV5iOD+ss4Nbi1yxR
                                                                                                                                                                                                                                        MD5:B4D8A83F38DDDE9224AD7DC9939DFEBF
                                                                                                                                                                                                                                        SHA1:7FD27259867AF6DD887FFBF576E50A7DD10D19F7
                                                                                                                                                                                                                                        SHA-256:8A92A070A6980C4D1D7DA6770430FD9F489AF3E633900C3160289310CDB137C8
                                                                                                                                                                                                                                        SHA-512:EBD0F64906866BC24BFEC78EC4BF83AA9FF83C239F709F2DDA5AEEF3B681CDB7F974CA533E9077530EF8475DA072A8AFE6ABB63D79220CB2684C6693201A4B2A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var subdb_fileVersion = "1.2.181"; ..function CreateSubDbHelper(){var a={_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("subdb")}return this._plugin},_plugin:null,fetchFromDataDefinition:function(c){try{if(!c){logError("subdb:fetchFromDataDefinition: No dataDefinition supplied");return null}if(c.action==="canIRun"){return this._getPlugin().CanIRun(c.appid)}if(c.action==="GetProperty"){return this._getPlugin().GetProperty(c.appid,c.name)}logError("Unknown action name ("+c.action+")")}catch(b){logError("subdb:fetchFromDataDefinition: "+b.message+". dataDefinition"+JSON.stringify(c))}return null}};return a}ModuleManager.registerFactory("subdb",CreateSubDbHelper);..//96CD01F745528C105AEB51D4C1105E4FE241D7862766FF34045AF7A7EF36BC8D1A800404C1D9F2A3E989A6E8CFB15075436E6E4039508BE969B04D52F4780971++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transmitter_template.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3717), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3931
                                                                                                                                                                                                                                        Entropy (8bit):5.351870644238223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:BDeOIhVr9zrhSLCxNBpyX0irau/9lRCHfYMSd/:QOIBzrhscB80irj/9lwH+p
                                                                                                                                                                                                                                        MD5:4DE18F19E9FBDE4AB4792E99DD2C29E6
                                                                                                                                                                                                                                        SHA1:34954800F967063C688604ECE3B8FF166B07B9E3
                                                                                                                                                                                                                                        SHA-256:EAC9EA44BF0ADEE80A41D183D140D090271BBF7102A88ABED38A3F1E694C0E9A
                                                                                                                                                                                                                                        SHA-512:C8FCFC7DD9C8AD40AFBC951B4E92CBEB3186FC122FAF905F89873C4A5C96C8A25B971F0CACD6DFA30F34AD9952C3914B76342CA107B91088534C4FE948CDF8E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transmitter_template_fileVersion = "1.2.181"; ..function EventTransmitterTemplate(){}EventTransmitterTemplate.prototype={addDataSetNames:function(c,d,b){var a=[];if(d.dataSetNames){a=a.concat(d.dataSetNames)}if(b){a=a.concat(b)}a=dataManipulator.arrayRemoveDuplicates(a);logDebug("emitter ProfileName: "+d.profileName+". allDataSetNames: "+JSON.stringify(a));this._mergeDataSets(c,a)},_isEventThrottled:function(b){var c=ModuleManager.getSingleton("config_manager");var a=c.getThrottleRule(b);return this._applyThrottle(b,a)},_isProfileThrottled:function(b,d){var c=ModuleManager.getSingleton("config_manager");var e=c.getPriority(b);if(e!="critical"){var a=this._getProfile(d).throttleRule;return this._applyThrottle(d,a)}return false},_applyThrottle:function(a,c){try{if(!c){return false}var d=ModuleManager.getSingleton("rules");return d.evaluate(a,c)}catch(b){logError("_applyThrottle: "+b.message)}return false},_applyAttributeRules:function(p,o,a){try{var h=Modu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7089), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7292
                                                                                                                                                                                                                                        Entropy (8bit):5.239821014895397
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:BNppM62N2XDFDHmoHKvxOjrfFQdRn2ESa/ecRWUIWqdGE1SbGvk/Y:BNppT2N2XDFiRvxOjDFQdJ2ESa/ecRWt
                                                                                                                                                                                                                                        MD5:2CBEA70DF849FC997D34AC5696C8F91F
                                                                                                                                                                                                                                        SHA1:20E9B5CE417B20DCAA3531C7041260362B4A5A6D
                                                                                                                                                                                                                                        SHA-256:6CDC2626E4528A09BD088B29B2772EE28B8FEDC71D2A9E5AB688C17EFBBFBF5B
                                                                                                                                                                                                                                        SHA-512:7585A644CD7CF82B947A7C89EF87A7F522041380534A6CD3953BF0D7DE83CB49C7A8D8C7EB556045500B5A7642101CB25ABA26459EE601A1C65AC01E57D3A41D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_fileVersion = "1.2.181"; ..function CreateAnalyticsTransport(){function a(){this.retrieveStoredQueue()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.transmit=function(m,s,t,c){logDebug("analyticstransport.transmit message="+JSON.stringify(s)+", profileNames="+JSON.stringify(t)+", datasetNames="+JSON.stringify(c));if(this._isEventThrottled(m)){logDebug("Event "+m+" was event-level throttled");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{eventThrottled:m+" is event throttled"}}));return}for(var l in t){try{var o=t[l];if(this._isProfileThrottled(m,o)){logDebug("Event "+m+" was profile-level throttled by '"+o+"'");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{profileThrottled:m+" is profile throttled for "+o}}));continue}if(engine.isStopRequestReceived()){logWarning("transmitter.prototype.transmit: Stop request received, so stopping all data transmissions..");return}var

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ai.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2458), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2664
                                                                                                                                                                                                                                        Entropy (8bit):5.49417849126966
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:FtzciWIdy2hgcmGY2rVTOd6oNoP5vCuKKiWXUlK7Ytalh:/A2hqGY2rhOELKM1lh
                                                                                                                                                                                                                                        MD5:35B2B558D1017AF1D35BC86E2E87DC46
                                                                                                                                                                                                                                        SHA1:8C720ABC3163B1701D77518F83BAE046A02459B6
                                                                                                                                                                                                                                        SHA-256:206B340C24FADD062B525EBDBE788ECE76932C0C441B27BACB5F61DFD7B7B9E8
                                                                                                                                                                                                                                        SHA-512:FEEAF734F7ECF4DEDF5016D35417F0EE9F4550FDE9038EAF05102CC208E7AE900C6BF0B6929E503C605D27421687753A1DEF283B2F7B7C621BD716C75BE7B213
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_ai_fileVersion = "1.2.181"; ..function CreateApplicationInsightsTransport(){function b(h){try{var j=/\d{4}-[01]\d-[0-3]\d\T[0-2]\d:[0-5]\d:[0-5]\dZ/;if(j.exec(h)){return h}var i=/\d{4}-[01]\d-[0-3]\d\ [0-2]\d:[0-5]\d:[0-5]\dZ/;if(!i.exec(h)){return null}var l=h.split(" ").join("T");return l}catch(k){logError("getValidIso: Exception caught: "+k.message)}return null}function c(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"EventData";case"screen":return"PageViewData"}return null}function f(i){var h={};try{for(var j in i){if(isNaN(i[j])){logWarning("getNumberValues: ignoring value at key: "+j+". With value: "+i[j])}else{try{h[j]=Number(i[j])}catch(k){logError("getNumberValues: Exception caught at key: "+j+". Exception: "+k.message)}}}}catch(k){logError("getNumberValues: Exception caught: "+k.message)}return h}function e(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"Event";case"screen":return"PageView"}return nu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_api_endpoint.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3250), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3466
                                                                                                                                                                                                                                        Entropy (8bit):5.33120514305712
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:xLi5lyUHvoZQLbMF1YfEj05DK+wlVE15DkAPAkE:xLi5ZwibMF1YfY05DK+wkzDkAPA7
                                                                                                                                                                                                                                        MD5:625E5E7CC99E67C103A5BE1EA34EF5BA
                                                                                                                                                                                                                                        SHA1:C1B69DA64A1D568631A6A267CB182B9A5616159C
                                                                                                                                                                                                                                        SHA-256:E8A14CCBE0D37AA4BEB602D2742437F452022D15175F73A208266E151AA705C7
                                                                                                                                                                                                                                        SHA-512:0CA483AC74528F2CB3B66CB88353818C24FFF77262BC615CE176B501CD00C11358B6E4790419FFF0B0CB2032042E2A336F430AC949362B915B2DD7F8F6B3D2A8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_api_endpoint_fileVersion = "1.2.181"; ..function CreateAPIEndpointTransport(){function a(){this._url="";this._verb="PUT"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._url=this._config.url;if(!this._url){logError("APIEndpointTransport:: Initialize failed url not provided");return false}if(this._config.headers){var d=this._config.headers;for(var b in d){this._AddRequestHeader(b,d[b])}}if(this._config.verb){this._verb=this._config.verb}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()!="1")&&(this.GetVersion()!="2")){this._usingRESTclientPlugin=true;logInformation("Calling parent class to setup using the restful plugin");this._plugin.SetHttpMode(this._verb);var c=getSystemPlugin();this._plugin.SetAgentName("McAfee Mosaic API V1 transmitter_"+c.CreateGUID());this._plugin.Connect(this._url)}else{this._plugin=null}return true};a.prototype._sendUsingRestClient=fun

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_aws_apigateway_v1.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4753), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4974
                                                                                                                                                                                                                                        Entropy (8bit):5.404388594792175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:8K44u2URXvoZjLFlE5WB1AwfitMQxHcdp:8K4LdwFFl2NwfitrxHcdp
                                                                                                                                                                                                                                        MD5:45A21281AA742D748DC7B91289FF2BEA
                                                                                                                                                                                                                                        SHA1:F36EBB2231B75087D814DD8EB5871E43FFDEA1B4
                                                                                                                                                                                                                                        SHA-256:3D92EE4BBFC16C0B57562A437CD4FC2D531AEB3D1F7A76332399C0E1AFC5C5E5
                                                                                                                                                                                                                                        SHA-512:AEBF728F5BA92A7D8BEC477D38DD0CDB7152860EB26E3573A0D6407135EA444B24C3EC16D6D8FAF5F7394FF7BB1202390BE81151A56D0080DEC43378127912A7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_aws_apigateway_v1_fileVersion = "1.2.181"; ..function CreateAWSAPIGatewayV1Transport(){function b(){this._apikey=null;this._partitionKey=null;this._url="https://{dns}.awscommon.mcafee.com/1.0/{gateway}/v1/record"}b.prototype=ModuleManager.create("rest_transport");b.prototype.constructor=b;b.prototype._setup=function(){this._apikey=this._config.apikey;if(!this._apikey){logError("AWS_APIGateway_V1_Transport:: Initialize failed API key not provided");return false}var c=this._config.dns;if(!c){logError("AWS_APIGateway_V1_Transport:: Initialize failed DNS not provided");return false}var e=this._config.gateway;if(!e){logError("AWS_APIGateway_V1_Transport:: Initialize failed Gateway not provided");return false}this._updateURL("{dns}",c);this._updateURL("{gateway}",e);this._partitionKey=engine.getContextId();if(!this._partitionKey){this._partitionKey=generateAlphaNumericString(256)}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_da.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2581), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2787
                                                                                                                                                                                                                                        Entropy (8bit):5.390816850510691
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:F+RC4cETZD7ThSwsnoK2NkNCalAVKp9oH259ln2W8HsFAS0+NN70JxAesVuCdL0L:DUvhSwODAAce2OpNS+VfBs/P
                                                                                                                                                                                                                                        MD5:F1AE9AC1E6679143679FF45893E7BB4D
                                                                                                                                                                                                                                        SHA1:EFD1513AFCE156E20EA05E662C0B9F3783078CF8
                                                                                                                                                                                                                                        SHA-256:6538E69A2E76417848617108D1D64D0B5EADA2B717C8F8B12A6C07C470A81629
                                                                                                                                                                                                                                        SHA-512:A5932E41D2CCC7A4EC292C6086867C2089539E375186426E18E1AEC2B7F68592E13588633B329D4D5B4F673A25FCD64D67407F1BDE2F4C7C578CCF36DC71090D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_da_fileVersion = "1.2.181"; ..function CreateDATransport(){var a={Send:function(c){try{var b=this._getMsgBusPlugin();if(!b){logError("[DA Transport] Current MsgBus Plugin does not support request/response.");return false}if(!b.IsAvailable()){logWarning("[DA Transport] Message Bus could not be loaded; subscriptions will not be active");return false}var g=ModuleManager.getSingleton("mappings");c=g.daMap(JSON.parse(c));var d=this._ComposePayload(c);if(null==d){return false}b.Publish("Data_Aggregator.Add_Data",d);logDebug("[DA Transport] Emit outbound data: "+d);return true}catch(f){logError("[DA Transport] Exception thrown when sending da event: "+f.message);return false}},_ComposePayload:function(c){try{var b={};var f={};var h={};c["__record.created"]=this._convertToLocalDate(new Date()).toISOString();c["__record.created"]=c["__record.created"].split("T").join(" ");for(var d in c){if(this._indexOf(this._metricList,d)!==-1){f[d]=c[d]}if(this._inde

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_eng_observability.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3274), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3495
                                                                                                                                                                                                                                        Entropy (8bit):5.2002350269366575
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:0fXKiK/bXDX8cX0XkXRXUXL1XUXSwXUXNXWXBoX1b6iYikiXxxiEiQX4iw2XK/nX:0fXK9/bXDX8cX0XkXRXUXL1XUX5XUXNq
                                                                                                                                                                                                                                        MD5:7A0861869FDBA66520911DC0EA0A9D99
                                                                                                                                                                                                                                        SHA1:5519A55F5EF099361C362ECAD231EB52CA31B204
                                                                                                                                                                                                                                        SHA-256:4DE1D0E6BDA27F5510B60B4A877DECD64DE08D52AADC1329C71B1CF838BB2CD9
                                                                                                                                                                                                                                        SHA-512:8224D939F4D49A47F5D7ED1724AAD45F1168BB8DA59187024BB5CEF4D58AA1F8457283AF1694F013EE19CCD7239011DFA2ED2021AA629E49A9858F762CC4F797
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_eng_observability_fileVersion = "1.2.181"; ..function ObservabilityTransport(){this._transport_api_endpoint_emitter=null;this._url="https://pl8qcwep6c.execute-api.us-west-2.amazonaws.com/prod_v1/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this.logInfo("New ObservabilityTransport Created")}ObservabilityTransport.prototype=ModuleManager.create("transport_template");ObservabilityTransport.prototype.constructor=ObservabilityTransport;ObservabilityTransport.prototype.logInfo=function(a){logInformation("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logError=function(a){logError("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logWarning=function(a){logWarning("ObservabilityTransport: "+a)};ObservabilityTransport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};ObservabilityTransport.prototype.GetVersion=function(){try{return engine.getContentVersion()}ca

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_event_hub.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7985), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8198
                                                                                                                                                                                                                                        Entropy (8bit):5.26365769145665
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:iiONyk/DC0+p55U7voKLgIEpfEdvQKf3Jmn/i/6/lWqu/K/z1gdnxmVMdqAQ7FG3:iivk7uYwGOZIWEcQ5s0nx23VIHkZK
                                                                                                                                                                                                                                        MD5:71689F9093BBFD5637CEFDCBE8756B73
                                                                                                                                                                                                                                        SHA1:7EB5652426259B7773D72CC15C581C02D195D770
                                                                                                                                                                                                                                        SHA-256:FC23D9D2806D5D4195F13AE1C557063052749FBA3396B050698B1A02934E3889
                                                                                                                                                                                                                                        SHA-512:B6313EBDBBE654F8B26BA0ACA5E0500F664422031A990948FF2C208BD59F71DFF4757ECE8C3110AEAE6D9A78997AFA53D090F18AD0E198989E4FEA52242F2404
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_event_hub_fileVersion = "1.2.181"; ..function CreateEventHubTransport(){LoadScript("sha256.js");function a(){this._apiVersion=null;this._servicebusNamespace=null;this._eventHubPath=null;this._sharedAccessKey=null;this._sharedAccessName=null;this._sharedAccessToken=null;this._tokenCreationTime=null;this._timeout=60;this._url="https://{servicebusNamespace}.servicebus.windows.net/{eventHubPath}/messages?timeout={timeout}&api-version={apiVersion}"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._apiVersion=this._config.apiVersion;if(!this._apiVersion){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _apiVersion");return false}this._servicebusNamespace=this._config.servicebusNamespace;if(!this._servicebusNamespace){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _servicebusNamespace");return false}this._eventHubPath=this._config.eventHubPath;if(!this._ev

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ga.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2200), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2406
                                                                                                                                                                                                                                        Entropy (8bit):5.4783531591773516
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:F7oavQfNfXcBBCE+yR60SO4k2WMWsH6du4jTk7tRIa:1MXcgE+yWOd2WRsH6ZkRRIa
                                                                                                                                                                                                                                        MD5:28C9BF3F57D8F2ECC7E964A74D6A2052
                                                                                                                                                                                                                                        SHA1:6E090268DEC59BC88B1C55D69630C21784B0DCFB
                                                                                                                                                                                                                                        SHA-256:BC8C873188388C0D3BD49D78EB6EB841E5A35FCCA8085131E5B5BBC612FD99B2
                                                                                                                                                                                                                                        SHA-512:08CFBDD3F118287402394E0AC783FA07EE1D8CAA04A3E1A92A22AFECD7F97358BF925254FC67654D775421599D25EF2E050FF257FD8D05F65D0E6980DB1AEA23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_ga_fileVersion = "1.2.181"; ..function CreateGATransport(){function a(){}a.prototype=ModuleManager.create("rest_transport");a.prototype.Send=function(c){try{var i=this._ComposePayload(c);if(null==i){return false}var f=this.RESTClientAvailable?this._sendUsingRESTClient(i):this._sendUsingXMLHTTP(i);var d=JSON.parse(c);var h=d.hit_event_id;this._transportLog(h,i,f,this.GetName()+(this.RESTClientAvailable?"_rest":"_xmlhttp"));return f}catch(g){logError("GA_REST_Transport:Send: "+g.message);return false}};a.prototype._sendUsingXMLHTTP=function(f){try{var c=ModuleManager.create("xmlHttpComObj");if(!c.setup()){logError("GA_REST_Transport::_sendUsingXmlHttp: couldnt create a xmlhttpcom");return null}logInformation("GA_REST_Transport::_sendUsingXmlHttp: Using "+c.getSelectedObjName());c.open("POST",this._url,false);c.send(f);var g=c.getResponseHeader("Content-Type");logInformation("contentTypeResp:"+g);return g.match("image/gif")?true:false}catch(d){log

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_mosaic_api_v2.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3901), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4118
                                                                                                                                                                                                                                        Entropy (8bit):5.22879538644478
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:VitbQ5N+gtjbB6iYikiXxxiEiJiwWBibLVMUib2:V8bQ5IgyVikC3DAHWBELVMh2
                                                                                                                                                                                                                                        MD5:D63F0BFD3BE7FF03BC23C6F1E6FD777E
                                                                                                                                                                                                                                        SHA1:735606E253DA3E549F7BCBD9275450A52C1A0CE7
                                                                                                                                                                                                                                        SHA-256:D25EA0281876A50FA966850A274AAD05F5FCBC22D79B5714B44BF94722F8D209
                                                                                                                                                                                                                                        SHA-512:F5658418EEBD4C1123C467C085AC486DA1ED628A614E9CFD3CC6BA3A3B0282BB957D8D8156D315A755F73D7461F75AEA63D0BC25255B826532333152196ED177
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_mosaic_api_v2_fileVersion = "1.2.181"; ..function Mosaic_API_V2_Transport(){this._transport_api_endpoint_emitter=null;this._url="apis.mcafee.com/mosaic/2.0/{service}/{consumer}/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this._service=null;this._consumer=null;this._environment=null;this.logInfo("New Mosaic_API_V2_Transport Created")}Mosaic_API_V2_Transport.prototype=ModuleManager.create("transport_template");Mosaic_API_V2_Transport.prototype.constructor=Mosaic_API_V2_Transport;Mosaic_API_V2_Transport.prototype.logInfo=function(a){logInformation("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logError=function(a){logError("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logWarning=function(a){logWarning("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};Mosaic_API_V2_Transport.prototype.GetVer

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_msgbus.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3000), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3210
                                                                                                                                                                                                                                        Entropy (8bit):5.246215650373015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:FM7AiguxG0OAO/YxsMY7/KK3q/JepiZOViXNlJdZJz7MfQ:eANwGPAhxeP6xGSjddPzGQ
                                                                                                                                                                                                                                        MD5:C017DD12FC87C05EE29B726A7653175D
                                                                                                                                                                                                                                        SHA1:555A26686F8DB7BFAB4DC42CD111AC03B0D36941
                                                                                                                                                                                                                                        SHA-256:41B1255A103DBB02CF0D076A438CD439E140E3EEBF09F1D572A61152EFF64C6A
                                                                                                                                                                                                                                        SHA-512:27EB4D06EA211BF394CA205652B4881567A145788588137A4EC69FF9CF42A39C3D3770F325168F2633BEF27460764280755080CAA6039D5F9E043D82DEFDEFF9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_msgbus_fileVersion = "1.2.181"; ..function MsgBusTransport(){this._msgbus=null;this._msgName=null;this._processorName=null;this._processorConfig=null;this._processors=(function(a){a.logInfo("Creating processors");return{noop:function(c,b){a.logInfo("noop: Returning eventDataObj unmodified");return c},simpleMsgComposer:function(c,b){a.logInfo("simpleMsgComposer: Creating new message");var f={};for(var d in b){if(b.hasOwnProperty(d)){var e=b[d];if(e.startsWith("$")){e=c[e.substring(1)]}a.logInfo("simpleMsgComposer: Adding new key-vaule to message: "+d+" = "+e);f[d]=e}}return f},passthroughComposer:function(c,b){a.logInfo("datasetComposer: Creating new message");var f={};var e=b.filteredKeys;if(!e){e=[]}for(var d in c){if(e.indexOf(d)>=0){continue}f[d]=c[d]}return f}}})(this);this.logInfo("New MsgBusTransport Created")}MsgBusTransport.prototype=ModuleManager.create("transport_template");MsgBusTransport.prototype.constructor=MsgBusTransport;MsgBusT

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_template.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1249), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1461
                                                                                                                                                                                                                                        Entropy (8bit):5.343806426879196
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:F/8em3IGAIOt/m/HYu2eRejjysUutC9zf/98L4oIiAIu7LQ/Ho7/cmCGrXbt:F/pm3FAd/m/Hz2xLcT/696Dx7/pTt
                                                                                                                                                                                                                                        MD5:D6A5D0AE93A15F9B8B6729F56E2E71F2
                                                                                                                                                                                                                                        SHA1:4E85902BAD76183187932178F30A55BC52D0A24E
                                                                                                                                                                                                                                        SHA-256:914AFE8016FFFAC8EF01ADC2E6C79B165D008F9673B6A86723F6F1B540AC4367
                                                                                                                                                                                                                                        SHA-512:7B199633AD26E1DB7491AD6D935954491281EE807486DDAD59CBBC5E3CCD16BE476DCA998B96507D7F1655067D6ACB405EBC73E77B8A05F2850D1D81B7F46C80
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var transport_template_fileVersion = "1.2.181"; ..function TransportPlugin_Template(){}if(typeof TransportPlugin_Template.prototype.GetName!=="function"){TransportPlugin_Template.prototype={GetName:function(){return this._name},GetVersion:function(){if(transport_template_fileVersion){return transport_template_fileVersion}return"0.0.0"},Initialize:function(b,d,a){try{if(!a||!b||!d){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b+".Dictionary: "+d);return false}this._dictionary=JSON.parse(d);this._config=JSON.parse(a);this._name=b;if(!this._config||!this._name){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b);return false}return this._setup()}catch(c){logError("TransportPlugin_Template::Initialize Exception caught with message: "+c.message)}},Send:function(a){logError("TransportPlugin_Template::Send: Did not overwrite function. Send will return false");return false},Uninitializ

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\uwp_storage.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (474), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):679
                                                                                                                                                                                                                                        Entropy (8bit):5.516887468680435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:UFdD47iGreq8C5qlHz0TTqB7kh8hqzfAImT0mgqmOYBeFePR2BhjL7jB6xXVWG:wd4iGf88qlHQ/qIUIqqq9u8ePYBVL7Yn
                                                                                                                                                                                                                                        MD5:941EDCDE45631326D5E531071BD587F8
                                                                                                                                                                                                                                        SHA1:E8A6BF6C4AEF3B9B48A4817D00729C692905FFDA
                                                                                                                                                                                                                                        SHA-256:B59E9800B6BF046D4710B043D2DFA3A2EAE60DB16035FE060E8AAA39D2FFB968
                                                                                                                                                                                                                                        SHA-512:9348929E433E54ECB6BBAE66822D7E62260FE43A9184701B6284854DD8796510AAA827656DFCEABC0A659EC102F012D562ECE1B864E202AFFAACEEFD06410B36
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var uwp_storage_fileVersion = "1.2.181"; ..var createUWPStorage=function(){var a={_content:{},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{if(!this._content){return null}return this._content[b]}catch(c){logError("uwp_storage:get: key("+b+"): "+c.message)}},getContent:function(){return this._content}};return a};ModuleManager.registerFactory("uwp_storage",createUWPStorage);..//7F09D5AE16C182D7FF3F1E073E5B279E9911F704AD072F91B0844161FFA3C8DF9CAF5B6AB7F7B5BCE977EE87FFD7635BA71F1E1ABDEBCC2D1F6EE8F5838303A0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wa_settingsdb.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (814), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1021
                                                                                                                                                                                                                                        Entropy (8bit):5.402512092698406
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ybeFOX49BAsnzOURzngpy3WAsngFPSIO90doQUkQ0W88nTuNa3f:yqFOSAZA3WAzSixdW8UP
                                                                                                                                                                                                                                        MD5:6156BD039B5C6E4586C55CB1CAB5EBD8
                                                                                                                                                                                                                                        SHA1:D42978FFB0EE883E7AA76D6DF97C141CF9B4A9B3
                                                                                                                                                                                                                                        SHA-256:503BC36485E16E7CD8F2D9275FC85F5B4F9E5AD1FAACC47C582E8E9749225C90
                                                                                                                                                                                                                                        SHA-512:5F296644766BADD21B560F379010D620CB69B6D05C1505A29F0A6128D74659B7C49A5C4AF76CBC72935146C9044D28EE4B77CF15CF1BBE4D8D2F5D845C230FF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var wa_settingsdb_fileVersion = "1.2.181"; ..function CreateWASettingsDBHelper(){var a={getSetting:function(b,c,f){try{logDebug("getting WA setting: "+b);return this._getPlugin().GetSetting(b,c,f)}catch(d){logError("wa_settingsdb:getSetting: "+d.message+"setting("+b+")")}},fetchFromDataDefinition:function(g){try{if(!g){logError("wa_settingsdb:fetchFromDataDefinition Invalid data definition");return null}var b=g.name;var c=g.scope;var f=g["default"];return a.getSetting(b,c,f)}catch(d){logError("wa_settingsdb:fetchFromDataDefinition: "+d.message+"datadefinition("+JSON.stringify(g)+")")}return null},_getPlugin:function(){if(!this._waSettingsDBPlugin){this._waSettingsDBPlugin=getPluginFactory().Create("SettingsDB")}return this._waSettingsDBPlugin},_settingsDBPlugin:null};return a}ModuleManager.registerFactory("wa_settingsdb",CreateWASettingsDBHelper);..//AAD7C08342037B6720236970C005DB688706719B9A602224AF698FD933418A35A3D9570D5425B316160F603D82ED63DB9D0D364373576

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wmi.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7401), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7598
                                                                                                                                                                                                                                        Entropy (8bit):5.384581923070925
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:tt40Xb6wcFz1g8o3IE/ADvEWgj0xOsdmMcJS+c04IqIz65vSzCTJK:tt48brys3IE4D8WqM0S+c04wzlzCU
                                                                                                                                                                                                                                        MD5:91389CF32E9E19302DA3193FC5404113
                                                                                                                                                                                                                                        SHA1:FFA68C0465867F251C5CBDB810B3A303053A7ED7
                                                                                                                                                                                                                                        SHA-256:E9FF5DF0FD463B176922EF72F194A89761453643306DC3133A728153CB27B975
                                                                                                                                                                                                                                        SHA-512:85E7304662B5A5787C1EFA37E444E56B298AC30CEC90AD3EBFB996F90B6EC87AC2980A620E37C373D03538343E2471A8590AFDFE84AADB308E8A5CB669796AF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! $FileVersion=1.2.181 */ var wmi_fileVersion = "1.2.181"; ..function CreateWMIManger(){var a={_createAttribute:function(f,c){var g={_data:[],get:function(l,j){try{return l(this._data,j)}catch(k){return null}}};try{f.reset();var d=f.next();while(d){var h=d.get(c);g._data.push(h);d=f.next()}}catch(i){logDebug("failed to populate attribute object")}return g},_getMockIterator:function(){var c={reset:function(){logWarning("mockIterator: Calling reset(). noop")},next:function(){logWarning("mockIterator: Calling next(). Returning `null`");return null}};return c},_unavailableServers:{},resetAvailableServers:function(){this._unavailableServers={}},_getServer:function(g){try{if(this._unavailableServers[g]==true){return null}if(!g){return null}var c=this.getPlugin();if(!c){return null}var f=c.connectServer(g);if(f){return f}}catch(d){logError("_getServer: "+d.message)}this._unavailableServers[g]==true;return null},_queryWMIServer:function(h,d){try{if(!d||!h){return null}var g=this._getServer(h

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, many, 61533 bytes, 44 files, at 0x44 +A "aviary_client.js" +A "common.js", flags 0x4, number 1, extra bytes 20 in head, 12 datablocks, 0x1503 compression
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):74645
                                                                                                                                                                                                                                        Entropy (8bit):7.972630575101076
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:+MF3SvcRw2k6cljK92dgcljMWGS+AvZeoav6wxKa:+MYv2w2EjdzljMHxAvZeo8N
                                                                                                                                                                                                                                        MD5:A7B0DABF4A52B6827C35DE1E05111BA6
                                                                                                                                                                                                                                        SHA1:21065F550492165D5290446E433E0F9CDEFAEECD
                                                                                                                                                                                                                                        SHA-256:B92F20569BCB06EB12A87D278592AF03F564281AD9803EB8EE748EED0C4AFBF2
                                                                                                                                                                                                                                        SHA-512:5C4996DF6335D5CF045F09D04CCF2382306AB4AB962DC2AB1889248DF00F1470A336724BF137986DF7BE60E6B5B2417D75E4270B18F3F87FB533A8C1C530ED3D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MSCF....].......D...........,...............]...83............................WW.A .aviary_client.js..6........WW.A .common.js.....R=....WW.A .config_manager.js.....lA....WW.A .csp_client.js.....oO....WW.A .dataset.js......l....WW.B .datasets_catalog.json.)....r....WW.A .dataset_da.js..6..E.....WW.A .data_collector.js..#........WW.B .data_items.json..'........WW.A .dictionary.json...........WW.A .emitter.js..-........WW.A .engine.js......J....WW.A .error_transmitter.js.....]U....WW.A .events.json.....6b....WW.A .event_handler.js.....:}....WW.A .hash128.js..........WW.A .json2.js.1........WW.A .logging.js.:.........WW.A .mappings.js.....2.....WW.A .mcutil.js.....".....WW.A .observation_analytics.js...........WW.A .operations.js...........WW.A .preprocessors.js.....'.....WW.A .profile.json...........WW.A .registry.js...........WW.A .rest_transport.js.u.........WW.A .rules.js.B.........WW.A .sha256.js.^...[.....WW.A .subdb.js.[.........WW.A .transmitter_template.js.|.........WW.A .trans

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):656
                                                                                                                                                                                                                                        Entropy (8bit):5.270979533065914
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6csNwI62Td/sSEw+gwG8k47nC6VY16oBzkykHQIJWvYtAkjQh:6clsh/qwzf8b7CwY16oBzkywW0vjQh
                                                                                                                                                                                                                                        MD5:0C5A014BADA2CDF491E5D25597AC3B45
                                                                                                                                                                                                                                        SHA1:E1EDF93DD8A7743286F73335E6BAD3DAE1D81DB5
                                                                                                                                                                                                                                        SHA-256:92FFDF2A2250CE3C4ECDC2C83A39F9AA42FC8326089112F9D3890BC21D5EFABA
                                                                                                                                                                                                                                        SHA-512:55826A082F91F5308FC3495B788AB3AA35A474D58CD3747AE4EA3FCDF008967B7B135D8236EADAF5AB0DD40D089AB3B02D48C64CDBAF5CBBEBE39F1FF35AB332
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........4...6.......-...B...-.......X...-.......G...A...X...-.......X...-...9.......X...-...9.......G...A...L..........init.setmetatableR.......6.......B.......X...U.......X...+...L...9...X...+...L...._base.getmetatable........%4.......X...6.......B.......X.......+...X...6.......B.......X...6.......B...H...<...F...R...=...=...4...3...=...=...3...=...6...........B...2...L....setmetatable..is_a.init..__call.__index._base.pairs.table.function.typeB.......6...9.......X...6...4...=...6...3...=...K.....class.core._G...//1043CC837754F0BE6E0812E3E5BD3C6402E812C55BA27EF7327A4D1A7635E88F644FFC0F4375894EEA6E351245757FBEBCC51C9D1EDB185CB6C39BBB5C23AA0D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10234
                                                                                                                                                                                                                                        Entropy (8bit):5.602878173938201
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jWXBkgh/3g7O7qaNfEyc80vDGwVd4Wog1DYEZpQ7+hC+Tf8IkZ0JUO:ckgBGO7q8RcTvf7xNZUq9
                                                                                                                                                                                                                                        MD5:3075C06E2DE277403C4FF91089FA89A3
                                                                                                                                                                                                                                        SHA1:E7A14AC133CF75B001D307EE00A30E767A773C1C
                                                                                                                                                                                                                                        SHA-256:287DF33A5E4C8753B802461CB94B79E486F34D2EE1337B5054AD896717265A32
                                                                                                                                                                                                                                        SHA-512:9F7B5F600F646A390243EF315A009AA419F3F597F8769369CAAB450B4D1EE4ED1D5C9FFA2BC163CC513E726F4624A69ED4F3DC5FFC9CF7C78F2EC1D5F4001DA3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..>.......-...'...B...9.......X.......K........getmetatable.debug........'...L....null........5)...)...)...-.......B...H.......X...-.......B.......X...........X.......X...-.......B.......X...).......X...-.......B.......X...+...L.......X...........F...R...).......X.......X...........X...+...L...+.......J..........number.n..........w-...8.......X...L...-.......)...)...B.......X...).......X...).......X...).......X...)...............).......X.......X.>.).......X...).......X...).......X........... .......X.0.).......X...).......X...).......X...).......X........... ........... .......X...).......X...).......X...).......X...).......X...).......X........... ........... ........... .......X...'...L...*.......X...-...'.......D...X...*.......X.......-.......B...............-...'...........D...X...'...L...K............\u%.4x\u%.4x.\u%.4x.............................C.......-...........B.......X...-...............D...X...L...K...............A-.......'...-...B.......-.......'...B.......X.0.-.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\handlers.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2315
                                                                                                                                                                                                                                        Entropy (8bit):5.730040719174927
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:5JwHko/hrVeTYVJe7yAeeSiQRlVavdyJmlF6AjMj79o:UHkoucKOA7jQzRm36kw7K
                                                                                                                                                                                                                                        MD5:BA0744473708606B032AFE13F5092535
                                                                                                                                                                                                                                        SHA1:BBC4BB4DEACBEAA24F9BA05847FB00B43E918D6D
                                                                                                                                                                                                                                        SHA-256:BF3CDD88CB51670E22367794BC9AFA27036C1FACD1C6AB26F09BCF01D4AB0CCE
                                                                                                                                                                                                                                        SHA-512:AB1024465D30EF1E1CD1A2E1A15AD865A246B4FEE4DD894EF2B26D922DE864CB2B1ECACCE0C2CCACD26A30F4F9F92936830E3182E2F5C6E18FD38A0960CB9B90
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........]6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...9...8.......X...9...4...<...9...8...)...........X...U...8...9.......X...X.......X...5...=...=...8.......X...8...9.......X...6...9...........5...=...4...<...=...B...X...6...9...8...9.......B...K....handlers....order..handlers..insert.table.check_updater_flag.handler....handler..check_updater_flag..order._registry.handler must be a function.function handler id must be a string#handler order must be a number.number event type must be a string.string.type.assert.|.......6...6.......B.......X...+...X...+...'...B...9...+...<...K...._registry event type must be a string.string.type.assert........)6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...9...8.......X...K...9...8...)...........X...U...8...9...+...<.......X...K....handlers._registry handler id must be a string e

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2470
                                                                                                                                                                                                                                        Entropy (8bit):5.841164340330198
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:BmEl2PssOUb+Oi6ZNmMWpIJQtbNSE6N+iwgOLLSuuRu4eMXIepaTG+8tEQTc:0El1sOUSOMtpIJQtbSEiJuuFeMXPQ+t+
                                                                                                                                                                                                                                        MD5:95F0FD0EA28356F450ECCE05DC3F7421
                                                                                                                                                                                                                                        SHA1:E1C34AD1903BD623E3C8F60C216C5C38441DAAA1
                                                                                                                                                                                                                                        SHA-256:DDE9D8E051F352B9BEE4982233E73488EEB323FA307C9D3D512B5E69D84B25D9
                                                                                                                                                                                                                                        SHA-512:CE15DA623BF63D56D0DFBBAFB14716C00491DC468214C4929ADBFC22DA16FD4AD21AFC99CD87629C1B94AA1342DFAF57543F7F85EF1D3D719699C154C86A5A19
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........5...'...6.......B...X.......9...'...'...B.......9...'...........&...B...6...........B...E...R...K....require.Loading script: .info...luc.gsub.ipairs.mfw\core\.....dkjson.luc.handlers.luc.PostInit.luc.json.luc.PriorityQueue.luc.UiArbitratorHelper.luc.UiHandler.luc.UiThreadExitHandler.luc.utils\SettingsDB.luc.utils\StringUtils.luc.utils\Telemetry.luc.utils\PackageUtils.luc.utils\BrowserUtils.luc.utils\common_utils.luc...... ...6...9.......)...B.......X...6...9.......)...B.......X...+...X...+.......X.".....9...'...B.......X.......9...'...'...B.......9...'.......'.......&...B...6...6.......'.......'...&...B.......X.Z.....9.......B...X.U.....X.:.....9...'...'...B.......9...'...B...6.......9.......'.......'...&...+...B.......X.......9.......B...K...6.......9...........B...6...9...9.......9...........B...'.......'.......&...6.......9...B...'.......&...-...............B...X.......X.......X.......X.......9...'.......'.......&...B...-.......'.......&.......'.......&.......B...K....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):562
                                                                                                                                                                                                                                        Entropy (8bit):5.509680195019466
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6uNkydLkg5M10kgPv7BkkFAtuUrbzV7jNixBLev:6IoERB2tuU3zV9ixBLe
                                                                                                                                                                                                                                        MD5:8AE71A8F4F2A7BB9A0D4FD2247C0BCC1
                                                                                                                                                                                                                                        SHA1:78B3B2F6BDFAEC907D144166042C3611896BE9AA
                                                                                                                                                                                                                                        SHA-256:5E7F3D7E4ECB43F626DD44E897A96F049FAE57697174703B03F4412A4EBDE1F4
                                                                                                                                                                                                                                        SHA-512:8C5B9F56193101CF25DD8E9025B5B56670D305F7C2DAE400638076CD1224A941FEBCF9979D598F2B2C7BE04528CA6626EE6DD041CAA63568B40AAE7BB62DC229
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........9...9.......)...+...B.......X...6...'.......9...)...).<.B...'.......'...'.......&...B...L.... pos: .',.), error: '.sub#Failed to decode json string (.error.decode._json3.......9...9.......5...D.......indent..encode._json.........6...9.......X...6...4...=...6...5...6...9.......X...6...'...B...=...3...=...3...=...=...K....encode..decode.._json....encode.._json..decode..core.dkjson.require.dkjsonTest.json.core._G...//080A09C7C56059162449D4DCADC0835F2094250E17721072CB0C4E9473DBF2FA13BBEA427E11F31D2F79350B4172F095C05BC2C198A4D7C29E0F818C8A762213++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):699
                                                                                                                                                                                                                                        Entropy (8bit):5.306200106160255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6x5bYn4wF0WNYtAr78KQK78KTR78Ky78KSV+AQlm1ZMWOPAKQMEGzIX:6u4wF0WNEUyg1qWOjlsX
                                                                                                                                                                                                                                        MD5:FF9E892A736B19BB258D46E2E1981BD6
                                                                                                                                                                                                                                        SHA1:79FA36CA81453EB88AF25671B982D3EA6EDE740E
                                                                                                                                                                                                                                        SHA-256:BE325147F65FA54CC22B3DE4B6067AF491AB8CA0A75D74D86476D0D1973F7B97
                                                                                                                                                                                                                                        SHA-512:21240F704496A33D4C43A71DFC7CEBCEA3974679101527BB7A9276354189A274A0BCC162903D977B829850D84BBC30DDFB7CEA142F36249195529819D42284E8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........G.......X.......9...G...A.......6...9...)...B...6.......9.......9...9.......B...K....currentline.short_src.Log.utility.getinfo.debug.format........-...-...9.......G...A...K........Normal/.......-...-...9.......G...A...K........Warning-.......-...-...9.......G...A...K........Error0.......-...-...9.......G...A...K........Critical.........6...9.......X...6...4...=...5...3...6...5...3...=...3...=...3...=...3...=...=...2...K....critical..err..warn..info....err..info..warn..critical...log.....Normal...Automation...Warning...Error...Critical...core._G...//1562E1266400EF39503DEFF00CEBFBCB01C5DE9F24CFF3AFBEC3D8E1993DC894F1F60CB6224EB201E90BEAF867EBCD96BBC90A821F2ACBCD30083AFE2AACE9C1++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):980
                                                                                                                                                                                                                                        Entropy (8bit):5.703609054347431
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6YDsnrMjnBNMVCXMgrmPJ4rAobrLQJxX+fThOhcA9kXzNj:JuIjYVpgyhgbrLQTkEhcVzZ
                                                                                                                                                                                                                                        MD5:B575EEAAECDD102BB987DE42C92A4F69
                                                                                                                                                                                                                                        SHA1:695DD9058A3F759D2B5B575DE4AD9468086CF942
                                                                                                                                                                                                                                        SHA-256:CB1E9BE1BE71569BDCF3C9245C77C462D225E2E45A8D0C2FDDEBDB100E856CF2
                                                                                                                                                                                                                                        SHA-512:4DAD4AB6F2C3561A5E12FC5A09A5E96C11F2CDB20A73D2F9492C109891676A8CF7E2819F7FA3CA49BE98F6060DE6195F85348AC7B012002ED30A55F77723B2AA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........96...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...)...9...........X...U...9...8...9.......X...X.......X...6...9...9.......5...=...=...=...B...K....callback.id....callback..id..order..insert.table.order._registry%Callback type must be a function.function!Callback ID must be a string.string$Callback order must be a number.number.type.assert..........6...9...B...X...6...9.......9...'...9...9...B...6...9...B.......X...6...9.......9...'.......B...E...R...K... Failed to run callback (%s).err.callback.pcall.id.order4Executing post-init callback. order: %d, id: %s.info.log.core._registry.ipairs.........6...9.......X...6...4...=...6...5...4...=...3...=...3...=...=...K....execute..register.._registry....register.._registry..execute..PostInit.core._G...//C1A958192E0741BA27D06065587946255895035E4325442A6B4223789D17BDBDC14728C776A94B979AD1C3F69B5FDAA361AD900F9CFF30E429EDF1C5A312CB77++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\priorityqueue.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1267
                                                                                                                                                                                                                                        Entropy (8bit):4.9831151589385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6enUdjWd4nqwwyVJBdVJMxMi0kdVxIXkfF32CG79lgxLEIeYlRl4R2apeE:znUd6UqwwyVJVixMiNVjHyCdEI/mfeE
                                                                                                                                                                                                                                        MD5:A824C69901EFDB4B340481086B87C774
                                                                                                                                                                                                                                        SHA1:BA294A6B655BD0AA59FB09DD6977833EF029DA72
                                                                                                                                                                                                                                        SHA-256:A1CEBA72D9BDDB3BDAD69CE7468059AC796AAA776B0681B308BBC45A78DE5F52
                                                                                                                                                                                                                                        SHA-512:5780F3446D238E2E2FE0691BD8795D0EE346A50854804592F6DD471C5112DC859CE2B63ACA8ECAE431731053FB47C74EF6723D5B896AAE11C1E30D9A89AA1961
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........1-...9...B.......X...5...=...=.......-...........K...-...9.......X...5...-...=...=...=.......-...........K...-...9.......X...U...9...9.......X...X...9...X...5...9...=...=...=...=...-...........K.............priority..value..next..next....priority..value..next..value.priority....priority..value..Empty.k.......4...)...-.......X...U...5...9...=...9...=...<.......9...X...L......next.v.value.p....v..p..priority........."-...9...B.......X...K...-...-...+.......X...U...9.......X.......X...-...9...-...9.......X...9...=...-...........X.......+...9...X...K..........next.value.Empty._.......-...9...B.......X...+...L...-...-...9.......-...........9...L..........value.next.Empty.?.......-...9...B.......X...+...L...-...9...L........value.EmptyB.......-...9...B.......X...+...L...-...9...L........priority.Empty........-...L.....&.......-.......X...+...X...+...L...............4...+...)...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...2...L.....Empty..Size..TopPriority..Top

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):476
                                                                                                                                                                                                                                        Entropy (8bit):5.39780644423966
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6gQrQouWHpCJHMjvoQwqbADclzB8AUEC0KBCrYYI+YQ63jWUn:6NpCFgAD8KAULuglQ67
                                                                                                                                                                                                                                        MD5:90318A3089BEEF7AC6F01748F7B1547A
                                                                                                                                                                                                                                        SHA1:70F844D332428FCC9890DC8B2D1BCEC2F5CDC35A
                                                                                                                                                                                                                                        SHA-256:962447F626FDBC1AB7F5A1A93265ACADCD18F322EBFC885C1ABBB4CF3508078D
                                                                                                                                                                                                                                        SHA-512:D445FC9BED6061784A60A4AFDE07A88DAA2211032BE59C0E6D87A1B0FBAE75A85AC6306DB57661967CCAF14CFB87FCBDCD13C4BCFF1CDD5CB43EE697686832AC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package=.......6...9.......9...........B...K....execute.handlers.coren.......6...3...=...6...'...B...6...9...B...3...7...K....HandleTrigger..loadPackages.core.core.init..require._G...//DF522ACD6DB9C41A40762710A1B32180FBB86BB62FCC8E3C7CBBD1C35E32CB4166C5D3376DC4D09AEE5341CA97568D3CF3FD510B12F6BED40DCDEA7DBB2D1323++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3788
                                                                                                                                                                                                                                        Entropy (8bit):5.548926821354657
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cklXnzJw5g1AGiz8wE8xxveb8ZvRXfy9L7GI:ckRVwGKd8wE8xxveb8jXfy9nGI
                                                                                                                                                                                                                                        MD5:CD17DE25B4B97D90CA63BF999ED79A58
                                                                                                                                                                                                                                        SHA1:6A1EDC19F70D84A716300993C09D4337F9E18B37
                                                                                                                                                                                                                                        SHA-256:BBCAFFB4216577AB4671E4F09BF69D9C9A3BB15A1D8E43FD0AC99E63AEAACA47
                                                                                                                                                                                                                                        SHA-512:FD49AD5AD03019508268DF1549CC5883B8C8D88177E68D00BFB5B7CF940B4B968F281F8DF4CDD31348D23E1242B90D75680D0B8C1E6BBBA9CBB115878C58E272
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..T.......-...8.......X...-...6...9...9...B...<...-...8...L......new.PriorityQueue.core........-...<...K.....T.......-...8.......X...-...6...9...9...B...<...-...8...L......new.PriorityQueue.core........-...<...K.............-...........-...L......0.......0...4.......4.......4.......K............B.......4...6.......B...H...8...9...B...<...F...R...L....Data.pairs........"3...7...5...-...=...-...=...6...-...B...=...6...-...B...=...6...9.......9.......5...B...6.......9.......B.......X...+...X...+...2...L............StoreArbitratorState.uimanager....indent..encode.json.core.ShowingUiRequests.PendingUiRequests.UiRequests.uiId....UiRequests..uiId..PendingUiRequests..ShowingUiRequests..DumpTableData...............4...6.......B...H...6...9...9...B...<...6.......B...H...8...9...6...9...B...6...9...B...A...F...R...F...R...L....v.p.tonumber.Push.new.PriorityQueue.core.pairs.........3...7...6...9.......9.......B...9.......9.......6...9...B.......6...9...B.......K............ShowingUiRequests.Pen

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1220
                                                                                                                                                                                                                                        Entropy (8bit):5.923058811639404
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6I0lBHW+Tks5h4uxHN2+PBh5DKScPDDQ5c4acKf3L3V1Q0rRtRNs:Kzd7h4uqwRKScPDvRlrRi
                                                                                                                                                                                                                                        MD5:02FC8C83B5877F1D79BF443CB1268979
                                                                                                                                                                                                                                        SHA1:B60E5FC56579AEAB8A1EAD505BAC38CF8043811E
                                                                                                                                                                                                                                        SHA-256:EA24E8A2F2908B513EC8C7417B21191E4E56F759206D01162EAB69AA73C08B5B
                                                                                                                                                                                                                                        SHA-512:D9B806BD7CEFA9D20B654988346B19095AF7D15980E8E93E6D9C3B2A3206294E913B06C9D9BC42988A12941715239B47A7E70C545CD863B5A62C3537E4283984
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........)...6...9...9...B...9...B...=...9...9...B...9.......5...=...=...B...6...9...9...B...'.......&...9.......B...+.......X.......X.......X.'.9.......X.$.6...9.......9.......B...6...9.......9.......B...6.......9...........B...7...6.......X.I.6...9.......9...'...9...&...B...9...............B...X.;.9.......X...9.......X...9...6...9...9.......9...9...9. .6.!.9.".B...A...+...9.#.....B...6...9.......9...'.$.9...&...B...X...9.%.....X...6...9.......9...'.&.9...&...B...9.'.............B...X...6...9.......9...'.(.9...&...B...9.#.....B...........J...6uihandler: no special options, removing request: .AddPending"uihandler: adding to pending .skipPending,uihandler: Added a delay timestamp for .RemoveRequest.time.os.setting_name.setting_scope.SetOption.SettingsDB.utils.delay_data.delay.AddShowing"uihandler: adding to showing .info.log.ret.Show.uimanager.encode.json.overrideSelfPriority.TopShowing._.Browser.EventData.tostring.templateArgs.config....templateArgs..config..AddRequest.UiType.UiTypeI

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1141
                                                                                                                                                                                                                                        Entropy (8bit):5.946559678110792
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6Bld27yrNDybt88WP3CvwgefKS6VlceP1Q3D2c0ebE0+pwpaBHceuU:UsQgu8QgWaZ1427ej+GpaJruU
                                                                                                                                                                                                                                        MD5:A5AA12E45E84C70A62BBC6F7E88CB7D6
                                                                                                                                                                                                                                        SHA1:DFBAE2F6D5931C777C4CA7916D2D8B158E143A17
                                                                                                                                                                                                                                        SHA-256:72664AF81A0D87C8BB96C6A475455C281A3FCD5950423D2C5C230EFCAA2D128F
                                                                                                                                                                                                                                        SHA-512:03378C4A0AED436487E45ED3C1C1F0B971AFE23A698690E8FDB7A6CB8D8184F48BE1E2D5E194B1F4CDD437307C43213786D99DE759491B2C0BEE1671167BEBD8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........$.z6...9...9...B...9...9.......B.......X...6...9.......9...'...B...K...9...9.......X. .6...9.......9...'...6...9...9...B...&...B...6...6...9...9...'...6.......B...'...&...B...A.......X...6...9.......9...'.......B...9...9...9...B...6...9...9...9...B...'.......&...9...........B...9.......B...9.......B...).......X.+.9.......B...9.......B.......X.......X.!.9.......B...9.......B...6...9.......9...9...B...6...9.......9...9...B...6. .....9.!.........B...7.".6.".....X...9.#.............B...K....AddShowing.ret.Show.uimanager.templateArgs.encode.json.PopPending.TopPending.TopShowing.NumPending.RemoveRequest.RemoveShowing._.Browser.EventData.UiType.UiTypeInfo'Failed to run onExit callback (%s).).(.load.pcall.tostring6UiThreadExitHandler: requestData.config.onExit = .info.onExit.config,UiThreadExitHandler: requestData == nil.err.log.RequestData.ID.GetInstance.UiArbitratorHelper.core.....j.......3...6...9.......9...'...)...'.......B...K....Core_UiThreadExit.UiThreadExit.register.handlers

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserutils.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3251
                                                                                                                                                                                                                                        Entropy (8bit):5.542033267686917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:f/BP24m6A8F6JjKtwxzqE+zqlRwr6RwEJdrNLu1oOWa0au9:f/BP24mvzxSwxzKz0+KRd01VrPu9
                                                                                                                                                                                                                                        MD5:E7781289007477996BFB8BC4EB4F8E56
                                                                                                                                                                                                                                        SHA1:3DA4EDD51EFD3908C1FB7480BF6D2FEFA1F57306
                                                                                                                                                                                                                                        SHA-256:E084CDA87779798394F25D6B02B833E5B9984DAF5B36E3D13164270796DC90BB
                                                                                                                                                                                                                                        SHA-512:CDA2B028CE6899D4E8C33B772E1AAFFA65766F48D78586EADB3061FD891F97806D7156A67A0E57B086DB1D70F76FC5D52CDDD70B8870246F3B98189F75A991F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..a.......6...9...9...9...........B.......X...+...X...+...L....GetBrowserStr.BrowserUtils.utils.coreI.......6...9...9...9...8...L....BrowserTypeString.BrowserUtils.utils.core.........6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...L.......'.......&...6.......9...............D....GetOption.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...L.......'.......&...6.......9...........D..."GetUserOptionWithSystemBackup.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core........"6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...6...9...9...9...9...J.......'.......&...6.......9...........D...,GetUserOptionAndErrCodeWithSystemBackup.settings._.Unknown.settings_error_codes.common_utils.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........6...9...9...9.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\common_utils.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6002
                                                                                                                                                                                                                                        Entropy (8bit):5.579889180067907
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:zjx4bqxfcsUvEBsF5e8yQLv13RBgoNevPg/lsvebKlDPCe9:zjx4bqi80EcvpjNIPsCebKlee9
                                                                                                                                                                                                                                        MD5:B63F1F3F49D3A131473C66F324D900BD
                                                                                                                                                                                                                                        SHA1:60C14ED2F296B013E23C93E086150C0694F4E05F
                                                                                                                                                                                                                                        SHA-256:EBB1B4B7E4F01C7F5FB2A141D13AA7BD909FADCCC69DCE1846BD1794ADF4C528
                                                                                                                                                                                                                                        SHA-512:779B5005D523E62819960B0964375809659658C75B32A357B36B7B918AF92AC110274B86A00D0F3861D4DD389E52F3640B17A3F981668D544159F4AD95F2D2D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D....tostring.NULL_AFFID_ERROR..affid.QueryValue.READ_ERROR.IsValid+SOFTWARE\McAfee\MSC\AppInfo\Substitute.HKLM.Registry.Win32.core................X...6...9...9...9...9.......X...6...9...9...9...9.......X...6...9...9...9...9.......X...+...X...+...L....WrongType.DoesNotExist.Success.settings_error_codes.common_utils.utils.core.........6...9...9...'...'...)...6...9...6...9...9...9...6...9...9...9...B...A.......9...D....IsValid.KEY_WOW64_64KEY.KEY_READ.RegistrySamConstants.bor.bit5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core........06.......B.......X.......9...B.......X...+...L...6.......9...)...)...B...A...6.......9...)...)...B...A...6.......9...)...)...B...A.......X.......X.......X...+...L...6...9...5...=...=...=...D....day.month.year....min...sec...hour...day..month..year..time.os.sub.tonumber.len.string.type.,.......6...9...!...-...#...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\packageutils.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):867
                                                                                                                                                                                                                                        Entropy (8bit):5.425236194196901
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6DA+0TGrcQqcnEbbqTrc8u6BIuAfc6SAG7:eJcQqcEfIcd6BIuAfLSX
                                                                                                                                                                                                                                        MD5:8CD9701E1D7023DC2D48104ADC8D5659
                                                                                                                                                                                                                                        SHA1:A101E31FBDE99218695D7C1A6AD8310E1F51D41C
                                                                                                                                                                                                                                        SHA-256:1E66ED2EBEEB55F912A0609A1FDB5D8326FF1BC9A1EE84D495501BF5F4A53495
                                                                                                                                                                                                                                        SHA-512:BF2E3F785FA914F337F675CC0379A6DD8C3F52EA3B87196FDA77BDD1BF77B14A273C986FC95211DBDDF16B3B6256C7EFCDD5C34654DF2DED7A1C5064E33AB85F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...-...<...K.....%Package version must be a string"Package name must be a string.string.type.assertr.......6...6.......B.......X...+...X...+...'...B...-...8...L....."Package name must be a string.string.type.assert.........6...6.......B.......X...+...X...+...'...B...6.......9...B...'.......'...&...L....\.mfw\packages\.GetInstallPath.utility"Package name must be a string.string.type.assert........&6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...4...6...9...9...3...=...6...9...9...3...=...6...9...9...3...=...2...K.....GetPackagePath..GetPackageVersion..SetPackageVersion.PackageUtils.utils.core._G...//D240D8CC89200524D17815677D8B3C3D0F2F6A7A2D26B7915B64A0A6E4008F7DAEA2A171731ED8AF99801DF9912E07FD4E0C653AC890CE139D79D5B8D56D421C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\settingsdb.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):761
                                                                                                                                                                                                                                        Entropy (8bit):5.516727707189191
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:67gclf2Magc5B/oQjf8uSIcz5qqxDax0fh99ATjS8tX8PN71u+xMIf8wQjXeqqxU:6RpaZB4uSIc/O4Du+xCwUe96PzYRHN8
                                                                                                                                                                                                                                        MD5:AC180FC1CB74EB907F9E266C28EE35CD
                                                                                                                                                                                                                                        SHA1:2B7E0AE04C73ED189C251DD03CAB0D53460C509F
                                                                                                                                                                                                                                        SHA-256:B672AC2CCB8DE900C9C12B009E8F15799BCEC62B27F0E5DAC1D0A07533C4975D
                                                                                                                                                                                                                                        SHA-512:9920F291A54A247629AA06D5BB50CED80F1B8C8C78C4390C4409A3C07E4375B1B321EDD050CABD7E45820022D9391EBD7A665866DAFF501D535A535082AFD13A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..6.......6.......9...............D....GetOption.settings.........6.......9...............B.......X...6...9.......9...'...6...9...&...B...L....Name.elem.Failed to set option: .err.log.core.SetOption.settings.........6...9...B...X...6...9...9.......9...9...9...9...B...E...R...K....Value.Name.Context.SetOption.SettingsDB.utils.core.Settings.ipairs........)6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...6...9...9...3...=...6...9...9...3...=...3...6...9.......9...'...)...'.......B...K....Utils_SettingsUpdate.SETTINGS_UPDATE.register.handlers...SetOption..GetOption.SettingsDB.utils.core._G...//EE04DDF1C65525373743C0CC7BE8C007A7B98627EAC7AD4F1545775EA8BE8F5E9F6841120B81735A3885A5AA7CA26C4BD2B3311896FBACAE04A9FD0D1531B49A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringutils.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):381
                                                                                                                                                                                                                                        Entropy (8bit):5.207449256748383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6emuLqNlmHiRDPVj9fE+ATjS8JYcR7Qh5TjTaA8V7XIdj80:67lmHiRDh99ATjS8at+5zIhp
                                                                                                                                                                                                                                        MD5:1B5D802085EC4B8593DE5A4F12AB084A
                                                                                                                                                                                                                                        SHA1:C80BA0E0F9325A653D5DF5C7EE78FF4CE4BB4054
                                                                                                                                                                                                                                        SHA-256:929B4516D8B42E595D94656C467F6798041DFE5BE2D47C61220FAB89D75D8439
                                                                                                                                                                                                                                        SHA-512:D8CC95360E62A9C9A9692AF80EF55214EABD36C18244E9F18FC100129127898B744FFC0A1993E07B1242146777707CB22C2D7DB29BB86CFE33B704772A35A38F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..O.......6.......B...X.......9.......B.......X...L...E...R...+...L....find.ipairs.........6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...6...9...9...3...=...K.....MatchInPatternsArray.StringUtils.utils.core._G...//0F7D4E016E276C6994C93AD765A9505748AF71C16DA054D799106ECFE6FD60F8F506F0F8A16507A1FBD5BE845C38F07DA1518C118E2F8FAC2F91C17A8AC2FC45++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\telemetry.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):715
                                                                                                                                                                                                                                        Entropy (8bit):5.535593615657592
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6gklNIfqQHnLvwa76OWSgLbht2SYuuLh99ATjot0+F6pqQBulva9EDfdrxe:6gkPI3LvwSKSgLbhISKuw6+F6pq55CEy
                                                                                                                                                                                                                                        MD5:DE97AA50DC181E530CF18DFD86CEED4D
                                                                                                                                                                                                                                        SHA1:0F75C75A2406490E5D86CD54A9EFD4B2B93E5B46
                                                                                                                                                                                                                                        SHA-256:B5E3417F3387E15E25FE736AC13AA8D5DA8DF9E0A8F4434029CF6A0C51739A53
                                                                                                                                                                                                                                        SHA-512:0377CD9C0C80F87DD59A82B8E30D357E6F0B41CF2851AD5F1960C1C41DAC4AEAC65664A504C91CF0273972F8D1DA7494DF4D70D864C7C511F6E7A9C9108F886D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........*9.......X.......X...6...9.......9...'...B...K...6.......B...H.......X.......'...6.......B...&...F...R...6...9.......9...'...9...'.......&...B...6.......9.......B...K....SendTelemetryEvent.telemetry% with resulting instrument call !Telemetry event handled for .info.tostring.,.pairsDEvent data received does not contain a name for telemetry event.err.log.core..Name.........6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...3...6...9.......9...'...)...'.......B...K....Utils_Telemetry.TELEMETRY.register.handlers..Telemetry.utils.core._G...//D92EE3E9521D374CC29D5598CEEB27B1C22A4CE84E4632323ABCFBBDC26C2A48C3204BC7BB71E6A6534AA40482ED29DEBB4387029AADB49CF3DEB00EF8207D67++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30539
                                                                                                                                                                                                                                        Entropy (8bit):5.704909688534079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JX/CIGkba/ZqyBhyCTz5KamxnbxSHoUG0hJ6khWG0J:Jfah5yAKaqboIUG0hJ6cWGu
                                                                                                                                                                                                                                        MD5:696F9BEFA20879EC2BC3310AC59C7A8E
                                                                                                                                                                                                                                        SHA1:68800108E5228EFE7ADDDC84DFC0745D1DBAD143
                                                                                                                                                                                                                                        SHA-256:17C18C725B47780233BF399A51DCDBB6615A3CCFC1E7F14EFBE2CC8DCB24327F
                                                                                                                                                                                                                                        SHA-512:DCF27037D411C3097D8F908EF461A1EE972A733CA4696F34DB2DB0AA32C862CB4026BB08DDE6B57818F6A5C50506D4EC484D04E800BBBFD449FA412C4C55B922
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..9...........X...6...9...9.......B...K....CloseHandle.C.ffi2.......=...6...9...9...3...B...K.....gc.ffi.handleV...........X...6...9...9...9.......B...K....DestroyEnvironmentBlock.userenv.Win32.core/.......=...6...9...9...3...B...K.....gc.ffi.env1.......6...9...9.......B...K....RegCloseKey.C.ffi........<....X...'.......X...).......X...6...9...9...9...6...9...9...............B...7...6.......X...+...=...2. .6...9...'...B...=...6...9...9...6...............9...B...6...9...9...9.......X...+...=...2...9...:...=...6...9...9...3...B...K...K...K.....gc.ERROR_SUCCESS.Win32ErrorConstants.RegOpenKeyExA.C.void*[1].new.ffi.hKey.rootKey.GetRootHKEYFromString.KEY_READ.RegistrySamConstants.Win32.core.(.......9.......X...+...X...+...L....hKey........n....9...B.......X...6...9.......9...'...B...6...9...'...B...6...9...'...B...6...9...9...9...,...........,...B...6...9...9...9.......X...6...9.......9...6...9...'...6...9...9.......B...A...A...4...)...:.......)...M.5.6...9...'...:.......B...6...9...'...:.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\reset_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2829
                                                                                                                                                                                                                                        Entropy (8bit):5.569198441759767
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:ulTdkjpbD/LcwweIvvfE4bclwC2/Rzr9EWKK6vfj9yChFqLrAF6AA4bLHf6xgfxx:ubkFbDwRnvvffcG/RzriWKK6Xj9VhFqi
                                                                                                                                                                                                                                        MD5:F6992BEC3ADF7D10627984A6CC8112BD
                                                                                                                                                                                                                                        SHA1:636B0D2DC395225DDD03CAA7B1135F681028A997
                                                                                                                                                                                                                                        SHA-256:5BAB2A3845949D599F1899355F1332A31E61189FC7C80BC9C0EB964C8098DBF1
                                                                                                                                                                                                                                        SHA-512:4035C6322E0D82304FD596C3F7C17734D81841E8039C7306DA0CC7691B8B68B48700632DF05F356CB660962A858D15D922286E5D0E4135E40015D75D37A012DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........Z6...9.......9...'...B...+...9.......X...6...9.......9...'...B...K...6...9...9...9...9...8...6...-...B...X.6.6...9.......9...'...6...9...B...'...6...9...B...'...6...9...B...'...6...9...B...&...B...9.......X...9...'.......&...6...9.......9...'...6.......B...&...B...6.......9...9.......9...B...X...6.......9...9...9...9...B...E...R...6...9.......9...'...B...K......handle_reset_event: end.SetOption.settings/handle_reset_event: local setting name is ._.reset_value., reset_value = .add_browser_suffix., browser specific - .scope., scope .name.tostring+handle_reset_event: resetting setting .ipairs.BrowserTypeStringLow.BrowserUtils.utilsBhandle_reset_event: no browser field in event_data. returning.Browser.handle_reset_event: start.info.log.core........;4...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...3...6...9.......9...'...)...'.......B...2..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow-right.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 54 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):509
                                                                                                                                                                                                                                        Entropy (8bit):7.265106458574301
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/76lJ/6Ts/4qfsK+Sz2D2cP03cbekp8LuwkWBjMAraM7P:9lJ/68fsPSyFP03gpLWqu7P
                                                                                                                                                                                                                                        MD5:B9239E137DA0942222FD6E7FBB95F084
                                                                                                                                                                                                                                        SHA1:4D8B1C9DA9E1A8772F5C6929A4337D5D9A659EF7
                                                                                                                                                                                                                                        SHA-256:FB3B5BE9639CDB51AEDA6F379B0E3D78E64035C53EBBD9D99D28E6913A6BB761
                                                                                                                                                                                                                                        SHA-512:02EEB55B6C2A00D6E638B57CF448A5110C40A0962D68121BB869C8CD82812AA50FCC882A0E3FCFBF9DA5047F15A2686176CCFA1F61044DD8BF7F0CC957A630BA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...6.........c..+....pHYs.................sRGB.........gAMA......a.....IDATx....M.0......kzH..+d.6..$.0BF..e..!7. ......B...I..g....{.].b.D.K.....".e..."}k~..Sk.y.R...1.x.R....rcp9'.!.......n.&.<.zc.9..(..W..7..9.ZbX.d..e*.....n2v5i.x.!.8.0d....l.D..7N..q.D...N..q.D..T.X.....Ccq.ah......S..MS<..b...C.KI;h......a...k.%..`fx......{e&.r7.)...P$.T.Q(....(........h..P.G..Q(...(....i(....(....0....p....i....5`....p.c...5`......i^.e....dC!.0M.c.....^...4?..R...Kb_}nL...i.....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 46 x 54, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):525
                                                                                                                                                                                                                                        Entropy (8bit):7.401937246200202
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7W7/6Ts/B2l3fqAXsMj1VswTbTfH9O95UzdOo9Fy2S97:F/6B3io1p79O/kdjHy2St
                                                                                                                                                                                                                                        MD5:CFD3007010FA11DFE25FA8D48E65E72A
                                                                                                                                                                                                                                        SHA1:9973303D168AECC57EF380EB705DB4B7C6055766
                                                                                                                                                                                                                                        SHA-256:8FFC2BAD58D0322050F9AF74D140A23A589AA6E0710D6E48285FCC123A80ACE4
                                                                                                                                                                                                                                        SHA-512:DA7514A4B7CCED85378E25B49742AB674937B7CE3AB714923D848CC1F3CE38CF6C11A0DEA8B97C2860B0BCFC770ED3CC39E74AA358A63BFE81E9DC47754DA60B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......6......<......pHYs.................sRGB.........gAMA......a.....IDATx...MJ.@..........EA\y....y........'..R.B=B.."dmM.L...$........4...$......I..........\ '.r;..~.o...zy(Ujq.vu.,.C.W.!t<......Q..h.....@C(.(x......#.P.>.......pD4..W>'.<...........#g..s..........r.c...p.7"&....k.._.os...SL.b......../8.......w..B.%.K4./......9.......&5'....x).}.........P...3Oo.^.........P-^..r...h.W.,.q...2.\..>.........}2M.G.t.3I.{... .....Cb.b8u.....1.:.S.p..N..c8u.....1.:.S...Di.(.."....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\card_bg_image.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 150 x 198, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13807
                                                                                                                                                                                                                                        Entropy (8bit):7.980033051105471
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:r82XmabuE9fiCT7j5ggQkSDKoEBF4mRzzJt:40XiClggenEBp
                                                                                                                                                                                                                                        MD5:A7522FA80144583C5F0E070F50E06C47
                                                                                                                                                                                                                                        SHA1:FF32E2DB5468B183DE1FC7A68D3F82BCAC033262
                                                                                                                                                                                                                                        SHA-256:AE9F79BE354331730247196BAF87001D48330E8452593952820AFEE0DCE5724D
                                                                                                                                                                                                                                        SHA-512:FB8E730EB796F051AB4E84A1277C2C6B53CC8DFCA96CAD8B3CCE4DB48675B3D7AE008F1A1B100D776E1BB9F040CE0DCEC020462F13C9CC42126F463F87CC0802
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............0.y.....pHYs.................sRGB.........gAMA......a...5.IDATx..}m.#7.% _..c........{....X."upp........Uf. ...J...._......p.y...?.v.........UA.....k.i..W.+...f.?..8h.F.C..:..z.=...\.)..P.+yW.....km8.O.N.;s..9Hs....x....ni.2b..1.....$:.V.c%.~...4Q.w....VuT<N..... .....^.....j."Q../#n'....K..d...h.c...tQ'....L.U6@^.K..g.. .....>1;.@..m./...<.0.......d..o.t#........!d0.^9..|..D..K..6..Z....<....N-...M....%....B04Rr.. H......u...f.........|\.q...r.'Vt.g...,...[.V.....t%..]..H...J .G:.....x.....).....,.K..)....jC..........d(.m7p*9L.Lr=.Dc.~..f}8.J.c8.`..`i.Q.'..S.......ZT^1..L{n.Qy.._.6..)hv./41!.i.7'}..F.L:. .... K._Ag.L%{..:/[n.P.I..g].D.80J,o....)g..~.z.P......y.\..K..7^+..d..]42..k...+=.>.......k[..(....E....Zk.;..q.xu..?.H.t.*.N|.....].u..B/.TJ.+.x'.I..$@.)8.7..R..:9.)y....x...e...;^eP....K...H.G...#.)..t.=..>0..........I...n..,K|)8.....o.?.n'.....h......u.s_..`:A.....R.7G.v..$'..9w5v ,..x...xL1>.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\celebration_white_bg_color.gif

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 227 x 161
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):129961
                                                                                                                                                                                                                                        Entropy (8bit):7.769772439114844
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Bcbqed21Gq2m9prSuHM+unzoCySEjsOOKnh8acQE:+urGq2YIuspnzoljsOhh8acQE
                                                                                                                                                                                                                                        MD5:3EBE8FB664F1628C041FFDBB93589731
                                                                                                                                                                                                                                        SHA1:A59297E734DB199CCEE82164069D1B86E598E987
                                                                                                                                                                                                                                        SHA-256:79010FC6FAD8A3BEDC14ABE936AE3EC5D97CFA47D2B1E6698DBE595D68653D3C
                                                                                                                                                                                                                                        SHA-512:6F53DCC48FA1CB703062BC4503979080E9CFB61B3E0BB175D5C4E7A53F569F171E85C31190B2A58442864A8ED13AC2B3A9ABD87651DDE0484D943100D6E247DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GIF89a.............!..!..................................s.......).....:.Z....J.R.!.....1....B....B....k.1........).........c............s....1....{..J..k......{.:.....Z....c....Z.:.....B..{..c..........).....J.R..J........R....s...c.k.Z.B.....).........R.).Z....k....B.{..k.R.J...........s..k.B.......k.............................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+vI....$.0(.#@..IL8...b.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):312
                                                                                                                                                                                                                                        Entropy (8bit):6.773823438465042
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhP8AMx7/6TsR/Jr5OhJTtEEc+GbxMWMEHFGejHr5fDp:6v/7kAMx7/6Ts/Jr5GJxJFmxMQHFG8Ln
                                                                                                                                                                                                                                        MD5:539828AA00E3933554AD071A88D2620B
                                                                                                                                                                                                                                        SHA1:EAB3ED1CE4E11D3428840E48870BC138DAD58499
                                                                                                                                                                                                                                        SHA-256:CEB6F6C99816B65716862B6353DF4D4425D9E023A6BBEF7180E63954BAFED91B
                                                                                                                                                                                                                                        SHA-512:0982F97ADA2F432BFAA87AD0598F4CB5AE482A4E57D5CD81F4848B62A7C9783F988DCE1E8DCCDB2C7D0F16DEF28387BB702E91C33E65E6EECE365548201536D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............w&....pHYs.................sRGB.........gAMA......a.....IDATx.}....0....-.#...A..$.H&@....F.]..D6`.2B.T...d.X....>.g..)..\]h...ho.,.j....N.'p5.Jj.....0..Y.........<..1,.v.....Jj.wr...d0.....cz(..b......d...w.......eW...C'ah....0....`..3..b.)..R.#....3q........IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 44 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1620
                                                                                                                                                                                                                                        Entropy (8bit):7.801361627421433
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:y/6nDZIGswiTaw1GdSET4w+r3RMMzXVetutVp6ipbIlSmdTKS:ySn+UP4wGMMzXVEut/6gElS+
                                                                                                                                                                                                                                        MD5:6432DED3B3287224306B81E0204B1515
                                                                                                                                                                                                                                        SHA1:4CED825AC86462D8004F80FEB0D771A8BAB89D0F
                                                                                                                                                                                                                                        SHA-256:41998FBE91B8B250B389D89D1AA80D5817E4F2D51CE929A7D89F37AE0093D8B5
                                                                                                                                                                                                                                        SHA-512:25AD6EA2105CDFE64D7153DCBC27F6EB64AD2565ABF378F6B8E0B7B8BDCADC8F370962B843714137720FC290CF41277ED612EB4660A209C67B1C7B44A4CAE486
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...,...0.....j.......pHYs.................sRGB.........gAMA......a.....IDATx..Ml.E....&.*M..qZ...R%..a.....VH......ZG...PW.=.!..*R..'.........:.R...I.TD,5j..`;..M.;...7..^..H.K....L~y~...1.}..c..}.f..6*.r..;..05sei-bw.....@..Q.\..<.X..........C...A!....m.!.<....=.y.h_<...D.\.A. .q.....oW5mcn.o$..{..]...^..q..p..4...O..5..D.(g.Cv-^.O....fLZ.6[...A.5.EN..............6(.<.~.d.a.Yt...nX5.-V].R....?......l...."...x..].......~..Qh^I....,....S...u.....b.4...Z.j\8......_........_.W..<^...e{..8.(I..r.PPa0...)<."h4....g.$..j(J.....-J.;x.+......6...V..V=sa.)..R:#.........[...^.>K.&..J.V.....=.ww...5[.L...&.".b.../..e..........iq...K.Y...K,d.'.,b..c....a.A.9Z.j.c.^X......]1.\{......y..C.O....8..px......(\L-f.=..0..x)....?......?.-..k.e\c3.7'.N"..'..]....9..K...5...95..k."<.....&.a.Z..w.>........Z....&_SL....B7..FD...0.)J.a.O7....*.Bd...oU+.|Z.di......^.@.s.TF....u9.+E.|f^.K....u..K..v..^....N.n`%Z..>ZYw=6v.g......Q..._l.gFS.Yl.O.1.~b.^...s..~d.I.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 176 x 190, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18923
                                                                                                                                                                                                                                        Entropy (8bit):7.9861701934335665
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:rRQZ43uKP67gxwrBM1vfj16druGvBBuf9aDGCdOGuQ0Xzu:lQ/KnnAJdy1aNdpuQ7
                                                                                                                                                                                                                                        MD5:414AABA2691D865AF446A88F56DB10BF
                                                                                                                                                                                                                                        SHA1:C7DE664C4AE999D4F31678C106C336A8AA12FEBE
                                                                                                                                                                                                                                        SHA-256:A7B0B6B5834C71BF51DEA60B92CDB84692D7082D219F2FD460DA8B06D761B088
                                                                                                                                                                                                                                        SHA-512:394AAFB7F371DF5A2456E4D1F478515099EA077E2EC3B3F749D1CF7E2EA1FF27BBF28DF369345D785A74D920A6829F2E11C27B380C94E175EA1221DF90638800
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a...I.IDATx..}..^Gqf.....i.dI^dI.....&..c..-,38.@&..`.!...pfB..L.,..@..$.93$.r.@0.Y..`..[.-.................."..x.....]]]..uuu..}.=..Ax..1...S.v.m.h>e<....9B]....y..h1+B...]OO#.Z<s..t..*....2.Z+..pBhF..`.J...1u....R..d.OQ+^..\...S.3..I..b....a....V2..%..G.L$..e0..d.'*(e*xA... ..k...:E.B.........h.).%].!..&.&...y...<.......R.....]....k..P...|.X.[KUZ+..@`....h..qJ.....(?...@...NF.u*..<......D.Q..OXn.2.^6.N...tQ.]<......}.7. ....~..!"....%-.....e9....sA/*'.5..D....]...r....i.TfQ.".).d....E.&@.x..l..'7..]......$....+..... .P..<....r..2.1..0.h......?... ....E.@..[.n..<..y#..,..Eg.$.2.F~.K-..^n.3..S..x./}YHD......8..FI.gB..l.5.,..lN..C...S...'F.P.....a..-.a.p..E'.I\y..5M.;..'.........+z$'..x.N$u.m.`.`...+aHY...yT...$...j...G....P...N.....&n.nA...*....5....Z.^(`..7P.|.@.:... .......P.).C...^...Nc...J.b.b.....z.<;Le.....).V=.0.2.0Z)...;...:?r.Z..&.Z.4&..:O....W..kh...u.k...+....,.k

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_wa.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 176 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21212
                                                                                                                                                                                                                                        Entropy (8bit):7.98325864342395
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:O2GbDyxp4nQlUyEOZgtE0QsuSBmaibS7oiFaRXrDaLr:9SDyL4nOT9imai+7qXin
                                                                                                                                                                                                                                        MD5:F1FBD29E2D0C3FAA510DA6A8397532DC
                                                                                                                                                                                                                                        SHA1:FF5237B7D22A08182534B9083ABEDC36C0D3E349
                                                                                                                                                                                                                                        SHA-256:7371BE7448704F7CFD6A8776482774791ECA122397006DC5841CE1D69436F065
                                                                                                                                                                                                                                        SHA-512:EE496EC6F940CCF236FE8F86B7BAC8A62698049F2F310103A6BC4DCFEC4D2B3244762B844231A0326DC42197E3C851A82BF1E9E5D87A26B8EE7C5F686E4A2AD4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............J.....pHYs.................sRGB.........gAMA......a...RqIDATx....&.q.........f03.\.....^0.r%..D....k.&W.k.%..*V.7.P...I.+.....r7(KdH..eY.LZ.@..M..A.$.......s..w.?...U......;f...3.............:...!c. ^....R..g\.ri.....X..%..h%.B.....N%.F<.....X.~..\.^j.s...... ....q.:..IY).:YM....xM...L.......O.a]j.y..^.D..H..$........D.L..^..4>....8O......#B.y.8Z|JF.W....I.I.oD...2O...!3..)G.a.....J.|.(YCB>.,..*...f 0.|Xj4t..{.....!iQ~ i{.(...':......<.:H3B...$KezBs#.i.gc. .A.=...A.rF....cP.~C.|..!"...%}>..2m.2.y.,....B...."0.<....]...r`R}..%Oe..W.5e.....(....O...(..M(AW8..T.<.@z.......A..B9.....w/.IMx&4....!..r*.0&..t...8oe.j8...".>{...8<m.R..(.].Ss...O..5.+yx.rC>..q.....|HD......8.XGI.g..r.F...<X..<.....BL..B...C.&....#O.C...NQ.h$<.{^deM...A.I.e.c..r....|$..Ny.F$....r..)....C.E.P.F..hL.|..F.+y.PzW.....I.<#.....[.!...DCGe.,,T........TU.7#....5..0.<`(..E.r<...*...j.4F..u......Z8.e...T....."h5C..!........j...#.Uy.dY..D....7I.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 176 x 133, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13412
                                                                                                                                                                                                                                        Entropy (8bit):7.975594232205093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:w0HE4jJ0oyx9ehCCmVEKtChcK6pRhXUPFLe1iU:5P0o00Ej8cdnCluP
                                                                                                                                                                                                                                        MD5:12187FBB7EC8ADA4E6334B2297D78A6B
                                                                                                                                                                                                                                        SHA1:9155356FDC70C7BB4C60950ADC4EF55BEE023B6F
                                                                                                                                                                                                                                        SHA-256:05D775AC7CC5F970FA2A0DFF5A1F732B8DC43241F789242C17E39F4CF9AB39FC
                                                                                                                                                                                                                                        SHA-512:55920F35FDA8F19C2372439774DED2B8E7EC61360DB81C8DB78B2A2F75F9FD10556203067E129F4D52F3BD1C9DD2B28788A12853DA15EEC9C2C18086FD68CC0B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............r@....pHYs.................sRGB.........gAMA......a...3.IDATx..}....u........;......H..D..-n.DK".."Y...P.*.TRN....8..*;.Sv.E.n)v,Q.(J"...Iq_.. @.............g...x.p...L/.ow..}.v.<..s..DH-......>..E...}....Q$....+K.....n.%..+<.N>~\...7.}.S..oV[.rx.@<..>.....R.Gy../H.Y..4.g..PTD.Ne.:.t=J:.W)...G*_nN..(1...$\Iym0.2..By..G.4.._H..."$4N.........D.t..Dg..U\..'.....f.D..rEN.".8.A@....]......$,..xheH.)..S.N@j..........x.b...kT....#.`............^...J.......c.u:.(/..^.Z.+G./.........QR.:..*...H.6....ld\.%1../.{]P.........D&..S.P$...u...T.2@.$r....<.j...t.R...t...I."%.9..e..!H=......'.-....y`.5[...L.B..... QI....6....uX*..`..}\.Ga...5..4,...2..?.<.K.B,.0...._..............N[.+R.-..!mc.mA.N$r......Ny.MD.O.K.1.O....G.t}.L\P.g...F.f{..S.E...d0..)......R*.-.I2'..HN#...@0.f:.A..lm.R......?y...u.w..e.d6.)..'..w. ..EH..>c .($..V.$...g.R.1..Vf...a%.!O.&.l.x.q...............>......J..\....9+.||.%...d..1#...).,<p..../..X$cVX......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\green_check.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3166
                                                                                                                                                                                                                                        Entropy (8bit):7.890916051269147
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                                                                                        MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                                                                                        SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                                                                                        SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                                                                                        SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\icn_mshield.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 28 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16099
                                                                                                                                                                                                                                        Entropy (8bit):2.1119107535632073
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:R/6qMh8k29WJsEv+jJ/Zf9lnkouuJvBLD1LpKLxN+Y9rNGcfNGvsc5jq7LcQEdBp:RSB8kEWmjtZCxNXrNGQNGvsc5sx0
                                                                                                                                                                                                                                        MD5:FE56C156669CA636CE71E5D23D9C685E
                                                                                                                                                                                                                                        SHA1:6EF641E2CEDB274F9CE2AA2037697372C49CCA25
                                                                                                                                                                                                                                        SHA-256:CD48CA4C27625C9286738652535097FCD7406C709371D85AD8297F8FEA19FF32
                                                                                                                                                                                                                                        SHA-512:B82ADD72111983CAB0DB650F3D12D11E3E2CCC9681DB18484F2219EC4A8AD7F4E5BFEDEFBEE4362CD7CA03A17A025EA1E54E566AD2C458C1221F6EADAD099D62
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............Q.1....pHYs...............<AiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2017 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-05-31T16:18:28-07:00</xmp:CreateDate>. <

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\installer_background.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 541 x 82, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6612
                                                                                                                                                                                                                                        Entropy (8bit):7.943206975174219
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:jSDZ/I09Da01l+gmkyTt6Hk8nTMVKh4rpfjDXliiulxWYwu4vw3eP29VIaUz:jSDS0tKg9E05TMq4Nf4QYw43v9V2
                                                                                                                                                                                                                                        MD5:13029396423BD78CCCBB0223EA143844
                                                                                                                                                                                                                                        SHA1:D23C69FE2AFA8469C06CD31FC8FF077B415EABC8
                                                                                                                                                                                                                                        SHA-256:9979AC854DABCBFFED54312E8EC33B5C0402E220E100E47F0A22852EC695F248
                                                                                                                                                                                                                                        SHA-512:32D34F2FF23DDF24D387D8A3B8A4B1D9258F525B785807466D9FD88A4097C288F0FC89E6B1C5A010F51E5C92F6941189404E194D9A3A85978F77418AA53AB85D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......R........ ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):93205
                                                                                                                                                                                                                                        Entropy (8bit):5.287999364048036
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTdy:fY8MaW2c+UELKUqnAdiD
                                                                                                                                                                                                                                        MD5:F8C37498AEEDD04CDF1047BED93FC757
                                                                                                                                                                                                                                        SHA1:4971BD1931341EF1CA2BF38F6486B0DBCD7B62AF
                                                                                                                                                                                                                                        SHA-256:74580FFAE479E338D5B38690767D37502BFC479ABD1254066D6EC37C502E3877
                                                                                                                                                                                                                                        SHA-512:33799953E4A63C7C73B37633C14496CCE156B7987D3D6D60AEC4C7DDA51AC50091A0800013E70D4016C4DDA32FB0BD52C57116ACC3388E3C5E3159EB823C58BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\keep_changes_guide.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 176 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14533
                                                                                                                                                                                                                                        Entropy (8bit):7.978234763785096
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:vbRTZyLGqlTGW2+6E7JfwA1fKUCYhVwKqpU:jRTZyKK6E7T1SUCYhVwA
                                                                                                                                                                                                                                        MD5:AD6E786595C48812BE2D9BC7FE5D1485
                                                                                                                                                                                                                                        SHA1:E98E3B2DFA4354754EC58188D88F6687DC239E22
                                                                                                                                                                                                                                        SHA-256:4715BA3F13FB3554D64542BA93605E87DDB8601301F2C15B9CD65B708FFFEE57
                                                                                                                                                                                                                                        SHA-512:2C0735D80841CEA8CE8F4816E9548B5A9474530781B1510A1FB72951EB36679B43F4ED86025CB9C5B8E2E81432B356D3466ED5FFE5A783773A77B142253BB0B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............~B.u....pHYs.................sRGB.........gAMA......a...8ZIDATx..}y.^Gu...M.V..kiY.dk.!v,..bl.c...c.....@&..0......rfB.29.....5... $..c[F.dc.,.R.%..t.....^U.......^..}.~..u..{..u.V...S..r...c../Mu..n..Z.8..@.......b5..Q=/.O.\t....r.TS.|.1......... ....`.J.s....~....$+...U.V./O..kf..t.g.*...x....J2.i.y.G..#...d.Z.5.(......K...o..4n.W....#G.>.<....'_.!.].P.P..*.._..=.ya...o..`0q...zd..T..f...7TXci.d6....1....9......._.p..9.i0......*....:..%.D.Q)-...e.u3.y,..:...<.VW_g..].....o.U_.n\C..8.kI...l..ux.Y01....WJ.q.Q.I&....C...J )..T....<.....v..b.u0..qv[.s0An.;..tC...S:.:XzB_G]....O.tc..1C!.....Ly.I.a.~xts.A.%.{....4...ln.g.)..........=y..@...:..QQ.]i...0....p........5K.xxTE.:.}...q|...pq.SSSX...5.Wa...hin...)N.p..G]H..O..j.F+.<@..x......F.}.[.F...2-...%...=hmiv...$f..a.4bI+...C;.L.6.iM.....G.......DH.}QO....|.Y..|.i.Y.....x.......e..:.eZ:t..p&,U..KL...AM.iw..7...T....t..\oy..2%.!..!.p(V... ..X. V......).,.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 200 x 200
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61451
                                                                                                                                                                                                                                        Entropy (8bit):7.343059446968563
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:9fvs6a/gxRWNtTA4EOvbc51qb0zFy/Sc6mS8oyYVX3YeP8XFWZLNCih:9fkj8RWNtTA4EOzc3lBl58AdNCih
                                                                                                                                                                                                                                        MD5:CBE8A62A079FCC257A6334A506A865A1
                                                                                                                                                                                                                                        SHA1:B0135BD4B9A31BC7105111213C286FB3C06DEA7D
                                                                                                                                                                                                                                        SHA-256:3A0F2212D503E07BE1246CFEBBBDEB40B642A44B4A3DEB959DFF78063A9822E0
                                                                                                                                                                                                                                        SHA-512:C7AD87184B524C5908E9832675188DEC751484C849020031F91E5030AFA94AECEEB2DF3777657533947339A48A96A24C21D22D29C4A51C75BBF6000634993A05
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GIF89a...........2/.50.4/.4/.4/.4/.4/.4/.4/.61.>9.E@.HC.HC.HC.HC.ID.ID.ID.LH.UP.[W.]X.]Y.]Y.]Y.]Y.]Y.b^.jf.nk.pl.pm.pm.pm.qn.qn.ro.ur.yv.~{..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,............[..H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h..x...W..[Un[.u..j...}.J.,.*..N.#f.x....B..RF...;..x...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\logomark_white.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):343
                                                                                                                                                                                                                                        Entropy (8bit):6.9403490183632535
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPUp/6TsR/N7FDkQp+Fj4zBeQzdHLqOkNTcvKMK5iloCQl53fHKxgjTfv6Rp:6v/7Q/6Ts/N7tWAHdETeKMKsoCc53v/+
                                                                                                                                                                                                                                        MD5:37F342F2D1658BF871B235B20CC254B5
                                                                                                                                                                                                                                        SHA1:137F20C7685717B19BB089041AA03FA001601D09
                                                                                                                                                                                                                                        SHA-256:432AF358A422B668D90A9B05D2329922BA20DE2E24F419232967601E7B8E77E7
                                                                                                                                                                                                                                        SHA-512:B20465A790529F063309426AB878CD67823EA40FC5B464C5ABE2DCD7A26721FB57D26BCFADDED47CE584E0F575CC0FF922C29DA2DF6B8A18AECD567B678B5DDB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a.....IDATx.....0..[....n...&8.n .8....t...6...;...[z..../5..g(9.B..5....5..7..K...fk.....D.......~.b..'Od.B_..%....P.T.(Y`......i!.....\...l.F$....l...=.ab}.;.f......N..Y.K...ffy.(.g.....,.<.M..2..Gdio?..A.W.~w.....5...:S...S....3.Z.......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\main_close.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 7 x 7, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):535
                                                                                                                                                                                                                                        Entropy (8bit):6.070255751604191
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7nsXUyptiPCC0turztDt5q8j1Age/6TZ+RyxtWcHzSoLiKEMBLKBd:YynOf0tiztDt4yxe/6oE8cHzhmKEMBWn
                                                                                                                                                                                                                                        MD5:78118351597A04AE4CC8D899475BBA49
                                                                                                                                                                                                                                        SHA1:3EED037A8879EC6F84C2545CBC3D710494C2FF88
                                                                                                                                                                                                                                        SHA-256:D9059CE8A29D6CE4FB46BBC2292EFCA3478FB5D2DF106B33D4A37B50E41FEC39
                                                                                                                                                                                                                                        SHA-512:DB64A010162385441800F0CF0212C68791447EB5361793389BC632B7B14E15EEA3CE7DDA89987EBF7414334022FC64FBB1002816532EA106F0CD873D109A1081
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...................gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE[y.^y.^y.]y.`w.]y.g|.[x.ez.^y.To.\y.]x.]y.]y.Zx.\y.]y.^z.]y.]y.Hu.\y.]y.]x.]y.]y.]y.\x.]y.]y.]y.\y.]y.]y.]y.]y.]y.^z.]y.]y.]y.^z.]y...........,tRNS.............a}.C...l.3.>...=B. i.S.U-.`e<..*.>....bKGD,..q.....pHYs.................tIME......9.3.....@IDAT..c...g`..d.......``.....af`a...gcg`V.VTR.`PPQ.TSWe.........aa. .......%tEXtdate:create.2022-02-16T17:16:42+00:00.v\^...%tEXtdate:modify.2022-02-16T17:16:42+00:00.+......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 87 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1559
                                                                                                                                                                                                                                        Entropy (8bit):7.837839289025892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:s/6yUlzHLuHwW1nx0MX/pET0ltUxHPJH3jT2M0wlH2s3R3LqyT7UFStz:s/6yOLP6vX/w0YlPRT2M0wlHfLjYstz
                                                                                                                                                                                                                                        MD5:FA83BC8E14C9D2734DDBE84015E5BF3A
                                                                                                                                                                                                                                        SHA1:2A863213DC1905FE82EFE6B1A5C4A039A34569B7
                                                                                                                                                                                                                                        SHA-256:89F1D402046412A2921E41B0C4660DFCC9EE8C126EE8852CEE8B450038836B2F
                                                                                                                                                                                                                                        SHA-512:3EEF9CC44509E74A4147BE230A372FC5E29E7A8AC85BB08B03FC584D9AEDECDBCB609208BA8951802FC770F70CA570159AC693C8BDF3F1EA2EC9F1F160A694C2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...W..........]B.....pHYs.................sRGB.........gAMA......a.....IDATx..X.j.G.>g....Mb.J6.&..(O....^Y~..O.]...].-...V. .U..$?A..........hd...v...=.^....\...F.g..|..9g.?.]....;..}..eD'.V,.'&..(.......MO/..J........8.7.o.6..h..4Y...T'.....MO...1.,....I.....f..yqr.?.s..../e.lIeo.B...7.&....P.bSel".Y..y..a..:+@*>g....B.j.E.X....l..;t.h.A.vw..FhbHq.*Z.KH2WA.:H^...@...>.p...:{,...d.M..^.$......-M..Gp.S..).\.r.........#.Q...Z...1..g...(!...'.7_m.C.T:=....8.....R........%%..@...q...1....0.}.?....H......)..5Q..x........i.8.$...i84J...&.lr..).....U@..H..eaq,..k..P....h...b.Ur......-gN....7..OPd.=rt.)\E7.kC8#.IN..}.7ol.i..%...\.=......hMy...t..i.#.........$..r...n..2 %.zG.@.B[=...;.....K....<b.#C.B.B........K...^.B....!...V.mw.M...d...R+.\.......t.. ..i..13.b(}.!#..6.B..qH.cn....Z.....E#[%..........P.06....B...3......;ba!...-.w=!.\......w.....&.....T,.:...i...Q.k.~..w^..S.....'.P.<.G....G<14.`.p.D7..u...#.:e 7..L..9V....r*.\R..g...Ml0d.d.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 112 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1940
                                                                                                                                                                                                                                        Entropy (8bit):7.870572433344458
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:XC/6ajsovRkZHy/em1P2FGb2bQ3t/3NJ4BNofx6yRQG4R:SSagovk+emwqQYbJIo0yRYR
                                                                                                                                                                                                                                        MD5:2E6E7984268E9D344B13491198D160B0
                                                                                                                                                                                                                                        SHA1:E88EED75E8E8CA8A2458761B561927B6DABB8C00
                                                                                                                                                                                                                                        SHA-256:3EF3E4739C30F116531F7B40BD0E14D3A487C3F28C27B52C47EB04D8AB0B9C5F
                                                                                                                                                                                                                                        SHA-512:E60EE5CE3183AEE8C157CFD0922F9310103F0B291254897FE504AC0F10C440F3F7D3A32AED6383E8AD63D4414BD8E27A0C773929B63012D9CEB792445FE5EDC8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...p..........M......pHYs.................sRGB.........gAMA......a....)IDATx..Y.n.G.>3.`T.\..6\d....d...O.y..U.6.5Hq..........^...^d..8i......~gw.....M....I.fg...3.9gFx.R[.5.:......t.J.<...2..V....mT:..N.v....]...,."../Ju..Q...v..k.....kB..$.<..s[.z...?.H.\L..E.bb..6.a2.._-.4{}W..M......._....e..W.q.!...!`H[x8....W.L.7dqD>....R..O.S).!...S.,pR.Pq.....wI.".d.M...bm.X\..y...f..:.`7{.e..*RH*.,.X.R...1.P.*...XD...2...]..{..S.S..V.5/.H*6.2eb..Xg.v....3...b..G.\5.|v;X.7.b..C.....R....LJ]..*...\..{..]:[....^../....Z..x2...M.]....jM..l.I....&4qF.bM.v:L.vE.'.Y.h0.."S...y93...W..;.........s......4C..H.t....n...((p.4k.5/.}V4..HF!8 a.k.........nr.r.j......CY.b.d.....H&.Y3f.$.4.J.Z....w{=6r..l.o.....V_>.?.'...x..b..zY..J....h...Ay/..s....o..*.I..c;s.\^..^4...U9...r$..\....l..m...1..6..q.........+.Y.V ;....|'.d...b.=..]....4Pj...BK..X..&..I......L_.m.`f..iQT... .....&.ou.0.'....c..;.=..t.c|f).....i01&R..7oZx..B.?.}....J3 .KTD..A!O<.....jJ..,cA.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 86 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2238
                                                                                                                                                                                                                                        Entropy (8bit):7.897965521812157
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:a/3bdLf7SAa7meAyze8p8XMnkL4NpP+Tl1TcVhCx4:qLddUJAyzVZnkLu6lF8hCx4
                                                                                                                                                                                                                                        MD5:2B2ED7BD7CD047459628DC4AE1728E85
                                                                                                                                                                                                                                        SHA1:F8F4933BEE5717D3CC67704F863896258EC023E1
                                                                                                                                                                                                                                        SHA-256:1DB0EC3C7FFD1C9DDEB5F0E4217C1EF38EB02700E4A7F3A557D1F052092D4E42
                                                                                                                                                                                                                                        SHA-512:B3CE912074BDE9758A93B18C6478AEB689A0AAEBC5F9D228A5C95F045C0BA24963FC7F32EC1E1BC93D50890132D3B1515247C9ED3DEFD99F517752A23BA7EAB5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...V.........G.[#....gAMA......a....uIDATX..X{p.W.....4,y.y.n..S..U.E.I`j....X..-.j..Gk.U..QFl-.p..V.Ne.hU..PBv.yF.....iI..I.$......../,.M........s..{..>vbAa...Tg.1....j-......R..M.?v..Vk..V..<.........y...t..%W|A.v..v..t:.......i........-.xud.!...\A.M.X.e...?0.7.w5..9......=1........~../#.wD(4.d./...-|..V...<f./l.Z..:..j].H.8..P...q....YZ....jsg-..I;'UqBJY....!.L..:......g.,.#W.4..y..f......=..<..B.......|..<..L.....G.uR.z.L..?L..H..al......W...4.3.......La..}.t_.".j.p.;.....'"..]yy5.... ......=.Q....QH.R...TU.I....f.......v{.V...?.{.......D,....}..b2..6.......^....nf""...\|.............w..J.i.W3!j....JCd...e[....$.U.F,OH.8....f.v.....z)z'.../...`8Pb....`xf.........^.7..`.K..}.c.S..7/z..Q..e.!9./..o..`.7.....v.$.'..X.v....v..".B._0Z.F..#......S]O..:.r.N.X..m...........Dx.....]....s"Bt.6.<..F.o+.z......B|..5DC..).,..y.0L.X.5$.Mh+.\].....Xq...~`..8..;YQ..t.{&....H.l.b..3..@(...#r..,......-...,..#..,......C7..6~.h

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 86 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1201
                                                                                                                                                                                                                                        Entropy (8bit):7.763272753991154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:8B/659eWA6XuELEiVKshz96Ajxbd/ErBYPwxhYvjtcFpcG69X7VSkHVs6Lb:8B/63VXuELESZPxbSVYPwUvBcFpc1Dpb
                                                                                                                                                                                                                                        MD5:A624A806CD38AA64130A0C228271DE75
                                                                                                                                                                                                                                        SHA1:118201F6A512D67C5EE112CD0A0C4EBD5C66FAD5
                                                                                                                                                                                                                                        SHA-256:A6E96121FE3D151FAFF5B247F926F93D27790250F9E2A27BAAF841DF5D82B6E1
                                                                                                                                                                                                                                        SHA-512:D8C08C245A6F68FFC058D2571567034229EBB96A595B17469FC7B6E26F6BF47FDF34C2527B5800667790F88648CAE8C7F262677E53CCB713968A6C03B0D54FE8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...V..........W......pHYs.................sRGB.........gAMA......a....FIDATx..X.Q.J.n..b}["x"....dNr.."@....$"."...8.t.]>`G.2.n..w..t.j....v.@W.4......L.]..,......&.'TUGdL.|.r.....N@.XJ'.BL).&(........A...L. ...,...d|...`0,...8T...EQl.PU?.A...!..aZCL.w....^.....v ...xUuI,3.1......s.1....g.uj.#Z..A.Q...^.9ww).....Jz.....-..d....k...C.m.=3(....rc.'.avwKM.u!........%.._..;4,X.}vbh.r..s.W.4..o.3*.n.B...i{_..Z...7..}e.Q.\n.j2j}.T@"O....Z.B.....b/..l.[.....G..3d...&....AS.UG5..Q..)e..<.5....|...O....g..b#..Mb.B.s.t.........R..;.1o..`..[.a.,d`E.....9.oT.........9..}....Y....Vf. i.3.. .....]..&.)...S8..u.(u0.N|.....+.(........:.0.m<p(.[...X.P....`Hu....!..c...).Bw..|.F<".7..;..........fT.......|..P.........|..-l.E.Y....E....L....e........V.W.]....~\...j.a..8...G4J..uC....(.....W6.....\..FDk..1...n.. Z...:....C;.F...jvbp.).....n...r...w<.j.Z....Q..|...u....8e.(.M.,B...E'&1............._`..../....6'...VU.....amZ....E..;...Y....S..(..B.m..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2052
                                                                                                                                                                                                                                        Entropy (8bit):7.890065571351557
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                                                                                        MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                                                                                        SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                                                                                        SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                                                                                        SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7205
                                                                                                                                                                                                                                        Entropy (8bit):7.9471260512499375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                                                                                        MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                                                                                        SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                                                                                        SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                                                                                        SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):285478
                                                                                                                                                                                                                                        Entropy (8bit):2.4849077310090886
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:gtOQaZJ9Lhsvel7gsxdrTr8M4JnGirZTiAF9EOoRoQoPEgyY7oooxro:SOQaZJsvel7gaWNVx4AF9EOg5O7BAro
                                                                                                                                                                                                                                        MD5:F7D9142AC3C0C7228507E927D05F9727
                                                                                                                                                                                                                                        SHA1:7B8C9829534DF5B2BAAC806141F72B0AFDCB03A3
                                                                                                                                                                                                                                        SHA-256:F91461D2F81839CB58DA4A9FACA47C51352558BB636C522F9272519F7D910E61
                                                                                                                                                                                                                                        SHA-512:5C53D7B6496CFC4A855A7CA9F95D2F127139CCB812610F74790867F056EC48A4F3A6F2CB95574FCF0AE027B9B3497F0D80B1FF235828EA66C92D18603081E725
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:............ .h...F... .... .........00.... ..%..V......... .( ...:..(....... ..... ....................................................B......t...t:...........................................V..............u...t...t...tN..t........................j......................u...u...u...u...t...t`..t....................................h..tp..t...u...u...u...u...t............................T..............t...t^..t...u...u...t...................................................t...t...u...t.......................................................t...u...t.......................................................t...u...t.......................................................t...u...t...................................."..t...............t...u...t............................2..........t...t...t*......t...u...t.......................................u...u...t...t...t...u...t.......................................t...u...u...u...u...u...t................................z......t...t...t...u...u...u...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):195
                                                                                                                                                                                                                                        Entropy (8bit):6.068066723651005
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:yionv//thPlJlawvlkV42/uDlhlp8Lts7CX9/Bxdzo1i9MsN2ocx1PmnCCj1vkxz:6v/lhP70wS7/6TsR/Dvo1oiPOnuMwkup
                                                                                                                                                                                                                                        MD5:DC1EB36132B94A110553E31FB69B06C3
                                                                                                                                                                                                                                        SHA1:B5E281F185E2A7159B4E1EE74C27FA31E00EDA03
                                                                                                                                                                                                                                        SHA-256:237B2E4C1D42366B7EC89852F5C43C7D12C961D2A8990A87FE5CAC827C6C2FC2
                                                                                                                                                                                                                                        SHA-512:3E51E41E82D903AC06A911CEB70861F49F682E6F22AB6EE07DE8FE4B351CF255F9D95FAAE7282C516C9226E56C6B7C8DF87135F0E7AC699F7179B4D176234E29
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............;.J....pHYs.................sRGB.........gAMA......a....XIDATx.....0.......A..9.....Y. .Kr..T..[W|@.]C>.q...bE.I.s..........TL*..V,.E.q......X......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):334740
                                                                                                                                                                                                                                        Entropy (8bit):5.49770045405099
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:vYW4/fFn7A4xnC0IzntmbG8B7doDbtYdLVYRWns6yC:vJCffC0Izntm6S7QbKDYInKC
                                                                                                                                                                                                                                        MD5:83923FAC3D4E58231B7527BDFACA2794
                                                                                                                                                                                                                                        SHA1:492C8D0F08203EB28A2999895B1B5994F51F630B
                                                                                                                                                                                                                                        SHA-256:B6E7BDFA89B2445E120C0583BF97EFA915DFD43BB02CB129C2D9267AAF3BA618
                                                                                                                                                                                                                                        SHA-512:A8A5B976417B19313C2939BD2BAFD9FB918A1F413713259C120A296BEA00B49D36CFFA1DE25A9C58D2987007FC9BBD4AE8D198C7D37448080C8E34D8EEDEFE54
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..``.... ............... .(............. .(R...#........ ......u..(....... ..... ........................................../C..0D.*@T7,AS..$-../<......................................-@......:Ri5Qk.=Yq.<Vm.:RgS5K^.(9F.3HZ......................-?.Gu..!<UT&D`.>]x.Ig..Jh..If..Gc|.C^u.>Wmd:Pd.;Rf..........#3.0Pn."=U@)Gc.,Li.Cb}.Rq..Rp..Qo..Rq..Qo..Kg..@YoeD^u.........%@X.$?V$2Oj./Nk.-Nk.Ji..i...j...e...^}..Xw..Om..B\rqHd}....._|..:Zx.Cc._Qs..Gg..1Qn.Uv..p...q...r...q...n...d..._{..........^...]~.,\...[~..^...Qq..Wu..n...v...x...v...t...o...j...m..v]...Yz.'\~..a...d...b...?O..&*..1;..CU..Vo..h...r...o...f...c..;d...Yz..^...f...g...GX..%%........R...P...i.."w.+;{.:Wx.Pr..i...`...Z|.D`...b...:Sr.,1..--..."a...0...1...D...x...j..,R.Op..^..Fd...a...f...<Yu..2Y./2..01...!U...4...7...:...~...w.Jh..a...`...\~.89Zz.:Z{.9Zy.9R.../..-....'...$....z...Q......!}.Vw..`...c...b...;\}.;\}#;\z.9O..#$..$$..&&..&'........s...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 176 x 189, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20549
                                                                                                                                                                                                                                        Entropy (8bit):7.986108821429097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ekwMaIBryFTsB7sckuOrzdqL+0ZgDdNiC+Pjo0eiTGhXDEi0t+XKWDt:TwMaINyFQhLRizdy+06DOLjBemmzEFWh
                                                                                                                                                                                                                                        MD5:0050197C4E3C6801D783762609EF6226
                                                                                                                                                                                                                                        SHA1:5B1E4016652C53EE3729D3125EB3F231DD69A206
                                                                                                                                                                                                                                        SHA-256:F42ECF07D3EAD5B48C1125B19F101FA4B3C6271F4FB43196876003615C31F31C
                                                                                                                                                                                                                                        SHA-512:B527E6A611394798E8467D797251A094FD9E06686CFDD95C40545697E79308246C51C007D9EBCF8B6A5B56BF810A851A10DAED9AE1DE9995B757558DFDCE0F73
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............)......pHYs.................sRGB.........gAMA......a...O.IDATx..k.e.u.......0......`.....H..IP$ER.c1J"G.Rq.J?.r.........B....-+....T"..-3$%.,.!>.........<f...}..{...k.^.....pa.u..w?V...z....q?z...5m .D{..K.....hC..c.|\F]V..]u...O_.nK..*..N%~V.#oW..........5....".....D}.%_.....MHS}..._/.G......Z).c..J....>..zsz.6..z...*...^[...Xy.h...l2..IT...\..R=.}..0.P].8.N..6..V.i.|...O.ur.|..u=.....2.x..>...K...>.....GP.<.3...6.R..78..G)..x........6(. .3...Q......r.^.....x.......q..@...]/~......F.v.W...IJ.3}......n>....l.-_I.0.;u..j.B=.9.y.?.d.].lB.C.....xQ(..2..dr..'C...B.]._.(e.k..O....9..2..p...=...y2.".V..&.lk..P=.x..K....J4..%1R...&:.%ax........B.k.q)....p..$...B+..:Y.s|.B,hR...j.K......-...G.1....-x.(G..1....+5..?..#.......P_.....$/.>.e..l..c...... ......@.p...Z`I...5R..BV.8c.L#.\.... %..B....)AS.,.>..296...B...y.l.b.r0.O.D0...^e.iDL.5Xyb.RPf...a...MTL.4.x.t....\uf2).J.6@r.../....$gQ.X.r0hvrV.|J.%...d+..#o..._.....G..a....+,v@

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_0.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 173 x 174, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6169
                                                                                                                                                                                                                                        Entropy (8bit):7.9459194185380495
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:dSEVdqkq8aVCRBai6cYQLO0lGHhzrYvET:c+dqkq8aVCRnYTh4y
                                                                                                                                                                                                                                        MD5:779DFAA69A79BA66B20CAD0BD22F5EE6
                                                                                                                                                                                                                                        SHA1:98226967ECEFCA769E6B653A54E8AF969CC329F4
                                                                                                                                                                                                                                        SHA-256:34194DC7D094C4A0C5332A9688C938C83A31C8C37C4BD47A23E602997655A9F8
                                                                                                                                                                                                                                        SHA-512:8B4A01D1E101600E56CBB1422D92D255515F5A044C09D4E89FCDE71E658F790FA6594B14702025115B817C90B3908CE76B021F089F503845A877EB21C0E10F61
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............D;......pHYs.................sRGB.........gAMA......a.....IDATx..]...u..3\.......m...~(....o..V+.-.Br?`[.....5`K.S%;.kK~(R.~(PX....y.-.(..J7..OQ.j.;.J...Z.h%k...7.....rI........!.\.....s.....R.T(............5.82bo.....1.U.o....{.Xg......2`....j>g..Z.-.r.b.......6........emW... .`Z.0..8.A.V*....s`p.hQ...R..u.....)(d9[...Y.q&E{..g...u..5..:..d^.x...L.x..d....j...>..t.. .QX.dE..-Z..n...b..l.D.Z...T.1........I...Y...l)....b`D.Q.*.u:..5.y..T.\}o.....o.....U.q..R.:.f.V.F...,..~.F.R....v.?.i#........!E.J.f.........R!Z......7v.....p&.~7.\..K..{.......d.-CbE[*}>&A.3V.o.W...I.......I!.Q7Q.5.5....Py#)}.......v^......k.J...|].....z],..5/De.C..Q7.q.Cn$...r6..U.&......*..7"1v!..u...].....q......KW..6.J.M0.c....'.d....T..........lF...A....].Cn...T.&......V..[..O.M.nv.~....;..H...3I.O....a.Rj......hQ...B..+[. OK.3[...9E+a....Z..eA....G......~....:uW..Y..\.1<.......-V...#qG.l.....I.A|T.t.sk....db.nl..Gg...g.).....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_1.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 172 x 173, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5131
                                                                                                                                                                                                                                        Entropy (8bit):7.9309654446277476
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:lS5yoYOqOOEaiMp84+l5poeitPG7DHJwcx96N4W/BqKB:lS5y4qOOEaLiTHJj96N5
                                                                                                                                                                                                                                        MD5:44FC2B1768487E2F1F04F95F14B8C388
                                                                                                                                                                                                                                        SHA1:FFACC7F192C58F5B247A851984239D7C86304364
                                                                                                                                                                                                                                        SHA-256:2F22DFA6EC29824123DF3861B7C654C49B3A7935511E9138E26F800483FD24BA
                                                                                                                                                                                                                                        SHA-512:16B28760DB3B252B520397E1158862322B522B07E63BE85501269BA13DA88685C852580F72000C76C86F83DD078DEE7C32BF157D2739D247B1B73DF99F697ED0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............-m.}....pHYs.................sRGB.........gAMA......a.....IDATx..mR[........ef.e....<.@u..!u.0.@....1"....*....V 7U..G.\......*3P..9g.......Y..|.....@z..>....G.@pDbq.s.....s....KJ7.3.Yh4..{.p.....X.W3w..`.@-..{H.....P...'.N@u h..?#.:iU...S'..8.v.....%. ...Q.E....7.)..4....Z.m...e.L<.#PH3M..7.>>.........^........(."d.46BS.H....].........!R....#^..>.v.g.k....Y.|..H{`"/..c@o.h.r'X.Kg.6....^....t.{....@N.`.....h..<|Rt...V......d..f^.,..*...c y.nf..:9m...g....eN...E..)...no.2Y...(,....e.&dB..,OM.#..#..4.7......8.n.#..n.R+X.......O.NZ.m*.;...+.U.O+..h{.)!U......~j..H.).5.\..............= .X.H.....R#..?....SY..b4...>.S.T._/.C..Q...9{T-...........I...}H#...^mM.".B..G.w.].i....~.....?.&vI\..:s...gt..yN7%...5U.....U.a...7/.q....j..).....*.S#`.....ibl.B..a.c..S..m.B.d.U..HK........?2....i..Ho...i..f*...X...k.B.eE..X8.^'+.i....;...%..I.....R.7.KY.,....`J.@.6Q...>......+/.C... .LO..61.Z.".@R.H....p..m".MR..XG..E..m..n...]..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_1.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):942
                                                                                                                                                                                                                                        Entropy (8bit):7.531868737958494
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:9s/6Hwf01d5/znYDjqWy8Yi5x7fzO/eoTMO/0T3hQ:9s/6Hw81fzYHqWyyDzD2h
                                                                                                                                                                                                                                        MD5:50A8EBBBE54E38389C31C82D126B414D
                                                                                                                                                                                                                                        SHA1:C93D3B7CB702DE03C6AB2C8CF7C6520F45613FCE
                                                                                                                                                                                                                                        SHA-256:B5750D21ABAD17B37896862D5B6598FABEEC4B45EB1C327ECFE4056CC2E890D0
                                                                                                                                                                                                                                        SHA-512:E67712C56B2B5465BF9481DEFB814A98439EA9656A6F65A0F6A7355D30979C65093FA5325751F5753EC615E8EDD7BA604B9E3E7A5BD46F95179C6DA56012002A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....CIDATx...MN.@.......7.9A.B.r........i.u.m@..r..P.mo..u....]...:...i>....q.?..q...../D.........}...V...bzA".z....ZH.$...z................$^.HVi.Po.@......<.q+.N.>..o3...u;..:;zO.%.<..l.a..2.....$"A...Jd$..7....d.r....(RO..5.s.w....%d;.CCp...=.Z.<8~u...w.p.H.DN.............+..(."..W.t....$.;......pE6......Z.id`...Ob..O...C.yP..M.6o.......p.P..PB%..f........'...WT......%Jd...6...F....V(>N>#...P.....Y..Dw....&.Q._SN...G..?.../L.l.!Y?....:......d.g.]......c.8.O.l.B.1....Q.{,......|.=..,...-$..&L.6.~zL9m.>.F...(.0Y....$....!.M....A.uk.....X.....<..P..d..^...e.....Ku......#..8..<...%....\).(......F...eubo....<..........]..,..p.<.ZV....w.amk.V...%PT.Ff.<?9.2T.'.S..Z...$..!4.....t.g......"t....<@.....?I3`.\......p........?Hgj..>.?.....TQ.........<<.r.9...!..L..P....b).Q.......B.......f..#<a.\.X....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                        Entropy (8bit):7.559903053416362
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:9s/6BsT2qpwH99jdztSFrR1SZ5id3SBMKSb6b0oqqR:9s/6BsOjxQFr88SBTBYoq+
                                                                                                                                                                                                                                        MD5:1380B82254D9056AE17D2C9C333BCD5B
                                                                                                                                                                                                                                        SHA1:FD419D0EDF583E313F7F7F1BE565E7EB3F2519B8
                                                                                                                                                                                                                                        SHA-256:FEECF9909347B956549A39AB182F367F78E9C1306CA2DA146638CBDD3BFBA285
                                                                                                                                                                                                                                        SHA-512:9FC77FA74EA43F15ECC787FBC6299492196E8218FFCA1A6A4D750EBAF2A588FC14399D498FAD9B1DE5A3E0A316F3DD57350A1B2B0D67309CCA699BC96ACE89F5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....=IDATx...AN.@...7v.`...NP..h...z..9.,.v.d...J..$..n{...knP.........M...#.......v....L./".....X..^\n.f......kQ..7....=S......Z.%.#@..'.<.-@...WE......x.:..$#...W..A...v..z.G8.U..Xs.p....<.N.y.+@vG...T..0`...........~.....;c...{..P.......!5..x...J..DoN..!@........]n.Uj.....]{.5cd...V.n....r.E.3.~x17.. ....C<..;]..43...h.1.g.<x..=4l.Kk..........O.......Q....<K.W.T...S].......`..eDo.U....y(%NZ......J<\S.`...<....0..$.R$...J.8.....Q3/..,@....~U>d.@G.j0.\%.0vvy...5..|.>.@....]...........<.....z3l.<$.!.!..@E..P`...]_U$#....\.zSp..c...B+..B..l.ly.....(7......os.Y..u%..!5..Z.$....M.E..~.J@.A...I.AgC.z..g.?c.O.sh:....fQ.yh..h]..#..3 ........;..x..L.......9...wS.{2.M.N.5.&.y...y...-.{..._4..'%o]U........~.F.....|..@@.....3.........M.=7..yA/......<.N^y...8.F*........3.9../Zt..cA...<........V..c.iK4....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_3.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):664
                                                                                                                                                                                                                                        Entropy (8bit):7.3611901561562005
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/705s/6Ts/vZBGTY1vFn4D3brB0lG92JFFC/aE8Eq3b8jd7sNksCjz:9s/6EZBGV0A8A08WNksCn
                                                                                                                                                                                                                                        MD5:FF3D7C0157D5D1D9A28E91FB2A0E6662
                                                                                                                                                                                                                                        SHA1:F6B73B87D42B63F7BAA5A6CDE25961B6314CA913
                                                                                                                                                                                                                                        SHA-256:D55C2405879639524333F7262828C370B5331C8A39BE070CCDB888BFB4F715B5
                                                                                                                                                                                                                                        SHA-512:698830E86647EBA52042F0CCADA114B64C4462DDA153B563662AC6E91AE502A275B498649E3154C7A90CE1BE883C29DDC9AB8445F580562741A2E1C8DD4B309C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....-IDATx...1R.Q.....Ha...x.z.3....0..h%....T...!.0v..b...VO@G.$.w.d_.. .Vg7.O..,..;....E.....U.......=....l#9U.....).e...^_.........hs.)..$[.rqr.!.....B......i.X.}...S.d........D...........{pr...P...x.{.2.6O.v.i.<......P@.......%8... Y.L?..Pz..x.{....t.|.!.+...Pb..xE... ..V .YC@......C......wgnC...'..v....; ........"....,..X...(Ym....B.X....d?......w.j.T..f/,..^.uT.c.A.(..=8..E.5].e.\yY...........!.@_.sM'm...P@.........F....NtOflC....+.....~.?.z.|......O.....P!..x.{........$W....`4i../..../T.K..{.B.h[nZ_.-!6..Igk...l}.X...x......w..F6y....5....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\spinner_large.gif

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 100 x 100
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15416
                                                                                                                                                                                                                                        Entropy (8bit):7.756586242434715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eK1L3Lk1UyxwO8tIZrkr+8t4vR8O8t4vWn2x8t4yLO8iDd3TCqM1oOiOvL:P1nkKO8+pT8amO8aenQ8auO8iDd3TVMD
                                                                                                                                                                                                                                        MD5:365D3E659634DF5D5289F14E1855E714
                                                                                                                                                                                                                                        SHA1:51010713312E23DD9ECBCA17A57FE944A678576F
                                                                                                                                                                                                                                        SHA-256:651598C518BC9F405F1DBDBACF89343D87B70DD2DFF93A01FD20F96C524E78CF
                                                                                                                                                                                                                                        SHA-512:2243FEFAC77C3CDC1CAA5E17BB01057A6A343D1852B58B48F7F34610814CE8BFDD47E9E2D3D3D12C8ABA543786E1CEF8E22E42D6159F222F49534C03845F4D06
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GIF89ad.d..?....)))............................................www...................eee...XXX.............................................DDD....................................................!..NETSCAPE2.0.....!.....?.,....d.d......pH,...r.l:..tJ.Z..v..:Y..x<..(.....r..@{...DL8...=..t[.....6JzhaG5#.....W....kI...E......V........C8...&.U....z.B,..$.T67..;H..?*.)>.T....F....T<.'.F!....G.J...G.F...K.t8..9J"..............c.....x.8..!Z..CV.r.CI..),........t.H...?x.....%L."..0..J.$.2E.7.&5Q.H".qS..1<{.4.a..aD0.h...:#Ls..8..X.G......F..j....E..g...0...!g....a...E..@...\h...em..=...x1..\.By.z,....X... ....U3Y.+D....+...y..H..<9.!....Ac.=lw..?.E@......h\[....c...q..Dpx..M...=..^.;...J...K....P.@......s......)Q...!@T..........Hr..w].0B..|P..,l..mK08....G...`...8.`....w....u..6.v.."LHD...1..C..X.l...T....'.GD.#d.I..*...l........h..X.".)....W..T.d...0...uc.Tn..BV.@.w...b%.e..v^T.U.).h...f.....8..........'&..X&......P.bC...`...$.f:.zi..&.,......B[.V...l.l........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_ext_on_guide.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 176 x 134, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15075
                                                                                                                                                                                                                                        Entropy (8bit):7.979399641440617
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:B80mK0kjvC93yIZ97t991dRVGJyjz4poyVIor28Z2ci:TmRkjkRr7z9lwJyOoyVIuy
                                                                                                                                                                                                                                        MD5:2B183B9A55E2A55A566E6DF71751FBE8
                                                                                                                                                                                                                                        SHA1:F5EDBACF9DEF16D0DF52888EA7C398BF51601AD9
                                                                                                                                                                                                                                        SHA-256:6965355533AA0487DAC22F5D44CBD72BCA2C2ED2A75558DE725CCF5B8D1156D1
                                                                                                                                                                                                                                        SHA-512:47FB4AE6DCE69854D78190797DA2536C21C04E34F47CC4CADDF4746CA6B86EC522A6ABD2BCB01D2EF26E378513AB49E97AD470EB2503B345A15A80475768DC86
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............}.......pHYs.................sRGB.........gAMA......a...:xIDATx..}i.].u..o..`..X.....I.+H.H*.Hj1Iy..E......e;q.8.r*..8.b.J.J~D.....r..Zh.2m.&ER....H,\.....`......>.t.}o@,#.g.......>}.t...s/.N..!c...sY..EgR.s..-^.#JK.3!s..Rt6."...zn:...f6%..:6.....g.jU=Z../. 0..,...L.."..K.W..9..:.|...j3.&.........Q....^<g3$.i.<..S..`.Z..?VA(..*-...__.0R.9..|..`$......$.5).T.....7.l ..>.i.x...|t...wMx.w:]..@:i(Hw...N[.l.K...4...8]...7..Ho/..@....T..x.o'.+.....Q|..2....&..u....P.......uC;......,..kh..mHDI......l.....^..C.OH...Hh.$..ei.C..3d...U...S\..V:.t..qH.d...2..A.&X...._\.P?/.......C} ...M.e3..3B >..v..0.._@R.4&.GB.(.<.%....P.y...I.'.T.].%..4..4....ZW.<. g.......H..H.........(...k$o...]...9.d..]7bna.....0= }=....4..NQ..$2../...y....XS.^..l...O.].:.)...E.iKH..S.....%...&"5.4..@M".N...X.(~-g......&..l.......Q[.....*.3.....M.....h.Q..r...0..G.M%.Z._...S.4F...x%4CLJ.d.y.........).V.(.<t.a.J..&=hSi..'.Q.d.l[.).. G:M...)N....l............

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_off.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 49 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1210
                                                                                                                                                                                                                                        Entropy (8bit):7.765526156253972
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:E/6VTSxUkuCt85lv4ufWEzeHjWbbUTIOg88TZ3YA6KvyJykQ:E/6wOHD5lNfLz9bba0v6z03
                                                                                                                                                                                                                                        MD5:1B45AA1C87C95F01CD701E67021C8EE8
                                                                                                                                                                                                                                        SHA1:C5F46E430683FAD4D9C8D97EB07FEB4B0AB05000
                                                                                                                                                                                                                                        SHA-256:8AFAC0EF4E2A13909896CC2B0BCAD6A2D0C5890A0EE801A7F9F95ED3E788F65D
                                                                                                                                                                                                                                        SHA-512:99042A14C120ADFFEECDED7FB9DEE60B0081DC586EE44D87BA47B7C1EEB0976CFC2ADE61E0AA7B90F30A69EEC1C30D95235C82E7743576F5CEE4B52BD57968A9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...1..........f......pHYs.................sRGB.........gAMA......a....OIDATx...O.G.../{.1..E...9.!..,R.UP9..^8F.R/M.=..zk.. ..!U/U.JT=TJ...+.......cm....;..$5...*...eg.....3..;......=...'.._.....E....6}.....v..T..Q..)...b:nR..x.....a...."........L(.....h$..4`..L.RC..].V.........{.......Z...3..."x.......bV.v.b2..t../.....w...f.....*...X[......uG.D.....R3q.=...8..."r.......9..8.E..&Z[....H.... .B.)........{..ah8....pv...h6.F..:>.'..i.H.D.J3Z h..'B.>..x.a .. `.r..!...l.*.......6.&.UO....k.C..9,.. 9.A...o...F..'!.......bg..N..`H.u'.9.T.../J.*x.S.....E......bum...|'.mODy...<?.k....N.N......[..U..q..-.z.W.qq..I.....A.J....Y.GR...N.LF<.Y.BQ.Bne.3s.8)S...$G...........?.......@.4M.x..w.l{.^....LL....#..........!.M...'.<.18........a.....)..H.i%.}....f1K........$..D..m....}[.>.1==M.S..w.....4.^.....[..........^.{....=^....(....C......QU.o.l.C.$.}ahhH......X{*u.B_../[Z..Y.p,...3.. {>jY..b$.g.h..*.\&..j.MZ29`q^jeLM$..s...^9...Q......._!Ko..!..P..E..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_on.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 49 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1298
                                                                                                                                                                                                                                        Entropy (8bit):7.791073489480044
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:E/6mSAjeB9G+FMjdZy1nnvp3jRLalTO/c/PvJaHydaD6DYwlociHVLw24/QhH:E/6PAje5FMcvmvRaHydauBlol8IH
                                                                                                                                                                                                                                        MD5:2CB18A9BA461F4EA1A627AC4457F310E
                                                                                                                                                                                                                                        SHA1:2A482CE4421739A75EA57905F6C9417D67B0599F
                                                                                                                                                                                                                                        SHA-256:3630AD753F65CB8FFE2592AA4DA02DBC54AD46F5E6BC14C9111E82235A739CD6
                                                                                                                                                                                                                                        SHA-512:1EB92F13806C98324B7ACAA5F636D2E31CF94A330642B8378DC0DA88EF22D5B9D40F6660A74C719B9EDB9196258212D6214A079F9887A96243E74E292101E521
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...1..........f......pHYs.................sRGB.........gAMA......a.....IDATx..oL.e......Y....H.Hf$Ct{.....^L...H.{a|...E}.&..l..........BH&N....l...:.2."..^[.^{.......A[.b............w.= ...;Z...y..' >.....dP:H).T'.qeO.....|.A.`&~....{_.....E.~.Z....t#.l....2..+....[....x\..q..eL!S.m.'...R".:..2...@c..xg...................y.Fc.......[w.....!J...N4VT......x..........3"x.PA.d...W..x.j.n.:.F..w...Bd........,\7...G.....V?....=.f.2.n.,<.9aU"....G^.$.J...l..MDT...+1=.R[.....j.p\v.9.G...."X2?.<.X^.lQ..Y;.. ....o.........Y"(.yB.[..l.eaI...' O..f.j.i...W.K..t..sad...)....).......8...?.-&b3V8Qz..'.|.\.&...7d./F.....)B*..#.t.~@$..j...+4`..I.}......6A.....M...<..1..C.'..`.._.p.e....i./d..~C.......... V..NZ^ ..N).....b..l.#..N...]....85.2u.z7....2..O..J...........?..j..s..~>.....1.tSL......Q...\.(..g.>......[.io.......}...X....f..3O...B2.1....da<Q...m...U..r..O..&.?q.]C......r..w...R.`.#.}....O.Z.....%.J..E.Qu../!.,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_1_3.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3245
                                                                                                                                                                                                                                        Entropy (8bit):7.9134385325834735
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:5Sxtw6uF4h1IoiShJRcX3/okKqShNmdXXs8oG0S6Fc:5S3w6X+0XZcsFNS6Fc
                                                                                                                                                                                                                                        MD5:42B15F32E9F2B2FE7874BC8B5CEC3FD9
                                                                                                                                                                                                                                        SHA1:0095AEB7A50DAD717D5C831DA04FB692ADCED9F9
                                                                                                                                                                                                                                        SHA-256:0AA2F6F56226AA14901D0FC02DCC9FE7B45A86F49725C1B638252F90117181B5
                                                                                                                                                                                                                                        SHA-512:2113BDE6D0E5F0D96F55C1DC07A1351A697B0C1193FDCA41C5E452DFAE38B96E53D717C74A840793E53696D0C3503D8693B403639C30D56955B47DA0787C7866
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a....BIDATx..._l.G......;.v.Z.%.I.(U+..mihCs..@....T...P....."......H..!!.#Q.}JC.<..VT....RKJsvZ..N.R......;g..8N......}$.......o~;.3..B.!..B.!..B.!..B...YQ>;.\.S$..g.3Q.r,...F..Kf/..h.@O$.-R.$$.>..>...e....{.).q...D.-.5...0.Z.R{.a`......$\.rV.FLS.....%6.. B..|v2eD.G...M.V.r`2-Lq.0..m. .B....DOK..#..k.....)N..]C....k>;......).N.G.BV..K..t.T.T.t..BuZ+...Y=...c..V.....0).......8s..41..@-.P..7D.&X...s~..Gw.c..5..cA.......~..}hx,#.9...H_.k>{..<r.Q...Z><......h.1....X/..k..{Q'.>T.R....')T..T.8o.VS,..@R.....0.uPs..SS......E......Y........;_?5.i.g_}.....>.z.U.*.L.^.g..A.C.9.[...\$..>.`Y....!..j76?.....#.^.F.....h.U?%.....{.<...>*.3W.Eu.X..'P'u.T.^2:T..@l......hR.TU*..._.y1.:.[...w.K...U..q.k.k.|../..y.uR...BU..........1%..L.G..%X.L.q...TCu.....kU..0....L|J..........?.x..X-.......Gx...._..B.'.-..l.. .z...~3.f.V.>E_.^.=shk.k.^.@....[.y.(.dU.k.Rajm-......Tk.H.d....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4647
                                                                                                                                                                                                                                        Entropy (8bit):7.934941782690532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:5SrHsLRJGNY3SJ7+U/I+TWVdFP8FFYTq3+Nas4YCiuSuWozqB1phz:5SrHaZ3k+UDiV7P8FFY6o4S/oO1x
                                                                                                                                                                                                                                        MD5:06438B94B66EEB804C86F363C62BFBC6
                                                                                                                                                                                                                                        SHA1:CF3D09AC9D952D6FF0A85D0AC9BEEBDA22CE0EDA
                                                                                                                                                                                                                                        SHA-256:C879FAFA5892DA6841E0EA09F2EFC9F68762E5A4752D62ACA8C9B95828B6FEAA
                                                                                                                                                                                                                                        SHA-512:38328E330AE12BC31EDEABAD908C86A1C486CEB0D14E9FF946E459D0E88243F3DE0EB603CDB6E31B4CA2EF6BF70428DB5EC54B3C705E3043C9FB0A649E11FDA5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx...l[.y...^.zX..Fvl..:Mj.[`...m..y...Yn.>....(..N.n..`..tK..v.4.....k..c$..Hj.(..nk.A.;.`Z.dG.P.eQ"y....EG.. /....`..i>t.....w.s..P(...B.P(...B.P(...B.P(.#..YI%..r?.b...l...#.~...7.h.......i.@K(.....8k.wE....,......1.~F......./.."e..+'..6].]BD.....F....w._:..ub.P..J%.[...sSksGH..F.x.i...C.me.eJ..k,1.R...&..>...c.4..pU..C(3.FX...6.c..hE.r4!...rq.@...l.nO..P....9...c..V9.j&.0...U`..Vzlx.7..\.5..../D.FX4..4....;.a.;hd.O.E`......^{...X...i...0....&..A.u,..W(3..]....0.t.k.Z.E..h......X...>.M?.Du#...i..Tb...7.......A.aXSS......8h0.g.U8..h8.I..........._.......^.+........5A..i.}.s.n.E7.G.FX..0pH........-..o....m(.E.N..7..P..o.vY.:c#....l.z.ZD.^...4.$=......n....a..\*...?..b'<.3.D.....-P,..q.K........k8...$.R.*..a.{..........C.....KT.;...#/...::.[R.cI\.j]....'.'.l..j`(.1..r%.{..E......2..XTR.....r.t.O.........i...8.7..=.5......k.E..JT..[.Eu5.....0.J..LS@<.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):37458
                                                                                                                                                                                                                                        Entropy (8bit):6.1115518910654325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:h9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZh:h9DDI6thXjez1jtnq
                                                                                                                                                                                                                                        MD5:C58C13F27431EE71CA92B90B8C1489FD
                                                                                                                                                                                                                                        SHA1:1CC53186CD7880425189542302E80578AF6B858C
                                                                                                                                                                                                                                        SHA-256:62ADA97381EA697031E84EBCC577CB3A9720F16BB2740161F9DF9B0386CE2FC0
                                                                                                                                                                                                                                        SHA-512:78E4CD236A3E33EB1516B5E9661A9B42647609EDFC5F41C530B2B6157A957434E55C555703C4972717D847BF833475A86719F714F0075C90A479AAD34CA5C9AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Open Sans Regular */..@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXhv4

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34216
                                                                                                                                                                                                                                        Entropy (8bit):6.048880024669963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZv:E9DDI6thXjez1jtno
                                                                                                                                                                                                                                        MD5:B9C2D0A67F0DFB369AF59A0D59E92473
                                                                                                                                                                                                                                        SHA1:24707EF5942BCD780149B05CAC400E93A1835498
                                                                                                                                                                                                                                        SHA-256:88C968974A62EE4B7C4FEC7A74419166DCF4285B8870140117F2C7CAF97C3CD7
                                                                                                                                                                                                                                        SHA-512:B3FE1806246D952374EBE861CDB916619090724666632F62090202F84F143C89AF5A4437C825EDC19E7F5DA0AE4448E831293581A50C97568155AC8D035DB1E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-core.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26073
                                                                                                                                                                                                                                        Entropy (8bit):4.7762916811662866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:J+6T4vNmgN8t0+yycVCI6z0jG7RMDX4WUMRmvm/M:IDIyE
                                                                                                                                                                                                                                        MD5:5BA48D77DFBB086D11459D4DF9AC49C7
                                                                                                                                                                                                                                        SHA1:27C502CA093CA7588E228F6E46FE0DF82B35A247
                                                                                                                                                                                                                                        SHA-256:E725C3B18165AC8F8A6DA0EB0FC8314DF843B97D3975574F5A931BC9E8A5B493
                                                                                                                                                                                                                                        SHA-512:B3475BABEC402EC07A3E7604B0B15A274C1C42A7D9AB2CFDE9DD1313DF5E9F7B423363DDB8B4B2358834F2948DD34B4FC9538E8660299576FBCA680D5638DF3A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step1.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6397
                                                                                                                                                                                                                                        Entropy (8bit):7.947947094706784
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:GSzkZH+IG8+1lqPrujYGCbSDp98cti4FSwgfYf3:poZHw1lNj9f98trfS3
                                                                                                                                                                                                                                        MD5:4538CF17F5E72D4AB6748D921AAF47C3
                                                                                                                                                                                                                                        SHA1:0721FB317398B3F389FC85B57D7BBBB5A5C8EAFA
                                                                                                                                                                                                                                        SHA-256:CD03355615D11022E11EE57F35A0E994F42F60A03CF9063FFA7AC0321276129C
                                                                                                                                                                                                                                        SHA-512:D9DC3ADB291EEC7CFCD317DB6D9BE5C662BB25DE22AC8056CEE7B16F710F119392A46CCE4250900DFF59DB4313A6B23FEBDE30240DB9A3244C3B008A49ACC422
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...tT......I2I.....B..-..[.GKJ...+.+.(.j[{..t......O...n..Zc=.........Z8TA..=U."2...7I..w..M.'3o...wf.{.>.h..L2.......K.....V.....S..N...9ts.>B.....Z.G::..e..\.....c.i ..`.....k.J...[.*v.v>.D<.?}..C..p./.@k::.@.S.B..No./.\...PZ/.X....7.[...?.....x.-..U..]PF...Qx:..Bts..\.It.............l.).I....LY..P.D.....G8.....#....th..JE\..^.:1.t..Q|^Mk...ek.2Q.}V.o;..E.IR.#........u..`..!.....n......`=.)..N..2..ex?.. ~......y.......`M.0..a...m].J..k,ik...W.....Q.......O..0.m'H[..X.LP../.z.......y.F.6.E..l....`......K.H..1.6.......o.....9W...-,"&!..[9.....w.......=.f.......(......2Jy.l.F..7.U?.......>.u...WY.][V.F..j7.:`.X..g6.[.Z.Z|E.....)kk._..X.....nx2.2.....6v..V....b...\.Fn....W....[.::.%.?H.5.H.C.....X..h..1.d..3...gPb,#D......I....K....#~..*.....>\..=R.9~l..D......w..2P[..%..B4\1..+.... ..@..c.9@.....iG!........d..'}..F.D....m.(.....=v.lz.:..N...F....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5418
                                                                                                                                                                                                                                        Entropy (8bit):7.941310197666969
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:GSscx0y/nkoEVlqHdvygby9KULounF17qTN/Sxgn7ylwgwIMyce:GSscKy/koGlCdv29hLJqxiEybYyv
                                                                                                                                                                                                                                        MD5:A1373F9C03567C27AF0DE96E770E45B7
                                                                                                                                                                                                                                        SHA1:A97E90B04460E4AF1D8425A9D9716782739C79B5
                                                                                                                                                                                                                                        SHA-256:EE56D3790702A7A91CF1BBD73326E6852CDF648C77249876D8D4410D5E1DD52E
                                                                                                                                                                                                                                        SHA-512:D65BA6F131F7EBAD0267FEF9BD555121429852DDB58F1D51CF3CBC800114C93BD8BC50CB06437BA999B7B585E943930CF7AB8A65632C1B9BBACBE5627027BE3C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...S.Y..3.........A...6,.{...{",..a.=Ll.,.....8b.....=..r.eo....o{..........U..R.T.{U.*.O.m\.!.2_.x..4#.._Z8......C...U.M(.4=....St...S..<!, ."".....-..6.#P..j@X..*.QG....sU-V....+:h.../....F~8.."..NU....|......L..'D...t.....Wt..V.&...@.v..$.s".8w..d.E.{....A.p.G6..2.Bt.....O.h.F....4..f)3%D.d.7..,...d.a)..r....r2!...El:....)...wMi@9.V2.Bl...L....r....c+m.L.....#..J...*!j.....\%.L..9.iNSYT%..fh.k.$.5.....5QZ+Mb........D.X!zIhsWX.E.(..:]y^...8!j7..I...$......k.F...s..*<O..@b,bZ....u._.M...k=+.M4..i...D...t..o..$......E5Q6.....3].i..o...}.3...3...1......;.(..|./.U#.b.h.......Jy..XT..0f.....Sm87..?l|..Y._.k../....?.AY.,.x....q...=Bc...X.... .2/...pQ3.j.........N.n.C..E.s..e.O......Tr.'. . f.(-":..&J.n.]..........K.h....$./...B.E!.".H.).X.8..Q.?.c.....|.h.-d...?.5........K...1....<..:_...d..d....h... ..c.BlUJ.c)........... .T..1Q.1R!.'.l..ai...Q.1R!.&..R...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-woman.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 261 x 265, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32309
                                                                                                                                                                                                                                        Entropy (8bit):7.9804976554334655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:7NFP/8lSUsE2h18x4Su69ZU+VJpszMXneyg5PTg:fP/8lSkLd9jpszGneyg5U
                                                                                                                                                                                                                                        MD5:FFEBD5099333A2223979DDC7AD6E75E4
                                                                                                                                                                                                                                        SHA1:5BE640F0A871C4B1C9B2858ACDB8795B96F44586
                                                                                                                                                                                                                                        SHA-256:4F80FA15BA8934B3E4612BAF88F1DD2A633A1368A18F4F592D17FBBFCB635851
                                                                                                                                                                                                                                        SHA-512:359A50BDF3CAC8AA7B4D8CE42CB83F52CFB61AA969EB8B258F09B9BF1311C0B7FB3B974CEDEA72A0B94FDB0055CDF1F7489390E492F07547DEBE75B2EE5FC728
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............T2.....pHYs.................sRGB.........gAMA......a...}.IDATx....\e.6~.[.^.g%...t ..H*.#::iFG.uh..7..3.gQ.HG....F...g.q!......."J.i...v.$.....{..9oUu.;.Iw...._..[.}....lD...0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.!..9.e..."O.B'..6M.."(.rQ8..E..9.....\.*.........:.$.Q...C...{C!2p.. .9.....o.I..D!(.k.A.L;....&.s..).Q.-.}+....B.....m!.s..).1..A.;.o....T..)b.a5.M.....\.fKA......Z..M../X..?/p..H..%...R.#`w...3\.G....t.L...Kkz..!20'`....[....U;M?.p'.....{.....T=.R.rp.....!......07`..U....)}.F........k.j(d.j.LR.l".."..d..aX.U..6.z'.B..Bu....&...,. }#..Z..B....D..f/"..X..0......P....N..~....@U. ...>u)..!.J2P.0H.....c({.q.......A.U.].z....z.202.R.>....).A.U..0..L1.R.:..2``.a.B...9h......)T.2...:|.........t.&.U........H. .._....7.........3.6\&..[.^;.....d.*a&..FA%!0V_.,].x<q....w..[7..%3S!Py.9c....0H....m.#.....v!......xa....... ..z!..@Z........F......w.&.....K$Q.U......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-bg.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 300 x 584, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32345
                                                                                                                                                                                                                                        Entropy (8bit):7.970403798736529
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:b4L2222222222gBS2222jbjKQiIlGtteBfKZiPb6++0SqnQcI:bybjbBlGzCCI0qnDI
                                                                                                                                                                                                                                        MD5:EBE97C44DDCD9F77F1BBA3B2438385D5
                                                                                                                                                                                                                                        SHA1:42648E15E7B62FCEE58CA5EAAF0CBD81A63E35C2
                                                                                                                                                                                                                                        SHA-256:26EF082565402F86EB018C87E41473F4FB2D52EEAC73B9CFD8FE81D51931AFE6
                                                                                                                                                                                                                                        SHA-512:552D36347A3943830B04A4DE2D0E4E2032A9A108203E824ABBF16595781A2A19CAF36FC813422AA6F4FE74F4B219ED376305D424E0CF17332397969E26DFC5D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...,...H............pHYs...%...%.IR$.....sRGB.........gAMA......a...}.IDATx....-.f..k.c.........l................RO...x.@..A.R.......Q....\.*......j>.HYVdCuv.1.#;.y..W.zg......De....|.gE.,+..:-.......<g.e...>..._._a...V...+.@F...6hJD..+.H......m..+.H......m..+.H......m..+.H......m..+.H......m..a...U......l..6fW..~.T.J...zy.]zX..(...!.*.g./ _.9#......GPH.#.....(?#..c...k.6o.-..e._tO.Mk...'.B..W...V+.. ].N5xW![.y...~.vx$....U^K.....~.I..GQ&.w.{ye.l.6.hug.ff<V.HD&....e..r..Y..L.F.j.....I..9..+u..@...._..lGWN..l..J.H$.F>%L$..A:.D"q...J$..A:.D"q...J$V.O......wbm7...g..\..5............a...QS...*..k..4....3Y.:..ioq...VN./K.b.S.../...r.o.]Z.(f........(.........p.#...E'...J......j.&.......AG+....X.}%,_.t5.......T_.C.<...!...C<.>! .._..#....3./K...#.Q.@.b.iz@..U...h....&.5nD..UEFQn<.nu..qVz....k.-......)q..+..0..V.E.....h/.....w..+.xu...t.D.Y...5.(._f..Jg.......;.8..".....C.j.f.U$...tw........0.H......m..+.H......m..+.H......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 200 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3472
                                                                                                                                                                                                                                        Entropy (8bit):7.914294719380596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:0BOO0xiRfpQu8pTvaIyE0E+y2Y5NTIMDBoY9I6ZDS9vH8C9SHZ/R0Jjnjc7xa0Dx:CryTvkE75NTLOY9IuS9vcCnU/DW2
                                                                                                                                                                                                                                        MD5:DAB5B1667C76E51B013C1C4AD2F7D532
                                                                                                                                                                                                                                        SHA1:49375ECB91B075E06624BFB5FEDB3A0DC4F1935A
                                                                                                                                                                                                                                        SHA-256:A4B95F7D7A776BBC6A84997A601993D3D4E0EC66B48F7D1DBB816497A248A24E
                                                                                                                                                                                                                                        SHA-512:843E8852408E5962C9FE62EE2441E3A41622CC929CC22AC9C692B5B9C8CA9D912AB143BBAF274899C59132A429B9032BDFADA51392E221F6F98E25C3DF0119B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......(.............pHYs...%...%.IR$.....sRGB.........gAMA......a....%IDATx..]Mo...~g).,..]... . ..(P;..T/..R..z.....Ut.n*..\b.?.q......-P.P..P...X{..@.AW.Lq..;;kQ..~S.e>......pv.y?g......^...=.Gc#%..v{.>...pbb.n4V.{{{.E...2gl...iA...I..Z3L..O\.|....9..^..Y..ax.....'o.g....1........-0$...-..i.e!......6....u.u.I}."..A.....xI.......~5...~....|......L......y..iBB...w.^...]R(.y.q..T...}.3.4.pf.Q.A.)...../..kmp..$9.Bg.?....."...=....G..W_..?.._M....;H........g5....r..g..... .....jA.($.o.y...7*)......c..)..T7.h....W I.{.5#I...|. .].p....Op...\.q.,.@.@.r7.Q>......5{....O....."...#.L....]..-.U..\,iZC...|.......i.s..-d.R.....4...(B."51.MB."..g*.'.<....e....8..'...!Ks,....i",A\.D.............{.U.0......:..x........~.P3.x....x..o...,..-....3-.{..Q.+y..+m..!...m.$..|..U...H...O@...8..rQ'.J......@....^..P.vvJ.....L.......m_..s.$[...dK.}...L...~8...../^|..U...x.De........>..jk.r.saK..\.:..".....3......S. &:...}....T(..?......k....Q".....^.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-window.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 227 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6759
                                                                                                                                                                                                                                        Entropy (8bit):7.889394285207192
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:ZgNNLlmxVJnzXmgYshy0/MMA+SJ3zjaVDRL3Y9M8jX10ZYUQhyG:Zg/lmrVXnPVkzJ38dL30M8X14G
                                                                                                                                                                                                                                        MD5:F17683FB6249E0FD8188AB2844EBA5D2
                                                                                                                                                                                                                                        SHA1:A084098F96F87604F96737B202935BB1AD023F71
                                                                                                                                                                                                                                        SHA-256:A0977CF048480EC62B8CF0BE174466A31612C21CD57C20A28DF69EC7A465E8B2
                                                                                                                                                                                                                                        SHA-512:3E2406EE7F4BC41059D4F5ECEDAEBDD0377906EDBA31423AFF86163C217DE47181201272641688AF52FCD00F10BC3F0D90A819D5F48868F598941A4B8BED32DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......-........<....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx...{.T.....~.L......pI"B...M...j.+HRV...T6Q....M%Z...U1.....q.&fAQ.a)...DA....0.# ....=.......3w.=..{...p...L.t.4...9..;.^"....:u.Ot...D...[Hy.\..<.!...R.~.#...;wP.j........P.....Cy#.#..m...y..o..F....w..]..uS..u-.,.Fs:.;.|~=..].R>w...g=Z..%....4.....x..9y2.....sC....q<.......P6.Ea...k. .4.:...r|..._..~.0..`..@3.y......,..u.#.O|].....ty7.7.SU.^......... ._....~!B...S.p...].~...y.^.s..$D.......O.g..z%]...............~.n.t.^:0Ju.X..n....sd....0H..:6../.q........?T!. ..8s.~..HM?.......)?.....dB...xt..i..;. ....A.d.|...........)A.^..?.1G.j.R..&.........w|..0.O...._...8..9..0....x.(.:..^=.....3.5|..B./..`......@..vT:F.k...!..}..... X.P.<6,......S...t.d..P..J.;..W...|.."P.....S........~k.........._..W..T.fr ..z.=...^T...T.u.}.qEu...=.}.w..~.&.x..jm.VD=A,..V!.G..g..".~..}^R#.Su..S...8.z'..0.....@...@....8.. ..6..@...@.^..r.....Um...~2.....1M...a...a...a...a...a

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9632
                                                                                                                                                                                                                                        Entropy (8bit):4.045467695885821
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:jUSSVnGzSsn2hwPYeTZK+GzoulH8OJo6Jbtyxo9+jRusFRLLDeWn4bMe:ASSVGzSoJweTZb6JbwkEukZ0F
                                                                                                                                                                                                                                        MD5:FCA1638E8007044BD9EB099AE7952CDC
                                                                                                                                                                                                                                        SHA1:8FC3EC2B8D2E756688C166C2E7EC65CAC984C4C0
                                                                                                                                                                                                                                        SHA-256:F52C4E21B111DCF7B039409869483CBB0791F5E2E841BAB1E1E211115A63EF21
                                                                                                                                                                                                                                        SHA-512:6400DCD31C8FBF234F49DBDED0530D812AF991FE84993CF62352FD79A4A70B20A9393DE7883EFEFE634E381A0FE0D6EFECBCA5D0C6DECB74AC1EA6681DB4A1B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(op

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4238
                                                                                                                                                                                                                                        Entropy (8bit):3.782527164526876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:kZ2B5nzQw2n95lN1i1BMHiKHzReZDeVBvwCip1:kZEe0fIpHNeZDQBwCip1
                                                                                                                                                                                                                                        MD5:E4BBDE9EB69D4FFC81DE9F00433D5429
                                                                                                                                                                                                                                        SHA1:3AF039064EAA72DE58B859E2C0510071F25A5EF9
                                                                                                                                                                                                                                        SHA-256:3AE7AA1908FF423E9EFD17A5AD46D88AE89C6CE17E5904BD330A8A4D441648A9
                                                                                                                                                                                                                                        SHA-512:A2151EE7F3348D6DB1A5C25EFB34D24D5EB7583553B05C3E6D2AA43C780F26CC75CFA7CD7E571265EFAECDC81EE9CE743C1B42A6F3190509EEE05705B87569DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html.. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content"

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-uninstall-icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3395
                                                                                                                                                                                                                                        Entropy (8bit):7.880811480479431
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:WS0DKX8AWw5a9tRVEGCtbiHX+VGIGW09iYl1Avo:WS0DnAH5YRVItSLjIYDco
                                                                                                                                                                                                                                        MD5:E423607709409638253C24C3688A88D9
                                                                                                                                                                                                                                        SHA1:8ABC653F71614F6B707B01862449FC800D27EC61
                                                                                                                                                                                                                                        SHA-256:3B7849200BA0C2EAF22C3D111DAB6A630A00EA4A6EA968344EFB900E79084E4C
                                                                                                                                                                                                                                        SHA-512:BF70D4EE71BB441C7C36D0AADBB73C68B089D7E431694E54FC1606FB5CEEB8A30FB50F28FB5BDF5815EEC600364B0AEF98F57C23C8C160FCC704728918886259
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a.....IDATx...r.G..O.H.!..6..@Y.[..[./r..\lQ[......x..'`.....r...T..\d..m....X....56..K..9c..}.4.fF..U.I3...........B...b...3..%....c1.<.....x.7r..s...`./..<...WK&.......0v>?.2.%..4..y.....9. S..{y].9s&..#...>|.......\.Ry.4.G.3..9.=66....F........c)..Y.o.......b.....w@..-....q.....]....`,.bH...A.&.)....\7....79]...b..(....5.W.u}v4....!........:*....."..]c.*(`.)..u2F...).m.+x.f@BF..67.&&&4....@..;mn..+'...."..~.....T....[.......5.._.@u}o4..,..Ao.!.?.Gl...,f.......[..Uo$...'.{KO=.............,x.'...~p`.&...I.Psqcss.V...0..H$.O.A.......@.{...\..4.O.,.W. ..3...m.H.w..D.H..T*..6LQj.....UE...w..|f]..Z.q].Q3...rN>.....J]RU.F....q...~......./p...c3......{......L.+..............9v._..:..h..@o_....p..9.3......p...?....G..F=z.X.....#.1..A.?Rz}..I:....T}7..V.?.R.....X...Z.....H.C..OU...Fl.....a..?.......n<.VWA-.~....x.......{$..I..V..X.AU...^.|Ys....T...c.`...hg.......vy...{.v.......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-utils.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15448
                                                                                                                                                                                                                                        Entropy (8bit):4.444349910118249
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:BZwBjyfDzRj5csy4h11lidEaCaNz46UcEm7dO2qSFZC9OQ//A:Wefpj5csy4DIE3oU6Um8g
                                                                                                                                                                                                                                        MD5:5BA1D5A22AFC4C92E80F6354B8193BD2
                                                                                                                                                                                                                                        SHA1:31EAB632926B34E33B0B93A703AD251B3D9979B6
                                                                                                                                                                                                                                        SHA-256:17257166D2D7EA1810299CEE28B1388F3C814180A76DB401B2F863ACBA13D0E3
                                                                                                                                                                                                                                        SHA-512:3781A99D47FEBCADF04E02BA53FB6DF818CFEC82BD5266078B0E59DE49F0DA69B592F9A9F4599A386D94B537C499E9810C860E15976ED41CA00FB0028482FDF8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_),.. pscoreToast: (typeof _pscoreToast_ !== "undefined" && _pscoreTo

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):558
                                                                                                                                                                                                                                        Entropy (8bit):7.494810764492959
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                                                                                        MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                                                                                        SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                                                                                        SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                                                                                        SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):785
                                                                                                                                                                                                                                        Entropy (8bit):6.380231936591206
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                                                                                        MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                                                                                        SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                                                                                        SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                                                                                        SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):327
                                                                                                                                                                                                                                        Entropy (8bit):7.1140535970703365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                                                                                        MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                                                                                        SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                                                                                        SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                                                                                        SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):272
                                                                                                                                                                                                                                        Entropy (8bit):6.591404605834916
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                                                                                        MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                                                                                        SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                                                                                        SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                                                                                        SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_error.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):428
                                                                                                                                                                                                                                        Entropy (8bit):7.367179920202989
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                                                                                        MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                                                                                        SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                                                                                        SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                                                                                        SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5361
                                                                                                                                                                                                                                        Entropy (8bit):7.956335361585333
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                                                                                        MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                                                                                        SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                                                                                        SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                                                                                        SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2938
                                                                                                                                                                                                                                        Entropy (8bit):7.909981061900822
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                                                                                        MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                                                                                        SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                                                                                        SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                                                                                        SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 175 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2517
                                                                                                                                                                                                                                        Entropy (8bit):7.899112131446941
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:/O/6MOvIltQSb2EVW6+mjuOR6aPFUCJou7qDnUa+oNWsYFKaUCBmb:2SrOtQFglR6a9U2f7qDMoEh7UCU
                                                                                                                                                                                                                                        MD5:C5FFDD4032AA96D998DF4BBE0DFD49D3
                                                                                                                                                                                                                                        SHA1:46BACEE7C5C587024EE25C2E900C7580B1F12FF9
                                                                                                                                                                                                                                        SHA-256:010AF7BF170A9355D191C042768D37E4E8559EC4384F27EEA39A79C4BD1C3AE1
                                                                                                                                                                                                                                        SHA-512:BD89D324B107FC6B7806B3E5C098ED19C7D19DE47430D68C903F632A4471DE2C00B4290F306366C51EE71819AB8E4C9897C4827846EEE604F7F6539DCC38B6EB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............`./.....pHYs.................sRGB.........gAMA......a....jIDATx..Z.o....YJ"...[$r.(P#Fc.\."...^E.....=.:....@.9.....d.^...S4.6.@..D,."Ll.....Y..!.T. z...3o.y.W.....O.yrq....b.l......u.z............O*....uZo.]..A.xu1....M..c.+!6.N{,n.P..{B.<.....9....~.W..z-..#.1..q.7p5.._%ja....w..\.W..H..........By.%.?....CQ.Z...j......bV.f.....c.](..6..d...|)..hTe6.O....X.\.:q....^.I..fZ.y..q......}!.....v........U..x....].e..o...P.]...u&A._........c.<...P..3..cO]...z...:bFh.~....`......1V..&.......4<..{.*..t....S..j.S.s..Q........'../..b.PRn..P......`p.......@...8T.P.Q.R{..A.\.).N.i0...+.=<9...k+K..vz.DL.M.^.7......O.. .o...@... ...wU...m.3....x....l.|u-...2.M.N{^i.d.......s...R.H.`.09.;.....U:..c(.D$.N.(G.P.2.....T......r.W)...@h..1<..CI...<........M...X......$....[S..#.r..C3..y.R.P$z..).n....Gy.W......d..H{.3.q}....q....H..T._~...@..5....U......n.......1.)..'.M.x...Ab...x..=.<...&.x...k.q_.4#...l.6.i9.;.C.9

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 175 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2146
                                                                                                                                                                                                                                        Entropy (8bit):7.878767198815235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:X/6uYit83CnCOqfU1paiFTeUpKJX9+E+orrs30ocDx4/OcrG1:XSXi6SnChfypRFTBpu+E38kNxKOcrQ
                                                                                                                                                                                                                                        MD5:39D8F472934136936FF3FEE841245A9C
                                                                                                                                                                                                                                        SHA1:812281447AAE48A891F8A5FA9CA63C117E5E9ED1
                                                                                                                                                                                                                                        SHA-256:DA9F72BF2AF97A5A1D5C8884F8D5BFB2CF232A7026CF9123E02F5909AAAD2F70
                                                                                                                                                                                                                                        SHA-512:7C3791E59F161A31486E36F6FB6A23E0589286342FE4A11D9DCBE975194ED0EC0EF223478072B2360E3CA276D6BA5BE0C4E2FE64FC82BC646945965E03556447
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............-......pHYs.................sRGB.........gAMA......a.....IDATx..Z.Q.J.m-.....G`9...?..".C.^"."@D.D..........8..........>==.HH.k1..v..y..zN?.d.?..nA.?.......L.M.o#...f.GOK|m..O...........KW_.P%...*.k.X.........;.v...|.|..KH.,.@4.....d#+{(WcN....... ......C..).CG~.g..M..*.jQ.y-S.u.}FA....4........b..9.&\.../)=&.3MY6Mc.5.SS.r.rI..NX."Q. .;PH.@..$....3l.(.1.x..|=...CE...*......Q~.J.......r....d.$.9...\\D.x/..;.%>,.p|.EO..].4"r..i......D..Z..%.-..bQ....m .~...k.a..n..lR...>p./(.f:-.k..lU.!.7..]Ut...~\9.....@...L...|...h.W..R..e..PV..vt.x_..I.h.4...]<...G..K.T.V.)...w.....,fv...^..)........)..........Y....@.8.....[..|x.wYYW.9.X..C...p..nP......p+|.-.q.F......>%........FL..s..?.J.%NH....;....b.dy.HN.13^.y.3`.zM.0.....u[-.....A.|e...4..P.3o1r>.y.`.gM}...H.R..;..F...<.zT..T..[.+.P..Q.>QS.Y..aN .>.....vc}.?u}].c6}..y...y[._....Z.@....P..o.S...^...yg......h....>.jB...+.1?.&V..V....<.O.......|uX...m...::..9...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1627
                                                                                                                                                                                                                                        Entropy (8bit):7.826159192497283
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3F/6TZYDTDiZweTZamTAaTJ6r/OIQz5URWkUX:3FSCXi6elamQ/Eb
                                                                                                                                                                                                                                        MD5:E6797831954D0AEADF1E7CD268F4BE8D
                                                                                                                                                                                                                                        SHA1:8CDEAC8420271C46DB443A03C58AA2E039EBDE50
                                                                                                                                                                                                                                        SHA-256:9EE5FC5E12400AE65711B9B664E75EEB3273C051E29FADF4FE2104B59C89437A
                                                                                                                                                                                                                                        SHA-512:EB53492D4B7BF87E09D049006E8759A87C4062950A9F88A636E7B7469AA5937DAB463DCA22294FE64A09DFDA19BDA711A6160E7762F147E5D2F5A95E3EEDE984
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...d.........{.......pHYs.................sRGB.........gAMA......a.....IDATx..X]n.F..%.@F.V)b[z.OP...O`...O`.H.j..h..>A..X9....A....E.Kv..H....7.%..(J.%...@.........n..DGN.sH......B...w[Y..R.....]..'......3.#...+........q|..).*.....$e.M.d.;..w...*.^C1.Z..h....O.o.X||.,.&A.....>).vF...p..S)e......./.y.pW.Ph.Z_Hy*.h..LG.{..,.b*..4.."~].qg.Q....(dx,..5...sFh/.n.0. ../....y....K*.......\F.R.....R.. 8z+....7 ....[b..dS.^.vQ.X.+.B....W=n.b.m.,..q.?...<....l.H3..V.a....r.V.|?XP..t.E$._?..k..[.x.].E....5....^y...b..6.9.u......e:....<@iV..-C%W.....8..C&M.o....!?KY.\o.6gr.j....../......@p......r&C....D.v:....[k}.X.l.u:..vv...Ve.....:.....J.@.~G...^4.M...4-W%....p.z....[.D.J....0....K.K.Lm...K....@J..vvgd*..Iyf........O''...%....MS....V..2.\2-..O.y.iLe..x....k~~.Z..6.H1.h.@:...;PF...l|...}.|v..)3..q....nw...6{...i3iM......}pe4..\..... ....d.]....D.`.a.C....FD.!/...s.4%.I....|S....-...nK...D....&Ov....a:H..V.&..."|.......:#.S...|..u....H.:..../...a4j

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_increase_bg_left.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 276 x 283, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46909
                                                                                                                                                                                                                                        Entropy (8bit):7.985537981297596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:QMJyYB6qa5O8KgieNFdjfsA8dh5+7xOBkgZuC02S11anRxHsogCdCsf6NL4EqapH:QPp5LXieN7Qdz+7gygZuC0B11+RhiQCp
                                                                                                                                                                                                                                        MD5:B3DD8F8E04608CC298018AF91FC7A0AB
                                                                                                                                                                                                                                        SHA1:6EEF374ED0D7A0E6AD13531186D896276370B943
                                                                                                                                                                                                                                        SHA-256:E056F875F8782046646E871CBA23BD89BD7926D2397CCBDCDADE5E75D5891148
                                                                                                                                                                                                                                        SHA-512:128D618645427B816C6C68D0B72C6EA0815771E3058C14A37782F1E6EDE9C6E0000727B4E8F54913A516746D9E17BDE62289D9A8BAFBED1F6A5421BBC475FD0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............&{.....pHYs.................sRGB.........gAMA......a.....IDATx...[.-I.....s.s.S..3....4....A$ H..(.A&..7.z..h..IF.... .^.LOwWWwW.s..p......AT.2##..._xD...._..../.#.?5......S..G.{.....]..-.....:.......>y..Be.I..F?..E..]........<.zmM?n;_[...8...)...?.O.%/....39;.b...@?]...DWpL..d.Ua9.|.yoq....Wu:....5.;Qt.4...9.0..Zt".fPw....Rxg..I...R2.U.C....fN.i.H....L..J$.v....3.bnoe,..g01Y.K..._'.dA......*o.{.!t]..G..2...R.j.hF.Y.;ig.Q.....R>.1..P..\.#.G...9..L..........Su..4?..&...0..U=.....*.Y..$.T..F..'Eb-.X.Z%......g.....Nv.]M.......|j.f..}..!.<.....Q.{?R.O.&.e..h.Q..)9.&}..:~Vd......h....3..,...%.o%....4..0..]...S.~v.....&9...r.hi,...p..U..<..jq...8..T-5....{.......IE8.c..nV...^.....0f..%..1cG.....s...j....eo@...d.W...j.|L.......I....m.2M...*.`*.&8.i.a..L..j.........j..F#=...-.@...C#.aM.......b..<.<..a`3IP......ee.r...jU..&.d.;.P.P>3;u'SI.6.....C..86n'.7>.....a{...s..y.>.z....e...\).G;..S_.D..._.|...'..2...@..JD*

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 572 x 565, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69604
                                                                                                                                                                                                                                        Entropy (8bit):7.978415362384725
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:QXPNryf1U/w2kW7qSIxd1+2yfystvuxnkyWkCE6w:wxyf1ewf2N2SydkwCk
                                                                                                                                                                                                                                        MD5:241BC522B02EF7A35A2CE7E1185265AB
                                                                                                                                                                                                                                        SHA1:B4DE10905ADCBE62C1ACFCE168F91B614CF21183
                                                                                                                                                                                                                                        SHA-256:5C7B6C5A87A3DCAD175D9C0DFE0D885BABF22227B5BC161E7C478779AAF2AC30
                                                                                                                                                                                                                                        SHA-512:4DA6920BCB0A57CEEC14F68058912A1785E434A1487EC8B7DD6FD6EEFDCB50A7E17EA25995CD3844D7964851068D3C22F56E8AFBF737ADB0AA32D3AAD11184AC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...<...5....... R....pHYs.................sRGB.........gAMA......a....yIDATx...,.q.x........9.G9....h.(..Y@....@r`.Z@..$...t@.X.p.`....U...Df.7....y...2##..*N...........p~7...o....M~.m.:O..m......K..eg..^./...A.g.{../u..1..F.v.u.w..l......o.........p...K0[|......5.y...e3.........e.-[..r.3......4...H.~.S.te.H.^..!....=....b....O..M....v....e5........a....hR...._a....o....%.).F..0..<f.F.c.....Oi.$q..:...."......-[.l..+".}?SUgq....f~.%..@........cF..0J...r..,Q....7H.#T4..g....:N...l%...Q..y.1.Ro... ...I)v...6n..4%l.....c..G,..9}.q...g..-?......e.-[..b..;..w`...#...u2.0..).........P.......I.5?.....i:f5M.m.S...2"i...!......E.......`....f.;..i4.di..|C+I..Q.z...'...|..W.e.-[.D9<..oS).sJ. F....A....a...I.]."..7.*.1.1..&.S....U9., ..(........b..J..erz...q.b"......3.e.`0. ..25w.L.U...#..L.38z.c.....~.z.c...l.e./Y.....L..og.1..kR../.......X.b.X/..bf^A....|}..N..[..l%...'G.4.).~U|..Mb.-.cL......N.M..8.h.x:|.>..j.2......#..'

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg_v2.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 572 x 565, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84857
                                                                                                                                                                                                                                        Entropy (8bit):7.9803219968216474
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:CaRkLhrM2oTVEtv9ES5L6+t1QLtb3v9hPi4Aumb5AVU4QtOWjal9U9GZnf1eT:8Lh/oTV09ES5e+tAtb3jPIumNA1H97Tq
                                                                                                                                                                                                                                        MD5:F038158CCF02E238051E916E68C43F53
                                                                                                                                                                                                                                        SHA1:81A63F396EC4593E1BD0CBEF520C1A40F4D35D50
                                                                                                                                                                                                                                        SHA-256:4AB364638C2771DB7C9EBBD40E8EBCD1AC7C92A9D4D08E616391831426B01C21
                                                                                                                                                                                                                                        SHA-512:98DD7A5C127FA1D00DFC84EDE548E4D4CDCEDA3F7C97A2815DAA24858DBCDB230E6FC6DB82DDC31E8F96467B141ABE402FBDF0BE86F9602444D0A4790C20EE9E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...<...5....... R....pHYs.................sRGB.........gAMA......a...K.IDATx.....u.q..UM......'..Y...09 u..o ..... 7...B..9......H....!.$#.#...(..H*[...$.......T.......?]{..Zk..S.s..OU...........QU..{......c....CY.c.S...N.9=2.]p.;....}...>.^...+.)]..u..(5..W....$.{.@u~|.T.....(.].OK....&{;n.....b...... \#e......|.i.e........._|3..9r......e...mx.b@&....e.[Id..y....O...|.R..Z..R.r.p..).........@M.[.q.W.x....a._i.B.....~..........'AF.......V:..p..>Bm.6........Q}:..C.X.y.&.j..Q..*m&..:.....#G..9.."..w..6U..,pR.$.=.\#.A...:.......`Up.V...5..,N....)..V:.2....Z.b.>.....3...s...#.n&....(-`..4f\.. .....r.i.......%.a0i.UXjAMN.._@....y..a+~...G.....#G..........g.m......qK.Y....h..r.ELP#...%P..,.%.o..7.!i..I..nt...4..N..k7..:48..B...T...z.~p....l.d.}.JP.Iy....AF.x...w..R..2.Zt..!H...32/..L{.8>....7...8r..#G>a....1-.r81..........E%c.d..$..+m.7...A.0.{f.....@.P..@..J.T..=i..X.'..X..d....(..5....@Z..v....>o@$...BK.)... .b....:.....J@..:.@.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_good.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9327
                                                                                                                                                                                                                                        Entropy (8bit):7.970469640393894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:5SAlgBGtPGIcDO3cUWjPvAiL8zG3vRG+e40rH9qlGIKZSA:gAlUrs2VP3vRGcUHwoUA
                                                                                                                                                                                                                                        MD5:F88AF81EA6E8672EDB7044DCF877EA91
                                                                                                                                                                                                                                        SHA1:7B51E57EE82590B5B22F03D0E88A10A7B0DF4993
                                                                                                                                                                                                                                        SHA-256:CE6BE399C30F141E790638A21721D0040C415375C1E2E79BAB0D3A5E5895D2FA
                                                                                                                                                                                                                                        SHA-512:C52923E9563FEA752297AEB14E66246CA1DE3240D4F7F659177EE03295698E32BD38D76F5F7A95416727A12B29D0154F03E98C6EF91FD7B0F0D32DDBA53CFF5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a...$.IDATx...x....3...5q.8N"C..p......r9.&.n.1.eK).dwK...;...t..P..9t.8.v...$t..e.@i(.8.$%....cG.J......dK.l.F#.N..3.n...........<y..-H.s.r{..RD.Q$y%..c.+.... .{$...^.E....].I....)kZv.8dS."I.H QA.pdw..$C...$.k.!...d.$e..E.x...3JXJ.J..L....nvQ...t...-...$..7mE...Wk...Z......6.....S.....w.....w..p...I|.8...e..&.V. ..K.0&;N$.<...kwN...#,.F.R.@....z........w.....'!l."..BM..R.l.%..-.U].m...&.{.....yFjE.Q.O.B.;.;....u.dnq.......U."..ZX...~...m..z.o..3....%.5>.Rz.....k2..&...Sj.?>D.R.(.I.$:1.......^..3.bc....O.9...:.%0......`].J..Z`I-..b.a.y..|W......v.6..M8>.E.zaQQc../...Y..b......S.6caE.UOBr...4z.f4m."%..{.UjdY..j.,.....FL..rM......jQA.Zp...F.p....|.h..z;......!..q..e..nz..Y ...?Gv7...%..._.-,vu$.....|R..........X<$.....A.2r..T1Y.......z...eWIb../.l&..%*.]..d.}......V..l..A.....:.x.K`.`{........]...puz.4...$......b..:....B....oX:...q..[...39..&1Q.B...Q1O<!5......&.m..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_red.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5806
                                                                                                                                                                                                                                        Entropy (8bit):7.947492621878631
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:5SJ+1CjtZfXEe5cDU4mBmhX1HNx6EkdEQ1Qqx49JrywZAtwRygSHGkJWWPTupdgw:5SJf/sUMhlHNx6EULExytHRgdgZ+
                                                                                                                                                                                                                                        MD5:3988A50B6D996F6455E9229A53E1DE2A
                                                                                                                                                                                                                                        SHA1:094BE688DD8DF4CB8D355501EB11A4FD335C11B3
                                                                                                                                                                                                                                        SHA-256:1B081F386B0FC37D1415F9D38E71C43F60E2FF493688048DF9CA4ABE65683782
                                                                                                                                                                                                                                        SHA-512:CC9ED3FCDF6D0A48999B32871D9360F68176ACA3E7C0CE0F4C37B1362DBE6E1BA6E5CF0706AB6CA8CF756AE740D5C65BCCC26457CCDB549CC3B17AB0FF0609CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a....CIDATx...l..y..w..d}Q.,.#.i)..G......t.vp..N.tM..v.......t)..2.bC[....[.$..,.....4H.M..n='..'...m.-Y.......</E..(.w<R$.....#)........;@".H$..D".H$..D".H$..D"..E.H.#}...l....5.....(......4.C....(>..A..c.T,.A".s.....(....v..F....&......S.....B..Co-..n..$....b.7.auk.2GDl!M?D....bA+..y),...J..#m.ux.U(^.Z+..W.Ydy#,....[m6l.>1MEDdA-./.Bf...........5y..@.@.....UT7#..Ya..]..l..q.dQ.......E^.(9'...T<.WU..(...$g.%.;[..j m.".`.."sBX..{w.z..:,..\..Y-,.{......S....^-.....Jaq..........$..+.#..`Y',......:...L..*M..g.....;u.Ms;.2Jv.^*.....=...2..VUg..."f.D>e+=..}...M.qV.....m..l...K.*}pK.YZ..f.Y...U.Q.4;.v`.....2.l.+...J......zI1P\<..gI\.....9...A=v...*_.O._...^W........B...>#..3.........8$..,,.........}....2"..@.......P...t.!A.........~..a<\PQu.. ..Ly. ...u..?..G........]...G.31..Va....B...dfXTO......d....3.6*..i=.6mc...C..df..SY,*......r....Q{x..L.e.9...$q<..e./.,...FE...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_yellow.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6192
                                                                                                                                                                                                                                        Entropy (8bit):7.953945165570691
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:5SzpWPgS9/QQi/AZsf5G9qTxAS58Eb9hXXHS0gg:gzpIQQVsRG9epGEb3HS0gg
                                                                                                                                                                                                                                        MD5:B034C9F982264AFFC7A81122732ADAF2
                                                                                                                                                                                                                                        SHA1:0DA8E840BCC6CEDB79E2D54697ED25A3BA8147C5
                                                                                                                                                                                                                                        SHA-256:D124043692362003A48C4DC875B7014ED3AACCAC452522B32C5BD98E253354E7
                                                                                                                                                                                                                                        SHA-512:48239CF4BFA708B7BC7A46EEE4F692828C54D4E0B887D2C38BEE60A513007363EE4B54BE409B59EF72EEBC76398BD3FDED6AB493958D1E660BCB048859E0928B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx...p..y...w..tB....d...#.U.9<.....L..uSd..t.I03..t.E..g.4.q2.4....$...Wl.d.....;...... .I:}...y...t.n.vo..7...j.........}.]@".H$..D".H$..D".H$..D".\.(.@....Oi.bX.U.A.........%}....oA...=...T.KZ!.....C8.'.]E/W.!.E..ZZ....VDB.Jec...y/,..\...RWSt..W..3.......lq...V<.y...]...m.4JB...*...........d..&C.Y8..R.......N..Md....+e....;....9N..+..5...b...rNX...f.;9,...V^G...A...)W.m..+/...b.ZXZ.gu.!.Zy..._m.R..1d1Y+,m...D...K{...q8.&[...,.......D..RTS.....X..nB..U.K....n...U...,"k.%S_.dYj.T..}.E..4.(O.^D.,.qa.?u).;3..z....8...xR)Ai..z\J.R|..8.#..Utw.6(..gV~..x.n..8....2....(r...K.?)..A."'..T(.:.0$..5f.B..E,QR..r.%....D,......<$."......b...%.......u.oFNp[....G}....M.Gl.....<.-.C9....1x.Fl.X....L...~..%|....n%i..[..F..B.G....a.R....@....@U..F..a5..5.......>.$5..kq..)8..K.p......fl.c.B.~.z.F..bb.L.Y..^o..x.i.A..H...O-.X....[.^......u........yr....iC.F7..~..a...=...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_check.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 18 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2902
                                                                                                                                                                                                                                        Entropy (8bit):7.8683772202551845
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:i/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODW3O1:iSDZ/I09Da01l+gmkyTt6Hk8nTb1
                                                                                                                                                                                                                                        MD5:E4C0EC02D11F61DA1A702B0EFA2EC744
                                                                                                                                                                                                                                        SHA1:F4E64300F14D0BEA27129A72BE91A668A9B9FB9E
                                                                                                                                                                                                                                        SHA-256:2AC30B35B0BC163BC18B3B4B2982A6EE4095202FCF2EF8E35BCD415D8FFE04A8
                                                                                                                                                                                                                                        SHA-512:6E659358DC715D700E4FB9BED2B8054408D3BD79AF8B492D6197D53038990AA12558957CA9C4BD436D83C2507DF165C55F2F0FB4E93C13480DF932E58E16EED1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............".L.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_downchevron.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 5 x 6, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2816
                                                                                                                                                                                                                                        Entropy (8bit):7.867254837776759
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:/h/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODM:/hSDZ/I09Da01l+gmkyTt6Hk8nTM
                                                                                                                                                                                                                                        MD5:59934A5C534B8372CC2ACAD83B1F55E6
                                                                                                                                                                                                                                        SHA1:8285F5654E3A077445E73685ABFD638BE7F1F4C6
                                                                                                                                                                                                                                        SHA-256:130541A07A3D9E2050A6AC15D659E29A21F080F6CB1D7DB2800255FF94FD8310
                                                                                                                                                                                                                                        SHA-512:37D1BA15D460F33B62FEF40B32DB95F136C268727AEF5ECFDFD3ADA471D26C78FE89438D0BF13FD966E19FBB7A9E06BD3FA27DFC326AA42699330145AD634BCE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............TK....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_exclamation.gif

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 4 x 18
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):376
                                                                                                                                                                                                                                        Entropy (8bit):5.513362384873133
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:772Q1kVEn88d0e6FEVU5drwF0cVe6FEVU5drwF0cVe6FEVU5drwF0c4e6FEVU5dH:772LVEnl6FEC5drwns6FEC5drwns6FEM
                                                                                                                                                                                                                                        MD5:BFE2AF9C7C0433C86314783E61A437BA
                                                                                                                                                                                                                                        SHA1:4CB221B2CC8ECDE82AA813C3E136DB749BFCE3A1
                                                                                                                                                                                                                                        SHA-256:0DD3C3D9570BCA1ABC663C5E301B9CC8025F92EC0C12B6781A8A521663A8DB75
                                                                                                                                                                                                                                        SHA-512:22E3EBE60BCBBFE6B728885CAE1B16BDB8D980B1AA80F931DDAC4020EC13CB7F3AE80CCD0A1A7465FB513D1AC70AEB59B12FB5E88CF6EC809EB178CCA2DB5405
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GIF89a........2^.q..Aj."Q.a.....Qw................E...!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!.......,..........#p..$.u24.K2)....0..d<..0.....h;.3..;

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_questionmark.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 13 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):391
                                                                                                                                                                                                                                        Entropy (8bit):6.968282594262006
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7Y4njM9CusK7SWlR4oPfMrjbi7voD7:0njM94QSWlR4oP0XbVD7
                                                                                                                                                                                                                                        MD5:A85D5FA023FD935DDA508A42B9DFECC4
                                                                                                                                                                                                                                        SHA1:2EE82A16CE7120CB2B211A3502E63023DD011C4B
                                                                                                                                                                                                                                        SHA-256:A47F084F275C50D52E4E74E44E554E4810210029337B13DCE3E98EF29FDDD35E
                                                                                                                                                                                                                                        SHA-512:1E07CC1A5CB220AE4C3FFE1860DA715C2C9E569B79A61818B4FCC2EDD4C9C6D05EA597DDAAB20B37950A005B642CBBF995AE809C0774D2D8584D87D2C366BADB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............&.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.10/1/14........IDAT(....DA..._.V.%D.h.(x....(6^.+(<..3H4:...S*..M&...2.w.f.w.sNf"...s....0..6...8.~.`....u..(.0pU.~..X.&Nq_xn".6:..a.......SJ.6("V.u...H..]....\..X....k5z...Z.q..X.NhR..X,f.....Y+0...jhXC)..`0X*..}~..&-..J..>.:@..;.......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_timer.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):449
                                                                                                                                                                                                                                        Entropy (8bit):7.31532155890383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/74/6Ts/MYcGVkHcafQ2ueaTxpJz8mbEYST43v9u:x/6C3VkHnQ2vcxputYST43v9u
                                                                                                                                                                                                                                        MD5:DE0508D8669FC70B4D92B58076D288DF
                                                                                                                                                                                                                                        SHA1:AE206B763654EEEB4457853BDBD46A510A693ACA
                                                                                                                                                                                                                                        SHA-256:2ABBD585797B5DCF4CFE7908B5325E51CB5A0A5EEA117723A78444D484C1B269
                                                                                                                                                                                                                                        SHA-512:212BC0318562BED2CEE66C6BA4855F9F4A6A69125B869859AEE7BDC3F08A02EBAD9C6F5C432E6DDB3C091E4D8796FCF56AE6F2253A0C40DC2DDE7F97F49B3413
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....VIDATx..U=N.0..R.....J`.1...%6...#p....M.'ho.#.7..ea0...*M..8.*..>9...s...=..~....+..1.....R.-...t`$.si=....W2...E..,...$gh..{.j....<.T[..O!A<.?..&<'G...!.M..T..|.@H....N..S...K.8.Z.p@....|M~...(Lc.........).......E.....#....C..]sxlS.}6=....~.._.?.;.K..5..)r7h..nV.E.).=.F5.u3.2i..)`......*.....$@.}..] .9W.7......8w...y?....r.OW../c;.v.^.....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\women-on-laptop-features.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 276 x 278, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35407
                                                                                                                                                                                                                                        Entropy (8bit):7.981941276020834
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:EpdvcuDHkWJh2y4Aw9aT1hHkXQmyDyrXl+diVnF62TdD:CJx07ihcQml1kilD
                                                                                                                                                                                                                                        MD5:60A3D8470E34C3481A68B76078BA192A
                                                                                                                                                                                                                                        SHA1:8789F29DB3FE5FD262B2B68D8B98FF9BF153C19B
                                                                                                                                                                                                                                        SHA-256:1D23EFAC84950F046E1D0A7E9D1F483BDB73655023832071EC98314A690E651B
                                                                                                                                                                                                                                        SHA-512:A5EAEA04EAB134EE4722A2F5C756FCE51B4897598BE1152958E6530FB5C952AEE0A7D4FC34590EBB9480A7EABB73D640D41B695FF2F5110476C19B9312533762
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............hr....pHYs.................sRGB.........gAMA......a.....IDATx...`T.y..~..i.K..16`..68vj..nv..'...i..M.t..z..l."N..v....mZ......8.n....v.....Kl...s..y.....@...y.y.3+.{..}....&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a......L...+o.5@9K....0B...Y'.01.LB1A....... ..w.\.)L*.F.8.2.}..!2a.LB...r..A!..B.M8..4y..2..... .W4LB....%."-r....)...!sb...n2qE.$.+.......l..E{"+......P...l...U....G....[f...Z..`....vq."._.N2)....b.k.;......LT4f.L..i.8.>R.`)...;@&*.&.T0..c.O....C..4I..a.J......Ds.L*5....{.?C&*....Hh..F`...t.m.h...H..R.XyS..n.F...;,.t..M...(O.a....I.B..Xf.T.L....Ms.L.~.%.J&*.&.T....4/ .d..`.J....y`.( .LT.LB. ..D..~.s.DE.$..A.B....zx...;..q..$..A........g?.....$...AZ...4#. ....P*...;..D..$......... 3...`.J.@JZF..R.&.T.LB11%X..j2a.$....&.o}...K.q,.n2QQ0...eaAs...i..~W..Ky*.R...0..R).4L3..L.L.^..}..q)O..........,PI3..d..........Qw.<...V...i..l!..(....R

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\edge_search_events.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2925
                                                                                                                                                                                                                                        Entropy (8bit):5.664005286911799
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:RRlHOu3OOVO/XYJ8ZcS0JtS1MCGxMa5hekjPGm3kqZQuoS0mQQ3T:RSu3OOofEc8y2xMPwum3kqAbQ3T
                                                                                                                                                                                                                                        MD5:F5C03EABDED1332D7F1734EB80A7687D
                                                                                                                                                                                                                                        SHA1:564B7231455754EFF599F2E94DC3CECC538D9BF9
                                                                                                                                                                                                                                        SHA-256:370A60D4ED6197497F83E4C121EF74A7A36D7A99D79F762AD14A08566B7873BF
                                                                                                                                                                                                                                        SHA-512:56A5567D719CEEA977C16017A23AA7D7A1451AAACFA24E1947B801F1B0EA3E1EDAA1951C89796C29CF2783EACC9F2159E09832D83315A6514A9AFB1F26FB2AB3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...9...9...B.......X...6...9.......9...'...B...)...L...6.......9...+...-...)...B...L......GetOption.settingsPpackages.edge_search.search_ext_popup: web view is not enabled or installed.info.log!is_web_view_installed_and_on.common_utils.utils.corev.......6...9.......9...'...B...1...K.....Cpackages.edge_search.on_search_ext_popup_coachmark_exit called.info.log.core........S-.......X...6...9.......9...'...B...K...-...B...6.......9...+...'...+...B.......X...).......X...).......X...6...9...B...9...'...B...9...'...B...9...B...6.......9.......B...6.......9...+...'...+...B.......X.......X...6...9.......9...'...B...K...6...9...9...9...B.......X...6...9.......9...'...B...K...5...=...6.......5...B...1...K...........balloon_type!edge_search_enablement_guide.tooltip...ShowUi.EventData....onExit<packages.edge_search.on_search_ext_popup_coachmark_exit.EventData..web_view2_ui_templatecfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.html.UiTe

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2200
                                                                                                                                                                                                                                        Entropy (8bit):5.878358931842105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:920riK5mljJJVdRquhrp6G5hRCmkasNfK0xxPUCgc:PriKOVJ/RquhrgGHRjstK0xSS
                                                                                                                                                                                                                                        MD5:F3308533582DF76AB419DA53E38A3B05
                                                                                                                                                                                                                                        SHA1:29A00EFB047460631E4743432FBCD3CF29A19FD0
                                                                                                                                                                                                                                        SHA-256:3874AE45E962A077C7FB6368062238D6F6833366AF9A640BDA9A1996CBFD83A5
                                                                                                                                                                                                                                        SHA-512:1847AEBC1316E70F2B15DDA11E21A11B0BFDD5B387C51B669C465E8D229EAAA2B5C23A6D0FEE68428A212651EDE65690B4A4FDE5D72C38A246C02FE6164BDD81
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..:.......6...9...+...=...K....checklist_showing.mwb.packages.........5...=...6.......5...=...B...6...9...+...=...K....checklist_showing.mwb.packages.checklisttype....checklisttype..ShowUi.EventData....UiType.mwbChecklist.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\mwb\wa-mwb-checklist.html.onExit#packages.mwb.update_mwb_status.EventData..UiTemplate2wacore:mfw\packages\mwb\wa-mwb-checklist.html......$...9...6...9...6...9...9.......9.......B...A...6...9...9.......X...+...+...J.......X...9.......X...6...9.......9...'...B...+...+...J.......X.......X...+...+...J...6...9...9.......9...+...'...+...B.......X...+...+...J...'.......X...'.......&...6...9...9.......9...+...'.......&...+...B.......X...+...+...J.......X.-.6.......9.......B...-...8.......X...6...9.......9...'.......&...B...+...+...J.......X...6...9...........)...+...B.......X...6...9...9.......9...+...'.......&...+...B...+...+...J...6...6.......9...+...'.......&...'...B...A.......X...+...-...9. .J...*...6.!.9."

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\stop-video-alert-icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 95 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4147
                                                                                                                                                                                                                                        Entropy (8bit):7.943867399456676
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:rwd191zRv2ElL3+eYGSRCvWC7P4cHALED9gqwptnaO6:rwdXjv2Yz+mbuuZ09qwnaO6
                                                                                                                                                                                                                                        MD5:96E5352C228F18132282903C3CA79F35
                                                                                                                                                                                                                                        SHA1:9D7D72FB9134B222D7FFE36811FCC82FAB5FE0B1
                                                                                                                                                                                                                                        SHA-256:64BDF768575AFA7B3ECB4786F55F67983F5EFA2A8882D1F0131F8C28F646F5EA
                                                                                                                                                                                                                                        SHA-512:992F49CFAEE0692705D769F906CBCF7479FD87D2506D95DACF198E3457D6AC5A91776C710312405A7B5FF651B8C97CB10DD54B5D86DA202B8A1E9CEFC7D53955
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..._...H.......).....sRGB.........IDATx..\.p.......n...G....D$.b.H).2.tl.Vgj.....L[.N;c.T.vZ:.b[;..C<PK....$*.p.B ....{.....mv..Hv...!.?.....{........i.g....~..hnu:...l.B#....4........6t..........$^..|..l.M1u7$....8u...hYy....#..Z...|.u.N.?$..#...n....<..O..j....d*&......*...^x.?.9}...=..^.... ''...J.;.8....]...Lo.\tvtb....gW.k<....._.c.........2.k....NG.....F...FBBB@A._$se@.?}.c...._{......o.l.5%.F....@..:<......._.'.[...$o.....X.x>./X.}.......M......;.a%zzzQtCA..P.<}....B.#..C.7....*|...a...L.-m8..)....V...|..sf*q.j..RPp.r_s.<..:.am.tZ./.7"7;.{..Bcc..-..7.O......^....Y.i>q#.I.>.[.nG]]..'.I..i.............&..o...uy.::....r.8q..a....1.............y4._C\.nZ..{..7.|..u:-.W.Sz...2...[..G...e.7q...\......]{QT...w.q...q.....<.}..QTT..^..?..If#..{..ErR"j....^..9..9.=..x%.lCFZJDeH...d.....9........p....>.C.......q[i).>:...7....#!.=.....V..N...;.........O...C........W....y.ts..x..188.GC%..q..G..-PDSV.....E...47.lhh..5e..+....N.|..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10945
                                                                                                                                                                                                                                        Entropy (8bit):4.489476408707097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:b4H4SSJczePaYszA15HyXnTMAFdOSVwqA1zHS73j1S4UZ:MYSSJesvyXnTDqSV4BS75S4o
                                                                                                                                                                                                                                        MD5:BBF031A5962E85F37A61A50A56CF8C94
                                                                                                                                                                                                                                        SHA1:E81D138FE01A6B9B819D363FA7E5A593ECA37075
                                                                                                                                                                                                                                        SHA-256:3C381BC8DE8E9D40B2F6A7F79A0F6798CA734525CB895AA89680742C41D7E505
                                                                                                                                                                                                                                        SHA-512:6AB1D4E9086C1355851DD506F0658A58EE0421A75BDE98EBC577A2EBD7E5DA3A884D3E386DD80CB1A31C38039DB41E662C1D4E784F6289BA04F4F232E5C900EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = _window.getBrowserType();.. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = _external.getInstallDir();.. if (browser === "FF") {.. wbShown = wbShown + "_" + browser.toLowerCase();.. wbLastShown = wbLastShown + "_" + browser.toLowerCase();.. }.. this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.get

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2500
                                                                                                                                                                                                                                        Entropy (8bit):4.948347035373098
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:csYzTlGNVMz7QVMz7tVMz7EVMz7VMz/VMz8AVMzjVMz3EeVMzk5hVMCFqOcO/TPs:3OTFbMv26ITWDE5g2CFqOcqehQORDqs
                                                                                                                                                                                                                                        MD5:C1D31140B4AB01290D9FA42F5FC63FCA
                                                                                                                                                                                                                                        SHA1:36A95CAAE568375840E2863255FD5296E9910776
                                                                                                                                                                                                                                        SHA-256:CBEA69E7A22E965CF121DF415FF7455046F65E3717A2E22872102803A3730667
                                                                                                                                                                                                                                        SHA-512:70F10BF66BCA1FFB53E839D52EAA1A48405813D043DE1B7ED21E430D77F06EF1F26014AE969209EB1A3A31C8C13CD18EA7DE1D914C8DBA04CD2D72B5C8A62E45
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-webboost-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:m

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):435
                                                                                                                                                                                                                                        Entropy (8bit):7.339595422017506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7op8DZNN+N/mjoPou/d3mFiRWpK2NV9V6/v7CFmP1:lwwN/fPouV3mkWvn9VSmMP1
                                                                                                                                                                                                                                        MD5:17F00098D9F726B994583103F81EB7AC
                                                                                                                                                                                                                                        SHA1:18DF2437F9019ED8A7E111EEE48E1CA17F3BB19A
                                                                                                                                                                                                                                        SHA-256:71983847EA4F7014741BD89DDF4A33AF884A7636414E55912077CC00959199B9
                                                                                                                                                                                                                                        SHA-512:2BD4C0C36B43B61E1544C99E4B8B7C46789EDF91206929EF7EB1F7E5E5B810439D2A673E3EDC200BAC295003D544B9B9B94275AA29D3DDE9F5585E550553E6E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...............-.....sRGB........mIDAT8...=K.A.E.1...&....X..(.....V..h.O.....J.l,l..t.je.."..Z....B.DD..d.f...f/.f.{sov.%.T..a...p....R..6X.O0..;.w....7...,K=V .n..'*C....D[..ds.N.4...W..C..]..}0uM1.. .^...C6..O{.3....8....\...t.#.Fc..eks...x...K.....W..o.}@.N.pH.l..H.E.....ix.....z.1....=....P.SG.y..]CL.p....=.@..`..^..~/.8.,k..5(B.........di.IZWi..t6........&..n.c...4.'..e ...]3..........[....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 70 x 69, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3947
                                                                                                                                                                                                                                        Entropy (8bit):7.943205117846418
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:XpIVSotMeomWtuupLHgHzDJhbpmV3G4fNjirxU:mSCJodtwTDJhFu3G4fNWq
                                                                                                                                                                                                                                        MD5:744E7ECE73DE770613033AF4C28735FE
                                                                                                                                                                                                                                        SHA1:F7598A712AB76AFBFC8B880FAFA9C307D0942952
                                                                                                                                                                                                                                        SHA-256:7D324265349E5DF77B3A3A56112E5D13B7A1C9827C4B886205DAB99C279B19E5
                                                                                                                                                                                                                                        SHA-512:2BB6285603F134BFC6B3B0AA9B4F97B4156D354558AC3B73CE5661988D3A6516528D79DBCA1F82996BC395FE780F41AF7CF144ABAA3CAFC951C0D3FE0A08B165
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...F...E........*....gAMA......a...."IDATx..\.l\.....zw...^{.qpBB...........KA..Q.P.Am.......j..E .r........P..BI...hP.;.......|....}o.y.g.1.d.y....7.....f....C}........f..gE.Y"t......I....d.>d..O,r.&.d3+.x%..G.J...$...P8.....FC.4!..0A`.fk.a.n4....A|..~.@,..'....7tF...Q..C........d....Y.&2..29.HR"..Fs..L.J........<sZ..0..f..[M.A........?w..FcIJ...l..A..l.H.h.L.Fj...+...L.g.....)..x.f..M]mQ&^.Q........-^..v.....n...Y.-.pN`..j!..N.#..?4*g_.`>.s.h.?I^. W..E.K$ a..M.Dc.....{..z8.."...40..v.+.f.......C..Hb?.H*9..1+.\N./_K...082A...(.%...;H........".....n...=.#%+.&.b`...wP...e.t.......X.......:;..+......../.N.............>o.*Jb.#v...>..].j9g5_.....;8(f.).....V..V....J.Q.g.........>.?.p8J...v8..,.$.>.n..aE..;.m#.t.J.t....wkKY>...\Q.e.Rg.....1.....Dc..&EQ4.....t..."......'.?.&.c.I.....I..:.i...:...9..UUg...z..kw9....7;.O..xVq[...s~{..`.SO..E.....n]..gv..w.ib:.F.>...Uhi...z..p:r.].+]...U.m....ZB...P..1mm{....9.a.c...:..l.....=v.g..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\info-16.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):301
                                                                                                                                                                                                                                        Entropy (8bit):7.008936185757553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPfAlD5bn3S1bu/6BIMYE00yLbOxD/WeahrkSiuBZ4dp:6v/7HAthII3MYEJ41lBiuBiz
                                                                                                                                                                                                                                        MD5:B437E1CC057558224FEBE4A96FE66CB7
                                                                                                                                                                                                                                        SHA1:DECA512775F0FF42BB1B6F734BDDD07DBCFA0AA6
                                                                                                                                                                                                                                        SHA-256:5F233229050143BA35B24A5DA5E1DB5F2ADCFB0E0F2B78707FFEAF39DAA19249
                                                                                                                                                                                                                                        SHA-512:EDACD7B9B7674FABB02BA5CB3B2BB5156C992C95715A71D6415353F9B62E9936335F490D2AE4CE7D58DBA68AAFC583AAEAD482D25DFAC459879CF289E2EBDB0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....IDAT8....JCA..?.[...$..+.........|....BD.....i.*..V..h..+.>....*...X.s...f ..U..X}..B.U.s~SX.}..2..=.........0Q...D]U{.M.?../..}....... .eu.x..~.6..3`% ....y....+..BP../..8.)pm..\..M.h..Q.....-..Y.....u...T....S..0..e..%....u.8].^.........1....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\npshandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6035
                                                                                                                                                                                                                                        Entropy (8bit):5.764655196109786
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:iPCHoe1nDk6k/Lap8sPnYuOKWi4s0reMRkyi0DlbwOxjHXExCDr:0e1DkFsPnXLWRs0reMRkyi017xjHXExE
                                                                                                                                                                                                                                        MD5:7CA18DD47762CCC1807F5DAAB9310142
                                                                                                                                                                                                                                        SHA1:B5173864A13404AF83AD3D1FD166383EBF5C581A
                                                                                                                                                                                                                                        SHA-256:E9E622ED8DA5520234BBA4FBDAC4159DA922175B1572917D932F491EB693E543
                                                                                                                                                                                                                                        SHA-512:A5107E7742CA216E7688F402819B779E700BEB95B3531B6CBC490B55306D9EF5DB102BF377D2015BFEEFF8CEC41914D890D3E78BA051F5A691B88A09024479E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...+...=...6...9.......9...'...6...6...9...9...B...&...B...K....tostring*[NPS] packages.nps.isSurveyShowing = .info.log.core.isSurveyShowing.nps.packages........#6...9.......9...'...B...6...9...+...=...5...=...6.......5...=...=...B...6...9...+...=...6...9.......9...'...6...6...9...9...B...&...B...K....tostring*[NPS] packages.nps.isSurveyShowing = .isSurveyShowing.triggerType.shownTimes....commandName.showNPSSurvey.shownTimes..triggerType..ShowUi.EventData....UiTemplate2wacore:mfw\packages\nps\wa-nps-checklist.html.UiType.npsSurvey.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\nps\wa-nps-checklist.html.onExit$packages.nps.UpdateSurveyStatus.EventData..nextSurveyCheckTime.nps.packages![NPS] TriggerNPSSurvey start.info.log.core..........6...9.......9...'...B...*...6...9...9.......9...+...'...+...B.......X...6...9...6...9...B... ...=...6...9.......9...'...B...K...6...9...9.......9...+...'...+...B.......X...6...9...+...=...6...9...6...9...B... ...=...6...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (458), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27277
                                                                                                                                                                                                                                        Entropy (8bit):4.105586925257985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:toM7vbmeEzk/beyLkwi1y42ykBkbae2vxDqkDb:+GbmSil1A
                                                                                                                                                                                                                                        MD5:55BDC14BC6A46511E00A06610748E071
                                                                                                                                                                                                                                        SHA1:4FD6F9D896B4F2E079BB1E028524CC1C1BEE1C5D
                                                                                                                                                                                                                                        SHA-256:382F0144DF91A2A1BDA18E1070810E8DC57A64CBCC0F8BC48037AD6D52E9111B
                                                                                                                                                                                                                                        SHA-512:B5EAEA80A0409A20EF5E047B45CB2CA07B6E09EEE23470059E7CCAA19CC9877A287ABB9AAF63C779DD5D55CBF43783D82563C20F56566E5898A01A2337AD0F28
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.getArgument("template_args"));.. if ($(window).height() >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-nps-checklist.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2495
                                                                                                                                                                                                                                        Entropy (8bit):4.948796230125604
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:csY0TlGNVMz7tVMz7EVMz7VMz/VMz8AVMzjVMzJVVMzk+VMzkVVAFqOcO/TP3G+B:3XTFMv26ITWVMgZgAFqOcqehQORDuZ
                                                                                                                                                                                                                                        MD5:D8F15460CE641BD6628CBAAAA248522B
                                                                                                                                                                                                                                        SHA1:F9578831BF825A1AB4FA7F3EADB1941864EB5C47
                                                                                                                                                                                                                                        SHA-256:64C1627E6FD09FE4C859C8CA5BA16D273EA3F3CBFB891B7337135B1F377DE613
                                                                                                                                                                                                                                        SHA-512:5EAED775BB2F35940C08688ABFCC0BCE520EF46D16EAAFE3CE3BFEF2660F8AD879DB9444647551B0771FD230927C61054661741EFEA8CC26E8BFB6CD4132138B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="wa

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_horizontal_header.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 300 x 378, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23888
                                                                                                                                                                                                                                        Entropy (8bit):7.972575063100117
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EUB3ty3llPPn9q8h2pUKKvldY0LnnP4iNn95BbbYaEyuIrHkMwx0knasAJ1gZ6IS:EUFty33E8h2Onvv3LnQyTBAaJzrHkMhT
                                                                                                                                                                                                                                        MD5:C3BFA93D5C7DB61C39EE0964408A9652
                                                                                                                                                                                                                                        SHA1:0BF196BA363A55386E34EC578FB998434DFFA76E
                                                                                                                                                                                                                                        SHA-256:A2DA83CD9A0EE76F8030EA0A98A132062D3715D314120FFBF15E7E5CF6C07C5F
                                                                                                                                                                                                                                        SHA-512:262713F8063DE027CAB620F5752B3BB7A9C52F55643644570BFF84E877B7EE292257B32F34515FAEE6D00707368480F0039668F649979F2E07F1D2F68CDA33E4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...,...z.......e.....pHYs...%...%.IR$.....sRGB.........gAMA......a...\.IDATx....$U...".2+k_..z...fiD.E...u..Ft...WgFt.....qFg...gQ...Qy#....* ...6...M...k.......yo,..Kd.o..32...._.s.7...%......~..e..Y.z.u.........<.R.V......~S....Q.......G-......;..r.i.............o.X.0......a..".0...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aBCm.:i3..H..b.&4.`1...X.....,X....,.aB....0.....sLg.w.e............u:..r..H..{=.cr.Fu.N...w.a+..9.=...s.Z....i....t...D..&....9>..G.uD......p8n..n..2......k.......2...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X...Z.w8..uh..aG5..}.S..w......8.}.^.>./...P}'.....a..nu...@u.t.<..7..s:....t....t.N.[pz..i.....2....q./.l......._.+..@Ue.l.k.n....t.;m...|.y]..>......).{...>..'....w.r.~.%.....r..9fr)[...]B.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aB....0....a.....0Lh`.b.&4..z.E.qz...<.p...7.k.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_mcafee_logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 230 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3442
                                                                                                                                                                                                                                        Entropy (8bit):7.917211786885695
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:1/6S6av9TkhLdTA7EQcAQWgDDJMB4bcpdQA7xSxygZAW1swGfru650YOydA5Yv3z:1SSdlx7EhAQLJbcp4tzf65xA5ef7gC
                                                                                                                                                                                                                                        MD5:857F7BDFB5EB00AAA643F1288B5A391A
                                                                                                                                                                                                                                        SHA1:7D58AD880ED35E794A5D3EB6AFF43B25986E348D
                                                                                                                                                                                                                                        SHA-256:E62646B24CE91D1A91D423A9579F67674124CDE0E76CEF490614588D0859EA2C
                                                                                                                                                                                                                                        SHA-512:910A14E7EF21901A6159403F98DB37866AEA7DEA6386484691C688AD1D5BFDFD7E43D1DF88D419E951511683E00FA28A6B50A335DE9D3EB51FE45F90E616FAC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............<.eb....pHYs.................sRGB.........gAMA......a.....IDATx..]]n.H....[.&..`..O.O....C. ......0;......,.....@.........5O.q......=foU...2....l...Xj.Mv.W]U].d.f.m...`..........}<....<..m@......|...a.....f....B.|..o<........AF.z.....~.......r..O.k.....8?........C..Baq.c....z.q....N..N....Y@8... h.q....=....gO..a}`......?..l...@.&.;.r.fs.8.U.8.Ji3l.6[Z:.~..m..RT,......{.......W. ...15"L.H.v......:...i6...quuO.$..4..\.IxE.h...M..ip0.p...|.....i..%........._...e.r......Fd'.s..A......_AA R..Lq....s..P....w....xs.w...a.Y.E..Bu..-..(P.|P....Z.9...l=%).U.}.s...A.T....AZ."!...}.wO..."T[...)]x.@'.......r...Q..AZ...-1#..9.,.*.:..>!B.....`.j..<.Ic.5..0..}.........O{.ybQu....kp......K-.....K.3..(.q..|wvft4H.....,....*.@9.N<]!...py.!/.\[%..G.\.{%..H...A0..Y!.Z.t.y..!"...>.+.~9....6..8..UI......!..'....q.ps3l}.t..B.d..a.x,.[..,..c=..A._.N3......L..^p}=.F...h;...:.K..J2.y....H`.G..bF.IB..z......j..'.u8.*...<4#9.2.`...s@..(../

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_vertical_header.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 350 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12414
                                                                                                                                                                                                                                        Entropy (8bit):7.971836009107372
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:mSwhyWo8nM3LYKcNcMEt2VHCk4pH4KjJBOh16ExrZLYTicctW1MUwPk1:JwW8M3LYVbA274pzNBS16E7ET31twPw
                                                                                                                                                                                                                                        MD5:401311D74B22F9A58BBB4567A9035C62
                                                                                                                                                                                                                                        SHA1:3C3AD0696E506D1D51B823CD0FA3E13CD2F605C3
                                                                                                                                                                                                                                        SHA-256:79D6B5369F72EABBB18D444363CC5A345F91538696238CDF03952975E51162C2
                                                                                                                                                                                                                                        SHA-512:791E332576282688F9F74041DCD7A27DC8C81046FB04869D2F08C0E88325BCCADED9346F696E6F4D8BCD4AC5EA1F8DD18488B1CAF9DEE1E6CEDBBD28940E7254
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...^..........c......pHYs.................sRGB.........gAMA......a...0.IDATx...x\.y.....W[....66`v.....p.m..4I..$i.....i.$.mC.K..i.%-$i.CY.....,......*.,i$.....F..f.3G.....f.....{...}...@2..a.F3.`..a4...0..1,^.a..a.2..h...a.FcX...0...e...../.0..x..a4...0..1,^.a..a.2..h...a.FcX...0...e...../.0..x..a4...0..1,^.a..a.2..h...a.FcX...0...e...../.0..x..a4...0..1,^.a..a.2...>0L!X...2.......c.3ya.2L.."Ss.....$..`.\...$S`..(..?.....v.T.....N...q.r.T...#h~.k.....+.e5.F..u.....cL.`...up..;`..80$.O.8.v:....S.K...z..C0..;.....8z. .....n..[......h..F-.x.EH7.3.G.".\..r.......>..1!....G.6"...."..L..Q.A9&....p....DBMI.v....~n$.......u&.?..J............J\N..6.....y{....+.Z.0....oB- .v.J.&.;.....G).Q*.G....".....-........+..}.{.#...)..m(....1`.....K/.....RX.v.hK.:......E\y.e)Q.c.x.......2].V....7.......[.]tG..8.h.}.HIO.v.....E........w(..#..}X.$.|.2I.....ar.W.....A.H..K...u%I.~..E.7lO.I.q#../..!..w>..5.|sAr...2[...E.T....]vya..$,..).....DV...}....[y.. .x

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\score_ui_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):630
                                                                                                                                                                                                                                        Entropy (8bit):5.682584786783875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6bgmZUpC1DgB3Wejth99A1JjHg5PQwS2DZRQAb2X+0SJI5ORkU4LO5sO:6bjZCC18VWej0TA5PQwSQ12X+0XORUOB
                                                                                                                                                                                                                                        MD5:4B4DEA0A51D0F8CE8E2D2122332D4694
                                                                                                                                                                                                                                        SHA1:C8347489490CB83527DAD23E2226EC4BCD2AC6C2
                                                                                                                                                                                                                                        SHA-256:1F13C2582FF73DFF58EF03C03176649C155B61B5A96E0E869DB4910DEDDDE390
                                                                                                                                                                                                                                        SHA-512:DB19016A204F4A6F8756858CEF345137E8BFE95F968DDC6EB1BF2D9ABF78A3A1E7A1EA29C2B3197A3F472616D8E5EDAD003FF965575D5379323BF0E3E7112A06
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........5...=...4...'...=...*...=...9...=...6...........B...K....ShowUi.template.UiTemplate.transparent_color_key.upsell_toast.UiType.EventData....EventData..UiTemplate............$6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...3...6...9...9...B...9...'...'...)...B...6...9.......9...'...)...'.......B...K....Builtin_ShowScoreToast!EVENT_SERVICE_ShowScoreToast.register.handlers.ssToast.upsell_toast.RegisterUiType.GetInstance.UiArbitratorHelper.core..builtin.packages._G...//F2B9743A89A324254AF6F0F3BAF3830DA13B48DF6A5CB264A0786353AEF709E2CFCEA0EC2CA44EDD103143DE5B684C9C1F9D343C323A0744FC46A87AE3461D14++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2598
                                                                                                                                                                                                                                        Entropy (8bit):5.036945595061714
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UQXxoNKNv4spv4aj0MuoZv48Nv42EkGxvyxs0M0oLpxMIcoPP2u0pqPc:xExd4847hk4a42Eyxs0VExkoPOvw0
                                                                                                                                                                                                                                        MD5:29CCF52A50A48CC86A7FD316A857FE0D
                                                                                                                                                                                                                                        SHA1:8DF120565B4F710CB8B0ABA6A409D21B3B696728
                                                                                                                                                                                                                                        SHA-256:2F13B5CEA7274BD0A96F31597D88CBBAB3992AF46FBD9BA252DE891D02469574
                                                                                                                                                                                                                                        SHA-512:8A786B0EA66BFC97D365F11AB2EE2828D0ED57DC1A8BDCE79245E106AC9C19F8C744B20B798AEF48C502A4F409415FA50F7232073B15C421686BBBCF43E52DDB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}.....main{.. position: relative;.. width: 525px;.. height: 189px;.. background: #FFFFFF;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;..}.....header {.. position: absolute;.. width: 150px;.. height: 292px;.. left: 0px;.. top: 0px;..}.....header-image {.. position: absolute;.. width: 150px;.. left: 0px;.. top: 0px;..}.....content{.. position: absolute;.. width: 375px;.. height: 188px;.. left: 150px;.. top: 1px;..}.....content-middle{.. /* Middle */.. position: absolute;.. width: 327px;.. height: 134px;.. left: 24px;.. top: 30px;..}.....description{.. display: flex;.. flex-direction: column;.. align-items: flex-start;.. padding: 0px;.. position: absolute;.. width: 327px;.. left: 0px;.. top: 0px;..}.....description-heading{.. /* Heading */.. position: static;.. width:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2121
                                                                                                                                                                                                                                        Entropy (8bit):5.113008581901908
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:fgn2sYswbZbMGNVMz7/VMz7EVMz7VMz/VMzEVMzkLVMCqGJKY0Zf+PGQHmROLpj5:YabMuv26zgiCgFFmG8Umz
                                                                                                                                                                                                                                        MD5:7DC9842A3F1801B9CD3B4DB8929410A3
                                                                                                                                                                                                                                        SHA1:8C3C1CC6F24534F918D89B35B57491D74D0CE70F
                                                                                                                                                                                                                                        SHA-256:26346FB5E71AD5974810BFA91273A2A3C0C4D92DCAF8F8AFDD7C9F7351AA4E25
                                                                                                                                                                                                                                        SHA-512:58A900269759A85EF589A69197F05D2D06728908590100F38FEDE4EEC196B5C428A96F17E524CB04DDE3EBACCA003B6C5F01D02ECD0A810171D412CBFAE4AA46
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>Horizontal Pscore Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&family=Poppins:wght@600&display=swap" rel="stylesheet">.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\tests\\score\\wa-score-toast-h.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-pscore-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\tests\\score\\w

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-v.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2850
                                                                                                                                                                                                                                        Entropy (8bit):5.087031229035728
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UQXxxxvmyI2Muoyv4yoEkMVGvgQ+L/MjoWEOM5RchYubipqT/MIM9m+2Cy:xExxZjhF4r8wdU0xz6iFiwT/0EVCy
                                                                                                                                                                                                                                        MD5:13166B6235ED6761C3C0FFFA4495EFA8
                                                                                                                                                                                                                                        SHA1:65C56EED9B43B93FADD7FED7004333761675701D
                                                                                                                                                                                                                                        SHA-256:8CE79010DE4D118B643FB624CD417FA541B785BA70E03E5D37B1D22DDA1D225B
                                                                                                                                                                                                                                        SHA-512:079C719C00E8BB8AE5791D02351F351AE9E6274102D0C1D9D9E4FE4C9E24E6B8935E536223C1DF98072FE6EA11D89D752D0C82A96224093CD486B32165D2F494
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;.. border-radius: 24px;..}.....toast-container{.. /* Score intro toast - Vertical */.. position: fixed;.. width: 350px;.. height: 486px;.. background: #FFFFFF;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. left:0;.. top:0;..}.....header-image {.. /* Image */.. position: absolute;.. width: 350px;.. height: 200px;.. left: calc(50% - 350px/2);.. top: 0px;..}.....logo-image {.. /* McAfee/Landscape */.. position: absolute;.. width: 100px;.. height: 19.63px;.. left: calc(50% - 100px/2 - 103px);.. bottom: 245.37px;..}.....main-description-container {.. /* Auto layout */.. display: flex;.. flex-direction: column;.. align-items: flex-start;.. padding: 0px;.. position: absolute;.. width: 309px;.. left: 22px;.. top: 253px;..}.....description-header {.. /* Description */.. position:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-v.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2176
                                                                                                                                                                                                                                        Entropy (8bit):5.1842531654655275
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:PKn2sYswbZb2GNVMz7/VMz7EVMz7VMz/VMzEVMzkLVMCqz0y5kAEaAPHRggjBb:qabOuv26zgiCU15+lgg1b
                                                                                                                                                                                                                                        MD5:42FB02544D45868E282F9302FAD9882B
                                                                                                                                                                                                                                        SHA1:D61917B187075BC0EAA6871346603EA69860D465
                                                                                                                                                                                                                                        SHA-256:CC70FA7644BA8481DAEBAF807DA6E0E00F63A0B33B8F93EAFBF6183096F50C15
                                                                                                                                                                                                                                        SHA-512:605F7C6FAC0E32567026CD4184A35691A4F4DDD6C8D53B874F76222A2E0D1E6BFF55A1A8AB49478A5971E5CE8E8D530106CCF934FA15D801B4D292084837D447
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>Vertical PScore Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&family=Poppins:wght@600&display=swap" rel="stylesheet">.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\tests\\score\\wa-score-toast-v.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-pscore-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\tests\\score\\wa-

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3537
                                                                                                                                                                                                                                        Entropy (8bit):4.942590394818312
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:T4dKKNAuahTxUATiX3JGJuCEsyU4Im2OmZiiJ:UKKNAuaNPaZGJupvIm2OXiJ
                                                                                                                                                                                                                                        MD5:C9B60B28112A58ABC843F19A379AF82B
                                                                                                                                                                                                                                        SHA1:D34F66F1D1F2CBB8EFEE2EFA906A03AFE29E3747
                                                                                                                                                                                                                                        SHA-256:4ACBE6AD6C4CD4D9CC85AB7C943A963D3992FF8B6C32BFAC293573473820E5E9
                                                                                                                                                                                                                                        SHA-512:45092856A7D399F56CCE3C80B5572D75B791CBBB7BFD4CC776172F8D4FFD95239A4F3A4AE007544D154551572C92A02E88AD8131ED874FD6F34F3D1CBC10CC42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Protection Score Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... ui.pscore_toast = function () {.. var $el = {.. description1: $("#description-1"),.. description2: $("#description-2"),.. acceptBtn: $("#accept-button"),.. ignoreBtn: $("#ignore-button").. },.... show = function () {.. _window.ready(function () {.... // Get protection score cohort value then set size toast window size based on that.. var protection_score_cohort = _settings.getSettingScopedWithDefault(1, "1", "protection_score_cohort");.. setSize({ width: "364", height: "500" });.. if (protection_score_cohort === 2){.. setSize({ width: "539", height: "203" }).. }.... // Get settings data.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.PSCORE_TOAS

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon-selected.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):477
                                                                                                                                                                                                                                        Entropy (8bit):7.351051330229087
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7y2VDhNOYjroguA84jleUzz0BDdbNSp42duo1:wVlYq7kC02yNSp5Qo1
                                                                                                                                                                                                                                        MD5:8DD33EC0D498CB6C2FAA490D5FFCAB72
                                                                                                                                                                                                                                        SHA1:E278EF1E92293D41820D83E115A7195E30509BAA
                                                                                                                                                                                                                                        SHA-256:C43CDCDA1172EA4E55CD6725B5FB3B0F2ED9F8AC2C3DFAB3CB5A927550C00492
                                                                                                                                                                                                                                        SHA-512:20257C6B39D94376C69118E91480F101B96E168E0C1AE599E505E76C4785A08C7CEC0297B84B8FB99EC690C16FEBE8985C8558AFEE13A7503D053760FB52B242
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d...ZIDAT8O..1(.a......QJ1... ....2.3..`R2.u...*.h1. ..,.1...=..9}.........y.._....E..M...%;j....}|.Z....m5........;..,.v.l6...X....^].F./{.q.-V.0.sGaf...\.S.*WV..7.3f{U.A......Q.....L..%.Q..\.'....M.Q.lOn~.;.p]s...j.....5G...c.QV|a..(....1.+..W:.2l;....b....)7.3`;.....Z...Y.....KY.V...Jx.V.G~..V......+.!..U,.........|.O|.s.`...'I...-Ps4m."....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):621
                                                                                                                                                                                                                                        Entropy (8bit):7.440301212402691
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7y2VcCkoWVpXHvC+N3Pei2PrEyBvatOrED0uapdvoXP:wVZk/9/ei2D6d07m
                                                                                                                                                                                                                                        MD5:CAE22AF422FC994E24E8CCAE7ECDFCD2
                                                                                                                                                                                                                                        SHA1:E237654EE11A51773BBC840A27F79D6EB2DB0000
                                                                                                                                                                                                                                        SHA-256:48B34A024F5B925DFB6B8973876708BDD49B363712E74981078661D638E8440B
                                                                                                                                                                                                                                        SHA-512:8A818292FB67F81A7339DC2866EE5884DBF5DD97707F6567F4B1A6DA7CDD8FE8ED8BBEAB04CA610FFF2C1B80C36A1873ED331187FD9A8BA8734DBAA401076379
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d....IDAT8O..1H.A../!Q....@@kI.H...AmR......w.'.W(j..UHa%H..b.(....R^.B,...!M .I.B....x'..`.._.....y....U.e.D.4.D..Z..Z...I.+...B...i~.R.=.2.Ci...3.zw.c...;...n.ju...(.G.e..(}..<w...Y.R.b..v}.='0.V.^.tQy..,rf"T.B.Ry..&..._sQvw...%g$p....8.8...,...R.I..........'......g..m..^F.7N..Q.i.....<..O.8....y..<"..I}...,...*...<R&...s..;\..J.'8.G....f..o...l .^...(e^..;..t.._.....F%...k$.......:.'..u.n..g....@..N...E.....m....4M.\Do...H.b^?...t....}.......}Ahl.G....~..>.@..3g..U(\.Q....L......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\badge_unsafe.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):957
                                                                                                                                                                                                                                        Entropy (8bit):7.697613181319463
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:A/6SFlM82TeEtptDqNrmcMg+nv5eYIIHUVcIFOuIvEvKZiSGtvml:A/6TRnONav7he5FBIvESQSGAl
                                                                                                                                                                                                                                        MD5:BCF5ED81D209242E53EF15C8F0CE28F9
                                                                                                                                                                                                                                        SHA1:DA551082C031F0F532E61953479EA7BEED4E1068
                                                                                                                                                                                                                                        SHA-256:D7BBC3068A4447D0B6AB734C9CD0AE5E13393152FFDD51E6CC6117637F9063A6
                                                                                                                                                                                                                                        SHA-512:0B51D2BBFA103E53E7C7E204DD815160B0AD679218099AF9C8BDBCFBA83A6FB1FF480651D2B28DE690C222B2A8B74D44823BC5E16CC46AAE1E725E9694390B37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...4...4......x......pHYs.................sRGB.........gAMA......a....RIDATx..OR.@..npeie.%:q.F\."s....`.....8.s.9.a....eJ,.Ci.....I......$...$$..z._w.n..Q.....R....E.v.&.k=....xyy@F......T..T.K..T.B"..J{Uq..i!@...,a...~#.K.2&$."...9....2.%..,....5....Rm||..`0Hr{"Ajo.F.r.k..b.k-..D..i.|v.H..(h.y?......t.b.....:.a....t.G....T..6.Y>.....o.~.....@>.l...tu]'.[.C..2p....c..O..U.O(....;.I.B..e...P...... .j.F\........9....1..BB.wH.-..@.".....2.Rh..(:<'.H....O0!.....Y..Z$......I.g.,Pr...9.E!-.R.,I@.!-.%......>..!.B..A.........x....2...4P^.\.....:(.Jut.D....^.....&.7YG<?....-Lqu5.).9\..-.O_]d.g|....8Qb.RJ.Qz..-..\...7...b.`|,.D.p.onF.|lB....0.9..8.. k....b.`..N...0..1.j4..:..A.-..FQ..W...Y...*.....w..[[...1A........r...t]'.:c..{...+X........../.7.N.n3X...||..O..X/......oC..m.4*..X....7.'Q.G..J.l#!......a...>k.TZ.7..<.~{....<^..:.."....7..v.,..fNj..}.-=.'..._!C.8.kha.....h.t.....j...5...A.S.......IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-checkbox.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2269
                                                                                                                                                                                                                                        Entropy (8bit):5.22954284436638
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UoZJx7MdDjTPWfx9gczwPpCRulmR+VEI:xArx7M5TPWfx9lzws+n
                                                                                                                                                                                                                                        MD5:D1A32162FBACCD8E4FCFEB89AFA5AFBA
                                                                                                                                                                                                                                        SHA1:F0EC989710F16445259BD3A18E19E62053F2C0ED
                                                                                                                                                                                                                                        SHA-256:6FCBEEA073AEF67DFB2230171088E7C99188C0ED994B734EAAF98189B34EA898
                                                                                                                                                                                                                                        SHA-512:EC90762FCBD503BEB9127F01B16F12E26C4E3CBE19292D100FB079598F7CB0471BB1CDA19E79C911A37247CB1091C84540AD874158EDA182DA8A7B850F090664
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 16px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 16px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. paddin

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-checkbox.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2337
                                                                                                                                                                                                                                        Entropy (8bit):5.2080130541526115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:AswDjY49GNVMr71rAVMr7EVMr7VMr/VMrlqVMrkbAVMCrmglBkkEEvURFWS4Cicx:DOjllTneCPIHCT4QSFWSO7QmqPOtFaLn
                                                                                                                                                                                                                                        MD5:8D6BAEEB11FB34CFAF3723EBCC3B445F
                                                                                                                                                                                                                                        SHA1:C6B8583CB4A2B4F4542B3FD86702B5B5F203B084
                                                                                                                                                                                                                                        SHA-256:99E0A44899A6683F5F56886821FACF7345EFE4140C44E57F237680574258EA20
                                                                                                                                                                                                                                        SHA-512:818C0B460DB17603D911029E64B0E501CB4FB4309C168295FB0720B557671FF0343C18F710C551F1D30E178806898F14E52A1BAA8969AD1D3E77C1875DAB00BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>....<head>.. <title>SS Toast Variant</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-checkbox.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-checkbox.js"></script>.. <scr

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-checkbox.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4550
                                                                                                                                                                                                                                        Entropy (8bit):5.052741375618858
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CAATI313XsdWNR8jEcYw1TwVVXK+0OG1rAVXX0fFFXsWN:lAGJsA78jEcYwFCVXuOGuVXkffXR
                                                                                                                                                                                                                                        MD5:6E5F0002413E6D5A1659BCF28E08D2E8
                                                                                                                                                                                                                                        SHA1:28A3FE1A8D4D82AF86EAEF27A00EB37FF620263F
                                                                                                                                                                                                                                        SHA-256:47BCFD1D3D5E16922D6D56ED478508D06176E08D85F5981A467CB6E0CF774871
                                                                                                                                                                                                                                        SHA-512:0D2BBFDAAFE055278B38A0E427A0B069D1A44C3CC244034BF5BA8772CFE57FA2D1902328F2AB2FEB398E47C49CAB33FC7530E03DB6E8E8669393CBBE1A8FBECF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. };.... function fillButtonText(btnText).. {.. if (!btnText).. {.. return;.. }.... if (btnText.length > 8).. {.. $el.doneButton.attr("class", "button__unfixed__width");.. }.. else.. {.. $el.doneButton.attr("class", "button__fixed__width");..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7069
                                                                                                                                                                                                                                        Entropy (8bit):5.116877989593178
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:OWZxXMHRMroWa7b6xEgPGquAED+YhAAA8b89Y/5Pbqx51E5hh565/M7buH0eFDe0:OW0H28Fguf+y89K2kCdMunbt
                                                                                                                                                                                                                                        MD5:9263F905C17DAEE2759DD16459223725
                                                                                                                                                                                                                                        SHA1:0D3BEF52A7B6CC4EFEF72596D0F93F1E5C6D35D4
                                                                                                                                                                                                                                        SHA-256:EF186B6F22CBF01006A86EB06CDE12C2F3C5C0F6B5DBD91A53C308BAA42805D5
                                                                                                                                                                                                                                        SHA-512:4A12ABFC854B132676F4434F527DB8713E9C7C6D147777EDD86A1C0C852E6AB4A91AB79A14E08ED4253F73C32A7452CB55414410D40F9042D8AE6FABC661A64A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;.. width:fit-content;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* v

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3755
                                                                                                                                                                                                                                        Entropy (8bit):5.084796922211164
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:jMsaeRv26XbWgHZNG50ybUYoA1gPeaNS6cD2QXIan7/u:jDbLNw1AYomgPeaspDfXIanru
                                                                                                                                                                                                                                        MD5:0CDA5D30639BA94B0706EDF8925668D0
                                                                                                                                                                                                                                        SHA1:ABA2559EC90D0E94564A64B4CE401908F4607C82
                                                                                                                                                                                                                                        SHA-256:D460318679A7B4E15872A050C16132FE92766DE64CB4AECD8E13690E3449E91D
                                                                                                                                                                                                                                        SHA-512:CA85E9493D70CA4F544A70862F951A03A6BD8BE02BAE532BD8F6A8F6404BDCF698380270C3A4D414EFA753F11A432AC0F5DCE099A51693A1D2C1034C411C3D7C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\pa

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8089
                                                                                                                                                                                                                                        Entropy (8bit):5.125908453797107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:lAvUEJU5h6wFCVXuVdDE6hYkBaWPwT0JrrvG10qAvlGuVXkfldX+kO:mvhJYDCV+fEGIj1sVUdtO
                                                                                                                                                                                                                                        MD5:A91DD10D5A5C076986F7655AFBE091EB
                                                                                                                                                                                                                                        SHA1:A216F7DA269BF5AB9234AA60704F53FDB8B985DB
                                                                                                                                                                                                                                        SHA-256:1FA4642C3438A07AA47EAEC7625120911EB8227D2F7A7B92FF26FD95CDD362DD
                                                                                                                                                                                                                                        SHA-512:E21E8F1A6E8F850B516DA7F75B96579CB0FBCF0BB02040DCEB49C70768326D9D6A6E54BC42E5CC98E151A59A8A969FF88BCEE12AAFD115F922DF3E99EA40EBCB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. version1: $(".version1"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. feature1Label: $("#feature-1-label"),.. feature1Name: $("#feature-1-name"),.. freeLabel1: $("#free-label-1"),.. feature1Desc: $("#feature-1-desc"),.. feature2Name: $("#feature-2-name"),.. freeLabel2: $("#free-label-2"),.. feature2Desc: $("#feature-2-desc"),.. checkboxContainer: $("#switch-se

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1238
                                                                                                                                                                                                                                        Entropy (8bit):5.705896669991843
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6wBTG+3j9qlatg94bXSx7ngIdMKWF8gGX5p0TA5+CUTm2X+0XUpS:BBiIj9qlatVXEngJKWqg8+CUTvxXUpS
                                                                                                                                                                                                                                        MD5:BB80C853309E69A6B5A48F611BB85833
                                                                                                                                                                                                                                        SHA1:66925DD38E6F279FD6D64721B9052239540F495C
                                                                                                                                                                                                                                        SHA-256:A620B87A665CC92D4982C4CDF717B66242CE539C2E725B95AF1CCB9402FE9023
                                                                                                                                                                                                                                        SHA-512:7B013C59BEFFF94BF366AE63376DC17CC2E2D9C45193574ADA6C92F5E605E427299CD010CF20CF06770E4893034FFBF9D1925DA89F769085DB86DEFE845904BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........J9...6...9...9...9...9.......X...6...9.......9...'...B...K...6...9...9.......9...+...'...)...B...).......X...).......X...6...9.......9...'.......&...B...K...4...4...9.......X...9.......X...9.......X...6...9.......9...'...B...K...9...=...=...9...=...9...=...'...=...=...'...=...6...........B...K....ShowUi9wacore:mfw\packages\webadvisor\wa-amazon-upsell.html.UiTemplate.EventData.amazon_upsell_toast.UiType.toast_cohort`amazon_upsell_handler: amazon upsell requires toast_count, amazon_extension_status, and url.err.url.amazon_extension_status.toast_countEamazon_upsell_handler: amazon toast upsell is disabled, cohort: .amazon_extn_toast_cohort.GetOption.SettingsDB9amazon_upsell_handler: amazon upsell only for Chrome.info.log.ch.BrowserType.BrowserUtils.utils.core.Browser........$6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...3...6...9...9...B...9...'...'...)...B...6...9.......9...'...)...'.......B...K....upsell_amazon_toast.event_amazon_upsell.register.handlers.a

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4661
                                                                                                                                                                                                                                        Entropy (8bit):5.815955551693316
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:X80GptO8fi2UgfH+ge9YYdWkHm18LbWQY6guNx6g2:MfjfX/+gKPWkq8XPYduNx65
                                                                                                                                                                                                                                        MD5:8D5C47922C3B66CEC9F4EC1CCC0CECDB
                                                                                                                                                                                                                                        SHA1:E99258F5B417F0FDF03023E67811B967845C4D97
                                                                                                                                                                                                                                        SHA-256:0859DCB804E1CCCDDCD15131C3C3214A930870B2B5904FAA1B61D88B031BD17A
                                                                                                                                                                                                                                        SHA-512:8ED6642097FE8EE9CE49E4D3E0A5C29BCFFC16CF4BF6BC07977DEB538E14921FAAC89BD1D9DFB85F0765393DCC6B988E0870A47AF9396DB088538A849F1CD550
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........5...=...=...6...........B...K....ShowUi.EventData.UiType....web_view2_ui_templateJfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-checklist.html.EventData..UiTemplate5wacore:mfw\packages\webadvisor\wa-checklist.html.UiType..........5...=...6...........B...K....ShowUi.EventData....web_view2_ui_templateHfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-dwtoast.html.EventData..UiTemplate3wacore:mfw\packages\webadvisor\wa-dwtoast.html.UiType.downloadWarningToast........U6...9.......9...'...6...9...B...&...B...9.......X...9.......X...6...9.......9...'...B...K...4...6...9...9.......9...+...'...+...B.......X...'...=...X.).6...9...9.......9...+...'...+...B.......X...6...9...9.......9...+...'...+...B.......X...'...=...X...6...9...9.......9...+...'...+...B.......X...'...=...X...'...=...-...'...........B...K......checklist.showChecklist.showUpgradedUserWelcome *DisableUpgradedUserWelcome.showCryptoLearnWelcome.*DisableCryptoLearnWelcome.CryptojackingDisabled.showNewUserW

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\chrome_extension_push_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1660
                                                                                                                                                                                                                                        Entropy (8bit):5.578802467973094
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6aCRoYslDAbfu+oqxMdiyUZXvyBRCziQGePQ6NNL9aN+j/eHzsRNYa:kYkbfuhxdiHqKtGaHy+j/eHK
                                                                                                                                                                                                                                        MD5:37B5DC5AF1F288C164D185C89A8BB7BA
                                                                                                                                                                                                                                        SHA1:6EB6B3747F8F121DEC1F959DE2B3C41BEF27CD09
                                                                                                                                                                                                                                        SHA-256:209E7B7B465AA87FD24A9FE566BC14BDFFE8CA826BC2A839845A0739AD22250C
                                                                                                                                                                                                                                        SHA-512:04AD4B881407623B0925D63346A3E735D846FAF85AFBB6D1D04D399B2D215AF1C957E6AA422BDF992A50B6D637BE50CA08EDF7736788ED9F2F93D86DE516C5DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........&...6...9.......9...'...B...6...9...9...9...9...9.......X...6...9.......9...'...B...6.......9...'...'...B.......X...6...9.......9...'...B...K...6...9...9.......9...+...'...+...B.......X...6...9.......9...'...B...K...6...9...9...9...9...9.......X...6...9.......9...'...6...9...B...'...&...B...K...6.......9...9...6...9...9...9...B...6...9...9...9...9.......X...6...9...9...9...9.......X...6...9.......9...'...6.......B...'...&...B...K...5. .9...=...6...9.!.....9.".....B...6.......9...'.#.....B.......X...6...9.......9...'.$.B...K...6...9.......9...'.%.B...K...!chrome_ext_push_handler: endRchrome_ext_push_handler: Failed to trigger LogicMsg browser start on browser.OnBrowserStart.encode.json....IsExtPushTriggered..Browser.., no need to engage1chrome_ext_push_handler: extension state is .ext_no_entry.ext_enabled.ExtensionState.ch_wa_ext_id.get_extension_state.browserSettings. is not supported.tostring&chrome_ext_push_handler: browser .ch<chrome_ext_push_handler: chrome extension pu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 170 x 167, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5286
                                                                                                                                                                                                                                        Entropy (8bit):7.918352410896778
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:VadOXrG7NapBuqn5EVYrylb7le57jdIt5X/pu660z4GKbAkhYaPQGflW1:B7smri6ryhGGX/JNzoAkhjYGfe
                                                                                                                                                                                                                                        MD5:992B99090456FAE196C91BFCA1630D5B
                                                                                                                                                                                                                                        SHA1:5079D7427DB7384162CFD4917A87D1B9C3235A55
                                                                                                                                                                                                                                        SHA-256:F86960D443E848E83A2BA3B27B68EE488623A6E6E80E74594E69802FC472AC8C
                                                                                                                                                                                                                                        SHA-512:80A8DACF479B444979889F0D9B5DDE429AA794D8D7E1430B4555571513FB3FB5F6F950B2FD989A7DF9B4EBAB7ADE271B5C8A635C4B247FD9D3D97EA96FEA0AFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR................\....pHYs...%...%.IR$.....sRGB.........gAMA......a....;IDATx..{.T....{.a......GO6...*E..`.n!<$+L$.ML...X1.qe..V........M\.2C.v.'....uf...$.Vx..0.. P............}o?.....3}ow&...;...HA.ljYLzj..:Q.........(."I.LOj........Q4q..)-2....\..>_.^."K.|.f))H..F.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF...'.V5..b.G...4.Qv.a._..21...4...=...g...WD.....\.......d;.....6......D..N$2........3J..2J..2J..2J..2J..2J..D.r.t.-T*..n..OS.......C. .....r*..^5...E...n..%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%.[..fc.....:.g.0..Su.%^...kkg'.Z]K[...).?H...N|z...[..v.z..........x.>|8UVV\y.....X..xf..g.....5v.r..?_@..K..N.(g..?....o...cFSuu.F...kcE..V.....o.LRY..9j<...i.>...>S=.n.i.x.....k.......VB#.ow.b.X[...^.3..w'.#......P....}.....<.T.F.b./U;.n.{B.8.v..t....rA.W.....[......h..5T...<U.Pg.Pk..5.~v...J'.B.5;.ijv..vB.Q.?.-.3u...R.S..kj!].....H.T..o<Pr..PE.eO=).H.I5 l{..I7.d../V....N.Q.P..E...u..E

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\ext_install_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1239
                                                                                                                                                                                                                                        Entropy (8bit):5.766803864174691
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6uhfXWnvmJJdPObNlpwgMT9CFbzVNh0TA5js2X+0XcLWvRduP:dhfXguTdPCFM4bz7jNxXcCvRde
                                                                                                                                                                                                                                        MD5:61241513B2381BC14D9312F65D07A792
                                                                                                                                                                                                                                        SHA1:1CC0240DBCCF81CE2057977FE4912C3C76393253
                                                                                                                                                                                                                                        SHA-256:A69865D8377819D81123E6C12C40CB05C5B63D0D7DC7B0658A1D68CAFE708259
                                                                                                                                                                                                                                        SHA-512:F03675188A36122ACB0C484A0805F33ABB7CE379D521055C1914747006DDDEA9BF474813C5132A55C3D57DDF2A88B1752842687F883B27B526589F81A47856CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........<5...=...'...4...'...=...9.......X...9...=...6...9.......9...'...6...9...B...&...B...X...'...=...9.......X...9...=...6...9.......9...'...6...9...B...&...B...X...'...=...9.......X...6...9.......9...'...9...&...B...9...=...6...........B...K....ShowUiEshow_ff_extension_install_toast: got implicit close event name: .implicit_close_event_nameRfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-ext-install-toast.htmlCshow_ff_extension_install_toast: got custom WebView2 template .web_view2_ui_template.web_view2_template=wacore:mfw\packages\webadvisor\wa-ext-install-toast.html.tostring=show_ff_extension_install_toast: got custom IE template .info.log.core.UiTemplate.template.extension_install_toast.UiType..EventData....EventData..UiTemplate.........$6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...3...6...9...9...B...9...'...'...)...B...6...9.......9...'...)...'.......B...K...$Builtin_InstallFFExtentionToast*EVENT_SERVICE_InstallFFExtentionToast.register.handlers

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):407
                                                                                                                                                                                                                                        Entropy (8bit):7.1407976551071055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/74/6Ts/+smsfwZQlyCzDSkG+ZlfDN+y9X:x/6afkRChDZ1DEy9X
                                                                                                                                                                                                                                        MD5:52488EF2BAA65366C96F39947B5CEC32
                                                                                                                                                                                                                                        SHA1:580C1612E3D607EA8C3C83B03285ED6B5E5AFC23
                                                                                                                                                                                                                                        SHA-256:C0E9102EF0C19E55052516B7B11F95E96A13A93A19DA66328DE5B66740CE4A4E
                                                                                                                                                                                                                                        SHA-512:0D54D10933E441EB624CCE78C293162AF8150134199D7C2AA54554476CDB70983A3CC069B23D3C93D736612C80EF6C31CA1842EB72385FA4BE359A40F36A5B67
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....,IDATx..k.P..H.....;.P:..Z....[.QG.I\..]}L...... 8..........1W1\|../8.....|9.;.r.@>. ..(HZ.%'p.Y..;...[..r..m...Z..&.l^.....k-B...Pk...~?.....{.....b...f...}...ty..C..`...@<..,.]..R<u~.{@f=.w.<..x|.zsjq V.......I.KC<.}.....V{.l].Lg2..v..m!c....@g..-.>...@v ....L..l.y.>.)....."....%....P*........IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-noxup.gif

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 148 x 50
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1686
                                                                                                                                                                                                                                        Entropy (8bit):7.777921392960299
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:I/sUg09pp/qKHlZpbkXt8K7n5bTh5lTdAiwy9QntZ9C:onJpp/qKXpbU2g5DlT+i9QnY
                                                                                                                                                                                                                                        MD5:DFD80EC6F7EE421AEAF3F785922438EF
                                                                                                                                                                                                                                        SHA1:DD3FCFB2BF921A6C67933093B1AE64CA23E1AF26
                                                                                                                                                                                                                                        SHA-256:FF31AC8E9802988BE162D31CD350711F460E8AB292CC45950C202ECD1A8FEEAF
                                                                                                                                                                                                                                        SHA-512:8391CD280487F73F7FDF5529BB6677696BC815DC99ADD5AA229EBE1B569B94C1D8C5370A86C0665F5F20CF918325B23338EAAE347FE441550C0758A687297C06
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GIF89a..2......'.....-..&..,.."..,..(.....-..!..&..+..(..5..)..(..2..$.....!..2..&..*..+..1..&..... ..%..0..6..*..&..+..0..-..:..5..+..0..2..-..5..5..;..@..6..7..=..?.#<..>..E. C. >.#@..<.'H.$E./K..N.*S.,J.6I.,O.1K.+@.+N.1N.)W.4W.>J.9R.;P.6W.=Q.:V.DW.A[.GW.>].HS.E^.J].Bc.EX.Mh.Nc.J[.Re.Pg.Mg.If.Pb.[h.Ls.Mm.^o.^u.]p.gt.dt.jy.g}.qz.u|.{{..~.x..{........{.............................................................................................................................................................................................................................................................................................................................................................................................................!.......,......2........H. 7Z[<DX......#J.H....3j...a...B..)O.?~.....J..........8s.....@..MP...HM..._.. 4x....X.j.:..Q."..S........a.*.p..I.(.....O^...6..Pu...}............A...3kF.x.g.'..........`.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 27 x 50
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):369
                                                                                                                                                                                                                                        Entropy (8bit):7.019028949718389
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:aPd7Wm9a7S6xP+rDzujMhsACN1brSF+dmz0fmBDbf92buPamIPW19mW:aPd7Wm9a7zGDu91Ppdmzka/f8bQasX
                                                                                                                                                                                                                                        MD5:3D32D5CBF24BDCC2C74E876AAD4C19A0
                                                                                                                                                                                                                                        SHA1:E4F405F07DC0D870A2CF4E5EEF48C91393676290
                                                                                                                                                                                                                                        SHA-256:7456A5B53B0E7BAD980926BA86EF437ABB19F5C2D397031C83B27198DEA3C5D0
                                                                                                                                                                                                                                        SHA-512:DB97E6E8E062B75FE46D49558BDA19674AA574476F85458A22A536FD07384618524007342098E5FA095532A2D8CFC2612CAD0AD77AC406E5C12029E48F112830
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GIF89a..2....................................................................................................!.......,......2.....".di.Y..l.bp,.tm.x..W...`.B,...r.l:...tJ.Z.X,e..z..xL....tZ.n..pxdN.....^.........................................'..#..................................................................................................&.....#J.H....C..;

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 2 x 70
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):361
                                                                                                                                                                                                                                        Entropy (8bit):6.510176350874939
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:DvjkRhk/NruDE9Q0QVlMjlFGCyzVwFECgVp/R5i9pNoj3f31XoB/fNfkc/:zjkRiFrFQ0QELV8VwFELjZ5ii3f3No1z
                                                                                                                                                                                                                                        MD5:2D1CCF8BB4F2013151F9BEC12542D9A5
                                                                                                                                                                                                                                        SHA1:9AFEE504C285A2FD7B09BA3AA745B3CD4AEA3ECE
                                                                                                                                                                                                                                        SHA-256:8CE5E1DE817FCEF6618DC2279753936423A975ECBA3C28732FE0CF0DAA52E1D3
                                                                                                                                                                                                                                        SHA-512:C640B6921D144E76417CCB433CD7B0359FCB8298E546454AA31067FF70D4356DB86A223C83E70F2C43F46420CC4D6554834D3998150DD2D6257F65F8F7708942
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GIF89a..F..2...$..$..$..$..%..%..%..%..&..&..&..&..&..&..'..'..'..'..'. (. (.!(.!(.&&."(."(."(.#).#).''.$).%).%).%*.%*.&*.'*.)).'*.'*.(+.(+.)+.**.)+.*+.*,.++.+,.+,..........................................!..Created with GIMP.!.....?.,......F...q...).V..+...0....XX.j.J.P...d2.H..H$..@...C.p8..F..`.........................................................A.;

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1059
                                                                                                                                                                                                                                        Entropy (8bit):5.242680215298125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:xmp5UoZR3xQiD3RJMZcUhiLKyFc43bZ147IKHYcz:xmp5UoZJxBTM3Q3SdLYcz
                                                                                                                                                                                                                                        MD5:EDA80E87914D235FA0B9074531B21037
                                                                                                                                                                                                                                        SHA1:80BDB531BBED1BE955994BCE031B769631E74A63
                                                                                                                                                                                                                                        SHA-256:F197311F863312F07FAECC8FE512C84DF90934F3B16A31B0A52E6C210A62FB8B
                                                                                                                                                                                                                                        SHA-512:0500B2BE4C8AE836C5EAB9DDDB20E6B5871330A6786EA651B7161252C55F63BD4C31F477E953D1F0C702A128A5E04AFB9395E8CC7F99C129F0F49631225CFC9C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}.....balloon-chevron {.. height: 20px;.. width: 20px;.. border-top: 2px solid #E6E9F0;.. border-left: 2px solid #E6E9F0;.. position: relative;.. top: 10px;.. transform: rotate(45deg);.. background-color: white;.. z-index: -100;..}.....chevron--centered {.. margin: 0 auto;..}.....chevron--right {.. left: 337px;..}.......balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//3D25A275F42B0E290B913A1AB9903A413EE0B14576277056328C88DDEA4047041EC9918

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1687
                                                                                                                                                                                                                                        Entropy (8bit):5.274400257400703
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:LswDjYlGNVMr7xnVMr7EVMr7VMr/VMrlpVMrkANVMCrNM/QogXORMkfq:oOjmxuneCKIJCEQxyNi
                                                                                                                                                                                                                                        MD5:021DF1CE72B6F7327FA9B9F79FE430D8
                                                                                                                                                                                                                                        SHA1:4B9EB53A3A4EE333CF253A254C7EC74DD3054C88
                                                                                                                                                                                                                                        SHA-256:371D383396866B86E082E4BB832F0D962C0245E2BE730FEDA1B787E367B890E9
                                                                                                                                                                                                                                        SHA-512:847E80F83176A159FD133C46A2BCA1582E213F67AD8A8B5555B220C3EDD8892A5A0050101D04F192E03B33E130C9389D41188F6C73B348684E4A0E84C8F4DDF5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.js"></script>.. <script type="text/javascript" src="wacore:tel

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4438
                                                                                                                                                                                                                                        Entropy (8bit):5.062432071908128
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:T0AmdonK4uoNDsVgV1PixEeB0NufP9SdaQbXkATWx:AATK4bNDAg/jeCQS9bXhy
                                                                                                                                                                                                                                        MD5:D157B88D8CFB3795732AC2382C30BE60
                                                                                                                                                                                                                                        SHA1:FC91C32A3D9A61257ACE07A69EF16B1F82DB10BE
                                                                                                                                                                                                                                        SHA-256:62773BAFA0B6A0812924C425513399D823C3324A6B19AA0A12CA2291BB55ED2C
                                                                                                                                                                                                                                        SHA-512:C2F5B2EE79450AD0CBA0F39CA402EA0E35FD665F5E17A44371DD2755907FA4AAB73D96C873AD6F8654F609B3A9E03BE1EF25E2091CBA3C93034DAF8F7712A903
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1660
                                                                                                                                                                                                                                        Entropy (8bit):5.2349241144579715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UoZJxwqqZlmlXMwWlYAlCiIpuj+i+Un:xArxzqvmfWlYAlc2+Un
                                                                                                                                                                                                                                        MD5:3B662448A94CF4F2048C0012A4107165
                                                                                                                                                                                                                                        SHA1:29427F2A5ED853902E223232712EEF0B1519718B
                                                                                                                                                                                                                                        SHA-256:EB3618BFF2E9EB3B8769A23E95A12E9DA9F9C9A1F5B45F52AB60517A56D96964
                                                                                                                                                                                                                                        SHA-512:8C57EAF9C209F0F87EC8D120A4AFDAA1D95846E886639EF694F125375703D12C901041840592E623C6DF9E2A44576CA1FD3790A58CA0911D82B444815FA72DCA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. height: 255px;.. width: 505px;.. border: 2px solid #E6E9F0;.. border-radius: 24px;..}.....balloon__card {.. background-color: #FFF;.. height: 100%;..}.....card__content {.. height: 100%;.. padding: 24px 20px 24px 24px;;.. ..}.....content__images #wa-logo {.. height: 17px;.. position: relative;.. margin-bottom: 10px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. padding-left: 24px;..}.....content__text > h1 {.. font-weight: bold;..font-size: 24px;..line-height: 32px;..margin-bottom: 16px;..}.......card__image {.. float: left;.. height: 100%;.. margin-right: 24px;..}.....ca

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2132
                                                                                                                                                                                                                                        Entropy (8bit):5.185423212299676
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:LswDjYlGNVMr7w9VMr7EVMr7VMr/VMrlWWrVMrknkVMCrAedmsQ26qK/OFhItaI2:oOjIxneC4WCInHCFy26qAqIMImqIudns
                                                                                                                                                                                                                                        MD5:8C1BC60C2E64D53A7495440C5A190635
                                                                                                                                                                                                                                        SHA1:82F7271CD854CAB7D63D4719E546C3199F267665
                                                                                                                                                                                                                                        SHA-256:12ACE8B8B084E7EC23062DA111CCEABCC8E359BC103BF5F5563C8420ADA68F16
                                                                                                                                                                                                                                        SHA-512:86EBF4649D0F34DC780302514A53150B63446C2C65714997C210F3495045F7AE53AE89C690C946BA6C643772DFC4C0EE0B3426C29370888E80D587EC5377AB40
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\new-tab-res-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.js"></script>.. <script type="text/javascript" src="wacore:te

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4066
                                                                                                                                                                                                                                        Entropy (8bit):5.128136900384235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:n3AXKffHguIKz1hauWSu0RVflDh84bXkj+:3AogosHiVfVh84bXi+
                                                                                                                                                                                                                                        MD5:0253D448463ACDBE951977C57F1B3843
                                                                                                                                                                                                                                        SHA1:E9B0A3A7F095AD100A57675FF0A17EFFA03D2A62
                                                                                                                                                                                                                                        SHA-256:B9E43DBBDC7E74CF71917AAA7668B92FC707A4A4940E4D545BA9F86EA6BEBA2A
                                                                                                                                                                                                                                        SHA-512:3C7935D685302E27B7371124E5E30130148606073DC9D035E3173B34818DB6A1FFDDABC4A9906116D88CEFC7107B80B1964EFFC97F7B7DA12BA1B0763E346250
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new_tab_main_logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 155 x 252, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9836
                                                                                                                                                                                                                                        Entropy (8bit):7.914414293589123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4SzlM0MAc3Z+8WM/h/Cl3oKSo5i1TL999zhgwfnt1ztUOTGgz7dEM:/zYcc/Cl3nSoIxL9XuwVhtUOTGy7dN
                                                                                                                                                                                                                                        MD5:89FC18BBBA9A69CFEEBFB5ACC4E9089C
                                                                                                                                                                                                                                        SHA1:1FC704BA2ED65674BC9DD7B7D882D8F588C1F898
                                                                                                                                                                                                                                        SHA-256:DDC5EB8EEBD2874C5774A4266EBF0A064FCFBF94A34686839B3FDF7E73235F62
                                                                                                                                                                                                                                        SHA-512:12099A1DA49A4AEA5A5BEA2E41C94E8151743191B48AD6B0F099B43A3532FA57ED7D335C9A2748BAC7F43C11212C04CA63D42E38B0D278C20A3A0D2DBB49A632
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............`..n....pHYs.................sRGB.........gAMA......a...&.IDATx..Y...y..........")..J",J.ER..(mh......a....~X.F...v..z..#|...."%..D..i.4...%..@..qc....g.3.*.2....{.s03.lTu.=S...jr..9..b.. .!Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1R.....Jp...{.S....c0.~.V.(.ef..4<.....k'l...y.v....jDG..=G.Y...~.7.........|........m..+4.........`..b[&..#4.7..YX.........Z....m.8v.| ......J..f...'.."..J.lX.0....?z....n'..}...dPl]...S.....`%.n..p+.).........../o.l*d.;...>4...._.".tPl]D....3{...<.....eVA...f......{.C..Z.nO?.*.tPl]......F.....IB\^|.......n%Pl].$4n.U.lb...,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\overlay_ui_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8836
                                                                                                                                                                                                                                        Entropy (8bit):5.668036096779965
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:NLDv0Hf9pf9JeSOoxYeaya6eQ4Rt356VPibkOtxXS:NLDv0HfTf9JvY7B6ehUV6bi
                                                                                                                                                                                                                                        MD5:78358E6B7C927B9FAA4647FF44C4B95B
                                                                                                                                                                                                                                        SHA1:A92D803084BEC56CEDC64E47086FB2D17274AEC4
                                                                                                                                                                                                                                        SHA-256:3595334AE9D4909F14834B875E6AE80CE83601012B003114CC38FD1A23D22D77
                                                                                                                                                                                                                                        SHA-512:7A2340A950E0A086E65B51C467C39002E60789FDEE085900DE6CC46E9280187DA2D365C79001378BE1CD6DE468F2080D493A07A9D3211D95B93B960140253E38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........-...8.......X...6...9.......9...'.......&...B...+...+...J...6...9...9.......9...............&.......B...+.......J......GetOption.SettingsDB.utils3overlay_ui_handler: Not a valid browser type: .err.log.core........66...9...9...9...9.......X...6...9.......9...'...B...+...L...6.......9...B.......9...B.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...'...)...B.......X...6...9.......9...'...B...+...L...+.......J...Doverlay_ui_handler: edge onboarding from process start disabled.edge_onboarding_option.GetOption.SettingsDB,overlay_ui_handler: Locale is not en_us.en_us.lower.GetLocale.utility,overlay_ui_handler: Browser is not edge.info.log.edge.BrowserType.BrowserUtils.utils.core.t.......6...9.......9...'...B...1...K.....Apackages.builtin.on_search_ext_warning_coachmark_exit called.info.log.core...... .v9.......X...9.......X...6...9.......9...'...6...9...B...'...6...9...B...&...B...+...L...-.......X...6...9.......9...'...B...+...L...6...9...9...9...B.......X...6

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6212
                                                                                                                                                                                                                                        Entropy (8bit):5.812453316751698
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:t9fXZSbmxcJgeCmxqW7ycZkJ09g/oxhemfE2hKxfaST:tdwKPHcZk+9aoV82srT
                                                                                                                                                                                                                                        MD5:16677949C91948032149FAEC0485934C
                                                                                                                                                                                                                                        SHA1:A674E14E93A01551A0002CC958829823649A5AF3
                                                                                                                                                                                                                                        SHA-256:C06933A000FF7F3865A0229D1D4458985C6C71A074D39BFC81233A17B9ED9504
                                                                                                                                                                                                                                        SHA-512:5DC2C0EB632B9DD041AFEC971AAC2CBA74569887AFC965D4A4CFD7E7BAAD0CBA55568EFB884ABFBFF28A673C06247C958A97FAC1ED7B10894F8C443BB786593D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........!6...9.......9...'...6.......B...&...B...6...-...B...H.......X...-...+...<...6...9.......9...'...6.......B...'...&...B...F...R...K...... removed=packages.builtin.updateSSToastStatus: toast for browser .pairs.tostring6packages.builtin.updateSSToastStatus called with .info.log.core-.......5...8...L......._ie._ff._ch._msb._edge.........5...8...L......2Global\{8DB68CEC-1C6B-46B8-8808-90838C14CA3F}2Global\{F84F0E05-209D-427A-A977-A5AEAA90EEBA}2Global\{64C7DD73-FBD5-4B1B-8A82-B49950F36A97}.........5...=...6...9.......9.......B...6.......9...'.......B.......X...6...9.......9...'...6.......B...&...B...K....tostring:Failed to trigger LogicMsg browser start on browser: .err.log.OnBrowserStart.TriggerLogicEvent.utility.encode.json.core.Browser....Browser.........H-.......B.......X...6...9.......9...'...B...K...'.......&...6...9...9.......9...+.......)...B.......6...9...9.......9...+...........B...'.......&.......X...6...9...9.......9...+.......)...B...X...6...9...9.......9...+.......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-close.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):379
                                                                                                                                                                                                                                        Entropy (8bit):7.24199845007647
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPW/E8kQoywGZy2QuloYCnWnXmYFOwrMFOfzs9fOPrmi/MsTjWnDU4p:6v/7uMpQoji+YCnWn2lwAAfz/jmiU8SP
                                                                                                                                                                                                                                        MD5:0D006D29C298D5D75780C5514DFD7E02
                                                                                                                                                                                                                                        SHA1:47231ADF89D53E452EEBA1A7A4F6F51697B93C4D
                                                                                                                                                                                                                                        SHA-256:CC72D82ECF19CB08D92F5EA6A612A12FD54B86D8E6AD1019D3516CAC0E90353A
                                                                                                                                                                                                                                        SHA-512:B35A08D6FB781DFEEAE99CA78F70C85517DCEC702E59A920967AD146C38B06442C95FDE021EEBB47901CA9D8B4B3DE3E2192DCA910C68497D5D4F5E721B5F35A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............V.W....gAMA......a....2IDAT8....N.A..GLL.....U.....Di.....k.m.S.<..`.&.....M.u.c.......~.........N....\.x....|.....z.X.......)(..?vDzF...q.h.B..r..S.....j.=.`@8.A....F...g...._ .E..*!.Z...aV.IL...z...?. r...q..j-..0{r3Y..M...m.)....Z..^....$|..... n&.....RB.1...v..~.#..t....4..k...E.........~M...S..>.S..&6t..oB.Y......C.Q....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):366
                                                                                                                                                                                                                                        Entropy (8bit):7.181473502943194
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPUyCfW1DINGm00Q6GhmVMWW5tDGMYmw3H0zPsXFdCkhY1+8EtWmTp:6v/7yfW1i700sMVI5tDGMX0VdCWY9EZ9
                                                                                                                                                                                                                                        MD5:808F5E9FF7B694D5926CE6CFFA336085
                                                                                                                                                                                                                                        SHA1:58C5D8F14FEA91E715F8B3CB9B84421FBE99317A
                                                                                                                                                                                                                                        SHA-256:5331E5CCC4E6F8082F7AAC9492FC3DF5CB810087E6F0CB71D99B1582E233A61D
                                                                                                                                                                                                                                        SHA-512:E2DC4A40D8BD68D7DD31A002F480F3D0C5ED7433D0CB6F966EA11D437FD38A2B12C3F9CFC057DA9118E05BA5E81C1BC0896C5844D78F256084AC81554FC89A82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................gAMA......a....%IDAT8...AN.0.E..`i....+.-.....(..E9GO.[..._e....P!.....x<v.4...m.<v,c._...?.....*.p..p.7...d..-T.....B..p.G...m=a..Y3.qm.B..m.WWq.p.Q.C..^.w......&bd....^G..W...TMM.....R...~])...]$.#.jA.Qq..<o.....*..-.M.-.j.k.8..>..b.....w.-.Q..|(.&~..M..Y.>..=.:..Y..n.....S.&....)s.c.T...v0.%..!.Y...J%....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):617
                                                                                                                                                                                                                                        Entropy (8bit):7.536368903712138
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7y8A6KCbdR+rqKuKRLIRBG9EtiJjt+KxqMK:R6JrXe+BGkiJ4z
                                                                                                                                                                                                                                        MD5:112768C9A06EA1AC8783E7EB786450C3
                                                                                                                                                                                                                                        SHA1:15312DD4FD8F87FD23725531726261CFD73888C9
                                                                                                                                                                                                                                        SHA-256:3AA7CF0C447D88B8CE2C2FC0B50E80E49851217D0CB3BB7D4E38FC22209DEE03
                                                                                                                                                                                                                                        SHA-512:87E13AA38498C7E76EA9B017A893CCEF4819FBC13EB387C8A4946C721EAB176A44A5F3B181FD23AC2D16943D12B452EB8462FE7A57F6572EB047F3876BD2CFEE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................gAMA......a.... IDAT8..S1k.Q...K.H...p...TV...../'v...6V.U..PP.;q...H%.&V6...!.i...;~.[&..q.,taw.....f.........z.G....j.Z..Gg.dg..F.l.I.oX..H2.t.\T+...A+....vD.\...6X.....\.R.-.v.{..>....|jb....@7C..Q l.]....A.47.....O.X........$C......p.*_.d&.......M..?m.!.,.C.a......../.8...@n8gw.....@7..1.X.p=......._67.V...a.)...V&....a..R^.b..eN.Q.>?.j#4..A......_C+...A..H?....,o:.>........g...[._...d=\..^:.~.?......A?.cN.,...B.q..M..h.7.I.pT.T.4[.o.o..*.\..m".. ....6.0jk1..../..o....J>..6...C.6l.q.)1..N...s.....^..Y6.p..7......,.....:...C..y....IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_off.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1523
                                                                                                                                                                                                                                        Entropy (8bit):7.849513030462221
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:4V7JCN3mFRJOJsHKyzBNqS+s6snN326HGGeV6CouULfX7GBo6Bqy4XoRE8ndBAQe:507Zzas6s9lH06EUSBnBqy3dBAPl3
                                                                                                                                                                                                                                        MD5:0A57D1C2AF64AE52DF0CC5AE10897E72
                                                                                                                                                                                                                                        SHA1:923C6AEEA726F5BDAE43F4837C7FFFFE34E90B90
                                                                                                                                                                                                                                        SHA-256:541865D3715C481C1C111ADF0729928E0F6DE4A6B8E1687BB2DA2D26166E8C57
                                                                                                                                                                                                                                        SHA-512:2466E5EC410C6A9484A792B5F431FE3A527A04C01127CF11DFA6AB2ED49860FA052DC84C8AB61441359E03E2DF62341CD7E05F3CD94612AABE1E37564521CD38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X[lTU....;.N...R(}D.-..CA.1.T[.`L4..5~k...*.|..~.eI0..DA..H../..6..VZ.J....:}..{.......bO.....Z..}.>C.P....F@..Zi:z.X..v.!.-.*'.*d..=.%i...m.d.}.d_].E'..}.J..t....c.......7M.T-.$vF.. ....U.....M..2..}..$.P}.....:....[9|..KBx>7.=l2..<ZS.O..fQ0.M'..iht..........".zV...xB....-.8..P&.....s.B.8..+..ris.......s~.M.......{.<^.M....a%a.<...5.}*......y.|.g.OW.QmU..qu...E....$T....."...e9. >j:.*';.=...7>YJ..+\.NU..z....x...k.dB...!'.]....P.......$.....A.[...i...[....M.|#......K~.|...H.;.@ei!m.. .gd......QLz..S.../..'....^mr.......(..|.`.sf!7...E...M....x<C.t2..:e.n^.D...SiqA&.......a...?.i.....D....}.q#....p...I...nl\...|j..s.s.w").a..Wm...$x.A......8.)......_.i..a...q..$!gb...U$.%...o..X.O....D./.....4.[X..yG]../..:..d.%....................-.g>_....h.$.%b...l.....|7\..>.j....[_6'aSs.:n.'...l.|.z.k..h....yu...TU.r;Yv;.F.b.38b..s..$...L.5.....r.9....)+.C....K......'g(.....P....,#..C..F..!

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1568
                                                                                                                                                                                                                                        Entropy (8bit):7.855339992904692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:URY+DGIp5LXcjQxWPQjWqIiU27j2NbCYv0WGYKmUjDeQuksU:Z+DfdXqQihAv/WGYBFQuksU
                                                                                                                                                                                                                                        MD5:1CCDA19F6B165F0487EBB6C65E870492
                                                                                                                                                                                                                                        SHA1:3CB6473AE58648F9E6365DDD44EB6A24529DD55B
                                                                                                                                                                                                                                        SHA-256:8A3C7A2285AF72210C4CEDEB87701596B05C96A435E200A1BC3F0FE1947DB566
                                                                                                                                                                                                                                        SHA-512:D681758B205597B043FFF6F8BE779B5D05E37708FBCC9C08C88DA963B2B4681C33BB3E3B5912E8DF0CAB819A89D520BF1D21DE1C7B7499B5738AB0D557329C57
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X]l.U.~.um.....l..!.i"..8...J.@....+.....41A\.K.B....;.:T.1(.B......(l.u.l.m]...k}.....n.vr.....<.{.s.{..[.(..........w#.z.....F..)8...T.pL"V.e....g]...C<.....K..eq...0.o..S.g..T.E\.I.3%.....Mh1i.3...O......fG..Ez.J.....g.t.6...O.H..J.W...;..P........?...,.......H.......$..V$W....B7Sn}..e-.'i..=.....k....3::.....8.p%...6.g)1OT,.L..W.84.....u...7v....!$E.-....j%L....C.T.....&.-~N.b.wZk.y.......:3.W....s...w...1....a."..Z...n..1!........J&/x...b@.=..}.U..rTF.a.....N...A761?q=..~ZID./..Q8.s8....U.m%......3.x....D....2.7V..C.....}..Mj..y....\e..`1.`...Y..i.*I6....o....5..?.kzz.dN.*.......9.........8,o.%...5T..o..cH...j,o...5.Bz.;......<....x.x.._nq...<.{V..o!..!.....S....tx.\.U............u$j.>.....4.....H....F.,..b.Z...R]2}WP.,1L...m.........W.....R)..a..Nl%..s&....9S....F..:q.`..1....b......j%..S..<v\J..]..5z>?=65.Qf)....hd..rx..QtS...pR....r>..G.J.Qj..]Yn........L......L<*..T..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\toast_impact_close.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):245
                                                                                                                                                                                                                                        Entropy (8bit):6.356933018581735
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPe/6TsR/h2Ogt2PfVuymklNXULhg+/qp:6v/7m/6Ts/NutyJlNn
                                                                                                                                                                                                                                        MD5:BE47EB430418C03DF89E2CA140BC1325
                                                                                                                                                                                                                                        SHA1:A099F0ED4114F8476D6558BAA30E3DDFDF0512C7
                                                                                                                                                                                                                                        SHA-256:F651001BDF0AD41D9BFB7D5942F136CE75ECCEF744752EE72934980B8ECFFA4F
                                                                                                                                                                                                                                        SHA-512:AD150D115D35F1F796BB0E24C61FFAF72401FE2857A0A4475A2CB7E36325A5130CAAC1F167628E26C7AB6D053B7A3757D57EA3A07C71FC14FC848CFD2771232E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....pHYs.................sRGB.........gAMA......a.....IDATx..S...0...$..F....J&.i..X.b...w.|.pXJi*.N.|..-.."s.Y.`...MX...._.6.mU..aD.0FY*.T.O.....@C.o....&A...Y..C.Z..G...D..5:....9...s..............IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\twitter.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):473
                                                                                                                                                                                                                                        Entropy (8bit):7.236375221337779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/74/6Ts/fWEpw+mmdlVkAV7AnpSvLkXfwtelX8EFQgdPjSTFN:x/6MWNmXVfV7opSYp8eZPev
                                                                                                                                                                                                                                        MD5:640A9A68216D3ACE0A04C70F745760F9
                                                                                                                                                                                                                                        SHA1:DEF457CF4CC59B638CB4C988652925CBBD7A972D
                                                                                                                                                                                                                                        SHA-256:40171CFFE5FB5BBFDA44569BBF7BBCB3848ECEF6A975CCC237F475B3141CCF4D
                                                                                                                                                                                                                                        SHA-512:A1CFC930207C1F468D423F072CB80CE6D6BC2FE6E8ED54A8A21386445882E9A922BE55AE627330E7810EA3BEF6108F06B4A2E0A3E62EDC659E1992046FD9D8C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....nIDATx..J.P....&........8...... .=|.}...y.....A.X.5.N.P.&1.{.X...B&...$7....O.c.,x..D1x.@q..P0..a...:.Zb..%.........%y..Gp.X.9...ze.$p.UQ]..~u*Nt6,....3YX..F...2.....O6..]...]+#r...`[TzyP......c......Py.... ..j).......5uD.c*......?..1.;..3.x..P.gA..3..=.M...ns3...C.U.L....VO(.............tq....WJh-.o....0..y..0..-u%.+.g......Z@..V...-...P..{....I........IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\upsell_toast_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3856
                                                                                                                                                                                                                                        Entropy (8bit):5.6360979059558725
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:lVvGHx5uXl00jS5p2KCM49vcyp/4tx5CZ:lVvux5u10Jp2K/49vcyp/4txsZ
                                                                                                                                                                                                                                        MD5:6AC96189F04ECC0DDD7543B3BCB5EDA1
                                                                                                                                                                                                                                        SHA1:AF824CFD27B8819B12C5648F471B3F6EA86A1007
                                                                                                                                                                                                                                        SHA-256:C1E3CE4ECA27AE14EDC15E83DA7F8129149DC5B0F2B74FA17AF7C25E1B1378DD
                                                                                                                                                                                                                                        SHA-512:A97AD2EAF9DFC6DAE2A142D1F149D395FF7E30C5F6DA113F6215DCBF6611F2928F368DE0EC2B4349693ADB3F616BD1A44EDCB6E50A4A26D12751337C2A77FF1E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..X...........X.......X.......X.......X...+...X...+...L...+...L....new_tab.browser_launch..........D6.......9...B.......X...6...9.......9...'...B...+...L.......X.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...'...)...B...6...9...9.......9...+...'...)...B.......X...6...9.......9...'.......'.......'...&...B...+...L...6...9.......9...'...B...+.......J...Hupsell_toast_handler campaign one: show campaign one - take_a_stand., do not show campaign* equal or greater than xml threshold 9upsell_toast_handler campaign one: client threshold .threshold_take_a_stand.tracker_take_a_stand.GetOption.SettingsDB.utilsdupsell_toast_handler campaign one: Only browser launch and new tab are allowed for campaign one.new_tab.browser_launch>upsell_toast_handler campaign one: User has WSS installed.info.log.core.is_suite_installed.utility......&...9.......X...6...9.......9...'...9...&...B...+...L...6...9...9.......9...+...'...)...B.......X.......X...6...9.......9...'...B...+...4...J...-...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell-logo.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 150 x 314, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):42124
                                                                                                                                                                                                                                        Entropy (8bit):7.989049214597359
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:LJZubuFGvQ0hVNPAb14MPMrY0iJyMXbAjw15AIJgW/8QjzastNBmwQ:LJsbu0vQ0hje14M6iJy+sE15AegW/8c+
                                                                                                                                                                                                                                        MD5:6F1B48189D2C835EC68CC9C30BA53360
                                                                                                                                                                                                                                        SHA1:93D78939DA261C4D7CC06E8B8341D9B3D93CEEB3
                                                                                                                                                                                                                                        SHA-256:29ACC284AD48147B1B5FC3F6F8E79F8D7481002E12B7D0B631DF91D9D22E5749
                                                                                                                                                                                                                                        SHA-512:D47ADF288217FFC8AE2F6D9DE1A2FF5E240355EEF3E31F3B204C16A226ED7470D60021E23F155883A9F77275FD1712994565B58392694CEBDC4E28BE7F3AD1E3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......:.............pHYs.................sRGB.........gAMA......a....!IDATx....e.U...}.My.%.F..b.fK.%..........H..@../$|.../...~.. 6.d06`.{U..{.......Y..g.....7..aKo....*......7?@.B)....|...w......}..X..Q......Ju{.k#x......sm...G.@...R...)./m().Q..mwM..'............w....z}.;Sk[Oj\;G........A+....X....g.U..}g%.?..z..U"..A....t.....F....i.4e..X...4..L..LZ.b.. _/J."..6.~.QJ.8EuB.."A~.....j......%VU.sF.i..;....m....|@3.vJT.6...R.S.[.I.m.....=..D.6?...h...]...^^.........X..[.Z.0..BT!<a....TQ.xr...2K.......D. ...m...).xf..<.D.#.J.K......qY.;f.h.U..yfZZ..J.p=...R@3.E/..8..U.:t..W}.4.g=-....4.G7'g.:.\....5J&\4..Ip.....Pk7.........l..f).*.G..yh.D...?~p.0..k5_0.UT..E.L\T.8q..\.>..Y.r...o.B..k.n...jV{....!...YH{U..Y't...b5.A...5..........9zZD$T../.F..Kue.....z......un.h..G..J.!$ru..2......0..n=........U.0.....Qu_.....M..7.@.4.v..3bQ..Q5..zB.}..0....^.L...V.!,.*...D.^.3..._j.....t.(PC6.... ..c.......M.P....H..A.x...........J.#

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1957
                                                                                                                                                                                                                                        Entropy (8bit):5.224489224997974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UoZHx4Yli5FZSFIuMDWlYOlZiIpd3aT3Vh:xANxhi5FUAWlYOl5TgVh
                                                                                                                                                                                                                                        MD5:9258BA3600419406F7E183F94F771288
                                                                                                                                                                                                                                        SHA1:DEDF2D6A5292D401A0DCC9E45E8E0267C01ED721
                                                                                                                                                                                                                                        SHA-256:73ACF251FAFDFA292798592F76DF143DA316D5060D69BE6F0B27FE4F04E7F0BA
                                                                                                                                                                                                                                        SHA-512:2EA19EBEECFB261464E9C534784F23DEF54F9E1BBF81A5825ADF7590A9F13A9C901712A341E6F686057CA1B075F6435F70C8A1665A9539D6E41E64EC1D310CA7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 16px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. .. width: 510px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;..}.....balloon-I {.. height: 314px;..}.....balloon-II {.. height: 370px;..}.....balloon__card {.. background-color: #FFF;.. /* height: 314px; */..}.....balloon__card-I {.. height: 314px;..}.....balloon__card-II {.. height: 370px;..}.....card__content {.. height: 100%;.. padding: 16px 20px 24px 24px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 16px;.. line-height: 24px;.. padding-left: 24px;..}.....content__text > p:last-of-type {.. padding-top: 18px;..}.....content__text > h1 {.. font-weight: bold;.. font-size: 24px;.. line-height:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2077
                                                                                                                                                                                                                                        Entropy (8bit):5.280478899465003
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:oOjEJneCWIuCFf7P7d7DtIrINqIdmf925n:oAcNzh
                                                                                                                                                                                                                                        MD5:A697B2EBA55579E53AB8DB181464ACF0
                                                                                                                                                                                                                                        SHA1:5C0701C03F3116FF426A1DBD6462134F84A4DCBD
                                                                                                                                                                                                                                        SHA-256:41DAD7EB15C37B66EEE8468CE1B6EB4DACCEDA19DAFB443C63535F0417F2DF34
                                                                                                                                                                                                                                        SHA-512:6B5F8F2B9430BE930D4844BB71C5740B08C14893FAD5041A512F2AFD9A41F56C5F59B47339539DDC962FF15D977C7D4B700607ED041A9A1C32188752FA7D78AA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.js"></script>.. <script type="text/javascript" src="wac

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6225
                                                                                                                                                                                                                                        Entropy (8bit):4.847133725834372
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:4G3AXPfTEzni3R4uISETACySbd0SE13z8acglmVnIJ+BH/jyjsHbXk+S:4oAmMR4FfCSERz8k5ymIHbX8
                                                                                                                                                                                                                                        MD5:D6C8CC13701C775D284B64EE092E2F58
                                                                                                                                                                                                                                        SHA1:85A34878B9AF5DE6DA90F28F4BA594F1904B0449
                                                                                                                                                                                                                                        SHA-256:E97FC42096CFE51EBB08886EA5610BCA34CB32EF48E3467CE536DA5B672B31D6
                                                                                                                                                                                                                                        SHA-512:572ED0A8EAE0B3A2BA60C414C348E04EABFA13B243D2B55475047237A87FCE8259745BCBAFF864C5D801A40F1B7D9A6EF81C8C87A6C61BBC118B3A1EEBA84498
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Amazon Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. contentText2: $("#content__text-description_2"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. footerLegal: $("#footer__legal"),.. };.... (show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("toast_data"));.. init(payload);.... _window.show();.. });.. }),.. (init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.UT

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1484
                                                                                                                                                                                                                                        Entropy (8bit):5.2570066123881105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:xmp5UoZR3xQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUMDDhZk:xmp5UoZJxDHF3uBjFloZKY+YfnHcQe5a
                                                                                                                                                                                                                                        MD5:6088A70C31A8B9134A2C6D529F839A3A
                                                                                                                                                                                                                                        SHA1:A75E579FF498A882C632F3858B0F9EF5B267F607
                                                                                                                                                                                                                                        SHA-256:0F281780F995BF68027C6B46748BA2D28FA7C5573EE3CD2EA5953020CAA62725
                                                                                                                                                                                                                                        SHA-512:4C4D8FB9F5698E9A3DDC94AB83702A839EA7BEC3B1E5070ABD86F38133C7DEB90CEFD13754057520868E29D8C8E0FBA83D68497AA9C53BA7E28D1B8188FDB048
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1951
                                                                                                                                                                                                                                        Entropy (8bit):5.233556651781954
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:+swDjYARGNVMr7xnVMr7EVMr7VMr/VMrlmVMrkANVMCqAedml3+u4wXRM4Zmm:NOjXxuneCnIJCa63+W7
                                                                                                                                                                                                                                        MD5:BA20DBA8B90703D038C65534AB91B4DF
                                                                                                                                                                                                                                        SHA1:8FE88D2A374B79A4AC402E4E272E5857BD688422
                                                                                                                                                                                                                                        SHA-256:7DBAA7CD21023FC0B42E8315699B823C2014E60C5AEE0537D85DE29892BB24E5
                                                                                                                                                                                                                                        SHA-512:48EAEC6A2225EE07F09DFBF8C2BA0DB55428D76728AE614ED4E12F33C97EB77C4B21BB65CF800BC663C9A08A6BE49529126F733E94C0D8CD68FCDE6A49C36D92
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.js"></script>.. <script type="text/javascript

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.145604550339843
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cMAozDAQV9PqREed0kMTJo9QV9PKgMaGXQfq:vAODAQnTeurQQnzMaGXQfq
                                                                                                                                                                                                                                        MD5:925511DEEA2F45D1E40872CC5DE758A7
                                                                                                                                                                                                                                        SHA1:7A42C1CFD38BDEBDB043BF364AF44EE9D1505CAA
                                                                                                                                                                                                                                        SHA-256:7E0AF3865EB4318AD58A053F930325DB2C748548121DECDCDA35B471584787D8
                                                                                                                                                                                                                                        SHA-512:4B5731856034E0268398704817766A4BC18E6801E8326D6E449F6D0F42CB80EE291AA1DBDB5C491F4BC45DD09B44557CB91EC4856CB8643EDE4C568EB0ABF5F5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. },.... show = function () {.. init();.... _window.show();.... // Send telemetry 2.0 for dialog balloon showed.. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(_instrument.getBrowserTypeCode()).balloonType("WAOverlayOnboardingOpenExtensionPage").Serialize();.. _instrument.sendTelemetryEvent(telemetryEvent);.... //Send Telemetry 3.0 for dialog balloon.. var browser_code = _instrument.getBrowserTypeCode();.. var screen_flow = browser_code == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browser_code == 'FF' ? '300.1.2.1-w

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 20 x 20, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):743
                                                                                                                                                                                                                                        Entropy (8bit):6.485906014360001
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6v/7MRUwaBLht3zHOuVKg7/6Tnpb+R2pi5IDyc1RX25gbhbzS5/IEMS:kwaZht3zuKKC/6jptpAIeEoglbzegEMS
                                                                                                                                                                                                                                        MD5:1ED7DBC29E984E621DB85633607A39EA
                                                                                                                                                                                                                                        SHA1:77CF88D52CB9A32A8EE377E37DC2CA70EBC79143
                                                                                                                                                                                                                                        SHA-256:C364887E094D6235A4FD5774D7CB5D9631A2983C8626998BAD8CA294BC446A19
                                                                                                                                                                                                                                        SHA-512:57CB41F770F5586041F9FCD9E934FEF894301AE8DDF8EFC498E2743FAD006D5C0D4AEF7D2A2086A9D3E60FC08B02AD2505D02E95B039786555522015EC9C41FB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............W.?....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE............................................................................................................................tt....WW.ZZ....[[................................r....%tRNS....#BSR$.7}....~9.k.....l.y....z.....>....bKGD...-.....pHYs.................tIME......*..uk....IDAT..e...0.D%....;f.@ ......,`.r.]..J*.Z....jl.3..D...M..q.....(b.."I.6MD..=E...e;..{.<*..X."..$..}..r.el....-..z%..(.^#.f..H...07Up.S0u...a.8.r&#<.N......r9..H}..R4...R...]Y.).3...S.....U..TW..+.z.).3...(.....s..m.....5..3m8....&1@.....%tEXtdate:create.2022-02-18T19:30:12+00:00z.a....%tEXtdate:modify.2022-02-18T19:30:12+00:00........IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-status.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                        Entropy (8bit):6.92410222781354
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPW/ETnWvTVFX9ls1mDf0J7KzAvC7gnh+i25wp9M+S+N0XXnTp:6v/7uMTWrVFtW1mQJe7ib2uPSjX9
                                                                                                                                                                                                                                        MD5:527825CC6A463D4D1A8E7019B4773D02
                                                                                                                                                                                                                                        SHA1:C58CE479BCED1BA8B47339D6A9867E3D75A96672
                                                                                                                                                                                                                                        SHA-256:87A2C49BEFA3F59750E91A1FCE86FB9AC9BA928A04D4ABE1A7BDFFB25883EC2C
                                                                                                                                                                                                                                        SHA-512:38DFD2D59C8D8A9195BC9D45E45A71FAAA69AB3E7C4777F3A448C31A95D44AA3E97303EF3FABAF13B3BD4F7DA1BCC6269B8A6A668EC758E28EBADCE2F949D0DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............V.W....gAMA......a.....IDAT8.....@.E.I@....V.AK..K..[.`..zQ<X...EP..&.a3D../..cg...a...o..v.38@.s.|4.....`.;....a.G....k.m".....w........&...`.{..C.2q]jx...l<)OC%4.....'../H.+!y..S].,A..J..stM.^.M[.....2....^...T.(J..7.?.....t.QL..r.........IEND.B`.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2631
                                                                                                                                                                                                                                        Entropy (8bit):4.9856029228546825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:csYzTlGNVMz7tVMz7EVMz7VMz/VMz8AVMzjVMzlpeVMzkzAZZAVKkgrVMzksVMzR:3OTFMv26ITWBgkqlgPgOCF/ehQORDIa
                                                                                                                                                                                                                                        MD5:13E39F6CAB6B31C592941D965C8A8FC7
                                                                                                                                                                                                                                        SHA1:5A45023E46A54335BBE064EA4B794B85F573B474
                                                                                                                                                                                                                                        SHA-256:7D7E42F74B7C4A224AB14CAFDB594FD01FD4E3289D0AFD7351EEF10C6F1297FA
                                                                                                                                                                                                                                        SHA-512:A4D95B3C19C141234FD402CCD5488019E0C07ABE4634843BD9700963BE9AD97EAD229AFA99A3D8B0E15A97B781245B201EA204E5E08B79CF1CDCDCE802DB86A0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="w

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (339), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23342
                                                                                                                                                                                                                                        Entropy (8bit):4.07024810101501
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cD3PO1JLwhGbm4Ny+e8yfCwh/ZfiuLeeYjYWUUQo6La+Z13ej4:Y3PO1JLLbm4Nylj6uiuLaM5ZRV
                                                                                                                                                                                                                                        MD5:0B101968AAFF1F385EADA158A17913D7
                                                                                                                                                                                                                                        SHA1:98845CC992EBC85DB0554BD38FE4245229C4E34F
                                                                                                                                                                                                                                        SHA-256:31564A46047ED1FC8B6F106B026640B3BC638027ADB1341BA12EADBBDA5BE937
                                                                                                                                                                                                                                        SHA-512:1E0F8A3225FE08E3CD098BE63AE696FDE9415216CD8FA1F26EF3C5301418EAC78C17033B5A0D3AB97510A4D33975889ACE50116AED270FEDBB8CC056DBE86C3E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "wacore:mfw\\packages\\builtin\\white_timer.png",.. alertImage = "wacore:mfw\\packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):802
                                                                                                                                                                                                                                        Entropy (8bit):5.273846686579106
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:xmp5UoZR3C3dDUUhiLKyFc43bZRmAmlpe:xmp5UoZJkxQ3SkCe
                                                                                                                                                                                                                                        MD5:7982B9C20165B033BE1F88883AFFA82B
                                                                                                                                                                                                                                        SHA1:4DE4FE6047572D42CCAEB853D3D1DFFF4DF98775
                                                                                                                                                                                                                                        SHA-256:076ACF0EEEC89A28E08C9096E024050AD9B430540B14BFE0FDCF0E26DBD8B354
                                                                                                                                                                                                                                        SHA-512:325A2D4B9BB08C74CC7376DB2A4BB2CB97771FB4D47475280E78DB5E218AF279DDD8FF9CD19C7FA493F780C056B0766D69455456FA94B1D8DC5D64EA38485925
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//DE81568F6ED362F40C8AA13CCD4AA864BDD000DCD92046680306FAADD835D823DCB064C0CC61324739AF47CDD078C1CE6A50AAC20E82D6C3CB70C708DA1C31E0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1888
                                                                                                                                                                                                                                        Entropy (8bit):5.253488759268173
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:+swDjYI2GNVMr7RHVMr7EVMr7VMr/VMrlTMNVMrkANVMCrnr8ymTQogY+ORMqOJK:NOjPOROneCZNIJCzsTQ++yPeGXJn
                                                                                                                                                                                                                                        MD5:27E7E89B1309E2B98AF7566A758A3158
                                                                                                                                                                                                                                        SHA1:FF30BDE28CF47D39E2583E004A62F4216348782B
                                                                                                                                                                                                                                        SHA-256:36149116DE6D38C83D0A25A8FD8B67A8A0F22DA3F00EF53B26FF0A64422538C0
                                                                                                                                                                                                                                        SHA-512:8ACB3E0888118DC56A8ED3A8EBF4035C78EC554E6DB32291B0721A3EA61A65B12F2C69E79D4F0250D25F2693F64A1FA015BB0B13F3A5061A760F3B6DE7ED20B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-dialog-balloon-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dialog-balloon.js"></script>.. <script type="text/javascript

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1653
                                                                                                                                                                                                                                        Entropy (8bit):4.925375952741318
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:3JYmsL0yXFeRZ7kkbslksjsjjGbb+CDBXRDDNEVRK1tzZtg77OgKqDuGe2Tve/e:9ByXIcrH4fGbaYTEV6tk77OgypgT
                                                                                                                                                                                                                                        MD5:8333A157EC93C4BEC232C6F26A8FD583
                                                                                                                                                                                                                                        SHA1:BFEF15CE5A6CA45AA8C037BED585F999B28AF22A
                                                                                                                                                                                                                                        SHA-256:DC9A69C14E9E2B062613A635CD44DF4096D300305419F9D7BDCA527AA3DEBE95
                                                                                                                                                                                                                                        SHA-512:C9F0D0180E326D08BAE7BE15744304F8664D7616390568DFC6FF16399499F54644A991B7126947B660FDE742D5923F51AEF0A8E750277D561FD7243A79D9249F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:#wa-dw-toast {.. height: 245px;.. width: 425px;.. border: 1px solid #B1BABF;.. background-color: #FFFFFF;..}.....header {.. height: 20px;.. padding-top: 12px;..}.....content {.. border-bottom: 1px solid #E6E7E8;.. height: 132px;.. padding: 12px;..}.... .content img {.. margin-right: 8px;.. }.....content-header {.. margin: 0;.. color: #EA1B24;.. font-size: 14px;.. font-weight: 600;.. line-height: 33px;.. text-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.25);..}.....content-text {.. min-height: 32px;.. width: 99%;.. color: #53565A;.. font-size: 12px;.. line-height: 16px;.. margin-top: 8px;..}.....content-footer {.. color: #53565A;.. font-size: 12px;.. font-weight: bold;.. line-height: 16px;..}.....content .body {.. float: right;.. padding: 0 0 0 0px;.. width: 99%;..}.....footer {.. display: table;.. background-color: #F5F6FA;.. height: 56px;.. width: 425px;.. padding: 0;..}.....logo {..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1693
                                                                                                                                                                                                                                        Entropy (8bit):5.119582502459711
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:V2sY0TYttGNVMz7tVMz7EVMz7VMz/VMzlGVMCqEjIYckUPiS6vw5n:3XT0tMv267CjjKkUPiSh5
                                                                                                                                                                                                                                        MD5:780203E1E2E92D762F56624CD1099FED
                                                                                                                                                                                                                                        SHA1:984F3F06630A6D46C019E4A829DD0156DB8C481E
                                                                                                                                                                                                                                        SHA-256:9FDF3A217679FBB54079213DA7FD8C9157F9D06F4E7192E9D9FD5128D11B7DB5
                                                                                                                                                                                                                                        SHA-512:41A036428F80A945A539BB5A65D742B98BE5A3FC345A271670BB6CF62352A3D987C292B2327200F8A99DC9526BFD4E139D8F119C6F7641FBD461C2C64B694FAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body oncontext

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2137
                                                                                                                                                                                                                                        Entropy (8bit):4.906784688797724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UUzf2hkRg/q4HWcJ5/VFeICFeI75jYKubJsbnbIeIpq7Hfh5x:Uh2gy4HWw5/jC75jYbJUba87Hfh5x
                                                                                                                                                                                                                                        MD5:D795EE6A860972610929788A98B215A8
                                                                                                                                                                                                                                        SHA1:3D39927375C95ECA7F6B59A0FB39515B37A8F403
                                                                                                                                                                                                                                        SHA-256:39973EC6629D9EBD0C1687C2E76A0528D79DEA2905322697C39C0C0CD522B294
                                                                                                                                                                                                                                        SHA-512:DD50876C0FC00F45FEA84B2396B435B1A5B81680FAB97E7100C11C1DFF0888A47D56693DD1C84663814FD38B78870F5C053AC9DF25776DBE2B74016E06C97F04
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;.. }.. .. h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;.. color: #383434;.. }.. .. p {.. font-size: 13px;.. line-height: 16px;.. color: #454545;.. }.. .. .main {.. text-align: center;.. background-color: #ffffff;.. height: 210px;.. }.. .. .main-logo-container {.. display: inline-block;.. }.. .. .main-logo-container .img-wrapper img {.. max-width: 105px;.. padding-top: 32px;.. }.. .. .main-divider {.. display: inline-block;.. margin: 7px;.. }.. .. .main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2618
                                                                                                                                                                                                                                        Entropy (8bit):5.083657186997122
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3XTL/v26Tg88ChnR+5WbeIwEeIYOz+S2MN:9nXb1Dt2MN
                                                                                                                                                                                                                                        MD5:EFBC88E17FE44C149F377F31588BC494
                                                                                                                                                                                                                                        SHA1:CD9D378A679F50E622E163C0645E34F6CB14D90D
                                                                                                                                                                                                                                        SHA-256:CAD75AE3CEB6FF0AE2F00ED0B9264F69FA4E3DEA441059D6553142D4B11D7832
                                                                                                                                                                                                                                        SHA-512:3D8C8D3385EBB86A2AD420DF2C03FEF83D44E91A1F57E32C00CD31C55EE915452A389F59E0FF299D3150EB7E0D29AB3BC658EAAD242F16ECB67966C7C2C08F37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ext-install-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.js"></script>.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4309
                                                                                                                                                                                                                                        Entropy (8bit):5.300966298097835
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:nPT2likC/JkhmmVkH0zf6lui5TF2csEzkb0WDnt+lkz0tRZB7oq:SMvuhmmVXzf6gah2cBzzWDwlvtN75
                                                                                                                                                                                                                                        MD5:C48FDD6740B35066EDB87B6875A74347
                                                                                                                                                                                                                                        SHA1:916E9345E08C27BF1E4C380B76072543ACB305EC
                                                                                                                                                                                                                                        SHA-256:4794635A5B3C7179DCD6A9642F250914104C1CA16CE4F3F051905F3BE2208081
                                                                                                                                                                                                                                        SHA-512:F3763F476158084AF1492D722B864FC5BA692607069AC3E1E4A2874123E4A968A66E6B431046FE394510C62F5B14E9E11B4392E9AEA46513D2249F759D849021
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,... _instrument = wa.Utils.Instrument,... _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.. var $el = {.... header: $("#wa-sstoast-heading"),.... description1: $("#description-1"),.... description2: $("#description-2"),.....acceptBtn: $("#button-accept"),.....ignoreBtn: $("#button-cancel").. },.... show = function () {......_window.ready(function () {..............// Set toast window size......setSize({width: "485", height: "265"});..........// Get settings data.....var toastCountSetting = "ff_extension_toast_count";.....var toastCount = _settings.get(toastCountSetting, "0") || 1;............var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.. .....// Initialize toast......init(lang, toastCount);.... _window.show();.......// Send telemetry for toast impression.....var settingTelemetryEvent = new Ex

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 126 x 104, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5630
                                                                                                                                                                                                                                        Entropy (8bit):7.947897963110471
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:QSToxeyGItzC74o5BBiMAxI0Roty8QTzTuWjP4IMqQidjQFl1JuKOrzmdc4z+S3:QScxeyDtMzPBiMAxZtqIXQ6QhJZyS3
                                                                                                                                                                                                                                        MD5:F5D9337BD302C183FFE6B9613EA4E236
                                                                                                                                                                                                                                        SHA1:6C622ECF659AE65E7F6ABFED4FA831D230B51A02
                                                                                                                                                                                                                                        SHA-256:DDC6EC93BB8B7AE8C90D42476ACCC47CB7E9EE28B01A312346462AD54206151C
                                                                                                                                                                                                                                        SHA-512:40270893584E34AD27B7E89DE9466D08464A4A869D96D5CA414FADF7332BD02B7AD1F28725FA82D7EF8AF4A0973494CC8633A202F58F0A2E60933CF482591BF0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...~...h.....7.D.....pHYs.................sRGB.........gAMA......a.....IDATx...xT...G2..$<B...6.@?E...#.~U..b..Z.j......E........\...,.......A.V...A Iy.H2.y$s..g.'3.sf..$.{~.w..}.L....Zk..(A.....Q.&...`Q.n.@...j..Wz..2.I*.....f...q. .%..[..x.:B...:.....F.a.,\....O...>.t:....`.Ut...Y..34.O'q.%<..b...B.I...q.%3.n....k..#..=F.J.5.9...;o.R.^...D.N_...9...i?..~A....k.%..l.kiU.\@....`...M.`.....9.L.n.%....t...9..;YK......aT......4-......yq.D.8...>1..."...v#.....]t..i$S..$..H.C)$...i-n.Q(5];S,.Utc......6.....4.WOr..%...-D6v.\.m.m.....r......@..6..1..fQ.......`z.e...J....I...At...0.;..B......?...,...0..8.. ...n...Y..o*....r.6.b.......V...M.....v.J.d.K..y.Hq.|....~...e.=_....x.t...x.x.z.i.%4..~.k>.n..$.&..^.S4s.c...!r...].3..}9M..Mz......u..\..6....=3N.=.#.N...SQ..i\...I.<M.~AdP...G.o....A=.}.L...N.R....N..[nQ<o.8..V.&...,......MMt..a...r.[^..F'9.Ix..t..N'.q.....N8.!.8..%...t...Q=..U[+..Lcs3..j...:r.\I.'S..."9....:Q...YR.WP5[<.w.A.m.0

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6632
                                                                                                                                                                                                                                        Entropy (8bit):4.866153600276078
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:yH5SvRvxVoY2bZ8/C0jBkY52Q5YsYmgdFZR92QQ:yH5EvxVD2bSq4BksV5BLgd3a1
                                                                                                                                                                                                                                        MD5:D85127D3DE587FFAB5F4612C5AC0D3E0
                                                                                                                                                                                                                                        SHA1:FA8ECC74FD7542721B4B534D20C7AD58B8E6F083
                                                                                                                                                                                                                                        SHA-256:7CCF3BD2D7C7A9F622D9E5F610079BE908770E5CEAFAB34D0D4AB831DB9E23EF
                                                                                                                                                                                                                                        SHA-512:19A1F5960F0A83DE132FCE98363EDC5A5DF20026E4588569F2FC54AC8D0098F87BFF8CC610DC31CDDC3CCE2332DDAF3222D341CA23E7A95BE02924ECC64A0D73
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1526
                                                                                                                                                                                                                                        Entropy (8bit):5.25570253853118
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:csY0TYJGNVMz7UAVMz7EVMz7VMz/VMzlQVMzkCZVMCmFgtH1ktGW0l3n0:3XT8sTv26ZgzCJtH+Gvn0
                                                                                                                                                                                                                                        MD5:81C70765140A8E9BE40807027ACF03A3
                                                                                                                                                                                                                                        SHA1:B38B00C29D5CCE9B7D952BCDE6ADC539B942157C
                                                                                                                                                                                                                                        SHA-256:55C67BC2845D164C2D705B446638C1CD8B5F1405C52EFAC385253E8F46D0C87C
                                                                                                                                                                                                                                        SHA-512:7EEEA12B002AB2150023E5866A7B4C8CE0F58C7B0B6E67BD8DE04A25E7DDD65ED7DC0CAA58F4BBBA1CBC4CA1B246B6CB20C9499B5DFF33AEC9E9A65BF3E99135
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-options-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-options.js"></script>.. <script type="text/javascript" src=

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1594
                                                                                                                                                                                                                                        Entropy (8bit):5.194228274529295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:xmp5UoZR3xQpxsVecZa95p4H3rn39UDSyPVhilb39U0M3JtEN8vWZRVcoPuVYyO7:xmp5UoZJxRVXw9n0gA3uBHEN8vWZLJys
                                                                                                                                                                                                                                        MD5:28D40C852249E8CCF2A2EF4C7B834322
                                                                                                                                                                                                                                        SHA1:443F58B4EAB82CE3E9210C436E0DE1544148FC35
                                                                                                                                                                                                                                        SHA-256:66189FF9558355C8A92FECB357A4CCEC9859D1A5D6F85471BA08A8BE5084AA65
                                                                                                                                                                                                                                        SHA-512:857419F2399CAB87E508974FBA1F59EE4352FB5BB3D67D500829F108DE667F1C9C1037A0FE27455A224EC67F77651AB9071BC712752F246CCFB6090F4CB9D503
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}..../* Arrow pointing up */.....balloon__arrow-up {.. display: none;.. position: relative;.. text-align: center;.. top: 8px;.. width: 440px;..}..../* Arrow pointing to the right */.....balloon__arrow-right {.. display: none;.. height: 130px;.. line-height: 130px;..}.....balloon__arrow-right img {.. display: inline-block;.. line-height: normal;.. vertical-align: middle;..}.....balloon__card {.. float: left;.. overflow: hidden;.. position: relative;.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. height: 130px;.. width: 100%;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. ma

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2157
                                                                                                                                                                                                                                        Entropy (8bit):5.209091445837142
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:+swDjYiRGNVMr7xnVMr7EVMr7VMr/VMrlwVMrkANVMCrAe+xdmn56+u0INBeRMCW:NOjPxuneCNIJCO06+PCBCB8l
                                                                                                                                                                                                                                        MD5:FB334AAAA3E3DBBD708554F436BD4B05
                                                                                                                                                                                                                                        SHA1:680EDC5F128241F2DF11EBDA7E08E09E3BF7F226
                                                                                                                                                                                                                                        SHA-256:6073F12EA4B71FBC0B66937B43319256A0BBD6DE3478FFEDF9F39524C2EE2371
                                                                                                                                                                                                                                        SHA-512:C30C2A5A72C838AEB97B319FCBBD0A1AB7DCCB82427D8A9753D61D796026CD47D62871D30CC2F117124BF6B779B393D0443DD9939EFF10FFB93F12D5A7A60D3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.js"></script>.. <script type="text/javascript" src="wacore:tele

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10010
                                                                                                                                                                                                                                        Entropy (8bit):5.211113023960669
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:2Ar/3qYFqFmMKuhiXdeRh3tFuznLe7Q9HKmXxY:7SVIIh3tFc4QJrxY
                                                                                                                                                                                                                                        MD5:BA6916C132A7F76C263283D2BB7CFF25
                                                                                                                                                                                                                                        SHA1:D2CFC5C7BCF7D86EDF8360B38BB8B272CFA2A874
                                                                                                                                                                                                                                        SHA-256:F6E3E5231E66DF6F8A90391CA15587797C6BD28BD7280C5C6091E82604A8F0C1
                                                                                                                                                                                                                                        SHA-512:E453CEFDB60794A9240D01FE4E0C8060D2D1758C32473C4589772089A7FC7EDE3D2DFDCCE8F11D72D56F3860F682A1C9D636AD59885E1197BB7E1D2A8B093D55
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2101
                                                                                                                                                                                                                                        Entropy (8bit):5.2439511062122754
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UoZJx7MdDjTPWfx9gczwPpCRulmzuQ:xArx7M5TPWfx9lzwsn
                                                                                                                                                                                                                                        MD5:4749C1B1FE040DB6A5557EBE8104F841
                                                                                                                                                                                                                                        SHA1:EB93C0501A8AB32DBD3EDA5807D65DC005E1CA30
                                                                                                                                                                                                                                        SHA-256:5B5334030A16E1F2176DF94B913C34157B09C1E4C9A3DFBE97107BE1A7A794BE
                                                                                                                                                                                                                                        SHA-512:AD3D5B0819079ABBBA8ACD0F34CDD002A1CF6F5B375BC0699957C384314E5DE32F16034D4C0E9386C28140E9B64FB4850988458E8F48EAA309705ECED5B38DE7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 16px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 16px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. paddin

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2197
                                                                                                                                                                                                                                        Entropy (8bit):5.207114429879496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:AswDjYEZGNVMr71rAVMr7EVMr7VMr/VMrlEa0VMrkbAVMCrmglB7vURFWS4CicmX:DOjNlTneCp3IHCTRSFWSO7QmqPOcGcAR
                                                                                                                                                                                                                                        MD5:637A17B5F00228B37FC58B04FC386E05
                                                                                                                                                                                                                                        SHA1:49DB8B9A930B9390F00B27CAF0BBA1EEBC63A522
                                                                                                                                                                                                                                        SHA-256:24818AA6CF1742F90C9A11AC882EAC9593FA4DA3A982586C279AC7001A5936BF
                                                                                                                                                                                                                                        SHA-512:D1300C5574032FCF0D86D7E7152220A6399E32A98FD7B4F4A1457228672FB04438984027C1B0F4237496E78784321FD2670F0A812419878E062468A3580A81AC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>....<head>.. <title>SS Toast Variant</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.js"></script>.. <script type="text/javascr

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                        Entropy (8bit):4.986982755466439
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:lAGSRh8MezXoRYhsCSRyTe7TSlR2R1pUnoKWERjW18jEcYwNNGifXt:m3hFezXmYhncyTe7TSjg1unoKWyq18j9
                                                                                                                                                                                                                                        MD5:E6F75585EA76B898CA69E9113D847FDF
                                                                                                                                                                                                                                        SHA1:A263FD1812056DF7DEC35A00910BD3BE95A638C6
                                                                                                                                                                                                                                        SHA-256:2FC9150005A82BBB54CD35656D0D3BF024DCBDDC6888A74EC2EC2596C32FEC1C
                                                                                                                                                                                                                                        SHA-512:F68B473E3959FB3E9862AA5A2BE6B9F179BDAC188C10C4999EEFDDD837593D62767215A004A99647D85261712EDD1D02456B642564295AB7E8AA304ACD11E693
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION",.. Label: "TOAST_VARIANT_CHECKLIST",.. ButtonText: "TOAST_VARIANT_BUTTON",.. T

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1615
                                                                                                                                                                                                                                        Entropy (8bit):5.097559093205252
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:UviN/rbeh3kskClt+GSq1lPDgrertqIKV5bZ0fDjA76VQ:UvitmrJpSqbb9AIKV52f/W6VQ
                                                                                                                                                                                                                                        MD5:35445629663CBAE768918FAEFE91CEE3
                                                                                                                                                                                                                                        SHA1:F9144262672142C849BE1B42EF31A65FC077EEB6
                                                                                                                                                                                                                                        SHA-256:4CE821A4DCB5AB1B256EF5EA8650A31B0FEF7A7491BE6BDDA2044269442B373B
                                                                                                                                                                                                                                        SHA-512:DF8A518311B7F23815A13537AFA3B115913C3B1DE38CFD3693A71EE3650E78232D8CACB2EC4AE612E8DBA19D9A03FA8D71FD6CF4F2B8E8B8B625569799626448
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(wacore:mfw\\packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(wacore:mfw\\packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px 10px 10px 10px;.. font-weight: bold;.. font-size: 15px;.. color: white;..}....#wa-sstoast-content {.. font-size: 11.5px;.. padding: 10px 10px 0px 10px;.. height: 142px;..}.... #wa-sstoast-content table {.. height: 132px;.. }....#wa-sstoast-content-caption {.. font-weight: bold;..}....#wa-sstoast-footer {.. padding-right: 5px;.. padding-bottom: 0px;..}....#wa-sstoast-content-check {.. padding: 0px;..}....#wa-sstoast-

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2922
                                                                                                                                                                                                                                        Entropy (8bit):4.611967975501663
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:x2sY0YYkGNVMz7OAVMz7EVMz7VMz/VMzl1urVMzkbAVMzkizVMCqU3jOB3+7f6Lg:jXu4v26mCgHgiKCe3JxON
                                                                                                                                                                                                                                        MD5:39AC2A85BB8632048148C3F42608EFC4
                                                                                                                                                                                                                                        SHA1:0E55AFEE8149AECF74D581C62DAAF78A6ECDE7AB
                                                                                                                                                                                                                                        SHA-256:54BB75E09495E6C5CC57F14C019A9B23BE4AE962882CE863D770922EA84FB6F3
                                                                                                                                                                                                                                        SHA-512:2B8C9EF3DEC5F3F347DCD3DCD2CDF1571DC345242B3CE55F2D67474FDF07753AA557242D5B0AA327F39639FBFD333B4CD64EDA2711D7C7FE7671E4789D4C9038
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast-bing.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-bing-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-sstoast-bing.js"></script>.. <script type="text/javascript" src="wacore:telemetry\\serializers\\Secure_Search_Toast.js"></script>.. <scri

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7462
                                                                                                                                                                                                                                        Entropy (8bit):5.108511289465179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:OWZxXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cg4:OW0H2zFguf+c9Ug9K7aO9Y1bMi
                                                                                                                                                                                                                                        MD5:730D7D17C9FD544EC2D9401D0F5CDD93
                                                                                                                                                                                                                                        SHA1:22D587C9C6341BC06333D6C17D6356D24017CFD5
                                                                                                                                                                                                                                        SHA-256:68E89F001569F2181BA3312C297DE67E09B9D4F66621F250B5209810C480A402
                                                                                                                                                                                                                                        SHA-512:543E5A0DDC82ED1A7297919FF274368B04DF33A83A00FDAF574482B3D73FA810E2245F3FA195ADF31C3F2B118682ABAF61406D79E0E0FD0862A82FF2B93BB75C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3957
                                                                                                                                                                                                                                        Entropy (8bit):5.047877816447989
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:jMsaURv265bWgHZNY0TUYoAzgs3CZ4ea9S6ghD2QXIanv5DTuad:jjbLe9Yo2gs3JeacVDfXIanBvld
                                                                                                                                                                                                                                        MD5:F3BF07B08F64B3E1B75A7E14A0373F74
                                                                                                                                                                                                                                        SHA1:D09CDED055D1F3B57ADCE0FAE7A4F825C12E8B23
                                                                                                                                                                                                                                        SHA-256:DB20E6B3D532057A7FDCDB78613C911A7E2A2683188F83435AAAA5989F401A4B
                                                                                                                                                                                                                                        SHA-512:734B8A5FCFE5F37546972EB9CDA1D31AA59991571757CC8D15EB60759E4865402C254DE63432531341C120BB07BDD9F707958502A92273D74F9C240F862E34A8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\weba

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9376
                                                                                                                                                                                                                                        Entropy (8bit):5.150088451081154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:lAZ3m0aWPwT0JrrvG1zuLIhHQnJC16wZ+3Fo65DcwGWlgXN:mZ4j1yDJG+1opSsN
                                                                                                                                                                                                                                        MD5:ECE9ECD91B43062BFC70F6F4F6E84A26
                                                                                                                                                                                                                                        SHA1:89834CEB1B7D9983CEB0B54F5E09F2551D02596A
                                                                                                                                                                                                                                        SHA-256:912626A265E357CB623C9D4E5A94CEBFD875EA19A72BE6D421C0925BC4393049
                                                                                                                                                                                                                                        SHA-512:564C81FBACDCC927AEDF5EE4FAC267BB0E33B90EA70BA1BAAC4FF80F44DB9CB9958104951FDE384782696D010DD26445A4FB55D4F27C0C2C22E8BBAAE26473A6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContainer: $(".feature__1__label__container"), // dynamically change container if text is too long.. feature1Name: $("#fea

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2118
                                                                                                                                                                                                                                        Entropy (8bit):5.175938652982185
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UfqttN0I4H0m0UY60uR60BFvUIFaSvU49xRstVOvQ:UfqttmhR3F7aSp9O2Q
                                                                                                                                                                                                                                        MD5:E0BC2D78A9F494A46D290B0E8CDF8A45
                                                                                                                                                                                                                                        SHA1:D82A38BE072A5205A8067ECA63E16B62B3DF3CEE
                                                                                                                                                                                                                                        SHA-256:0F0E0677EC02FFAAF5014DADC60CF62D72E4882B7BE3579B526F90209F1E1B3F
                                                                                                                                                                                                                                        SHA-512:6EDA1C944D054AE36B93D0A7AF0BDE8D1DFDC35BD2C2FFEDDF93B33EDEC72164B8E7A24F5D9E685478D14017E6A8D640F4EDF4C5ADD8B8220D12E89AE1113139
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(wacore:mfw\\packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(wacore:mfw\\packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px;.. font-weight: bold;.. font-size: 16px;.. color: white;..}....#wa-sstoast-adblock-content-subheader {.. padding: 0;..}.....main-content {.. font-size: 12px;.. padding: 10px 10px 0px 10px;.. height: 118px;..}.....main-content table {.. height: 108px;..}.....main-content ul {.. padding-left: 13px;.. margin: 15px 0;.. padding-bottom: 10px;.. line-height: 17px;.. font-size: inherit;..}.....main-content ul > li {.. padding: 0;..}....#wa-sstoast-content-caption {.. font-weight:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5592
                                                                                                                                                                                                                                        Entropy (8bit):4.099961219081125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:m2sYRYkGNVMz7eVMz7EVMz7VMz/VMzl5VMzkbAVMzkizVMCqU3jOB3+7D/6LG3BJ:SCxRv26GgHgiKCe3GyfmJb
                                                                                                                                                                                                                                        MD5:07193049A42E86AE5A4ED8ADF31D079F
                                                                                                                                                                                                                                        SHA1:DFFAB9ED64ADE07265B3AB3E329050D301E5FFEC
                                                                                                                                                                                                                                        SHA-256:8DF3543BF8003C36BD70856F750B0D7ED1660FBD1858997081E93A989BB4A585
                                                                                                                                                                                                                                        SHA-512:018A9FED6502FE5152ECC35F0894334921B507906CA21F7BE9D380B51DD259839C5FA79769733D11D96D3CABDDBCCDC0269A6A503712DFDB010D1FD6B8E59695
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=8" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-sstoast.js"></script>.. <script type="text/javascript" src="wacore:telemetry\\serializers\\Secure_Search_Toast.js"></script>.. <script type="text/java

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3342
                                                                                                                                                                                                                                        Entropy (8bit):4.662005882373045
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:B4j7B2AacfdwtxqA5JBbIVXjQB6UQVVPhPkzYOEbFQO0HR/1xRzi1CePNXDk5R:scAa+dwtDDRgVVPCxEeO011xReXDk3
                                                                                                                                                                                                                                        MD5:6029BF18CA747818FC2F39C6D4135575
                                                                                                                                                                                                                                        SHA1:A9B47B0514C06C7B148402A1967342B48B35A6F8
                                                                                                                                                                                                                                        SHA-256:C62B5EE272D469F56B1179DDAA15F1214A4A09D859A184E803B47FFB827D664E
                                                                                                                                                                                                                                        SHA-512:D273C81E3D1D3A8FDDD470C0D67D01E5183F42CAEC6F9B79FFC30D648679DE77F27780F0FB84D46B667ADEA3F99E2B903D9EFBB6F0F0C0F4C57AFFF249828993
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. button: $("#wa-dialog-balloon-button"),.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $("#mc-dialog-arrow").. };.... var telBalloonType = '';.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... _window.show();.... // Send Telemetry 2.0 for dialog balloon showed.. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(_instrument.ge

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2413
                                                                                                                                                                                                                                        Entropy (8bit):4.802631613143108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:kvYp45+NkVjY2wHhFJzq/n2TLBvlbK1qXzeABoAK5m8IAKjdp0t9N56ZgNkwuuj3:H45ikVjkpq/nWp1qgVsk0HuKAh51nhun
                                                                                                                                                                                                                                        MD5:23187B264E8EAD4DA29E78DE49681B21
                                                                                                                                                                                                                                        SHA1:76CA2EE346F7CDAE520CF647739E7F1B756E1BB7
                                                                                                                                                                                                                                        SHA-256:E283EB634FF70222EDA16FE555A9957B8FC83F7BA9E2FF43FCBE661888D53883
                                                                                                                                                                                                                                        SHA-512:09D2D02B6CAEA58BEB65BE6C0A7662486A24F16B65DC58A8C6AEFA1E7A13912343EDD0331346F24ACFBA71D41C021C9965CE823AD554207BC498BD176FF2D974
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. var $el = {.. logo: $("#wa-dw-toast .logo"),.. status: $("#wa-dw-toast .status>span"),.. content: $("#wa-dw-toast .content .body"),.. block: $("#button-ok"),.. allow: $("#button-cancel").. },.... show = function () {.. _window.ready(function () {.. var domain = _dw.getDomain(),.. fileName = _dw.getFileName();.... $el.logo.append(_wa.getProductLogoHtml("wacore:mfw\\packages\\builtin\\mcafee-logo.png"));.. $el.status.append(_l10n("PP_STATE_TEXT"));.. $el.content.append(.. "<p

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-options.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23745
                                                                                                                                                                                                                                        Entropy (8bit):3.8933965607220977
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:LravuBFTv2stBHDiF9ymq4pnU5rnXEBF15hZOmvYkydOergIo4:PavuB92qBHDdmRBU5rXEBF1VJy9EIo4
                                                                                                                                                                                                                                        MD5:2E7D059760CFC206C7C33E0A0D1DAA31
                                                                                                                                                                                                                                        SHA1:52395E689ECE61074B5F024675764AA5235AD58B
                                                                                                                                                                                                                                        SHA-256:167CE8969EFE72D02EB543EA186B47CD596510AF9AB3F5BDFD50D9513016D560
                                                                                                                                                                                                                                        SHA-512:4D473C5C0A5F23301FF7867630CFF26F73F399B5911422449D788C552795A4ECA7D23647042903BF66BAD05BB27D7B6CE0C34388101FE5944D10F9FEB96E357C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast-bing.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3660
                                                                                                                                                                                                                                        Entropy (8bit):4.763153836497376
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:445jWijMxhfOx/2NdFobmZ5oncCl/QSt/QBmy/Qe5O43XlSq:bjv23F2+5onCFO43P
                                                                                                                                                                                                                                        MD5:62751FA12333224C02D83DBE55EADB20
                                                                                                                                                                                                                                        SHA1:05218698D535A43347EEB4E8EF0B885F95E6BB68
                                                                                                                                                                                                                                        SHA-256:7A5D556D985877157C9CAABD3B7C80E74ADABD99E660662CF063AA7C1B068695
                                                                                                                                                                                                                                        SHA-512:B3B2E7B071774DA1ACDE4617D55093A4E8CA182157D82945A399FC883D45249B87298FB34F0B7158661FD6896E98E5196A8E7C75A630A14C1B6FE62C801F5A1D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window;.. .. ui.SecureSearchToast = function () {.. var $el = {.. header: $("#wa-sstoast-header"),.. logo: $("#wa-sstoast-logo"),.. subHeader: $("#wa-sstoast-content-subheader"),.. caption: $("#wa-sstoast-content-caption"),.. subFooter: $("#wa-sstoast-content-subfooter"),.. submitYes: $("#wa-sstoast-content-submit"),.. submitNo: $("#wa-sstoast-content-bing-no").. },.... show = function ().. {.. _window.ready(function ().. {.. var toast_element = document.getElementById("wa-sstoast");.... if (!toast_element) {.. _window.close();.. return;.. }.. _window.setHeight((toas

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15681
                                                                                                                                                                                                                                        Entropy (8bit):4.873255379533328
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:QODJo/vVNYs2ebppb08qb1WAWxJK8ku6sI098/CdQkrriKSpKKBS6aYSQwuHcBzM:Fi/vVNQeo8yCdI098+oYupqm
                                                                                                                                                                                                                                        MD5:32E0379BA8A34152B541919D243716EA
                                                                                                                                                                                                                                        SHA1:58AC68813AF4FEFBACBE94C677EFED33179DC601
                                                                                                                                                                                                                                        SHA-256:76B8937A0255718F964A966FFF03972A6A4DFA689523E99AF364F9FCC304AA6A
                                                                                                                                                                                                                                        SHA-512:642D193E3D238F3418C801CF28AA8BE6880A4360E31A3EC26F310FCC738A9FC0F1439F09468194A791B9708CEA6E61719EF7F306E9FA3B5D6792AC8AFB24BD64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var TOGGLE_COUNT = "toggle_count";.... ui.SecureSearchToast = function () {.. var $el = {.. header: $("#wa-sstoast-header"),.. logo: $("#wa-sstoast-logo"),.. mainContent: $("#wa-sstoast-content"),.. mainAdblockContent: $("#wa-sstoast-adblock-content"),.. mainMavContent: $("#wa-sstoast-mav-content"),.. subHeader: $("#wa-sstoast-content-subheader"),.. subHeaderAdblock: $("#wa-sstoast-adblock-content-subheader"),.. subHeaderMav: $("#wa-sstoast-mav-content-subheader"),.. caption: $("#wa-sstoast-content-caption"),.. captionMav: $("#wa-sstoast-mav-content-caption"),.. label: $("#wa-sstoast-content-label"),.. labelAdblock: $("#wa-sstoast-adblock-content-label"),.. labelMav: $("#wa-sstoast-mav-co

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-danger.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 210 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12312
                                                                                                                                                                                                                                        Entropy (8bit):7.968450241648148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yRBdas2d1PJ4BYvAHpw+9zCUu3lsOgtPaITUL:6UdVTUoUTHs
                                                                                                                                                                                                                                        MD5:4FB51E8F6008C7C9C8F0A1075BED12A1
                                                                                                                                                                                                                                        SHA1:39C35D6482BF2D7B8A347991BC99F4EB408B7FE7
                                                                                                                                                                                                                                        SHA-256:866910A9732E353EDFE938958BF6F4B6FF03FFA6B90589BD03C44011D2E41C37
                                                                                                                                                                                                                                        SHA-512:6C39FDEB9036823547E8515A7F0505B41A519F5F70D55A1D2B51A10B9FAC6D8738EB3D78D2DE2BEE55666C5712A4753D72450760B69836C7F1B71577760FD99F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............4r.....pHYs.................sRGB.........gAMA......a.../.IDATx...|....vyU.xO.. ..8.%!.8.PJ......t..RHx....@[.......@i...-.<..H..%....x..y.l-3.+.<.G.i...~>.F..5.9.=.\.,,tp.P...rr./~<...h......a........A?.i.m.R.y?9a.y....".......0.,0-........LS,!Y...al...G..k....V.a.NGQ....p8.o.A#..<...<...0.+.`..0.....!...k..Y.x..ax~-....T.8w.t.T^...`..&.a.#.h......}Z.8...(..4.^L2.....&X.M0<.....B.T....d..62......`....,...'f...I<R.....!..t.T..(,.e.."......x..9...Z..(0.BH.]...2....lS.D.'".h)$kU.. 0....:M...z..6`..1.1.|.VI.%.9...3.B.NS&......i...G..i.mS..M...f....x2!.5.....:M......y(......V<...,.%....!.W.d........s.:.BJ.W0...WO.!#.b.E..Z.fP0..r./.j.....lq....M.u....L....3.2PLD.O.Ao.!,.!?.....2...iR.D..[Y...-,. ..d...cC[.%..,,..a..U.m.<.4!%D....`aa..d.L..%".."_.......,.YL.d.|s{gp.L1.......Qv..I....38.q......*pH...j..0!.u..,..XXL.SV.j..p4..1...w...k....$.s...:.e^.Dd..`...g.>.dr......U.b.O.....&.Drr.."_..C..MV..."a\.V.."?.B`.3y.y....E.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 210 x 197, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9639
                                                                                                                                                                                                                                        Entropy (8bit):7.959929359756836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:8Sx+XNV33b9KE2nQId+RaxmxmDzMeRPGUhtGrnGyzcgJSzJKlkY+BjJJnjYdSPay:7SX9KbIRARfvRtklzcgJS1Ukz7hjYdJy
                                                                                                                                                                                                                                        MD5:0960D91DFEAF52DB02812BF775B62C55
                                                                                                                                                                                                                                        SHA1:125D3E9976B984B6BFDD698140626CB92D393722
                                                                                                                                                                                                                                        SHA-256:9E7C4BF9C4911967D24A948BFFE7268F5925A1B1E3DCD5D9CBEB7721DF32DF24
                                                                                                                                                                                                                                        SHA-512:C2AE53F305F34A3E6B0EF8E29A1E21A477C4A62F6AD27A69A91C7F1CD601A94DA1012341169F7E11C293D12AEC9B07B14CCB23185829A8C7F05FE0EDC718B681
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............!J.a....pHYs.................sRGB.........gAMA......a...%<IDATx..{t...._..j..%...`.....!..q.....&.N^..$....Hrv.....v...........l2I&..a.....O.[......l...WU...[.wwuwU...9..]...T..=.D".H$..D".H$..D".H$..D...DR.}}.@.-.iG.k...D........RH..\..&.*.r.M.|..j:.M...a......a..Dkk....)$I.I.pU...w.C.P].p..ok..."bA....>..T.r.!\.&.....R..8..9...8.(..F........;..K..wp.N).rB.){...\gk0....$..]twd..#w.\...Bh.0.....j(.R..*\....7..8.o!..B2-O=.g.}..),.0.....5'..{*.).i.ZW5....UBrP@9..`w.b-....6!.]..O.B1.o[h..5B........r"\A.]..]..B....S{..|....6.\(^B.4.n.o..g...Y+7.q]...N5.R.Hx.....H.Vz\?.....$3..l....Xr.....Z.{.bj".Y.=.v+d...z.J\..1;2...a.(.`].r....U....8..S..../{d1.A/@V*..z..,.o-..MF....&.(.S'..p...V6.w..7.N7.z..i.Lx...vCB..P.(".,..K5pe...l<$q#....B.P..+,.=.H....d..fE.......].FL..I.H........7.G..$...W..>..D..EH.X....H...'....FT]H...9....[.|.5..1.Yl...!...C.......TMHT..*;*...Z....:......q..I.I...G.N>TEHfrA..I.C...G. ....(.K&.$....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-wss.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 142 x 114, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9195
                                                                                                                                                                                                                                        Entropy (8bit):7.974458734523204
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:qSgxF7Rxse5mfaPumPCqZplpMCwhsoYl6Va1uaOyplM/0zPMyWEu0:lg77RxsRaJCqD/twhsFl6VaD5KyWEj
                                                                                                                                                                                                                                        MD5:985990E7B49221E68CA85928ABFB55B6
                                                                                                                                                                                                                                        SHA1:A625326AFC180A99526B9C1E36C85718A8AE4E53
                                                                                                                                                                                                                                        SHA-256:6FCA27CE0ADD2712EA1CBAF52291BBC2C9AA3E5B8411348DA4459082E53D456F
                                                                                                                                                                                                                                        SHA-512:AD415F9B2242675A26DFD9FAB9DCC9E2BA02191EDFB4B938C688458E92379263C9E1357EEDF8E97D4956E3A28E69D59A80C6FD23777371A33CC1A02D2AF45181
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......r........j....pHYs.................sRGB.........gAMA......a...#.IDATx..].`TU.=.M.d..R.%..{...*M...(.k..UDqw.U..]uuw]...H.^..RB...u..3...L2.2....}.d......0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0~.h.v..W..#..%....]..M....e..rA.iI.>q8...E......qI.Y...T. ...Hr..]..{.V;.....G...S.J.........Z.Y.6...(...Dv.%%l"`..`.%X...m...a...J.#...,.....G%..:]...I.^9z..-."#.......B...%(a..0:t.0.`<.@.K:?!G.@...42.`..%..X..\>z.3R..N..}.b..%..:A.N.B..>...d.H0X...C..H0"...,..m.EQ...t....N....Fi.v.Z"y#SE..U?M.....mv...S...T.[.7*.'.T.0<.,..E..%:.ce.Go..g...&G.U.A......;.m.E.k6...%..2.tt..#J.w...|X~.R)h.g.a...6.(c........U.UZ..$.1a.........Pq...+.%....`....p8.6..ZNoWl...8.....$.#.$I{.m4.+`.7...0..B...SC.e............2....;..E..A.H3.^.}.W..E..9.....).Bs.b....K.. .q....q. (...... ..........`.....*..s.........C s..6oJ..Q...F.I.&..Q.N;v..... M..~D..P..Z'Ga.<..{%.....<l...')....A..."..ATT..x.z.c..B...A.q.k.....;...M....0....5.6n.P.7.......w.(,.%..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2407
                                                                                                                                                                                                                                        Entropy (8bit):5.140156593981553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Uk73uxPuaasQ8+FQv2xfdleIileIjOmkRlYWBheIpJqqeGzeNeIp5eNeIIlWK:UDj+aOxf7KjiRlYWBxadt+tO
                                                                                                                                                                                                                                        MD5:A8E51966D283CC0F19798CF64913E287
                                                                                                                                                                                                                                        SHA1:147AE708F8919983C25358D7019652C83FF60C57
                                                                                                                                                                                                                                        SHA-256:B07E793B017088D130D111ECD8C5A0C84F3A11CCE260C38E28D28B575F445F1C
                                                                                                                                                                                                                                        SHA-512:315923FADA49DF24610343B9693C608DA30B2267600A7A5877C0099FFD3F5F6C7D93E09DE5464201B065841A31946F1ED93965731FFF1274459649A94CB2D761
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;..}....h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;..}....p {.. font-size: 13px;.. line-height: 16px;..}.....main {.. text-align: center;.. background-color: #ffffff;.. height: 220px;..}.....main-logo-container {.. display: inline-block;..}.....main-logo-container .img-wrapper img {.. max-width: 128px;.. padding-top: 32px;..}.....main-divider {.. display: inline-block;.. margin: 5px;..}.....main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position: relative;..}.....main-description-container p {.. font-size: 14px;.. line-height: 20px;.. color:#000000;..}.....main-description-containe

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2634
                                                                                                                                                                                                                                        Entropy (8bit):5.07519212964497
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cXTxBv26HgOCe8+DSSqoFbeIwEeIYuA5kIt:L8zFb103
                                                                                                                                                                                                                                        MD5:771128AA0F125B6506E2BA7580C8F44F
                                                                                                                                                                                                                                        SHA1:D32EB9E37564CC31BCF242C3FD0CF0940E35983F
                                                                                                                                                                                                                                        SHA-256:C49BB7DEC6B7640D688844895C4E162CB2BE4D7B0D0D037C80F1B750177ECCB0
                                                                                                                                                                                                                                        SHA-512:52642D2CB5D2352419554416D93626232A398DFB3B304160AEB5D8AE651C8E5663D80E33430E2BAA0A66F4E4741F2679772E24BA5A1EB7EDC56D05118C763993
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.js"></script>.. <script type=

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12796
                                                                                                                                                                                                                                        Entropy (8bit):5.0590866608956935
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:80/Pf4lTvqz3NbDdvSNOsxyVVXMT2OpbNg/0u:JPf4lTvECBxyHcTRfi
                                                                                                                                                                                                                                        MD5:BC93F971F8F5DD93DA7EA0DC34A5F367
                                                                                                                                                                                                                                        SHA1:B973969F2FAA8558FB4F1BAFF0C41BAEEEE9B109
                                                                                                                                                                                                                                        SHA-256:CFC6AB673202BF1FC95EB32071D604168EEB34A6691A59B22D7440CC19815571
                                                                                                                                                                                                                                        SHA-512:70CD245EFFE76340A502132AF3768FA638848CF2807A8BD234235CB2DA55D5A7569FCE388AFD6518652C49103FA5CD773DF588C0BD399A3B95A44FBBDFA18D5F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function (toastData) {.. this.data = toastData;.. this.lang = wa.Ut

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\warning-icon-toast.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 47 x 46, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1793
                                                                                                                                                                                                                                        Entropy (8bit):7.876784630522941
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:qaOARKiy6Zk/fIEJo8VsjZhQ78P49eiQgPO4sP/ulgafKd6c:/OATy6Zk/1x0TQg+wvPmlga1c
                                                                                                                                                                                                                                        MD5:0649B7E9A67DE6931312BDB5BE3FA6D6
                                                                                                                                                                                                                                        SHA1:285B792941D7CCB34ECC8749A367CAFE4A51D4B1
                                                                                                                                                                                                                                        SHA-256:CBB5964B1888A95703984990FBC9C71448ACBA8A5E19BC0A96E626C2129F7E22
                                                                                                                                                                                                                                        SHA-512:12B8E6C4F3EBFF51BA6CE1FE66D737461CD0C30F0B9E65443256886DDBF9E1518E3A26D9186CD8F2CA95EA09D35F910372558BE1C997073E0E26603C4DABC22E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.../..........|p.....gAMA......a.....IDATh..Y]l.E....R....?.y.A@1.mi.)F.....#J.F.'..O.Q..#Q ......>hPH...X....b[b+..@.Q @....{w<g........W...9s.7...93C...7..e.b..\.d.....d!..'......G.....k...2.1J.a.6.1!.{.E.0..r...D.....I.5k.../.@..&QD.*j.oW.....6...}.2...\O..,..f...q....U...1.....Lf..U....bs....:.0!..?Q...j.e..;...X...qN.JM.[..../....=..2T....T?..VcR...qFl.._.T@.s...rP.....L...3!1...L.Z..xlh0.....Tr3..D..V......^.^..t.....3O.ED....8j8....k.E.`...{.>....v8...R...@.8.R_.. ..|&C..?.....rG..( .y....}.z.p.28w.....k..v.7.~.......7F|.. .@.8"..,..L...Q....7.a......oI*.z.f.{.j...`......}g.....!Y.... ..J2p..IJ...2...X..G8..Y.. N}..t...26.....M.._.....c...fs...{....)t[.,....e.&............t%.PX...W)..%..........t.`>.....7...H..s.CW..........u}.nS...~...&O..1...C}.....#..G.IH0.mjj(.._....M...=..C2..==..V&...~1..?...en..M...\.Q.%...B./.g.S...... .#.(....*..q...jb......p;../5.m.T..-...SE.h..(.|le...[.**!...=:TJ..!m..q2..CI.$

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\custom-checkbox.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):292
                                                                                                                                                                                                                                        Entropy (8bit):5.398370766213392
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:KYCutJFlCutfwEr+gCutF3GHFUUsMLR4SWJhZlQVoWvLLnMfn:lCu77CuuSCu3ZUsMLaJhU+Wng
                                                                                                                                                                                                                                        MD5:70E015F4BF2A1075DAC01A4B85102721
                                                                                                                                                                                                                                        SHA1:DCC6CB8CF7EE78207BB68F1F16CC0CAEF907AF9F
                                                                                                                                                                                                                                        SHA-256:E606B54AB3B9DA665BCB51E868E6B3D2FC3D5F323BAE58772626A5F4E6B7A178
                                                                                                                                                                                                                                        SHA-512:3187C334CD5077E1CF33E6F4B9383D7BD9A73B1C2BFD1A8B6B90ACDE731435DCBED930DE768F9391C59E421C87FC71E3DFF6C577DB637C91C344C19066A00D53
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:input[type="checkbox"], input[type="checkbox"]:checked {...box-shadow: 0px 0px 0px 1px black inset;..}....input[type="checkbox"] {...accent-color: white;..}....//B3ACFA8980C72DAB04DA953D789A7B2385E82801166DEA22C6E23C8B50595E569A9ACF2AB15392FCB48598BF65766CC40BCBB38C872F66C3A1C039BA8CD5EB4B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\jquery-3.6.0.min.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65446), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):89637
                                                                                                                                                                                                                                        Entropy (8bit):5.297835496012865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vK:eIh8GgP3hujzwbhd3XvSiDQ47GKM
                                                                                                                                                                                                                                        MD5:6FAC5DA12024D65BA4925C615D4784D0
                                                                                                                                                                                                                                        SHA1:EFB17740DF169E91A0E8C6A9653963C8150885AF
                                                                                                                                                                                                                                        SHA-256:FE757A4C53515A29CDBB4D49C82F3B15FBC39989363EE1EB6BEE03835DB24F2B
                                                                                                                                                                                                                                        SHA-512:132AB7A72B3BD6B01A3B7C88D5A9E23F76D01D0BFAA3C10F43C98BA54A5078F255E8D05324B57DB18EE13AD59E1D6A91EBCB2EC06EC523057EE2E3846CA74559
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-common.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34187
                                                                                                                                                                                                                                        Entropy (8bit):6.0477937115799465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZt:E9DDI6thXjez1jtnc
                                                                                                                                                                                                                                        MD5:AED816962FB2FC71AF77DEDB42480127
                                                                                                                                                                                                                                        SHA1:BB86B01785AA598E893B976D0347E5ABEAB75452
                                                                                                                                                                                                                                        SHA-256:08243ED87F8CAEDED8CA4223E8554C67CDEDCAE733222F69626032653DF984F4
                                                                                                                                                                                                                                        SHA-512:9D042548C8839E72A4FB11A20D16A827BAB271A99E5F1AD61CF47254F35649A48DFF12DEE052FA26B9C9085EE32D1C8B0BFA9BF9D343D1553B5147797284EFD8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-common.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):853
                                                                                                                                                                                                                                        Entropy (8bit):5.3199539768797655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2B/hPp825C8dJK5VKv5iP5h158qESea0gUHRG:Y/h2P8dEnjPESUHRG
                                                                                                                                                                                                                                        MD5:C6A064710190EAF3CB91CFF0219E1887
                                                                                                                                                                                                                                        SHA1:0AD4A6D0CE911E9D06B88C14E3143306EE08CA8F
                                                                                                                                                                                                                                        SHA-256:97C4B850C1AD4B35B3F6E13605FF896F61FF84314A70D9393333753541124721
                                                                                                                                                                                                                                        SHA-512:48A53271421497B5BEBCCA8F7F764864606F0FA27EC0DF4F5A2210E837C0159BDB7BB03865771D31AD538294CDEB7B3D44E51CE8117A131EDD92017D3CEE19E8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa) {.. var common = wa.Common = wa.Common || {};.... common.getColorAndStatus = function(score){.. .. let color="red", status="WA_ST_SCORE_LOW".... if(score<400){.. color="red".. status="WA_ST_SCORE_LOW".. }else if(score>=400 && score<600){.. color="yellow".. status="WA_ST_SCORE_FAIR".. }else if(score>=600 && score<700){.. color="green".. status="WA_ST_SCORE_GOOD".. }.. else if(score>=700 && score<850){.. color="blue".. status="WA_ST_SCORE_VERY_GOOD".. }.. else if(score>=850){.. color="purple".. status="WA_ST_SCORE_EXCELLENT".. }.... return {color,status};..};....}(window.WebAdvisor = window.WebAdvisor || {}));....//9C960C3390A50A391CD5EFFC84F365DB36ED5ECA3298FFCA78AA46A63F8B4AF0FF507660D9A100E12672C8A8F28346FD369B40C3D96EC2B1D00717309471E1FC++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-core.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23487
                                                                                                                                                                                                                                        Entropy (8bit):5.12089992478463
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GZCfU5OMibTTqFf3+CyZRCDqRkaPUEgpLS5ueJw+dc0cbT4M/5cWal1fGR:GZCfU5OMiLqFf3+CyZRCDqRkaPUECLgA
                                                                                                                                                                                                                                        MD5:FA00F7D07559DC8EE12C71F2245DBC35
                                                                                                                                                                                                                                        SHA1:592C0F53259F769758F0DD415C49B9A267908D14
                                                                                                                                                                                                                                        SHA-256:814DE86ED11DAFC190560A927996E163A5CB50ED1BF69A459490AADDF0DD744C
                                                                                                                                                                                                                                        SHA-512:BB23C8A285D4D75E2825FF6FD064F8F8A091265809A38B6BF9D35B39CF4610E8A501686D681657834B4CFE0AFC1C675851948A9194E31DF3F8BFF51EA4BA6017
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Core */.(function (wa) {. var core = wa.Core = wa.Core || {},. _settings = wa.Utils.Settings,. _external = wa.Utils.External;.. //Component. core.Component = function (name, status, key) {. this.name = name;. this.status = status;. this.key = key;.. this.isIgnored = async function (key) {. var isIgnored = false;. var startIgnore = await this.settings.get("startIgnoreDate" + (key || this.key));. var ignoreDuration = parseInt(await this.settings.get("ignoreDuration"));.. if (startIgnore && ignoreDuration) {. var today = await this.settings.getToday();. var startIgnoreDate = startIgnore.parseBasicDate();. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);. }.. return isIgnored;. };.. this.isInFixGracePeriod = async function (key) {. var inGracePeriod = false;. var gracePeriodStart = await this.settings.get("fixGracePeriodStartDate" + (key || this.key));. v

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7998
                                                                                                                                                                                                                                        Entropy (8bit):4.69684087678637
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:j8KiNn2zKMXjRIQIeTZmY2OToGF/8OJISRjla0mo9SWLpmUtpdcSbFn44j:IKiN2zKgyTeTEZzSRjg0jScmcdvvj
                                                                                                                                                                                                                                        MD5:496F9B41EC1335A99F7A5C68E5C77793
                                                                                                                                                                                                                                        SHA1:F9FC3D1DF9BECD9A9492F5A7C9389FF1CBD5D222
                                                                                                                                                                                                                                        SHA-256:46E5C70B4BED41FE8B67D7524F039894E00121BF8F1C48781C13BE642D667E50
                                                                                                                                                                                                                                        SHA-512:EF658D18388E52918F7BDF8612B52CADB15F127ADB752175126E05D86FFEB086FDC703173610D3A69DEDCE516A8A449C8FFAF5FECD5868C9541275181899659F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(options.message.text).. el.$messageImage.. .html("&#187;").. },.... setBorder = function () {.. el.$checkList.css({..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-dialog.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3536
                                                                                                                                                                                                                                        Entropy (8bit):4.498300075662501
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:kZGJ5nzQQenlzN1vylhovKKHNLzpCZjeVBXfoiht:kZ8W0v8RHNLlCZjoJfoin
                                                                                                                                                                                                                                        MD5:073BD350D4DCB33C875472575EBFD579
                                                                                                                                                                                                                                        SHA1:CF1803794807A24422DD8A0D15B90E2E3EEBBBE3
                                                                                                                                                                                                                                        SHA-256:43E789DD22A446CBA010D7125005B803EC6489BEDE9836664BD096FFDC49ED11
                                                                                                                                                                                                                                        SHA-512:AC403FEFFBFF4AB8A928C96345A01AD68DFCED4E9467CEDBB2D1D830F328659B6471A94FBE781EE6175FBA96219639D288C21AE17222528FEED9A53327AF3963
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html,.. tabindex:"0".. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content",.. html: options.content.html,.. tabindex:"0".. }));.. }.. },.... createButtons = function () {.. if (options.buttons) {.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-utils.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17296
                                                                                                                                                                                                                                        Entropy (8bit):4.4807553162542435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:BZwBjF3z+j5csy4h11lidEaCa3z46U2EW85xFYmah2OY9c8o9OQ/o:WJyj5csy4DIE3mU6URbFYmafQ
                                                                                                                                                                                                                                        MD5:618E7876274CFC0B3214FB134EB912AB
                                                                                                                                                                                                                                        SHA1:14F2EA29B8C0C776577C49A39AE77E27CE4CF7FE
                                                                                                                                                                                                                                        SHA-256:78D770FDD6213E9A952EB6523DB7C6320E0E05250B0DAAE724C6E2363F346360
                                                                                                                                                                                                                                        SHA-512:E10F770946141EF14113E2B2E09CEB711D75835D40D43585B930A64E384C40CA6DDD2EA22E09CFC8CD0B54FF4C9C728CD1BFB2E6E31C592160F122F6814D1F5B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9676
                                                                                                                                                                                                                                        Entropy (8bit):4.916947794924999
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:O4n4gMn8LeQ1EU/AF5kSS3zwgFdliSQyglzMiqXjAMfxE7N:p4gMns48SS3znJiS0miqUMfxa
                                                                                                                                                                                                                                        MD5:09AD363559A046A1D93F064629F4D1E0
                                                                                                                                                                                                                                        SHA1:5C9E4EFFF7A9E8197018857F64B711C87F38A332
                                                                                                                                                                                                                                        SHA-256:58747720DB5DF9E225249D740EB808EC5D6498E7F153464CDDDAE4F684175163
                                                                                                                                                                                                                                        SHA-512:CBE025BA895A732ABB03308615B6A7A596ABC1985EC423B5D09DA8D992A39F11566CB866E13B33950C526F2F9A09BCC0050A9CFD2CD86AFD310D436434F3B0DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = ""; .. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = "";.. .. this.update = function () {.. _window.ready(async function () {.. var args = JSON.parse(await _external.getArgument("template_args"));.. var isInitial = false;.. browser = await _window.getBrowserType();.. browserCode = await _instrument.getBrowserTypeCode();.. installDir = await _external.getInstallDir();.. if (browser === "FF") {.. wbShown

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-mwb-checklist.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2727
                                                                                                                                                                                                                                        Entropy (8bit):5.134238882255609
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3Ox0xsUa3l363kKk+kUTkikfE5h2CYqOcqe5QORDBwC:32EAqOcq6QqN
                                                                                                                                                                                                                                        MD5:72CCBFBFD498B9914B18933E2AFFC3F7
                                                                                                                                                                                                                                        SHA1:8FFBB051B8FB8CE926E41F6853C2D20F26AFBCDE
                                                                                                                                                                                                                                        SHA-256:E3076D5AA823176935ECCD9851526B2A22EC6083164D3EA8D469EAE4499A4EC5
                                                                                                                                                                                                                                        SHA-512:621401D66FA72E76B337D19517195D229DFC3C98910BEBC8FBC97E8B6D70A665D92DBA56DF4EDAB0A3A8FD232C1EE22CAE484CC324AE996A72A4F4A4FB83453B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-webboost-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript"

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-controller-nps-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (452), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24334
                                                                                                                                                                                                                                        Entropy (8bit):4.494667538847913
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CYEzX7WKuUDfpG7I85C6ylu6MJcDoGeDbC9dDMQk:3e7Wa806+w
                                                                                                                                                                                                                                        MD5:97294E70F24AC873E6E9D20F713F2AD3
                                                                                                                                                                                                                                        SHA1:D5E1C1021BDBB82B9835F8FAE705E598044B423B
                                                                                                                                                                                                                                        SHA-256:130D8EA323ECC21474B15ADBFA2E025B8E532052CFB195178DA84AA889B254B2
                                                                                                                                                                                                                                        SHA-512:83907AD784E133012EA398B904E499DBFECE8E678E11BBC873FE809CEAA5348554C613A8CBFAEC1552F949E225C19BEC6E7277003A7773BC6EB1F8FF72070233
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.. var browserCode = "(unknown)";.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(async function () {.. browserCode = await _instrument.getBrowserTypeCode();.. var args = JSON.parse(await _external.getArgument("template_args"));.. if ((await $(window).height()) >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = async function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-nps-checklist.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2636
                                                                                                                                                                                                                                        Entropy (8bit):5.121410204094642
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3kx0xsUl363kKk+kUTkikChZhAFqOcqehQORDDy3m:O6qOcqiQqv1
                                                                                                                                                                                                                                        MD5:27CA3DA36B2FF15DE5DA3932BD4DEC40
                                                                                                                                                                                                                                        SHA1:5DF0DC35173A173A984EB7EDA5411AD49A26EF17
                                                                                                                                                                                                                                        SHA-256:8D431F52C49F223C594B0EA7F35FA5F52A254626CB4573486B2351B2AF74385C
                                                                                                                                                                                                                                        SHA-512:A70D122F88F8DDDCAFCCCFD81BA86ED2C89C9745EB0BF505577EF539DD528CF6977411602F819CB44CB1E7F5A9F6F4D5B4E601132EDFDB2214E9EE110A2EEEC6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2987
                                                                                                                                                                                                                                        Entropy (8bit):5.344034394218926
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UEWZp8xgC9WqJfW05NqIEp5NqIr+5NqUuxkxrxSrMq6x8zOGFqkmiZEqPeIs:xsW0xghYdNYNb0N1uxkxrxSrJ6xRGFqr
                                                                                                                                                                                                                                        MD5:E0D200C1F166E8DDB1F955C606E42398
                                                                                                                                                                                                                                        SHA1:78297894EE95BF86EE0721D12F6EB44955E737C5
                                                                                                                                                                                                                                        SHA-256:4EF9D035FB94E91A2C432B9B25A982C0910E605F36F46A062D159ABC6AA85BDA
                                                                                                                                                                                                                                        SHA-512:E67F0867609E3284C94F41D90E689CA8618047C8A6DE5E6FC27B27DB5CA9C9F6083B9DAED4A4AE1274BF92750272C239E7806A8BE84663D29D363EC10628AAFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}....#dialog {.. display: flex;.. width: 761px;.. height: 565px;.. background: #fff;.. border-radius: 24px;.. border:1px solid rgb(0, 0, 0, 0.12);..}..#card_layer {.. background: transparent url('file:///[WA_FILES]/mfw\\packages\\builtin\\women-on-laptop-features.png') no-repeat 0% 100%;.. width: 276px;.. border-radius:24px 0 0 24px;..}.. ..#progress {.. width: 173px;.. height: 173px;.. margin: 52px;.. background-image: url('file:///[WA_FILES]/mfw\\packages\\builtin\\progress_0.png');..}....#progress.enabled{.. background-image: url('file:///[WA_FILES]/mfw\\packages\\builtin\\progress_1.png');..}....#description_layer {.. padding: 35px;..}..#logo {.. background-image: url('file:///[WA_FILES]/mfw\\packages\\builtin\\mcafee-logo-1.png');..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2219
                                                                                                                                                                                                                                        Entropy (8bit):5.306616950793176
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:qaaxily363k3k5kEhD7kCaCNcCgST20ixtSI:HsCgST2vl
                                                                                                                                                                                                                                        MD5:FFEA71C263F83D08481B5EA68FE929E1
                                                                                                                                                                                                                                        SHA1:F3F62208BA9A5230EAA8DDBE58978BFBD8E41161
                                                                                                                                                                                                                                        SHA-256:14DB57AD278143A3F0775A3B82F67A9ECD2D309B2E8D1F8EAFAE2C2889FD6DCF
                                                                                                                                                                                                                                        SHA-512:D94E7DD6BB77431C9E30FC05C4D708EC6A003D2347910A4AEB4E7413520857872B48984C9322AB7207058C77ADFB9488FAA831E73EF00D53E92BE2FFA861A264
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\edge_onboarding\\edge-ext-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4043
                                                                                                                                                                                                                                        Entropy (8bit):5.15885534495579
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:lAFMuLlxkllDE3zG6lsg9EYcvrEPwSYlZXo+:lAWuLlxkllDE3zG6ls5hrEulZXJ
                                                                                                                                                                                                                                        MD5:B98D67B9893DE220F6C3998F0059C190
                                                                                                                                                                                                                                        SHA1:179791D4EBFD1300B46F8B7841FA6AB203B31095
                                                                                                                                                                                                                                        SHA-256:40BF1E2435E385525F9772D5807E20CF7F40469CA3D0AD9F214047D1184B6186
                                                                                                                                                                                                                                        SHA-512:91FDC0C2BA4D93D1DC99B56DA5B59647113C1F317228B22A0829A92DD0F6FC9003162D2B605811AD1F75ECE5146149108127A42909BF4317B2206FB827ED3246
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {... ... var newToastDimension = {.. width: "761px",.. height: "565px".. };..... var $el = {.. progressPic: $("#progress"),.. checkboxInput: $("#set-web-protection"),.. title: $("#title"),.. desc: $("#content p.desc"),.. featureName: $("#feature_name"),.. featureType: $("#feature_type span"),.. featureDesc: $("#feature_desc"),.. doneButton: $("#done_btn").. };.... var stringMap = { // check for correct string.. InfoTitle: "SEARCH_TOAST_TOGGLE_VARIANT_1_HEADER",.. InfoText: "SEARCH_TOAST_TOGGLE_VARIANT_1_INFO",.. FeatureName: "SEARCH_TOAST_TOGGLE_FEATURE_1_NAME",.. FeatureDesc: "SEARCH_TOAST_TOGGLE_FEATURE_1_DESC",.. FreeLabel: "SEARCH_TOAST_TOGGLE_FREE_LABEL",.. ButtonDone: "SEARCH_TOAST_TOGGLE_BUTTON_SS_PROTECTED"..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge_ob_telemetry.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):369
                                                                                                                                                                                                                                        Entropy (8bit):5.422952227171875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:2EmuogRreo9LClyqZy+cPupMrX9ElbFmFvH5XCgyoXm/o/7ZopsNAAE9Xj/oCh:2woUrXAyXprOlJmVJbCA1hE9XjwCh
                                                                                                                                                                                                                                        MD5:ABB274DD5620E2F7458477FF70C06527
                                                                                                                                                                                                                                        SHA1:88D1841D78E2286CDBE81E472026DDF04856533B
                                                                                                                                                                                                                                        SHA-256:1317D83FF8CE4FC2A377B834BEB46C7D1949268294A4A6B8BCFE722E99C8C6EC
                                                                                                                                                                                                                                        SHA-512:858A5F55DB2F1884D39014D7DD64B4F1E315360F984D9F7BA85E66C3AE12CC2A28A67B9578AB9C6FD9766F1819AAF2F9A0489B5510D2D10582E6FF36F63C1A38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:const send_onboarding_telemetry = async function (action, ui_type) {.. const event_obj = new EdgeOnboarding().action_type(action).type(ui_type).Serialize();.. await window.WebAdvisor.Utils.Instrument.sendTelemetryEvent(event_obj);..}..//CBE022F7DB128CB70BFBA73B9E5CA0F201F5694F12587BE5FD9B962BE9A6F72D1B31C2128ED8C6C6325FDAD9300A95753DB1322172697D9A916DC0DF1C5AF74F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1497
                                                                                                                                                                                                                                        Entropy (8bit):5.168780559100173
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:xmp5UEWZR78xQ/0elV7k1Ze+fkMFE1g60q30iTxhxs4P0Fu0xx0j000sT06bw0SG:xmp5UEWZp8xo0uOuHMFYg60q30Mx70Fe
                                                                                                                                                                                                                                        MD5:8105CD2225469DF72E5E296BD0120393
                                                                                                                                                                                                                                        SHA1:D0785A53C17DAC683C201D091877FF1D6EC5EB54
                                                                                                                                                                                                                                        SHA-256:B35C5FA45379755E16DB6C8557488D6F98513D8D10284D0475DCC294CE59C6AB
                                                                                                                                                                                                                                        SHA-512:C9626F42EB610681340264D577C82C3622DC1C6934980F12A835852F3F9F47237B0CE138A0A29094B30404B8653C90CE53EF0336E47B277EB7E897674820D3DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}.....main-container{.. width: 656px;.. height: 392px;.. flex-shrink: 0;.. display: flex;.. flex-direction: column;.. position: fixed;.. bottom:0;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. align-items: center;.. padding: 0px 35px;.. border: 1px solid #B2B2B2;..}....[class*="flex-item-"] {.. display: flex;.. align-self: center;..}.....main-container .flex-item-1{.. justify-content: flex-start;.. align-self: flex-start;.. margin-top: 32px;..}.....main-container .flex-item-2 p{.. color: #212934;.. font-size: 20px;.. font-style: normal;.. font-weight: 700;.. line-height: 28px;.. margin-top: 14px;..}.....main-container .flex-item-3{.. margin-top: 34px;..}.....main-container .flex-item-4 p{.. margin-top: 32p

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3191
                                                                                                                                                                                                                                        Entropy (8bit):5.331921490117445
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:wjRaxDlg+3kKk+kgkah2Cm5wEsCILQq5wEsCI2A5wEsCIIK1kaojVE9A:wjTdsT/dsTdsAxaoRyA
                                                                                                                                                                                                                                        MD5:C82DEBE68DEF59497A10807F8A00A4B1
                                                                                                                                                                                                                                        SHA1:6B14D986F48BBC346485806D1494706311FA77EA
                                                                                                                                                                                                                                        SHA-256:1A38BE88BAABCFC0E37A620AA051430240BE2FBB36C05D201116B84910283296
                                                                                                                                                                                                                                        SHA-512:5598BAFBC290AB95855D23E292BFAE95AB929F3A62DC031B4961795F9AE1D181BC490169E334FDE1A249071BBA18AB73B8838995C519548CF1352D763FFE8F6B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\edge_search\\edge_search_ext_coachmark.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.js"><

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4447
                                                                                                                                                                                                                                        Entropy (8bit):4.886798873869758
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xe04JN7xWXXZ8NQK8E3NQKbk/5XNmsN4qBNINHN4qPdFe2FX1YYtuK1H6ItuNn1x:EPoHvOGX67qPqP2k1xafsmWa6Qiah6M
                                                                                                                                                                                                                                        MD5:AD9A446C106D5867A4DFF8A066601E4E
                                                                                                                                                                                                                                        SHA1:90A6BA05604634B54156B2CEE7F8E2809BC39BEF
                                                                                                                                                                                                                                        SHA-256:DC94D0C6CD248F7453757EDF4ABA5D6076C2327D8064526F48A1590B1A57F254
                                                                                                                                                                                                                                        SHA-512:42B2E801B7AF7CBEE1897589DA2464A8213BAB94CDAB327AFC3FDCF40569A578181454AD0A4AC0DE992BF7EAFD6CCB5024EC12843994111E2FF512D9298E0C48
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch edge monetize phase -2 */..(function (wa,$) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 392;.. ui.SecureSearchTooltip = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. .. _window.setWidth("656");.. _window.setHeight(windowHeight.toString());.. .. let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.OVERLAY).get;.. .... chrome.webview.hostObjects.wa_external.log("inside ready");.... var json_to_parse = await _external.getArgument("overlay_data");.... chrome.webview.hostObjects.wa_external.log("after getting overlay data");.... if (!json_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1839
                                                                                                                                                                                                                                        Entropy (8bit):5.466172125369847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:+swDxNxulQeNVMr0+WrVMrLKWrVMrQzVMrQXVMrQdpVMrlANVMCrNM/QoguKORM8:NOxNx1/Y+3i3cKc+cGpJCEQgKy9n
                                                                                                                                                                                                                                        MD5:11C90E0E1226ED84012D4979854C9A67
                                                                                                                                                                                                                                        SHA1:66750CB596FBCE0225D71762B28C6B334DED1FF5
                                                                                                                                                                                                                                        SHA-256:38FBDC7B5C5A313CB09AB5456821FF6D6D48F50E3E1E3FDD292C016F99253089
                                                                                                                                                                                                                                        SHA-512:E92F7444BEAA0AF503CAF09861C69E75A1903B8BE17D02DD368F46B5447B145AC25DC760E0A113C29E7694E95A293036A1890C09906BF0CB246E86EAF59AD684
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4434
                                                                                                                                                                                                                                        Entropy (8bit):5.061667092400666
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:T0AmdonK4uoNkCsVgV1PixEeB0NufP9SdaQbXkLS:AATK4bNrAg/jeCQS9bX4S
                                                                                                                                                                                                                                        MD5:9EA7950FB8EF13B3EAD1A78C3A0E1B17
                                                                                                                                                                                                                                        SHA1:0C636A86319B64BF2C3CC2C4D1AB58DB7929E742
                                                                                                                                                                                                                                        SHA-256:2B493C311CDA5CE4CD57C1D992D0E1673733651C0C6B7C831D0404CBDFCDBDE8
                                                                                                                                                                                                                                        SHA-512:0C0C78D93AD29B4DDEFFC6F832D123D91FE4A9B2D91254E5558168A777E5B317863D8C01A5CB91B894953572E7D3876D02D48E04708CC3A8AD9B0F8334213974
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2295
                                                                                                                                                                                                                                        Entropy (8bit):5.349411549312583
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:NOxNxj/U3i3cKc+ccWCpnHCFAf2PKqAqIMImqIuck6:chkiJJmz7D
                                                                                                                                                                                                                                        MD5:45A109F8A197927BFD467B77580D10BE
                                                                                                                                                                                                                                        SHA1:8302CF6DA74AAEEC08CF9FFA70DA57004374CBD0
                                                                                                                                                                                                                                        SHA-256:7E7BADF648959591AA17B7902734646EF926D394984265B4D5E9F8762B81354F
                                                                                                                                                                                                                                        SHA-512:EFF6A8B71F656CDF9C13A1D6910DC783AAE6203465825703DFC508F75B1FA385F36CC06B735555F146F73026F96C05F59D38BDA5F4955E58A6CABA2F7B9133A9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\new-tab-res-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4089
                                                                                                                                                                                                                                        Entropy (8bit):5.133327457761815
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:n3AXKffHguIKz1hauWSQ0RVflDh84bXk1Z:3AogosXiVfVh84bXEZ
                                                                                                                                                                                                                                        MD5:0BDF0372CBA979567B082FD039692803
                                                                                                                                                                                                                                        SHA1:A4C5332EEBDEFE4A7859940DF1D69E2E26BB990F
                                                                                                                                                                                                                                        SHA-256:D484D2982CB0859B66695F96C12A21AE5CC6B2EE79B27DF6E2304AF655C51A31
                                                                                                                                                                                                                                        SHA-512:6E48EABF1BA9AFF960C94731B63C6E47CA1F85FE9855BE09E4E451B6A1E0D72FF30564260209D22B62456A5388D15707AFC0DF79D2131FA003F85AFB64CC74F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1604
                                                                                                                                                                                                                                        Entropy (8bit):5.270792586863798
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:rp5UEWZp8xw942MDIjLMI6dSEkf3cdbOiQZwg00:LW0xwa2eIjLd6dSX3cdbOhGgJ
                                                                                                                                                                                                                                        MD5:5EC7FCBA4A5C5FBFF9D233581C521CF1
                                                                                                                                                                                                                                        SHA1:C2744BC0A456580F2C2EF11F2D52628BED2B8738
                                                                                                                                                                                                                                        SHA-256:E2D190380AF51DDD21119509476C879626993A862E32C6D4184282008458E6C7
                                                                                                                                                                                                                                        SHA-512:50F7BCC3A99CA7E18391D8DB2E7F8D067E8F06EC5DC646E4FB6AB227B6408DB75F7F801A5A767B3B355BEB6098770CB14BF71873D46B1B1E92984E522A399B48
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}....#wa_score_toast_confirm.main-container{.. display: flex;.. position: fixed;.. bottom:0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.... width: 365px;.. height: 326px;.. align-items: center;.. flex-direction: column;.. flex:1;..}..[class*="flex-item-"] {.. display: flex;.. width: 311px;.. justify-content: center;..}..#wa_score_toast_confirm .flex-item-1{.. justify-content: flex-end;.. width: 100%;..}....#wa_score_toast_confirm .flex-item-1 img{.. width: 13px;.. height: 13px;.. margin-top: 16px;.. margin-right: 32px;.. cursor: pointer;..}....#wa_score_toast_confirm .flex-item-2{.. margin-top: 17px;..}....#wa_score_toast_confirm .flex-item-2 h1{.. color: #383434;.. font-weig

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2144
                                                                                                                                                                                                                                        Entropy (8bit):5.413299065144493
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:JjRax0x3m363kKk+k3shFhiKC+yxi8mG6yMm+ATFcq:JAm2ie6yGQV
                                                                                                                                                                                                                                        MD5:130647C232AB4DAE8316E6C2C1A7F778
                                                                                                                                                                                                                                        SHA1:D2AEE56A00A6A3EA1B14717B8025E06A709BB43B
                                                                                                                                                                                                                                        SHA-256:010A999D831640C90075D364A7D219A9113CC8B48541423399A3331C5BA1A6A9
                                                                                                                                                                                                                                        SHA-512:F3F016FA8ACD223DC78B7D58E00BA3F0C341727F935A9062AA48138E8A2570BBE939AAE342176F29CCD7DEE8809032BF21C1CD9956D66F6C8E1C81424D1AC59F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\score-toast-ui\\wa-score-toast-confirm.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-score-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <s

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2765
                                                                                                                                                                                                                                        Entropy (8bit):5.074437838766172
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Yj4Ji7xWXXRMNQK84lhNQK23NfGTNkAYi/zNQmnOtw/7tT/Bztn6TYOYEfNgpbj5:YhoH/C0Lln8qmncw/RT//D7EcPcvgd5B
                                                                                                                                                                                                                                        MD5:6D27ECEB5826A81650FA9F9183EC1B68
                                                                                                                                                                                                                                        SHA1:BF4B0F38D7568C2C77030544441990EB23DCBA24
                                                                                                                                                                                                                                        SHA-256:F6AE2BDDD8E1F5FD9B44C63141C560EB0369CC12E5BE8EB76E42EC7616043B0F
                                                                                                                                                                                                                                        SHA-512:C5E03C959FA35D47935FEB44127DD52A5A0E44E6687149BE6A736E4DF2911BCE17DD6AD2B25BBE7B064AA7AF72CB3B39240FE8D6DF136B7394085D057CEAB705
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch Score Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window;.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.... ui.SecureSearchToast = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {... .. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.... _window.setWidth("365");.. _window.setHeight("326");.. chrome.webview.hostObjects.wa_external.SetDraggableOffset(20, 50);.... window.addEventListener("resize", (event) => {.. chrome.webview.hostObjects.wa_external.log("draw from resize handler");.. window.chrome.webview.postMessage("draw_background");.. });.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... chrome.webview.hostObjects

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-increase.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6113
                                                                                                                                                                                                                                        Entropy (8bit):4.974236045099054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:xkWsYW9FbqA1eR0/DJgltvLtDmwJVNUNYNnYFaYoty55u7fn:xkWXWbqA3FgltvL5mqVNUCC3oku7fn
                                                                                                                                                                                                                                        MD5:4CC52A4AC1AD00E793AAA1991AE39048
                                                                                                                                                                                                                                        SHA1:1A7BF03CB3B7E29DF159E4FE69E0F6C451E02210
                                                                                                                                                                                                                                        SHA-256:A60349D863402EB4FBA87134E4AA1FF3FC2E982FFE266751701B57449AA0C44B
                                                                                                                                                                                                                                        SHA-512:1FA4E34F48AE33430217E1F199A229A400DA984E4D33E292FE5BD30CF5859CE8E9B7C7052DA1F628E1A87CD8F84415C10871BE007C22226B4D06950715029B0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;.. }.. .. body {.. color: #212934;.. line-height: 24px;.. }.. .. #wa_score_toast_increase.main-container{.. display: flex;.. position: fixed;.. bottom:0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. .. width: 761px;.. height: 283px;.. align-items: center;.. }.. .. [class*="flex-item-"] {.. display: flex;.. height: 100%;.. }.. .. #wa_score_toast_increase .flex-item-1{.. display: flex;.. width: 276px;.. justify-content: center;.. background-image: url(file:///[WA_FILES]/MFW/packages\\builtin\\wa_score_toast_increase_bg_left.png);.. flex-direction: column;.. align-items: center;.. }.. .. #wa_score_toast_increase .score-status{.. width: 205px;.. height: 60px;.. ba

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-increase.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2770
                                                                                                                                                                                                                                        Entropy (8bit):5.29703908299377
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:JjRax0x3i3363kKk+kgk3ithFhiKC95ix8LStjLRjxk+ann43iAk:JseqjiHjtjBinx
                                                                                                                                                                                                                                        MD5:0EC997362D663859800D14960652714F
                                                                                                                                                                                                                                        SHA1:B3669DDE8E70DD5FDB2587F11D463C33D7171FCF
                                                                                                                                                                                                                                        SHA-256:639279E73C9AD05A14C16339B40197CB42D37F035BB68803F4858E24A5525BFE
                                                                                                                                                                                                                                        SHA-512:81B455EFF4D092AB0FDA17214D2902A2339591F794EF22AEAA17245C339265A690E5FC26E529A4F0FE5B1838435F3291E101F00990193F1078F8BCAF707DF84E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\score-toast-ui\\wa-score-toast-increase.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-score-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-increase.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5026
                                                                                                                                                                                                                                        Entropy (8bit):4.955964330667236
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YuoHAOGj0xqGgrVTWm03Sk457EcPQvNQoxVRz2T:JX4k7RTWmp57EcPQvN5/Rz2T
                                                                                                                                                                                                                                        MD5:F0CF97FA5129708D216747101A50FB0C
                                                                                                                                                                                                                                        SHA1:FDAF99B8CCF577399F046A256197AF593B86A85C
                                                                                                                                                                                                                                        SHA-256:CFC2DF209FF63BB55D2A47E1902E9AB74C7F095966469E9BB16B191525D00258
                                                                                                                                                                                                                                        SHA-512:104B9DFBF49771C6786D7BE49E4ACADFD911145A73AFCA60610D5C559A025D3F0C9F12B6B645AAE5C10E94FF14A7EC788F71105F28314DB16E84587CBE29F6B8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch Score Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 283;.. ui.SecureSearchToast = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. .. _window.setWidth("761");.. _window.setHeight(windowHeight.toString());.. .. var toast_data_string = await _external.getArgument("toast_data");//json with score.. chrome.webview.hostObjects.wa_external.log("ready: toast data is " + toast_data_string);.. var payload = JSON.parse(toast_data_string);.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... chrome.webview.hostO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8459
                                                                                                                                                                                                                                        Entropy (8bit):5.154344834470699
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:OW/al9Sqd0++Jx0ZBSaLR5YDm9eHnqWNRXz:OA+AaLR6HnqWNR
                                                                                                                                                                                                                                        MD5:BA573C8846D86670FA8AF33F1D4EAC0D
                                                                                                                                                                                                                                        SHA1:74E7BC7505C876B8B38CBE9E87BF7B77F4D4361A
                                                                                                                                                                                                                                        SHA-256:9C7A7791C9C9AD753D8238407BFD27DEC32E9D23BB16D274AF795D34BEBDBD81
                                                                                                                                                                                                                                        SHA-512:BD59BA5CA96955FFE287A0061DCF60BC5619C48B7A70E7A50A46ACA60374B44F7210857D0F32ECEDDBCE422E07C41CEED648E014596D25AC713A67C46A2096D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}.....main-container{.. display: flex;.. position: fixed;.. bottom:0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.... width: 761px;.. height: 565px;..}.....left-container{.. width: 276px;.. height: 100%;.. background-color: #F5F6FA;....}...right-container{.. width: 484px;.. height: 100%;..}.....inner-div{.. width: 100%;.. height: 100%;.. background:url(file:///[WA_FILES]/MFW/packages\\builtin\\wa_score_toast_main_bg.png);.. display: flex;.. flex-direction: column;.. align-items:center;..}.....variant_2_bg{.. background:url(file:///[WA_FILES]/MFW/packages\\builtin\\wa_score_toast_main_bg_v2.png);..}.....inner-div > div{.. display: flex;.. width: 100%;.. align-it

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4418
                                                                                                                                                                                                                                        Entropy (8bit):5.038538128490069
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:JjRax0x3/363kKk+kgk31hHhiKCOGmBmKbTlVRWJ0IRVXhTAhc9CRj7SO1CCR21l:J+xmfb3Re0IPhTigCx7SOgCgCGF
                                                                                                                                                                                                                                        MD5:4CE80817B6F2885E29882D335F85D62A
                                                                                                                                                                                                                                        SHA1:DCFAA243686206DE9CDC720E90D6C12BA83B85A1
                                                                                                                                                                                                                                        SHA-256:43A080DC68A6D1D17635A1F51E51EB015C0E733B29716C867C94FF0159D8984D
                                                                                                                                                                                                                                        SHA-512:EE3BADFFC7F3C35481C878CD1E3C1D9A023564AC2B855EF811AA91FB7DA3EBEAA1A77D86D186E5C0C80E5C4D35B9C6873933283CF7E39D5FA19FA79D15E6D656
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\score-toast-ui\\wa-score-toast-main.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-score-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <scri

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8673
                                                                                                                                                                                                                                        Entropy (8bit):5.018518462489992
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:N9T16teT2I8GkkA7KQ23LGhmPvHVe7Ela7MLuLULxLQLnLJE7l:N9T16teT2I83kA7KQ6LGhmPvHVe7FMqI
                                                                                                                                                                                                                                        MD5:3AB21B7DDDE8F36D4C49AF4919F7CC73
                                                                                                                                                                                                                                        SHA1:CAC85CC366579D82D2FF63544DDB96D14B151A72
                                                                                                                                                                                                                                        SHA-256:870FA6037B687E8F740270F19ED4DFB49EACD3804280773889D0085EDE0E2748
                                                                                                                                                                                                                                        SHA-512:8094EBB2D723A077E9BBB3407A6DEEDFA7A23F8A64A505D1871AB701D3BD2EDBEC82B242DED5DEFF9575C5B840A0B13F2CF3B8D3B495A21B50B53166A5C44DBF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch Score Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window;.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 565;.. ui.SecureSearchToast = function () {.... show = function () {.. _window.ready(async function () {.... chrome.webview.hostObjects.wa_external.log("ready: begin");.... var toast_data_string = await _external.getArgument("toast_data");//this is json passed from logic with cohort and score.. .. chrome.webview.hostObjects.wa_external.log("ready: toast data is " + toast_data_string);.... var payload = JSON.parse(toast_data_string);.... _window.setWidth("761");.. _window.setHeight(windowHeight.toString());.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... chrome.webvi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1454
                                                                                                                                                                                                                                        Entropy (8bit):5.243805452626895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:xmp5UoZRqxQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUMNzjPX:xmp5UoZwxDHF3uBjFloZKY+YfnHcQe9v
                                                                                                                                                                                                                                        MD5:E0005DF5A2F91D11A160E7822B18DCA9
                                                                                                                                                                                                                                        SHA1:7A88A672721F61D0670AED8C57528C6F403E052D
                                                                                                                                                                                                                                        SHA-256:3B0F3FB67A67D2B45A6F1E47D0D79F36E124FD9FA733FD66C56151163DC11026
                                                                                                                                                                                                                                        SHA-512:B51F2F5A0745B2D5D2E7AC2E1AE57F7F38FD627A0F5B30937C7BD4FC70EFF628D6498E91D2C1787B5C9E6303A70D6A2D7A48ABB1B9D772F392D5B46FC785D05E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}.....content__text:last-child {..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2054
                                                                                                                                                                                                                                        Entropy (8bit):5.409297213142282
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:N8xMxtUY+3i3cKc+cjpJCX6OK+punY6us3:J+9Dz3
                                                                                                                                                                                                                                        MD5:CBFF04AB4685F3B5279C89BEEB5826D3
                                                                                                                                                                                                                                        SHA1:31FB9A155CD139B2FFB3F177FCDDD8861C6A8AEE
                                                                                                                                                                                                                                        SHA-256:C44331B46FC9593F9B7554A897E90F95DFCA85913FEE28CB2608E3F92C5CF168
                                                                                                                                                                                                                                        SHA-512:7B9C8883EE0149F51A6DE7F8941B427D1719CD6BDAFFFCBC605BCEBD17953C96633E0312156C6CAC7A6805DE20201F26B3084279E3A721713412593C95219820
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3609
                                                                                                                                                                                                                                        Entropy (8bit):5.13975478960129
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cMA4qOTkC/pV9WqxEz0TnMTJo1CV9WE6KGXX:vAUr/pubwT8uCu1KGXX
                                                                                                                                                                                                                                        MD5:E800687A49845C2FA710CEBCC7713290
                                                                                                                                                                                                                                        SHA1:A7957339A4F23C848ED6BB1AF8F09A8604FCABEB
                                                                                                                                                                                                                                        SHA-256:C1514400DB7490623A527F6C4627AD83FBE20E419CFB6AEDF078D7F6CE87BB4C
                                                                                                                                                                                                                                        SHA-512:27D0D1C82A4BBCB247DEE5233E0CA5695BB604FB22AD56F6B7E453EEC0DA2A6D29E91A2DEDD78CB6777B6F82512E4198F4B1547DEA860C42B19E98F498604BCB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. };.... let browserCode = "(unknown)";.... show = async function () {.. init();.... _window.show();.... browserCode = await _instrument.getBrowserTypeCode();.. // Send telemetry for dialog balloon showed.. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(browserCode).balloonType("WAOverlayOnboardingOpenExtensionPage").Serialize();.. _instrument.sendTelemetryEvent(telemetryEvent);.... //Send Telemetry 3.0 for dialog balloon.. var screen_flow = browserCode == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browserCod

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-checklist.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2823
                                                                                                                                                                                                                                        Entropy (8bit):5.1658658808280835
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3kx0xsUl363kKk+kUTkikthkxhlhPhOCCv/enQORDSp:OP8v/WQq+p
                                                                                                                                                                                                                                        MD5:F21FD4B4D31907A5996897E8C3665102
                                                                                                                                                                                                                                        SHA1:B6096831071696FF3DE41AE3038987B1F59C8FDC
                                                                                                                                                                                                                                        SHA-256:DC36FBA5083B9E9D75DFF341F97AD43037A248F0A325C6D9C354AD86E664D45A
                                                                                                                                                                                                                                        SHA-512:FA917E5636CD23DD2E7A177505ACF19259BAEB588905A707C779DF1FBE7797E47A75462036E51D96E66191ED80F289B381AE2B09676DEF7358828625432A91C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-controller-checklist.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (333), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19476
                                                                                                                                                                                                                                        Entropy (8bit):4.750838356862996
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cD7PaE5bXIDT2o1Cm+kYNTtazx/6x5o+72vY4jQWvHDsRFLFmZlP2Sv7:Y7PaE5bWT2o1CzksTcY5o+7GREjYZ5n
                                                                                                                                                                                                                                        MD5:16566D805C70C828185A9643FB384047
                                                                                                                                                                                                                                        SHA1:48325CCD13938ADF18EA24D30096334E055EF461
                                                                                                                                                                                                                                        SHA-256:D58F6822D2F1D22031D3222BC6FE0E2145A9991502BD75ADA89B07CB933C2A15
                                                                                                                                                                                                                                        SHA-512:B86EF78A20200C90F558DB174E039CE014D868369E9E47D880EF2600819BE8671362178CDBFE1A59967401FC3FA1BF76197D672A230DD8FFA2AD1049B621037B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* CheckList Controller */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. let threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "file:///[WA_FILES]/MFW/packages\\builtin\\white_timer.png",.. alertImage = "file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },.. self = this;.. let browserCode ="(unknown)";.... this.update = fu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):772
                                                                                                                                                                                                                                        Entropy (8bit):5.278647416331974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:xW/FJLjFUoZdTrh8FwIjEHpbXTfMUGAtf8+IdKjjUK+xe+IqFcF143jhZZw22dSW:xmp5UoZRqC3dDUUhiLKyFc43bZt2dKc
                                                                                                                                                                                                                                        MD5:FDAB7A84A4A860B341BB95A263670F6B
                                                                                                                                                                                                                                        SHA1:BF43E5BEE93D7CDE996648D8EC9B556DC90BA0F7
                                                                                                                                                                                                                                        SHA-256:14ADA41E5808F3CDC11276695200F9E0213451008EB96B05CF46E1BDA86F813D
                                                                                                                                                                                                                                        SHA-512:B70550F989B2BF66DEFE5ABF2CEA64FFAAD5F23A9770320C1E37A4AA48CC95B92651D1E8CFA94EE7DCF0F398C076B415C6756AEBE8A8FABEE70DC63ABC795450
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//162F990F9B07BCE49F9C9259B5728AF03EE893C0DA90EB2435F53C210B4831C7621DC750F7EA23EC7C521910423A87E65A387B2AF07567D004C6E8B2CFF235DB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1945
                                                                                                                                                                                                                                        Entropy (8bit):5.4286335049163075
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:NOxMxG75Y3i3cKc+cdNpJCzd+TQgT+yVQut5:w7aAMTQI+xw5
                                                                                                                                                                                                                                        MD5:4CD1E437E04820D6E97E8D772054F06A
                                                                                                                                                                                                                                        SHA1:AFA07204E1C361B37062BF1D86343542868B69C1
                                                                                                                                                                                                                                        SHA-256:C7A9FDB1F4DF2406D06742E21FC7CEA2BE411F345C50A6D63F11ED1CDA713DFA
                                                                                                                                                                                                                                        SHA-512:8A2001981B878B400DEDD610C48710C1FB689E2B0810EBAC82AC0F95E57EC9D7C79FE5A7FA4707E12730A2B34F24B4A45D56298E48F2606E5D591E2E997BC2F1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-dialog-balloon-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dialog-balloon.js"></script>.. <scrip

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dwtoast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1617
                                                                                                                                                                                                                                        Entropy (8bit):5.275652049290845
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:V2skx0xutt5WrVMzLKWrVMzQzVMzQXVMzQdGVMC8jIYcEWiFvKTH:3kx0xi7363kKk+knC8jK/svKb
                                                                                                                                                                                                                                        MD5:4B5209286CBC0B48D4E412D845A381E3
                                                                                                                                                                                                                                        SHA1:E02164F761079AC923B4A5AC185A6A74B30F9E00
                                                                                                                                                                                                                                        SHA-256:18376B809B5056E4ED00EDFE54D5C4C515564E354615B7F7AE3CBDB4C2975458
                                                                                                                                                                                                                                        SHA-512:EF68AA3052685E4A6A59E9B9BD4A3D07F552DCF4D91A744AEBB8D8BE89872827491B8964CE7F1F514E20ADBCAB0F758C561FD769A926DA325DE1B192620F620A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body>.. <div id="wa-dw-toast">.. <div class="heade

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2608
                                                                                                                                                                                                                                        Entropy (8bit):5.221729412099025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:7kxtxC363kKk+knh88CVr/R+5a5beIwEeIYOzC:U/Fb1De
                                                                                                                                                                                                                                        MD5:FBB96157B894F4D21601B277DB32F42C
                                                                                                                                                                                                                                        SHA1:C21733D77278861C8F46D750A99E1BD7E0A8CE53
                                                                                                                                                                                                                                        SHA-256:AB2A3AD51E77375CE894CCEB2B92AE4241DC395FF5C5C32F515CDF12DDAD9122
                                                                                                                                                                                                                                        SHA-512:3C278517DFC8C2E5C2648056E75293BADA1F46A105649E42F0B04FB2BA72455C139D9CBFFCEEBC5EC9CD3369CED8181DA7CD15C03ECF6E0E555CBD9DA23EBC1B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>Download Extension Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ext-install-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ext-install-toast.js"></script>.. <script type="text/javascript" src="file:///[WA_F

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5574
                                                                                                                                                                                                                                        Entropy (8bit):4.85644203813916
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:1zDsTVq7EIkY+0vTkE0oN6El4iTZTzwuFqEFDk00jl8arkM0d7XWPb:qc7EIV+UTq06ESGZ37Fq2DajlJryd7ab
                                                                                                                                                                                                                                        MD5:68B83CC1D529E2A132CE695C4AE13EB7
                                                                                                                                                                                                                                        SHA1:480907755332E34B340A661AF4FD6FC24E4AF6D3
                                                                                                                                                                                                                                        SHA-256:250DCB1B583D2620D0F513601E9312132074CF549566963801C3BA6D8C11A28F
                                                                                                                                                                                                                                        SHA-512:B2DC357B7B5565E0B72831BA4FDDAD089644F640D9EA55A8F0A9AAE8B8D35FE395898A580222013CB203D0C897668589434C3F09EE20E3C6DEC22F06FE717C1D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Download Warning Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.... let browserCode = "(unknown)";.... show = function () {.. _window.ready(async function () {.. // Set toast window size.. setSize({ width: "485", height: "265" });.... // Get settings data.. let toastCountSetting = "ff_extension_toast_count";.. let toastCount = await _settings.get(toastCountSetting, "0") || 1;.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.... // Initialize toast... init(lang, toastCount, document);.... _window.show();.. window.chrome.webview.postMessage("draw_background");.. window.chrome.webview.postMessage("set_focus");.... browserCode = await _instrument.getBrowserTypeCode();.. //

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6769
                                                                                                                                                                                                                                        Entropy (8bit):4.973282245485115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:yH5SvRvxVoY2bZX/o0lhOY52Q5YsYmafFZR9h:yH5EvxVD2bJQChOsV5BLaf3V
                                                                                                                                                                                                                                        MD5:EB76FB862D6A2090FD2B60AD4372BDDF
                                                                                                                                                                                                                                        SHA1:BB203D78F96D545E497542165E72EE7D83DBB8F2
                                                                                                                                                                                                                                        SHA-256:E1C3BC6BCF565B8C0E96A266303BA445F89BA8BC155F145982CD8C7D90B55DFC
                                                                                                                                                                                                                                        SHA-512:4F453D51C85A16B380427F46B23C704AB6164E5B69661DCE23A1D397187BBD2A192C3B44D7C9081AF45BB9790065373A4DA12CB9BEC2564CA99A5A0ED1F210D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1673
                                                                                                                                                                                                                                        Entropy (8bit):5.422527653618424
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:csY0xtxdJQeNVMznWrVMzLKWrVMzQzVMzQXVMzQdQVMzlCZVMCmFgtH4DE6H8X+:3Xxtxk/r363kKk+kNhzCJtH4DE+e+
                                                                                                                                                                                                                                        MD5:5D396B0577DFD6A4238021090BFC06FE
                                                                                                                                                                                                                                        SHA1:A734759019D6E3B7D5D300F9AA2D26D1FE101EC1
                                                                                                                                                                                                                                        SHA-256:253F99086DB440C8793FF15A30558A1AB85F202D2D57A7214E79313AC35FF297
                                                                                                                                                                                                                                        SHA-512:890F59B4C28E606CD6743204DD2E27D2111C01700CB1A2794CB7A63E0D9A217FDBCE82BBABDFDBABCEA1F693FE36B6E8B76185940048C3D179AB10A89BF12854
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-options-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/java

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2339
                                                                                                                                                                                                                                        Entropy (8bit):5.380738551217695
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:NOxNxS/Y+3i3cKc+cppJC3W0PK+ptCHJCeYvK:YFi2CxYi
                                                                                                                                                                                                                                        MD5:DB843FD06EA7EB950DC040F73A353487
                                                                                                                                                                                                                                        SHA1:8F2FCA47D5925E863AC39C0696A2F517B63B4269
                                                                                                                                                                                                                                        SHA-256:2FC9A3B519635C4618B1CAACB60141A08C6978D85205FE9ED6AEA95A7E23F140
                                                                                                                                                                                                                                        SHA-512:E8CE2D7810FF61D7B8AA7D135894763BA03D6344C6B8D9B9D6E22719DB29FFCCEAAB9175DEE2663781B1CFACFAB638CC6EED49705B024766A159D2A6C974AEC2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:/

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10070
                                                                                                                                                                                                                                        Entropy (8bit):5.234835979741239
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:2Ar/3q1FNFmMtuhVXdeWG3trDCpnb+LwlY7ZmXQ:7Q8XPG3tPqoQqUQ
                                                                                                                                                                                                                                        MD5:3951D2688FB8E756A9B9F8A291A24AE6
                                                                                                                                                                                                                                        SHA1:1135A01BA103594E016E3BB2E791DB35AF64090A
                                                                                                                                                                                                                                        SHA-256:05E33EB98A9ADD987BFF7BD21791A94DB03088D524AB6E8D7FE45090948712E2
                                                                                                                                                                                                                                        SHA-512:27150777E28D25B0A10432625399669FB7845816D8A8960F6958BC93A651BB4FC569DCF4382B9BA34FC53200C6132C67827448A72963DB427731F14BC3F095E1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2773
                                                                                                                                                                                                                                        Entropy (8bit):5.219151021756812
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:xmp5UoZwx7MdDyTgWfx9gazwPpLDqELO1CX7EnulmCEys:xA2x7M8TgWfx9ZzwRqzkhs
                                                                                                                                                                                                                                        MD5:673281C45B2B048B7EDA310C81240563
                                                                                                                                                                                                                                        SHA1:7E750303228A0F3D5E2EE8C73C2E1607D7564CF2
                                                                                                                                                                                                                                        SHA-256:925711BD6ECCA6E8C4D625E5F1C7C8DB2DE64EAC25F8B186C953DD2E18571A7D
                                                                                                                                                                                                                                        SHA-512:015F4C82A6BF44FC4D1BF59973AE3FF816278BEF3F0497997784EF5BE0749E815E425B6748E6CFD1973B3677AF67B6D15B7F377C2566B7A23AE9053874F88B29
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 25px;.. display: flex;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 15px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2674
                                                                                                                                                                                                                                        Entropy (8bit):5.347259359573244
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Ekx0xeexvU2363kKk+kF3hHCeYYUrOFfp6NnSmsPzxJzZ:5kCOFUNnRstP
                                                                                                                                                                                                                                        MD5:F58559DCA0208A198A9EF11C324F92DD
                                                                                                                                                                                                                                        SHA1:5928FF32F15E3283B3A0880FBD0C189730D2872C
                                                                                                                                                                                                                                        SHA-256:C9863CAF1EC5B86D1758B31DD6DB6E52CC29B4D1F8D516A85C755E74E9FC967B
                                                                                                                                                                                                                                        SHA-512:13C6C87D91CAC8AB9F4B26F5263B41A7872B5F6A14D66D559A89F274EC91372A599F21901DC26DD9AF4C66C63E186DF73462EC67A89BAB4DE2322E44FE4D6219
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\custom-checkbox.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ss-toast-variants-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_we

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15842
                                                                                                                                                                                                                                        Entropy (8bit):5.047942511503827
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pBhtOz/WohfMaTGrTaTe1GXoK+iJIZ4t8g8BbLHLXz:nOyoiammeYokJIZm8g8BrD
                                                                                                                                                                                                                                        MD5:A8209B654F89B250084F67B5EA827546
                                                                                                                                                                                                                                        SHA1:BACA6B3770ED3DF2CA2F58AD9D36E692E82DCD95
                                                                                                                                                                                                                                        SHA-256:89C3907F24CDC54D4719101F6CA890E67322D2685D6CAA4C99E35D895C40A288
                                                                                                                                                                                                                                        SHA-512:85ECA7574517D1FE95D17DAB0F329E04C2E18EE395ADB3FDE2742B974590EA34168CF58009A3C6B6B2FA4B7A7A8FB817A71E942DE06C21EC1BDEBA9242801CC7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:./* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. closeIcon: $("#close-icon"),.. labelDiv: $("#label-div"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION"

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-bing.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1677
                                                                                                                                                                                                                                        Entropy (8bit):5.186028452208281
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:UviN/rqfueEfu3kskCl8uGSq1lPDgrertqIKV5bZ066o9gDm2R:UvitOoWrJkSqbb9AIKV52jNtR
                                                                                                                                                                                                                                        MD5:241885732B6CE39CC3C428BD004A37B1
                                                                                                                                                                                                                                        SHA1:190F827B1B8FB159913753F0D1341BC2CCABBB21
                                                                                                                                                                                                                                        SHA-256:8C0284F1B830A397046B8CDE927C376F34C6CF840162D485F7C7CEEF1CDEDD43
                                                                                                                                                                                                                                        SHA-512:73C575F9BC0D89CB941BCC0F6065148BBA355A37DC40D5A3C0DAE77976F856B66FA508D7C8210018E4DDD99F302397717675E6563E738677D018BCABC1CDBB66
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px 10px 10px 10px;.. font-weight: bold;.. font-size: 15px;.. color: white;..}....#wa-sstoast-content {.. font-size: 11.5px;.. padding: 10px 10px 0px 10px;.. height: 142px;..}......#wa-sstoast-content table {.. font-size: 11.5px;.. height: 132px;..}....#wa-sstoast-content-caption {.. font-weight: bold;..}....#wa-sstoast-footer {.. padding-right: 5px;.. padding-bottom: 0px;..}....#wa-sstoast-content-check {..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-bing.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3058
                                                                                                                                                                                                                                        Entropy (8bit):4.763148083290686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:x2skx0xdYk3WrVMzLKWrVMzQzVMzQXVMzQd1urVMzlbAVMzlizVMCy3juOB3+7qB:jkx0xT363kKk+kSChHhiKC8h3BsrVVQ
                                                                                                                                                                                                                                        MD5:2E8C49E814AABDC4AD0D9B28AE4FBAB3
                                                                                                                                                                                                                                        SHA1:8AFFAFB34393B9393E55E1BDA5EA9B7414A646A0
                                                                                                                                                                                                                                        SHA-256:DC19C3C5254ACEC3ABCC4E0CE6D9BC4433D48C69EC85A956C1D0BE7401BF7FDA
                                                                                                                                                                                                                                        SHA-512:044E5AC14C9EE2B1819B0F3B8530D8250B6BED127F9FAD9AE442194EE66FB0A585D2CAA6EBD06AE11F31715851F02C9D2075761A7ADC01C8BFDA8E8F871F77CF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-sstoast-bing.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-bing-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-sstoast-bing.js"></script>.. <script type="text/javascript" src="file:///[WA_F

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7450
                                                                                                                                                                                                                                        Entropy (8bit):5.105888312752063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:OW0xXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cgw:OWlH2zFguf+c9Ug9K7aO9Y1bNH
                                                                                                                                                                                                                                        MD5:857D50C1C26AF38D1459BE49E6712C0A
                                                                                                                                                                                                                                        SHA1:DF40221495034021DE8DAB0C859549F3FDF1C1A3
                                                                                                                                                                                                                                        SHA-256:6916D408376D4664B2157D18CDF7CAF3B2C238B32D842C111F93612608EA3730
                                                                                                                                                                                                                                        SHA-512:0A0E5F82F3BD7D7E08051756D7379336E24514FC94860E6BBB9263478371E3560BC57C69CF8D93B2C29C95847D15CAAF7C659AA8B7ED2AE663B410E0F3CB74D3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__content .log

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4163
                                                                                                                                                                                                                                        Entropy (8bit):5.136475686937548
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:raaxLly363k3k5kabWhHZhuvT0/qUYoAxT75CZUea9S64hV2QXDUanj5Q9nBb:fbYhYGYoq75Heac7VfXDUanl2b
                                                                                                                                                                                                                                        MD5:30199E1070E8D91186CBED6166B37EE0
                                                                                                                                                                                                                                        SHA1:4944F5E22867CBF6039A7004DEA33B507BF78A41
                                                                                                                                                                                                                                        SHA-256:5BBAB11AC27576298D8F2CB0005F171069A7F77736DC46695A5A6079743D711F
                                                                                                                                                                                                                                        SHA-512:FA4B4D611100FE08384955EC4C803A824751217E4E25A294883A99B3176878ADDDB9BA6D9D6BCA64859045BF45F16AF6B153303B1F367F64A6343A828EE4E56A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<html>.... <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9943
                                                                                                                                                                                                                                        Entropy (8bit):5.156152247580407
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:TAf3m0aWPwT0JrrvhGzuLIhHQnJs1a85seo65DUyIrEzU6lgXsm:8f4cGyDJgseoYIrasz
                                                                                                                                                                                                                                        MD5:25576EC7C0416C778945B26149DD3832
                                                                                                                                                                                                                                        SHA1:B762362DFCB519B5247ECE0D28DE7F4FBF6AF806
                                                                                                                                                                                                                                        SHA-256:0BC7EE98AF16EEFAD7495D25B4AC978E008C31B9C798E8EF8CE280CE9D51AE3E
                                                                                                                                                                                                                                        SHA-512:68637B8DF72D3F36E09D620D65995003CF1F0E47B32F416ED07EE09EF94A2947ECEC1905DF2A7BBC8C0975B2FE84035D4DC878889156A7DDC1991BA7DE470F2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.. var browser_code = "";.. var provider = "";.. .... ui.accept_extension = function () {.. var $el = {.. version2_3: $(".version2_3"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContainer: $(".feature__1__label__cont

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2195
                                                                                                                                                                                                                                        Entropy (8bit):5.238582171917092
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UfqM+IFN0I4H0UJ0UY60uR60BFvUIFaSvU49xRstVOTcz:UfqMXm5R3F7aSp9OTz
                                                                                                                                                                                                                                        MD5:5D2E698A6968F1314CA1C4C7C6539C94
                                                                                                                                                                                                                                        SHA1:9C19CAB9E2D9CC5687695411CD8956ED9F7BB103
                                                                                                                                                                                                                                        SHA-256:72861B708119855D825F477FCF6F6AB5C5C9068E0A431AEB0AAD0009C2B32030
                                                                                                                                                                                                                                        SHA-512:2991D8871A7B81068E2145772EED6DA2603C165104C1461D2CC78AC3F06557120E071A80024FB7313D408B8B7403BAF363F7CC31848FE8139BF353E51F517889
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....body :focus{.. outline: none;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px;.. font-weight: bold;.. font-size: 16px;.. color: white;..}....#wa-sstoast-adblock-content-subheader {.. padding: 0;..}.....main-content {.. font-size: 12px;.. padding: 10px 10px 0px 10px;.. height: 118px;..}.....main-content table {...height: 108px;...font-size: 12px;..}.....main-content ul {.. padding-left: 13px;.. margin: 15px 0;.. padding-bottom: 10px;.. line-height: 17px;.. font-size: inherit;..}.....main-content

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5845
                                                                                                                                                                                                                                        Entropy (8bit):4.2556796306387605
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:AkxeexbUy363kKk+kihHhiKC5h3ugf7W/UQ:+q/Q
                                                                                                                                                                                                                                        MD5:7457234C36A5954ECE88E9A9B376E0DC
                                                                                                                                                                                                                                        SHA1:24501D1AB910ABBFA2B970C92F2E3E73EC3A553E
                                                                                                                                                                                                                                        SHA-256:8C1157403230E992DDB4DB20930118AC24EC78F91978401F2F4A5FA1C6A888DF
                                                                                                                                                                                                                                        SHA-512:210F16DCB4F2B321067C5D2100E4F402022DCDDA05F6EFB77D80D6AA2D74490C4076544E0D7FD5B5E1EACC401FF838DCD524001B622D9FD83259A1901CAF34D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. .. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\custom-checkbox.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-sstoast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\w

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-av-report.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7884
                                                                                                                                                                                                                                        Entropy (8bit):4.712007692056846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:qkKi/9YE8TRrGQyvEy2oWp2Uop1VacU2/BPZnn41/qQmO:wCR5JBPNYCdO
                                                                                                                                                                                                                                        MD5:A90AF7CB20576C42BC39F194E64F489D
                                                                                                                                                                                                                                        SHA1:D1FAF0AB64129872556CF9ED0E9085C3EA474C94
                                                                                                                                                                                                                                        SHA-256:BC1A0A0BD4177E481261F494D18B66F6DEE1057BE17A306913F0BD6C6F241E14
                                                                                                                                                                                                                                        SHA-512:C7658A86E5A08D923DFBE0E88A75605EC64C647FE8307675DE1AC7F2DDB1B394D58DFC444855EB7CF2C40F546DA7A200569124A20588938ECAF2737492ECED85
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.. _lrt = wa.Utils.Lang.ResType,.. _l10n = wa.Utils.Lang(wa.Utils.Lang.ResType.UT).get;.. .. ui.AvReport = function () {.. var settingUrlBad = _settings.get("upsell_url_bad_scan", "1");.. var settingUrlDefault = _settings.get("upsell_url", "1");.. var url = (settingUrlBad == '' || settingUrlBad == undefined)? settingUrlDefault : settingUrlBad;.. if(url == '' || url == undefined){.. url = 'https://www.mcafee.com/consumer/en-us/landing-page/direct/aff/WA_MTP_StaySafe.html?affid=1523&ccoe=direct&ccoel2=campaign&csrc=wa&cctype=mtp_test5&ccstype=mini_vulnerability_scan_91277'; .. } .. .. open = function () {.. var data = JSON.parse(_external.getArgument("report_data")); .. showReport(data);.. _window.show();.. },.... showReport = fun

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4537
                                                                                                                                                                                                                                        Entropy (8bit):4.719782670297555
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:+cAFwUkCTaVVPCxEeO0pv1xRsxIE3BXDXjZXGFQs:hASUrTafjetptxRIXDXjZXGd
                                                                                                                                                                                                                                        MD5:9EE575423491C3849418125F1CD1236D
                                                                                                                                                                                                                                        SHA1:815EADAC32775A687B7F2D98C0628ACC171D87A2
                                                                                                                                                                                                                                        SHA-256:4EFEB74659E165F1ED10FBFE1EDEF07DC6A3C9DA505E973CA96E3ABA38940963
                                                                                                                                                                                                                                        SHA-512:BA1CD57A134568CF9749FA295D84A12FCDB521CC0701B0B630CE16F4E23C4D5311FE7D2A8BFFACC8EECE343686709EC483A9F98F6CDFC4DA8A32130A9BF3ADE1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Accept Extension UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var telBalloonType = '';.... show = function () {.. chrome.webview.hostObjects.wa_external.log("inside show");.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("inside ready");.. var settings = JSON.parse(await _external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... await _window.show();.... // Send telemetry for dialog balloon showed.. browser_code = await _instrument.getBrowserTypeCode().. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(browser_code).balloonType(tel

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2708
                                                                                                                                                                                                                                        Entropy (8bit):4.977093022666185
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:N45ikP03NTwwiIw0X+Zgleg0q3nwYfwR3AhYeYEfTiNAE1ed1RNArA:RdUl3GsKirE0SsA
                                                                                                                                                                                                                                        MD5:9BA72A20BEF3C12F05F0151794BD5C04
                                                                                                                                                                                                                                        SHA1:E8C8D925B53C79D8E22434616C130ACD2E1B12FC
                                                                                                                                                                                                                                        SHA-256:1E2813777EB6C2CEF0845CE2C49E487D8E84D40735D0FCC9BAED4CF17A9B0016
                                                                                                                                                                                                                                        SHA-512:D4B3D278A2DC927058BCC570241F6727FA332DA7631E173F77DA6EDBDB6561A54A157DA6EB2D337A577912991A6D461E2E4094EB95C96AEAEED0B07BD0A15DD3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Download Warning Toast UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. .... show = function () {.. _window.ready(async function () {.. let domain = await _dw.getDomain();.. let fileName = await _dw.getFileName();.... document.getElementsByClassName("logo")[0].innerHTML = (_wa.getProductLogoHtml("file:///[WA_FILES]/MFW/packages\\builtin\\mcafee-logo.png"));.. //$el.status.append(_l10n("PP_STATE_TEXT"));.. document.getElementsByClassName("body")[0].innerHTML = (.. "<p class='content-header'>" +.. "<img width='20' align='middle' src='file:///[WA_FILES]/MFW/packages\\webadvisor\\warning-icon-toas

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-options.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23757
                                                                                                                                                                                                                                        Entropy (8bit):3.8953389177774893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:LravuBFTv2stTHDiF9ymq4pnU5rnXEBF15hZOmvYkydOergI5:PavuB92qTHDdmRBU5rXEBF1VJy9EI5
                                                                                                                                                                                                                                        MD5:C61746778B9CD906A40B483D4CE7A636
                                                                                                                                                                                                                                        SHA1:5962FA0990F25D85EE300F8E232406A4CFEA7DF1
                                                                                                                                                                                                                                        SHA-256:5190B820868B554F46379ACB4026C23A2D2E96DDE5AA367DDCC337A63B60556D
                                                                                                                                                                                                                                        SHA-512:6487C31D8E0FF99E9F6638C5BAEAB20311938848A650A78A03D5368BD8A569FC53103861A6C0C2596B609CD45D6F53E7F7E49CA3C85833CA222BAD6E3D1CB231
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-sstoast-bing.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3213
                                                                                                                                                                                                                                        Entropy (8bit):5.1663703089817155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:84J7WFAUE+tg/eQKS8HJhMfNANKTBd5cgEXQ6c+dTYOYEfNg+cQBcZ1cxuOnrs:YyDGhp6xz5clQSa7Ezl7nrs
                                                                                                                                                                                                                                        MD5:7D61832FAAF7E3763D6408BE26E420E6
                                                                                                                                                                                                                                        SHA1:9B07907632239F6AB14D770946F58FC035C40B17
                                                                                                                                                                                                                                        SHA-256:9AD460788B5DE33675AF17D73CE10784E4B6DA56CFB75F122F9BB21B58AB0370
                                                                                                                                                                                                                                        SHA-512:28276C00A029C2CFB712719A16C0FEC344366FF96D246E416908B2D536E2E5E983547408FA35F0DE78DA998B8A47E7E867AD2D8D347AC993590C670403E31EE0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window;.... var browserCode = "(unknown)";.... ui.SecureSearchToast = function () {.. .. show = function () {.. _window.ready(async function () {.... _window.setHeight("294");.. let productLogoHtml = "<div class='logo'><img src='file:///[WA_FILES]/mfw\\packages\\builtin\\mcafee-logo.png' align='middle'/>";.. let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... document.getElementById("wa-sstoast-logo").innerHTML = productLogoHtml;.. document.getElementById("wa-sstoast-header").innerHTML = lang("SEARCH_TOAST_HEADING");.. document.getElementById("wa-sstoast-content-subheader").innerHTML = lang("SEARCH_TOAST_SUB_HEADING");.. document.getElementById("wa-sstoast-content-caption").innerHTML = lang("SEARCH_TOAST_BODY_TEXT");.. let subfooter = document.get

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-sstoast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14386
                                                                                                                                                                                                                                        Entropy (8bit):4.956996071625848
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bEO/vVN2LiepMLoN07fVLE09/6H6HnHfn:bJ/vOLWL57FE09/f
                                                                                                                                                                                                                                        MD5:3800D78B3B4A19D1953F62E201FF7412
                                                                                                                                                                                                                                        SHA1:0853584B66AB39E7EB2618199443E5A233A931A4
                                                                                                                                                                                                                                        SHA-256:343D41222B0A15360A8193368815745A19365089EB1BD5C40AFCA1C4E0BEC6FB
                                                                                                                                                                                                                                        SHA-512:7D849CD999BB9A40ED7DB3E7211C241471C4CCB10D44BC39B3359E30F7E1B8B76458811A83DAD848A2FB024FE4117AE06DDF701023B991DB4F511EB82C3FF846
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. browserCode = '',.. provider = '',.. metadata = 'render=web_view';.... ui.SecureSearchToast = function () {.. var $el = {.. header: $("#wa-sstoast-header"),.. logo: $("#wa-sstoast-logo"),.. mainContent: $("#wa-sstoast-content"),.. mainAdblockContent: $("#wa-sstoast-adblock-content"),.. mainMavContent: $("#wa-sstoast-mav-content"),.. subHeader: $("#wa-sstoast-content-subheader"),.. subHeaderAdblock: $("#wa-sstoast-adblock-content-subheader"),.. subHeaderMav: $("#wa-sstoast-mav-content-subheader"),.. caption: $("#wa-sstoast-content-caption"),.. captionMav: $("#wa-sstoast-mav-content-caption"),.. label: $("#wa-sstoast-content-label"),.. labelAdblock: $("#wa-sstoast-adblock-content-label"),..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2797
                                                                                                                                                                                                                                        Entropy (8bit):5.247866552733011
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3Xxtxc/4363kKk+krhOCe4T+DSSqor5beIwEeIYuAPKt:X8ztb1Xt
                                                                                                                                                                                                                                        MD5:0D3230A1187DEBE95CB52581ACD17796
                                                                                                                                                                                                                                        SHA1:4717F42C4B32CFD61FF89BBEAC069F3E6F809BDF
                                                                                                                                                                                                                                        SHA-256:4F2169F9DC59580BF62474C80FC450D7264EC6DBCCEDCD22C305F178B4938EE6
                                                                                                                                                                                                                                        SHA-512:EAB35BDD501992CEF621F12FFB95A4AD92879EC3FA2D73849AC0075513EF1826AAA3AD468F17431064D6279A1D0A5DE573C702BEA5C01EB1AB13029CBB75FED3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-upsell-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script t

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15936
                                                                                                                                                                                                                                        Entropy (8bit):5.111211412476876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:+0/Pf4lTvqz3NbDdvSNOsxyVcNvKTvY6TdR/OsxTtwXMT2OpU0g/0i:zPf4lTvECBxyuNvKTvY6TjBxWcTRxe
                                                                                                                                                                                                                                        MD5:EE91F0EB0F8ACD90552CEC2954DFF482
                                                                                                                                                                                                                                        SHA1:04029B74FBBFFF951A77726FF01145C115EBD948
                                                                                                                                                                                                                                        SHA-256:ADE71B547F72D8BC6514CFE904353363C1DEDD162E6E9685B7FF2BEE57229981
                                                                                                                                                                                                                                        SHA-512:A934C5B9AD127922DA65847861FD0CA549CFD62BAC7ABF71FB8C5DC6B7942BFE1CF99B6A547EE4AA428A3BF3EE6F284A694B6C7E43D2CCE396E6612625C3C804
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. case 3:.. return new ui.GtiUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5375200
                                                                                                                                                                                                                                        Entropy (8bit):6.530065864886624
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:C9PMm/gtYM/mu9Ji0/R3WRGIXaqwQCMjPgSNd82Ga8wT2ik4lw0ft2kuIe2jX2l7:ze+YoNq3CMj48xVk49LVeW/w3xnxd
                                                                                                                                                                                                                                        MD5:A23F0EE9D64116F6C7147DCD1EF67C6F
                                                                                                                                                                                                                                        SHA1:131CE068E236F40546739938749ABAC4EED9CDDF
                                                                                                                                                                                                                                        SHA-256:6990FDA9F8D3D9DAD116AEFDEBE0AC442EF21D0C42B28E93BEF29F80F0CC1A50
                                                                                                                                                                                                                                        SHA-512:39466DCC78956B64220C5514A2B48232E68933B5214370D4C0D16ABA0082E3D0A05BC7AF0478C3993F0C63FA1F888E9BC151AA37C40C90E8B3034E71E0FB804C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......^.~.............Q...............................a...Q..................._....&..4...Q.......Q...=...............[...............-..................................Rich............................PE..d...o.>f.........." ...$..=..x........5.......................................R.......R...`A..........................................J.D...$.J.......R.p.... O......FP..... R..{...0F.p....................1F.(....0B.@.............=.......J......................text...c.=.......=................. ..`.rdata..xH....=..J....=.............@..@.data........0K.......K.............@....pdata....... O.......M.............@..@.didat..p.....Q.......O.............@..._RDATA..\.....R.......O.............@..@.rsrc...p.....R.......O.............@..@.reloc...{... R..|....O.............@..B........................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticscontextconfig.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3941
                                                                                                                                                                                                                                        Entropy (8bit):5.53133157158304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YMh0MSMOM+MCd+QIAOYl93A3NVz3cVtubiQXXvPrMtXUZNWjpzCrh2Ot/GfAADS7:GkXVStWhXX7MNWW905Xh
                                                                                                                                                                                                                                        MD5:7071051612F0DB04FDB53533D5A05130
                                                                                                                                                                                                                                        SHA1:A400D0C06C25478021850CD309D36EAC741F5AAF
                                                                                                                                                                                                                                        SHA-256:4CB8F841897880738CF6D8E226AF8EC58016727EB4C7E193F90555031BCE8A5E
                                                                                                                                                                                                                                        SHA-512:F1157ED23BBCC288BAC22379B9F806266795DBCA5C770274ADE8F8BA37D3B76C6DFADDAED7E0E2C00331CB29FD3E0260E4128E43E418B5C8B16BA9647556A02D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........>.b5.;.5...5...=...5...=...5...5...=...5...=...=...5...=...5...=...5...5...=...5...4...5...>...5...>...=...=...=...5...5...=...5...4...5...>...5...>...=...=...=...5...=...5...=...5. .=.!.5.".5.#.=...5.$.4...5.%.>...5.&.>...=...=...=.'.5.(.5.).=...5.*.4...5.+.>...5.,.>...=...=...=.-.5...5./.=...5.0.4...5.1.>...5.2.>...=...=...=.3.5.4.5.5.=...5.6.4...5.7.>...=...=...=.8.5.9.=.:.=.<.7.=.6.=.L....context_config.contexts....contexts..wa_mss_plus....handler.MSSpStatus.setting.context_wa_mss_plus.user_account_id....setting_name,CloudSDK.cache: GET /account/v1/details.key.account_id....handler.AnalyticsWPSSetting.settings.....property_name.accnt_id.handler.WSSSetting.db_name.vso.hash_id.IDENTITY....wss..wps..handler.AnalyticsWssWps.setting.context_user_account_id.product_productkey....setting_name1CloudSDK.cache: GET /subscription/v1/details.key.product_key....setting_name1CloudSDK.cache: GET /subscription/v3/details.key.product_key....handler.AnalyticsWPSSetting.settings.....proper

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswpssetting.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1631
                                                                                                                                                                                                                                        Entropy (8bit):5.811626767238773
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:SsyL8TKmNfeO96lrbNiFiuUDqKMZO58Aa4JlMqk:AL8+jOMEFsD5MZOs4fMqk
                                                                                                                                                                                                                                        MD5:0DDF132C720380BBCE6AA9EB8D30FC46
                                                                                                                                                                                                                                        SHA1:973320F560FC020DBC3E653D8365D82FA4475AE0
                                                                                                                                                                                                                                        SHA-256:0C2E10E502083EF9973D5121D2CFAE53FCD745DFC01D9F4EBCF890CDA6F70D59
                                                                                                                                                                                                                                        SHA-512:69E4E5FDF86504BB7F0C39616B4ABACB28F2500D25E5D082E6ED976ADE1C54BD0C448ADBF004440FC3845DDBC4133C037AA5E461770246F6E67B007A0EE5A312
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........U....X...'...L...6.......9.......B.......X...6...9.......9...'...B...'...L...........X.2.6.......B...6...9.......9...'.......&...B...6...9.......B.......X...6...9.......9...'.......&...B...'...L...6.......B...H...6...9.......9.......'...6.......B...&...B...F...R...8.......X...'...L...8...6...9.......9...'...6.......B...&...B...6.......D...,AnalyticsWPSSetting: value returned is . = .pairs.NO_WPS_KEY&WPSSetting: JSON parsing error - .decode.json_parser%WPSSetting: wps json setting is .tostring.NO_WPS_SETTING WPSSetting: wps nil setting.info.log.core.get_setting.wps_utils.NO_INPUT_SETTING........L...@.......6...-...B...X.......X...+...L...E...R...+...L......ipairs........D6...9.......9...'...B...5...3...'...-...9.......X.$.6...-...9...B...X...9...9...6...9.......9...'.......&...B...6...9.......9...'.......&...B...-...........B...........B.......X.......X...E...R...-...9.......X...........B.......X...6...9.......B.......-...9.......2...D..........format_output.lower.string.lo

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswsswps.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1308
                                                                                                                                                                                                                                        Entropy (8bit):5.541787351344142
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:64svoMGnu0xHB1bKNQnuEKSNAdoCsqXRb7UcVzoFsqXRAKJDMOrDYyMyJ11Uc7gn:1u0xjuE+oeXRJ1oLXRnJDMO3YnyJ3XM
                                                                                                                                                                                                                                        MD5:C771F301AE497265219A5F412F465666
                                                                                                                                                                                                                                        SHA1:B4BB147057493AEC5DA35B73A35F100059B61E56
                                                                                                                                                                                                                                        SHA-256:5D8591F392CF89355F567C34906AA8407C4441C0995131BD9157AC5C95D87B78
                                                                                                                                                                                                                                        SHA-512:BE4EB33743168334E6BB02220DFF799893E43A2FC9FF156017FAEB99FD063782B37FBA1FB277DD9D7B7F8DC78EA92EBE1F72D69B003250FFDC851388890E2F50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........m-...9.......9...'...B...'...6.......9...B.......X.0.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X.=.-...9.......9...'...B...X.6.-...9.......9...'...B...X./.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X...-...9.......9...'...B...X...-...9.......9...'...B...L.........]AnalyticsWssWps: Expecting wss subconfig and wss handler in context config, but got nil.:AnalyticsWssWps: Nil wss context handler encountered..wss*AnalyticsWssWps: WPS is not installed]AnalyticsWssWps: Expecting wps subconfig and wps handler in context config, but got nil.:AnalyticsWssWps: Nil wps context handler encountered..err.get_context_string.new analyticstelemetry.context..require.handler.wps&AnalyticsWssWps: WPS is installed.is_wps_installed.wps_utils.$WssWps: main get_context_string.info.m_loggerR.......6...9...........B...3...=

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserinformation.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4878
                                                                                                                                                                                                                                        Entropy (8bit):5.7621823729885175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:/xhdYN4Ybm3g2LGC3Xov5TZ/yS5fCGIhKd+g:J93JLGC3YRTZ/7Ig
                                                                                                                                                                                                                                        MD5:847200416CB173F2A5CC6789090DBBBB
                                                                                                                                                                                                                                        SHA1:8B76DC84E3B8F0E30F4E5A980CFA885E0DDD65E7
                                                                                                                                                                                                                                        SHA-256:9548C938E80E45532A0968E9716725A46FF38B58B90136D4AC767E06CD8CD237
                                                                                                                                                                                                                                        SHA-512:59DC863D71427EDD5A08DA5C91AE57A734FD2C0F41BC4D8EBE7668707CE806300F0CBA75FD017D1261652F4975531ED4F788D57BA63703652F654695A72E50D0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........(6...9.......9...'...B...5...5...=...5...=...5...=...7...6...-...B...H...-...9.......6...8...9...6...8...9...B...6.......9...+...-.......&.......B...F...R...K..........SetOption.settings.value.key.get_browser_version.pairs.reg_info.ed....value.version.key(Software\\Microsoft\\EDGE\\BLBeacon.ff....value.CurrentVersion.key%Software\Mozilla\Mozilla Firefox.ch....ed..ff..ch.....value.pv.keyNSoftware\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96};Inside Browser Information set_browser_version_setting.info.log.core........-6...9.......9...'...B...5...7...6...-...B...H...-...9...6...8...+...B...6.......9...+...-.......&.......B...-...9...6...8...+...B...6.......9...+...-.......&.......B...F...R...K............SetOption.settings"get_supported_browser_version.pairs.browser_ints....ed...ff...ch..CInside Browser Information set_min_max_browser_version_setting.info.log.core........<6...9.......9...'...B...-...B...-...B...5...-...=...6...-...B...H...9.......X...4...<.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1072
                                                                                                                                                                                                                                        Entropy (8bit):5.825645072091544
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:69mArxdapks5OCYvn6RWv8KD8RwzQB69jQ7SOqyKRb9e3xVNQ:ax5z6R0jD8qzQB69jQ7SOqyObsNQ
                                                                                                                                                                                                                                        MD5:A4B5370F6A91516A7A036A1ACEDBE6DB
                                                                                                                                                                                                                                        SHA1:A2A51FC681E68B477CB47A3EDA83A0C85B549BA4
                                                                                                                                                                                                                                        SHA-256:FEAEF65B40968F5AAD6F884E0761969CC17F1BD04B5838A08DDD5FFD06EFAC2D
                                                                                                                                                                                                                                        SHA-512:BBF30052675FA26E97D477B8FEAFFC82E907C38AA60CD83DE09BC6CACCE14DACBE2A62CB78AE5E137FC6DD54C982CB5C72247A5C38A9306ED671F1FC4843F0B8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........Q4.......X...4...5...>...5...>.......X.......X...4...5...>.......X...4...5...>...5...>...5...>...5...>.......'...6.......B...X...6...9...9...9.......)...9...B.......9...B.......X.......9.......B...........X...6.......X...X...E...R...'.......X...6...9.......'...B.......X.......X...6...9.......9...'.......&...B...6.......D....tostringMCould not determine browser version. Returning default value. Browser = .err.log.%d%.%d.match.string.0.0.verion.QueryValue.IsValid.options.root.Registry.Win32.core.ipairs.....root.HKLM.options........root.HKCU.options........root.HKLM.options........root.HKCU.options........root.HKLM.options.....ie....root.HKLM.options........root.HKLM.options.....ffj.......'...6.......9...........B.......X...6.......B.......L....tostring.GetCurrentBrowserVersion.utility..........6...'...B...4...3...=...3...=...2...L...."get_supported_browser_version..get_browser_version.mfw.core.Win32Helper.require...//434786167618F27CDEC23EAB712D213574F516BE81368719EA0A944F46

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\contexthandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):422
                                                                                                                                                                                                                                        Entropy (8bit):5.250605664846192
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6lK3t4LqtAoIulNhWjGWA6q4Tf9q4Tf9qy/jmhSA5bbjISUBEnbrFplU/hO:6I9OuHhWqWBtJjmhzFb8P8PS/hO
                                                                                                                                                                                                                                        MD5:8C45BFD0DC70A6E3093EF2E6EFA349A9
                                                                                                                                                                                                                                        SHA1:5A15E4DEBA3224ADC0826D0CF33F062F707961DA
                                                                                                                                                                                                                                        SHA-256:7547EB82F7B07DCD7FBA335D49B819BD1D2AEDE04EFCF6588FE303C831152EAD
                                                                                                                                                                                                                                        SHA-512:7B89EDFBD0C97BEC366BE5288C54831A36254BAAB7172D9CA74CFD5B2D7FBE040CE9ABD1659190C5AA0BCA071D4F46EE88C6196D399B9A6F504F1177A03F42B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..@.......6...'...B...K...'get_context_string not implemented.error........-...L.................K.....x.......4.......=...3...=...3...=...3...=...2...L.....set_context_config..get_context_config..get_context_string.m_logger;.......4...7...6...3...=...6...2...L.....new.ContextHandler...//7D71C7EA711812AE1473C52F619B6568B4BA95D8E99EC5872D7B4B25DD71EAC7B5787AEAF2680AC8340E767DAC53C530FE55BC0C02A368EE63CC1B6379ABF2FB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\externalutilityfunction.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):897
                                                                                                                                                                                                                                        Entropy (8bit):5.571995526352372
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:68i5J1Gn4Lel9awpSLdVf507iDaXU0XlLRNMSJ1VzyG:ti5J1venD4Vf5Coj2RqSJzuG
                                                                                                                                                                                                                                        MD5:F7B72E88A57F08656AA62859CF14343E
                                                                                                                                                                                                                                        SHA1:01505A2A6A79AABB0D492BDDC93DCE01DFA7E326
                                                                                                                                                                                                                                        SHA-256:4152FBEF9FB7CA5B02EEF8EA81ADE08691D728EB9441FF577CCBE3B931DB5C6E
                                                                                                                                                                                                                                        SHA-512:35642DC6619925B8A11A17EC0C07A15721F6CD39EE8D9039E665EEDE5F2681B1B285E80A9EF65FE7F387E96C9A6F6475A79C28D23334703DCCE1EDAA162E7965
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........>-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...'...L...6...9...+.......X...9...8.......X...-...9.......9...'...9...'...&...B...6...9...D...........B.......X.......X...-...9.......9...'...9...'...&...B...6...9...D...6.......D.....7) return invalid result. Returning default value...tostring0) does not exist. Returning default value. External utility function (.utility._G.defaultQInvalid configuration supplied to external utility function context handler..err.m_logger.func.default_no_value.get_context_configR.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.ExternalUtilityFunction.analyticstelemetry.context.ContextHandler.require...//4ED24C4A584E319C05F155B7080F0BBB0C915625693A319C084585D29AB128178983D3E2DEE020433BB5C88EA6B1B3EA7BD0CCA873C0C97E4AB97A9DCD561AB6++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\featuretrackingfeature.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6938
                                                                                                                                                                                                                                        Entropy (8bit):5.632365925951733
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ZdKqmniSFhKwEXL1IP2L59LfV/twUxYZX7XukNJK4wgcfCRKL1g+8/Wj:bmnPhKwEXL1i2L59LfV/twU+ZX7XHNJa
                                                                                                                                                                                                                                        MD5:CBB72B0FAF932A5E45CDEF3CFAA0E022
                                                                                                                                                                                                                                        SHA1:79DA235A5EAD941A71655707EB8B7F42FACA598A
                                                                                                                                                                                                                                        SHA-256:D7B715631E7B3483170AAAC525FC375F19CD2FE124514E0628B24E4E1B9AF140
                                                                                                                                                                                                                                        SHA-512:D0C086884BDB8E7B1E36CE9B135976C17CC90703F91EDDC96B177689A69B6BB07CC4A478F59858BEC143E0A9130B939B71BE850F0A3F4ADD5BC432665A4F7F59
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..V.......-...........-...-...8.......X...-...-...8...-...-...-...8...8...J...K..........d.......4...6...-...B...H...........<...F...R...6...9.......B...)...3...2...L.......sort.table.pairs.........P'...-...B...X.I.'...).......)...M.>.8...9...8...9...8...9.......X.......X.......X...6.......9...6...6.......9...........'...B...A...6.......B...A.......X.......'...&...X.......'...&...X...8...9.......X...-...9.......9...'.......'...&...B...X...-...9.......9...'.......'...&...B...O...........'.......'...&...E...R...L........=2) was detected when processing FTF dimension..Invalid information for (.err%) when processing FTF dimension.'Skipping version information for (.info.m_logger.version.0.1.GetOption.settings.tostring.IsMatch.regex_helper.enablementCriterion.enablementSetting.scope..,.........6...9...........B...6...9...3...3...=...2...L.....get_context_string..FTF_Registry.FeatureTrackingFeature.new.ContextHandlerj.......-...9...8.......X...).......)...M...8...9.......X...8...9...L...O

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\hashedmachineid.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):896
                                                                                                                                                                                                                                        Entropy (8bit):5.727296558205366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:65DAOPkmjLp1SdnfRFtWCkya0n5LllQGJ1gst9ToUi/L:cDTkKLPmlnE0LlhJr3ij
                                                                                                                                                                                                                                        MD5:6E8607836D00CE3CFFBA40614FB08D18
                                                                                                                                                                                                                                        SHA1:7784DA0738FA4BE0F8FC2057F59A786B58A04448
                                                                                                                                                                                                                                        SHA-256:7CE237C222A3F36E829FB9AD7D900BD196B48F56D686F8032D2C7FA5559675FE
                                                                                                                                                                                                                                        SHA-512:17FC7D051EF04FDE8D9950C0E2DA64909AF9133A3B5EEE3D428ABC95A1CC83494E92BB95B0370F339544ACF8866F558D68F3180845223033E8FE0CFBD0339F93
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........R6...9...9...'...'...)...*...B...'.......9...B.......X...6.......9...'...B...A...........X...'...'...6.......9.......B...........X...-...6...9.......)...)...B...6...9.......)...)...B...6...9.......)...)...B...6...9.......)...)...B...6...9.......)...). .B...'.......'.......'.......'.......'.......'...&...6...9.......B.......L......upper.}.-.{.sub.string.MD5Hash.utility.MachineGuid.QueryValue.tostring.IsValid.$Software\Microsoft\Cryptography.HKLM.Registry.Win32.core...w.......6...9...........B...'...3...=...2...L.....get_context_string%d41d8cd98f00b204e9800998ecf8427e.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.HashedMachineID.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//CEE727047D2E8DDBE02393EACFD367C1901202AF7EA033B18F76ABBB22D4BB14FF3F9A012F2C01BE641B41DB3397C5F0DF096309177EF15557239BD4B529ACCB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\msspstatus.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2001
                                                                                                                                                                                                                                        Entropy (8bit):5.687746866803485
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:o/c8lgG2qfCasDclRiXv59/y6yznlIJC6NO:R8lz2MzsEQp+nGoMO
                                                                                                                                                                                                                                        MD5:9C42C852EBBAD310D9C5114AFCEDED4C
                                                                                                                                                                                                                                        SHA1:685538B455600D0030863B0563F3ABC348BD5D88
                                                                                                                                                                                                                                        SHA-256:DA2A834265D905679F31590A14E92773C9B8EEEC4DE09401C9EEDD4398C3A58D
                                                                                                                                                                                                                                        SHA-512:AC88FD07DCFD6173D790B2BAF23174933D71822F7657DAAA6D4750BC75D0DD59FEE0EAACF466E6609E1CF4F6963605B5C38136D761E0EC0C9965B7DD18984C96
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..k...........9...'...B.......X.......9...'...B.......X.......9...'...B.......X...+...X...+...L....|.&.%%.find........1-.......B.......X...-...9.......9...'.......&...B...+...L.......9...'...'...B.......6...9...'.......'...&...B.......9...'...B.......9...B.......9...'.......&...)...+...B.......X...+...X...+...L........Directory of .find.close.*a.read." 2>nul.dir ".popen.io..\$.gsub%Unsafe directory path provided: .warn.m_logger........*'...6...9...9...'.......)...*...B.......9...B.......X.......9...'...B.......X.......X...6.......D...X...-...9.......9...'...B...'...L...-...9.......9...'...B...+...L..... MSSp not found in registry..version_not_found1MSSp 'DisplayVersion' not found in registry..warn.m_logger.tostring..DisplayVersion.QueryValue.IsValid.HKLM.Registry.Win32.coreYSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan............'...-.......B.......X...'...L...-...9.......9...'...B...+...L.......3MSSp default installation directory not found..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\samrecoverable.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):847
                                                                                                                                                                                                                                        Entropy (8bit):5.698439958513745
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6AnVIk64YTXO2URYRBYBVxBjO8DVaaVoavoa7h4aVdZIfCij4MDCyjJWJJK0XOYN:6AnfqeIYFxO8waLvpV53SaTMzJ1kD
                                                                                                                                                                                                                                        MD5:18C0B032866F223DDBD53389D802682A
                                                                                                                                                                                                                                        SHA1:9B3E4D8184D15E4D2F54E3FF275C61A270040F92
                                                                                                                                                                                                                                        SHA-256:A585FCCE79AD3814C8DEBF2108F8DE2388E9911FE94294E50C193BB781C97222
                                                                                                                                                                                                                                        SHA-512:61C2704BAEC735F2732234730D2E724E952702891A9B2CC5C421C97017B4E2E36707412DBC27D0FBC30E819F597AE9582BC2A7092E609F52C158761372572C74
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........;)...6.......9...+...'...+...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...+...B.......X.......X.......X.......X.......X.......X...)...6.......D....tostring.oem_recovery_v2_disabled0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WA_INSTALL3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL4*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_ACTIVATION0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_EXPIRY.*ShowSearchSettings.GetOption.settings.R.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlery.......6...'...B...4...7...6...3...=...6...2...L.....new.SAMRecoverable.analyticstelemetry.context.ContextHandler.require...//949D1348A1506D0C0B9B9E76CF9398799BE8D4A975CB544A29B6CCFCC796F0FC6F74A2A947F594699DD4F7D3A966A8A2FD7E54A79787F77A9554D400C9DEA4DB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\sequencenumber.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):520
                                                                                                                                                                                                                                        Entropy (8bit):5.453522831802479
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6bkleqAuDPPVIVJn1qW9icHJXOefoij4MDrWjJWJJKs6j9NkyeoonMU:6AeqBcn1qW9icp+egTMvWjJ1TrkEqMU
                                                                                                                                                                                                                                        MD5:34683117AC3651B116E656FC588A1E0D
                                                                                                                                                                                                                                        SHA1:45D2731183CC1F9AB8C4157B6E7D3E2238579CA6
                                                                                                                                                                                                                                        SHA-256:39C611EF6C676235AD4808B55EB2D7FC80B7FC7D601A08B415A99B4BE7A2B7BF
                                                                                                                                                                                                                                        SHA-512:48676F5A6473805CAC88D9B895E87991B36F3D7ABBCD410EA03054A90C2C79551B8E51CDAFA7BEE1EB09AB550EA23797672AECAF4EDBFC3163147E9059A00DE9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6.......9...+...'...+...B.......X...'...L...6.......9...+...'...)...B...6.......D....tostring context_product_sequence_id.0.*AnalyticsSequencingOn.GetOption.settings.R.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlery.......6...'...B...4...7...6...3...=...6...2...L.....new.SequenceNumber.analyticstelemetry.context.ContextHandler.require...//14E215F2C4846F176AB30609FCF67A313D4BF9E128FE178F8A9E185774563269C0D91BD55106368C69DCF9154F2DF175151082389F1E11F7FFAEF367F87AA1D2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionexpirydate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):594
                                                                                                                                                                                                                                        Entropy (8bit):5.622710665497949
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6uPWQZbCntmkkkkkaTzorpsV4M7RIJ+KB3of6Wv0Qp:6uP9bCngkkkkkNreKMqJ1hM0a
                                                                                                                                                                                                                                        MD5:A8FF794A350C837A94F14675AED56359
                                                                                                                                                                                                                                        SHA1:E795EAE10E83575B2802D0550EA71671A2644715
                                                                                                                                                                                                                                        SHA-256:0E88358163F453D1DE81E407FD6F1907A4F7D76F2E6E7C327B94D5F9C30D7F89
                                                                                                                                                                                                                                        SHA-512:9940B0824CC03231F5AB49D623495C30C62AE0937EB7A2CC113627FFDA0509F029D4240A82BE16292327722981DD474EB157A630F5BF0F5FBF65032F59C88F72
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........&-...9.......9...'.......&...B.......6...9.......'...B.......X...6...9.......)...)...B...'...6...9.......)...)...B...'...6...9.......)...)...B...&...L......-.sub.^(%d%d%d%d%d%d%d%d).find.string+SubscriptionExpiryDate: input date is .info.m_loggerI.......6...9...........B...3...=...2...L.....format_output.new.WSSSetting}.......6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionExpiryDate*analyticstelemetry.context.WSSSetting.require...//552D1D0F20756B441C24D08AD5FC073D34C8E1A849E0D69AC18C5161D4B2DAB5DBA56E869C7F6B0D0BF819E527C036A6B1A18328BE6D89DBE750800848743F71++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionstatus.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1106
                                                                                                                                                                                                                                        Entropy (8bit):5.522103563394928
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:68K9YrN+Iuz8f64CDopXVXHLhN8FlKCzqWb2lLzJJvUJ1X2q:FKuN+utpLhN87KCz52lLFJ8JF2q
                                                                                                                                                                                                                                        MD5:2B54260C09B8FA23AB42E46391F723B6
                                                                                                                                                                                                                                        SHA1:940776B8154252026FEBEB7EDBAC60BE8BF32020
                                                                                                                                                                                                                                        SHA-256:042F6788328E8E1A8BDD779C7EA8BF80D5EC48F8F01344479C96207CCBC71BA3
                                                                                                                                                                                                                                        SHA-512:256EDED7E4CB854601AF388487F9E1370586395E06C504487B9B1AB69B23BF433C6556CE478679AF9339B57F2013881FB79BCACBE3FAD55E80D26CD744AD0B30
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........J).......X.......X...6...9.......B.......X...6...9.......'...B.......X...)...L...6...6...9.......)...)...B...A...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...9...5...=...=...=...B.......L....day.month.year....day..month..year..hour...time.os.sub.tonumber.%d+.match.len.string..4.......6...9...6...9...'...B...C....!*t.date.time.os.........-...9...'...'...B.......X.......X.......X...L...-.......B...).......X...'...L...-...B...'.......X...'...X...'...L..........expired.active..INVALID_DATE.UNSPECIFIED.NO_APP.NO_SUITE.settings.vso.get_sub_db_setting{.......6...9...........B...6...9...........B...3...3...3...=...2...L.....get_context_string...WSSSetting.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionStatus*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//D5C0F64C0DC87E564D24EEEF

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptiontype.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):538
                                                                                                                                                                                                                                        Entropy (8bit):5.527429619817682
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6xnSlRXZQXFcg89rg0lr7JJvUJWJJKiRUj4VKLkKEP:6M1aOPDlnJJvUJ1lj4VKLkKEP
                                                                                                                                                                                                                                        MD5:C27A3267E47141AEF393F59C95B54174
                                                                                                                                                                                                                                        SHA1:5CFD283BBF9A1EAF62589AC78697506A4F3ECD60
                                                                                                                                                                                                                                        SHA-256:E5CFE80FE72551330316310980A2AE4562B9AB78B57D8282F6651F89A1D23F3E
                                                                                                                                                                                                                                        SHA-512:CBC391C9AB6388FB5AC978805AFABB79B28C692697B2653E6D4308720982D51BBF5521848010A72D78F06E2645AA87E826D7713FBF50A6ACF50F354A9D877937
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..l.......-...9...'...'...B...'.......X...'...X.......X...'...L......paid.0.1.free.trial.vso.get_sub_db_settingq.......6...9...........B...6...9...........B...3...=...2...L.....get_context_string.WSSSetting.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionType*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//7EFBACB5F02BB1E514EE1286EB8A247059FFC6004BD4413ADFB8790A0C6DD67D4307743EF3BFCBF316405F0C8DB9681AF3847AC3F071DC38CD98B5841F2FC47A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\suitestatus.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):857
                                                                                                                                                                                                                                        Entropy (8bit):5.581678502306121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6LSgolbGXSPyKOq8s/le2l4xAGJ1P1fjy33M:+o1GiLRXtnl4nJd1feM
                                                                                                                                                                                                                                        MD5:B02068B62CC1ED905306F5C292AD67B9
                                                                                                                                                                                                                                        SHA1:8B7474C1D06B0509BF917903B31BE4DC9C1DA36C
                                                                                                                                                                                                                                        SHA-256:AA2A1955DF716BAE737D1223F7A6A0CCAF97153A7FD2758178B4C3C7A7F110FA
                                                                                                                                                                                                                                        SHA-512:FAF0DD49603102C95F2C1F1D70AC14C3F8FE359492E4FAAA13C2F8FDCA981769CD0E786385CE32B75A7622D00ECEB7B0D1AB8FC1A788BF546DD7AF1113A6E181
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........&)...6...9...9...'...'...)...*...B.......9...B.......X.......6.......9...+...'...+...B.......X.......6.......9...+...'...+...B.......X.......6.......D....tostring.*Freemium.*Orphaned.GetOption.settings.IsValid5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core......Y.......-...9...B...6.......B...........X...+...L...+...L......tonumber.get_suite_status..&.......-...9...D......get_suite_status.........6...9...........B...3...=...3...=...3...=...2...L.....get_context_string..is_suite_installed..get_suite_status.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SuiteStatus.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//9AEC2111B9A2228CA2A80488A96E11ABA52AB41182ED67ADD8A0826DB66EA362597FE6853E10E278E58FFEA6169618CE8758A882D65BF8846A3C8FB2F84FE194++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionexpirydate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):472
                                                                                                                                                                                                                                        Entropy (8bit):5.566895162293058
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6YkglNLnYklpsvcRu3U4M4rJ0NRu3pKR4eaPQA24j:6JglN7YkleZ35MSJ0NRu3kREQij
                                                                                                                                                                                                                                        MD5:DD082746A758811715B4101434657B04
                                                                                                                                                                                                                                        SHA1:32E38824B284798A8505EF9B8BE24061E7D79FE3
                                                                                                                                                                                                                                        SHA-256:413C162CE134347DEF8F36BF7F8EC1239562021AEB55CD9229A51F7D6E8835B0
                                                                                                                                                                                                                                        SHA-512:DF9A0B49333947586EC1466E19964DE074754CD445C23D89D3C543648DC7F8318210BDE3C3546FAEEA64F09B493399F9492F9544200E58E75FA7662D2C7173CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..m.......6...9.......'...B.......X...6...9.......)...)...B.......L....sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionExpiryDate3analyticstelemetry.context.AnalyticsWPSSetting.require...//E09E3C499F6CD0E7D64AC23A743BA261A138AF60711DC8CAC2D529BB3B95B19BB141D5B03805FF071E062228055F8422E04E0E53CA04972426B2F0C92D6131F2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionstatus.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.60372311209956
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:67k+e+rvD2xZBzroBWpsvcRu3I4Mv1J0NRu3pKRRKkbx71Gr:6hVvD+ZB4BWeZ3NMv1J0NRu3k3Tb/k
                                                                                                                                                                                                                                        MD5:7BFB40E1817372E933DDC96608AF2084
                                                                                                                                                                                                                                        SHA1:F720DF83EA2445ED0BD5B70084AC94C570DBECB5
                                                                                                                                                                                                                                        SHA-256:94BD1C17CD9228DE0604B838DDDB5F14FB9AD8830CF9C9CD0C0D8D7BC58776C1
                                                                                                                                                                                                                                        SHA-512:F7A9F5D866B223C99B38712C717F66E06C572E9D24ED1C318CC4202D3FE54597ADB629408E28363C24FDD9ED8196EAA32993889D578CE08B9F1551EFBFFC455A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...............X...L...6...9.......B...5...5...6.......B...X.......X...'...L...E...R...6.......B...X.......X...'...L...E...R...L....expired.active.ipairs.....trial-expired.paid-expired.....trial-active.paid-active.lower.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionStatus3analyticstelemetry.context.AnalyticsWPSSetting.require...//4DAE7E267A093741C040D450DD775CD69031DFE1BF80A6A5661BDB291938CAB026AD849C6A1A21517A49FF3FD5A50374E9CD6025E12D260B33F69D5F82D4A9C6++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):576
                                                                                                                                                                                                                                        Entropy (8bit):5.5993286170051295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6/kx+rvDcoK29ppsvcRu3m4M2YJJJ0NRu3pKgqvVTEigWF:6/kmvDdPpeZ3XM2WJJ0NRu3kgylgWF
                                                                                                                                                                                                                                        MD5:2EFE0815CBE75BF313952EAD0F38611A
                                                                                                                                                                                                                                        SHA1:1096D707DD6D3E4CA20D24400D8749EB377F3703
                                                                                                                                                                                                                                        SHA-256:662238CAB8BDCD764F23DCECF7564E796CF7B486070CD63376464AFDB19E700D
                                                                                                                                                                                                                                        SHA-512:3751A78054954181CF105146E8AB85436A7E83426FE16A762D8CA6DD4092E0400FBE13B2C44A9EE502CCA2775F458B5A509F8A0A7DA566F5574D4A5FA1D41C1F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...............X...L...6...9.......B...5...5...6.......B...X.......X...'...L...E...R...6.......B...X.......X...'...L...E...R...L....paid.trial.ipairs.....paid-active.paid-expired.....trial-active.trial-expired.lower.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionType3analyticstelemetry.context.AnalyticsWPSSetting.require...//B40053BD75037808FF757D7A4F1A80620B336B0ACFA46A047C7D62BB562B9801861F796675A11B7DC309DA9A6388935EE56E462CD118D077B7894DF4CEACDBF0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wsssetting.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1244
                                                                                                                                                                                                                                        Entropy (8bit):5.803065974175878
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6x6wckmg85AjHwRf8FlNXqzngq4YlP+rYWbemAENhRVtBmwJMUJmPLn38LeZhXth:Y6wK5AzCU7ZuglvAElVtBmw+UJEnsCZB
                                                                                                                                                                                                                                        MD5:A9981851B407E18BB8C3E1AB5D9FACE4
                                                                                                                                                                                                                                        SHA1:540669625B05406342D21013E0DF4A6B25764EF2
                                                                                                                                                                                                                                        SHA-256:8FB38E7305805FFCB0F196155D2599846E793245CE5ECFC2263026A0792DB285
                                                                                                                                                                                                                                        SHA-512:F707DF94EE0810F758238C4E05BB06ED8497D9DA919501D708A833229C82FDCD79E4E03B7904ECBED146F4D4692FEC5354C9B6ED3DAF63BE8F70AAAE0971639B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........L...........='...-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...L...-...9...9...9...B.......X.......X.......X.......X...9.......X...9.......X...6.......9.......B...........X...-...9.......9...'...B.......-...9.......B.......6.......D......tostring.format_output?MD5 function incorrectly hashed data. Using default value..MD5Hash.utility.MD5.hash_id.UNSPECIFIED.NO_APP.NO_SUITE.get_sub_db_setting>Invalid configuration for the WSSSetting context handler..err.m_logger.property_name.db_name.get_context_config.UNKNOWN........('...-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L...6.......9...........B.......X.......X...'...X...6.......B.......L......tostring.UNSPECIFIED.GetProperty.subdb.NO_APP.IsValid#SOFTWARE\McAfee\MSC\SubManager.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed.............6...9...........B...3...=...3...=...3...=...2...L.....get_sub_db_setting..get_context_string..format_output.new.SuiteStatusr.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wssversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):644
                                                                                                                                                                                                                                        Entropy (8bit):5.634233822231023
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6Ox2oFtgLNzzPYXxFvO/cQTlr7A01JzKZzhJ5vYT:6ZoFeLhzPQxFczTlZ1JmZVHAT
                                                                                                                                                                                                                                        MD5:3F1C33CDB43AC63F351AEF97AC7237BA
                                                                                                                                                                                                                                        SHA1:56BA0561A0E4F01D1109F4AD92DC89DD595FABC7
                                                                                                                                                                                                                                        SHA-256:52927499DD96A5D16AAA63A84E0713D650DD41BD81CAC2820D50C5BA5C9DF157
                                                                                                                                                                                                                                        SHA-512:57AE830460B2CCA34A9A78CD7D15FAFBFDCBD372CBEF693FAA9C4A85451D18D95261E9CA95D3D675D119C44D86CDED37200495FD86FD434DCF4715FD90231730
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........#-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D......tostring..ReleaseName.QueryValue.no_ver.IsValid.SOFTWARE\McAfee\MSC.HKLM.Registry.Win32.core.no_suite.is_suite_installed...O.......6...9...........B...3...=...2...L.....get_context_string.new.SuiteStatus.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.WSSVersion.mfw.core.Win32Helper+analyticstelemetry.context.SuiteStatus.require...//72C9AB6E6058A61380E9ECB0332749BA68C616DAB622CF24869879A3EB2197549A4C15EDAA41C8FE26DD52859547060D9403D795A9635219934906620CD68CBD++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventhandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2311
                                                                                                                                                                                                                                        Entropy (8bit):5.5881355722742
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:mkeaI12J4DXRBQJwyXJ/eJVMTbzscly3AZEhV6oEkiJAOtX251s:m3BdrQtXdeyrscw3FV6oEkyAOtX251s
                                                                                                                                                                                                                                        MD5:52C084EA51E42489633124B620FC0557
                                                                                                                                                                                                                                        SHA1:973147CFD5444FCE4FF6517B4C98699BEC3E2124
                                                                                                                                                                                                                                        SHA-256:ABDD2639B7EEC29CC1B60F52F98F4ABB65DA942BFBB4F817B492654FF779B1E4
                                                                                                                                                                                                                                        SHA-512:DDBF89AD1F657C866C1DEE60ACF5F2E0EE1E5310AE49F8C5DA0FF4376BE5B97B7C1D3EA874F902F01B3F65D6795727AEEFB5AC1F866E7ABA2CEC2FE5C668FF5F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........'...6.......9...+...'...'...B...........9...'...'...B.......6...9.......'...B...X.......X...+...L...E...R...+...L....([^,]+).gmatch.string.%s+.gsub.analytics_deny_list.GetOption.settings.........M6...9.......9...'...B...6...'...B...6...9.......9...'...B...6...9...B...H.7.-...9.......9...'.......&...B.......X.%.9.......X.".9.......X...6...'...9...&...B.......X...9...-...9.......B...9...B...6.......9...+...9.......B...X...-...9.......9...'...9...&...B...X...-...9.......9...'.......&...B...F...R...K.....4Invalid configuration supplied for the context #Nil handler found for handler .err.SetOption.settings.get_context_string.new analyticstelemetry.context..setting.handler.Processing context .m_logger.contexts.pairsgIn AnalyticsEventHandler's process_context_attributes before for .. pairs(context_config.contexts)6analyticstelemetry.context.analyticscontextconfig.require:In AnalyticsEventHandler's process_context_attributes.info.log.core........-...L.................K...........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventsconfig.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8021
                                                                                                                                                                                                                                        Entropy (8bit):5.422545506510877
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:A4/aVWLtQg97IqzxgqBMcgFFaVFHJl+hwHD6:A4CV+f8qzxgqBMcg/aVZJl+h2D6
                                                                                                                                                                                                                                        MD5:053CB1C75FE305163F01BAC3A42F0D01
                                                                                                                                                                                                                                        SHA1:B81232E87C3B1AF8F02E0DEF40CCE77B430CEF0E
                                                                                                                                                                                                                                        SHA-256:83779B8F7885E635E4BB16241A08394D65C771C32BF8F2AA2B221B393A74C021
                                                                                                                                                                                                                                        SHA-512:190F3167D25834506197E4A93030E40142C7289427F93635EA4986DD59C53C6A94C2E7C572ACC3B18FB892C40C457E4037C4D3544B52EE083806BC5C1C218BF2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...=.........5...5...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...5...=...4...5. .>...=.!.=.".5.#.5.$.=...4...5.%.>...5.&.>...5.'.>...=.!.=.(.5.).5.*.=...4...5.+.>...=.!.=.,.5.-.=...5./.=.0.5.1.=.2.5.3.=.4.5.5.=.6.5.7.5.8.=...4...5.9.>...5.:.>...5.;.>...=.!.=.<.5.=.=.>.5.?.=.@.5.A.5.B.=...4...5.C.>...5.D.>...5.E.>...5.F.>...=.!.=.G.5.H.5.I.=...4...5.J.>...5.K.>...5.L.>...=.!.=.M.5.N.5.O.=...=.P.5.Q.5.R.=...4...5.S.>...=.!.=.T.5.U.=.V.5.W.=.X.5.Y.=.Z.5.[.=.\.5.].=.^.5._.5.`.=...4...5.a.>...=.!.=.b.5.c.5.d.=...4...5.e.>...=.!.=.f.5.g.=.h.5.i.=.j.5.k.=.l.5.m.5.n.=.o.4...5.p.>...=.q.=.r.5.s.5.t.=.o.4...5.u.>...5.v.>...5.w.>...5.x.>...5.y.>...5.z.>...5.{.>...5.|.>...5.}.>...5.~.>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...=.q.=...5...5...=.o.4...5...4...5...>...5...>...=...>...=.q.=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticshandleonnavigate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):439
                                                                                                                                                                                                                                        Entropy (8bit):5.447303465542573
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6IWlL3uknxUyPpPD4M9CCDiEiMJsYJJKcDl61jmQtP:6bL3uu3P6M9HDiEvJsPAlYj1tP
                                                                                                                                                                                                                                        MD5:6E9144B0655982FB7AB3C6167C60D53E
                                                                                                                                                                                                                                        SHA1:F6D4F747432FDD87C1D2070D252FF3E86A4E3011
                                                                                                                                                                                                                                        SHA-256:7E161C22AFD2CB77258006DB5ABAF6A6B61D2E76DD95C5E73EB693A0F29F9871
                                                                                                                                                                                                                                        SHA-512:949BA7156DBD0993BC4F46C7011F69B35732227D58A203A54596164AE230C6E8938BE8BE3CCB961CB9F610332F2DD88B5F7E4D85D7631CB0B3A1C4974F5AEA68
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..>.......6...'...D...)handle_on_navigation not implemented.error_.......6...9...............B...3...=...2...L.....handle_on_navigation.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.AnalyticsHandleOnNavigate4analyticstelemetry.events.AnalyticsEventHandler.require...//F22342129B7DF96E59E23B38C880CFF301F81612C841992264ECCE653D99CAE6E8F0D5B96A5F12FB5E08D51369A66F9CAF78603505F4A38390C5720B0B2983FD++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticstelemetryhandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2050
                                                                                                                                                                                                                                        Entropy (8bit):5.6789481876619625
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3K1O3RnzJe0E/+dvxd4xzyA9JG0JbXS9mf+ZS9oFGtQt6MjG+VkJLrwbOh:Vex/0+fRiYd+QFuk18bY
                                                                                                                                                                                                                                        MD5:C863696DC71D4F09215DAF9C376314BE
                                                                                                                                                                                                                                        SHA1:2714C2D3A7BBD42F0B8B21E0A3409CF284FD95A6
                                                                                                                                                                                                                                        SHA-256:89FB1208A0BE0E652AA381EB5FE6AAAE192E1A14602BD416D93361A8AE41FA43
                                                                                                                                                                                                                                        SHA-512:9A0427A792C16774BC14A7BE3F0BCDA78F42C23F59BFFE59CB6BA128F2A9AD92D05CFEF51CD559835184D0257D1A2349E11A926F3337226DDEC8D073B985940E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........66...9...8.......X...8...L.......9...'...B.......X.......9...'...B.......X...'.......&...6.......9.......'...B.......X.......X...+...<...L...6...9...)...B...'...6.......B...&...6.......9...)...9...9.......B...+...L....currentline.short_src.Log.utility.tostring%Failed to load package. Error: .getinfo.debug..include.external.mfw..^core%..^mfw%..find.loaded.package......!...6...9.......9...'...B...6...9.......X...6.......X...6.......X...6...9...)...B...'...6.......9...)...9...9.......B...)...L.......X.......X...6...9.......9...'...B...)...L...6...9.......9...'.......&...B...6...9.......)...+...B.......X...6...9.......9...'.......'.......&...B...)...L.......X...9.......X...6...9.......9...'...B...)...L...6...9...9...8.......X...6...9.......9...'...9...&...B...)...L...9.......X...6...9.......9...'...9...&...B...)...L...6...'...9...&...B.......X...6...9.......9...'...9...'...9...&...B...)...L...9...6...9...........B...9...B.......X...6...9.......9...'. .9...&...B...)...L...)...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\blockpage.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2153
                                                                                                                                                                                                                                        Entropy (8bit):5.703177503748301
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Oe7guhyIJ6flj14j6Q/DRRhQ00MuhXuS5g+i3BJ0sPJRK:Oe1FqjWb7RRC0ns3di330sPDK
                                                                                                                                                                                                                                        MD5:B2FB027DDA6444452DE85F5C477A32BC
                                                                                                                                                                                                                                        SHA1:F2FCA29B212586279DA859E16D98786B1E0C264E
                                                                                                                                                                                                                                        SHA-256:ADA50D8E60094F6AC37928D615D6564DAD613F94ED70FFE98322E8E7EC5D9C2E
                                                                                                                                                                                                                                        SHA-512:CEE258AA8444E0465099F46CA98697973AFE1F9FF9B18C76CF076F416E70D7A12377E9C3206090A9CD4C353285B21C117F7B8926CB91B8E308D742DAA7AF362F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6.......9...+...'...)...B.......6.......9...+...'.......D....SetOptionInt"*AnalyticsCounterPagesBlocked.GetOption.settings.........%+...6.......9...+...'...+...B...........X...+...L...9.......X...9.......X...6.......9...'...D...X...9.......X...6.......9...'...D...X...+...L...K....msad.ads.blocked.Frame.msad.sites.blocked.PublishMessage.wssEventSender.Top.level.Typosquatting._event_name.*AnalyticsSendWss.GetOption.settings......).|-...9...B.......X...-...9.......9...'...B...+...L...9.......X...-...B.......X...-...9.......9...'...B...-...-...B.......X...-...9.......9...'...B...9.......X.(.'...=...9.......X...'...=...9.......X...'...=...9.......X...'...=...9.......X...'...=...X...'...=...9.......X...'...=...X...9.......X...'...=...X...'...=...X...'...=...'...=...9.......X...'...=...X...'...=...5...9...=...9...=...9...=...9...=. .9...=...9.......X...9...=.!.9...=.".9...=.#.9.%.....X...'.&.=.$.-...9.'.....B...-...9.(.D............transmit_analytics_event.set_analytics_event.de

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\browsernavigate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2034
                                                                                                                                                                                                                                        Entropy (8bit):5.6150835819471965
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UsDTHkRkQtT4vdeR6oJdULzkDeJe7gujLMsHiKfJJ5MJ30cbJok:Us/HVQh4vyALzkDme1j/C0JJ5A30cb9
                                                                                                                                                                                                                                        MD5:71B18D20CE73F564E31160C31AF062CD
                                                                                                                                                                                                                                        SHA1:D065FCC9454112E4F846CBEE45935D13D1D5A90E
                                                                                                                                                                                                                                        SHA-256:B11175EED661324F1814FDDC3140202A2EAA5CFD15CE6DE24A282532EA4AF586
                                                                                                                                                                                                                                        SHA-512:ED6F8B031BB03D8ABF5CE5C6DF58E8B1F164ED8D56F3CE3482F24154AF7E7A696BE6870EDA9FD61C800C95E94D9D033815F1FD26E947670C860D00164791AB1E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........*6...9.......9...'...B...-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...9...-...9...........B...9...B.......X...-...9.......9...'.......&...B...L.....'Failed to handle analytics event: .handle_on_navigation.new.handler. Handler: BBrowser Navigate handler does not exist for analytics event: .err.m_logger.get_analytics_eventIIn Analytics BrowserNavigate Handler's process_registration function.info.log.core........06...9.......9...'...B...6.......X...-...9.......X...-...9.......9...'...B...K...6...6...9...B...H...+...9.......X...6...'...9...&...B...........X...9.......X...-...5...=...=...<...F...R...K........config....handler..config..handle_on_navigation.analyticstelemetry.events..require.handler.events.pairseA global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.g_analytics_configSIn Analytics BrowserNavigate Handler's build_navigation_registrations function.info.log.core.........6.......9...+...'..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\commonlogicloader.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1419
                                                                                                                                                                                                                                        Entropy (8bit):5.799372595078755
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6NpCk+enQBwRdS0ZSF2j5G6n8VGLoL9m/eB+kJRiuWeTSKUZSFgT46A3nsj:qCvenawRdS0ZSw1F8VGLZGB+2CKUZSmj
                                                                                                                                                                                                                                        MD5:D349A2834A660A0A82BDC993B358D1E2
                                                                                                                                                                                                                                        SHA1:03E01B3EC983D3339E5225D504B1386BC89BE882
                                                                                                                                                                                                                                        SHA-256:CF5459D0494AF80DDD263D5B2FF9679112D6082C7D9D81DF845E1BFEEA583438
                                                                                                                                                                                                                                        SHA-512:55E915A13F7F1A7D1782B8DC6E8CC128FEB317A059AD9539E69398F9AA1C4C5944866D343201E28BE1D34545664F3C4B13D420A31F95045E2DDC4D742229BC8A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package.........6...9.......9...'...B...5...'...6.......B...X...6...6...........B...E...R...K....requireFromLogic.pcall.ipairs.\logic\.....MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.type_tag_utils=Inside Analytics's CommonLogicLoader's requireLogicFiles.info.log.core........]6...9.......9...'...B...'...6.......9...B.......&...6...9...'...)...B...6...9...'...B...6...9...9.......'...&.......B...9.......X.5.6...9...:...9...B...).......X.-.U.+.....9...'...'...B...6...9.......9...'...........&...B...6...6...........B.......X...6...9.......9.......B...6...9...9...........B...........X...6...9...:...9...B.......X...X...6...9.......9...'...B...K....loadSSProvidersCode end.FindNextFile.err.requireFromLogic.pcall.Loading script: ...luc.gsub.cFileName.string.handle.*.luc.FindFirstFile.Win32.WIN32_FIND_DATA[1].n

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailycounters.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2671
                                                                                                                                                                                                                                        Entropy (8bit):5.866185873613142
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Nv/cUjFEmVSJhJ2TqHsZHNJGoXWpFs9hEi20hjXnXOI0B2gzZ9i5JEpJSf/A:Np2h4TqH4zGRpKTbjnVga/Ep4/A
                                                                                                                                                                                                                                        MD5:297EDBA54313E1362B9CCD8D015F0248
                                                                                                                                                                                                                                        SHA1:080BB39DD64B2AC89850841315935E27D332880D
                                                                                                                                                                                                                                        SHA-256:5078DADB83FEF53B2FB7974767B1E10A1B8E888F59D4D51F0CE954EE33BCDF84
                                                                                                                                                                                                                                        SHA-512:44CBC46605494D0DC4821CEF3A724EA7020B1CDD776D4A767143AF68E4F238173B69293AFC9851AE4CEE9F0D21EA1E62C720BF9FFB7DAAD2A18F1A1D351F54D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........d6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...9.......X...+...9.......X...6...9...B.......6.......9...........'...9...'...6...9...9...B...&.......B.......6.......9...........'...9...'...6...9...9...B...&.......B...+...L......SetOption.lower.string._.GetOption.settings.tonumber.default_no_value.in_context.prefixQAnalytics Daily counters handler called with an invalid event configuration..Analytics_DailyCounters.get_analytics_configBAnalytics Daily Counters handler was passed an invalid event..err.m_logger.triggerType.browser.get_analytics_event;Inside Analytics Daily Counters handle_analytics_event.info.log.core.......%...6...9.......9...'...B...-...9...B...+...)...+...'...5.......X...9.......X...9.......X...9.......X...9...........X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailyping.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2592
                                                                                                                                                                                                                                        Entropy (8bit):5.568760587813432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:q8RJ0a2Qh6wIHQB9NoCZJdxrLz+vFBLRN9Wh2h9lSeXXfRzjF3JKRjd+PJlOJRWc:q8/AQh6+LNJZZLz+9dpSe/pjfKPKlOZ
                                                                                                                                                                                                                                        MD5:97ECCC134923B16FE1AA54B6189A3EEF
                                                                                                                                                                                                                                        SHA1:0BBA9C2C29DCAFF102C0E1EC0F4BAD1189FCAB5F
                                                                                                                                                                                                                                        SHA-256:30B5F6B982D84B9B7BFD619B963976AC04AC5EE6A0D525655B4D6F56248ADD56
                                                                                                                                                                                                                                        SHA-512:89E1236E36A9FB248ADCAE2A80B02944F153AC9A32B7ABBDD98AF2FEE26193C10B8C0F08469E1803273F03A40742A5D18DF0A4ED627CC0B572BDFB5CB0815996
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........(-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...5...9...-...9...........B...9.......B...-...<.......X...-...9.......9...'.......&...B...L.......XTelemetry 3.0. Daily Ping's process_registration failed to handle analytics event: .send_on_ping.new....metric_value..extra..handler. Handler: CTelemetry 3.0. Send on ping handler does not exist for event: .err.m_logger.get_analytics_event.........4...6...-...B...H.......X...9.......X...9.......X...9...8.......X...9...9...<...F...R...L......metric_value.ping_metric_id.pairs.........6.......X...6...9.......X...-...9.......X...-...9.......9...'...B...K...6...6...9...B...H...+...9.......X...6...'...9...&...B...........X...9.......X...-...5...=...=...<...F...R...K........config....config..handler..send_on_ping.analyticstelemetry.events..require.handler.pairstTelemetry 3.0. A global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.events.g_analytics_config........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowsernavigationcount.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1145
                                                                                                                                                                                                                                        Entropy (8bit):5.8963528014242765
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6UUM9qnTXtfq2BeVhrhjClvVvgP0VvAqScukUJdI3GgVv+vJ/vJ5yj7rhSATY:TOHEVhMEAAqSDdc3vcJXJUj7rhU
                                                                                                                                                                                                                                        MD5:642E9E5B029C75641DA778B408B072BD
                                                                                                                                                                                                                                        SHA1:1FC3353FB20C8BB05F235578902E392411354BC3
                                                                                                                                                                                                                                        SHA-256:2F095800D64123CCA12FDEAFC7F1D238E593B534B63AF39F291E83D7523C62B5
                                                                                                                                                                                                                                        SHA-512:6821DF08E0A768A6FBD2FF5941E86FE1AE7FEBE1B0E022161B07E91337DC5ECAF2E11F7B69B80513D77916E64F1AE89E54C4297924D174BA5BC911AF380EC6E6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........?6...9.......9...'...B...-...9...B.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...4...6...-...B...H...6.......9...+...6.......&...)...B...<...6.......9...+...6.......&...)...B...F...R...9...=...6...6...9.......B...A...=...+...L........encode.json_parser.tostring.metric_value.ping_metric_id.SetOptionInt4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX.GetOption.settings.pairs\Analytics DailyPingBrowserNavigationCount handler called with an invalid configuration..err.m_logger.ping_label.get_analytics_config:Inside DailyPingBrowserNavigationCount's send on ping.info.log.core.........6...9...............B...'...7...5...3...=...2...L.....send_on_ping.....ch.ff.ed4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX+Analytics_BrowserNavigationCountToday_.new.SendOnPing.........6...'...B...6...'...B...5...7...6...3...=...6...2...L.....new$DailyPingBrowserNavigationCount....send_on_ping./analyticstelemetry.events.SettingsDBLookup)analyticstelemetry.events.SendOnPi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowserused.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1385
                                                                                                                                                                                                                                        Entropy (8bit):5.627307556794077
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6CelnIXFF/xolSVxjGJUkEdWyJYlvV3HVEguLuSE8GJV6vJ/vJ5roMBOpjvY:70IXn8IGy6eHLucbJXJJmQ
                                                                                                                                                                                                                                        MD5:2AE2EE24EBC0B75A877377E79176D961
                                                                                                                                                                                                                                        SHA1:91937BBBAA6939A2887E8309919D9B60F0CD686B
                                                                                                                                                                                                                                        SHA-256:CA88CF7B2B96C892F3CA5D607B01440C00D19D893EF7A3F17E18F6517E4A36E9
                                                                                                                                                                                                                                        SHA-512:3D87B5F8439E53E50178D813CD32BEFE9D481CEA98647868478827C5B38C9054E4BE92D2742B906DE961649958CB9A1EABE9B1BD162D1A8F51F5BD2E2571AA3E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........'6...9.......9...'...B...6...9.......B.......5...7...6.......9...6...8...B.......X...6...9.......9...'.......&...B...+...L...-...9...+...-.......&...+...D........get_setting$Process is running for browser .IsProcessRunning.utility.browser_processes....ch.chrome.exe.ed.msedge.exe.ff.firefox.exe.lower.string9Inside DailyPingBrowserUsed's get_browser_used_today.info.log.coreD.......6.......9...+...-.......&...+...B...K......SetOption.settings........36...9.......9...'...B...-...9...B.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...4...6...-...B...H...-.......B...<...-.......B...F...R...9...=...6...6...9.......B...A...=...+...L............encode.json_parser.tostring.metric_value.ping_metric_id.pairsNAnalytics DailyPingBrowserUsed handler called with invalid configuration..err.m_logger.ping_label.get_analytics_config/Inside DailyPingBrowserUsed's send on ping.info.log.core.........6...9...............B...'...5...3...3...3...=...2...L.......send_on_ping....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingmetriccounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1533
                                                                                                                                                                                                                                        Entropy (8bit):5.585059609058571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6qZ0GoJPeM2Q+ycfXlvVulvDJNn7IBTbWcB5f396BBqmkctcXlvV54SGXjuZwiJp:t0GoJWM2Q+yHJNnWbv96G1kSGa5JjFJx
                                                                                                                                                                                                                                        MD5:81D23EBA754BFB4831A74FC57BAD7FBF
                                                                                                                                                                                                                                        SHA1:DF6178B9FAB3738954E288744AB95F5527596989
                                                                                                                                                                                                                                        SHA-256:BE712B10036FF5A5574560B927975B2C1952FB1FCCECE5AE67E3587CBA3949D4
                                                                                                                                                                                                                                        SHA-512:2E48F9E5E56D55C02FF4A1F30588AE42FD70D8023FC01FBDE685E602D0B637AFDCEC3AE51CB8E3EE7C204562903692F11624AA8FC83F25E6F891C9DC1C78087F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........C-...9...B...+...)...6...9.......9...'...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...6...9...B.......6.......9.......9.......B.......9.......X...9.......X...9...6.......9.......9.......D......SetOption.max_value.GetOption.settings.tonumber.default_no_value.in_contextSAnalytics DailyPingMetricCounter handler called with an invalid configuration..err.m_logger.setting_name.ping_metric_idAIn Analytics DailyPingMetricCounter's handle_analytics_event.info.log.core.get_analytics_config.........O-...9...B...+...)...+.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...6...9...B.......9.......X...9.......X...+...6.......9.......9.......B...9.......X...9.......X...9...9...=...=.......X.......X...6.......9.......9.......D...X...+...L...K......SetOption.metric_value.max_value.GetOption.settings.reset_count.tonumber.default_no_value.in_co

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainmembership.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4617
                                                                                                                                                                                                                                        Entropy (8bit):5.832947423413168
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:GQEBjpEGPxKTKVUhwgf6avqws1aoibd6IKtoknBNlMvezeXryHeEnvxJwFvOcgQF:GQOEGPxKTK6hSaNs4Vd5Kt1bE1bREJWt
                                                                                                                                                                                                                                        MD5:D01A1C5C8B33848E4B81E1391F7F54C8
                                                                                                                                                                                                                                        SHA1:44F6288DCD877BC14906E2476527A1FC926D6869
                                                                                                                                                                                                                                        SHA-256:44A699B84C19A2E31FC042CDD5C4BC4148FBD8531C1A263B0431E0A5A321A434
                                                                                                                                                                                                                                        SHA-512:19666867B0A8A6D9A67FB3C960A1483BBD105B6544819A40C8C917E6AE0F83BF7C27580EA478E28DB2FA88C439F472D3D75A95E0EB3E0DA95A4B5363912BEDD4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........5...=...=...=...L....hit_label_21.hit_label_20.hit_label_19....hit_label_21.._event_name.wa_domain_membership.hit_label_20..hit_label_19.^.......-...............B...9.......B...9...D......transmit_analytics_event.set_analytics_event........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........EAnalytics DomainMembership ver_to_send < ver_sent so not sendingEAnalytics DomainMembership ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings........<4...6...9.......B.......X...-.......9...'...6.......B...&...B...L...6.......B...X.$.6...9...........B.......X...-.......9...'.......'...6.......B...&...B...X...-...8.......X...'...5...=.......X...'...=...=...6...9...........B...E...R...L........insert.table.type.value..name....type..name..value..unknown.: .Error getti

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainnavigatedcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3032
                                                                                                                                                                                                                                        Entropy (8bit):5.868546907225372
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:IWmazRGpYrvwvziT45n1y27j6F01AwQS0ZBdJ8ZeKIk7kyNcZcjCHVJ1gsN:IU4pWczlN7jUQPQSg8ZeK4y+ZcGHVzg0
                                                                                                                                                                                                                                        MD5:CE9F7AA0A2AC99C94C8A6D2D7F0B7CD4
                                                                                                                                                                                                                                        SHA1:DF722D995FDAD686516A32A5F3DA08529C2EB6A7
                                                                                                                                                                                                                                        SHA-256:9E71D07AD6C4E06DE2E791BC87BE43E02D4E965F5B4216CED850203D9A523AF9
                                                                                                                                                                                                                                        SHA-512:FA3F66C48F7C068FE3852A389634BCC38E77FA497A94F51D9ED65A570B936CB15A05A58C9D0C3E8A5E19EB5810F2D605AF078BF82816190D4BEF4E32FF220F0F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..n.......6.......B...H...6...9.......9...B.......X...9...L...F...R...+...L....domain.urlMatch.match.string.pairs........+...L...........=-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...+...L...+...)...-...9...-...B.......X...+...L...6...9...-...'.......'...9...&...B...6.......9...............B.......6.......9...............B...+...L............SetOption.GetOption.settings._.lower.string^Analytics Domain Navigated Counter handler was supplied a malformed event for processing..err.url.browser.get_analytics_eventOEntering Analytics Domain Navigated Counter handler's handle_on_navigation.info.m_logger.........D-...9.......9...'...B...+...)...+...5...).......)...M.4.)...-.......)...M...6...9...-...'...-...8...9...'...8...&...B...6.......9...............B...).......X...5...-...8...9...=...8...=...=...-...9.......B...-...9...B.......X...6.......9...............B...O...O...+...L..........SetOption.transmit_analytics_event.set_analytics_event.hit_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\downloadscan.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1661
                                                                                                                                                                                                                                        Entropy (8bit):5.652032120956267
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:oeQDKesU4NION1YmRj2AZGrZ+8JHlDiJelgJqC8U:oeXeN4NpRRjY40dyeSH
                                                                                                                                                                                                                                        MD5:969865A73B1D74822AC95106FA266546
                                                                                                                                                                                                                                        SHA1:834EA36F613DD307125BAD682C9F585D7BC916D7
                                                                                                                                                                                                                                        SHA-256:AE13D952C19D0107112C536CB3C26B853452934B692FEB5627ED67F1FAE1F70A
                                                                                                                                                                                                                                        SHA-512:28AF5313A1CC132C933C0741B30486B4B65CEA3EF268AB396189BEE3651015A6D1B69967276169BE98D813FED9C0DECE9BD0BB16EE751B9D27D75D371ACC611E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..X.......6.......9...+...'...+...D...&*DownloadScanSendProcessTelemetry.GetOption.settingsU.......6.......9...+...'...+...D...#*DownloadScanSendFileTelemetry.GetOption.settings........7'...+...9.......X...9.......X...6.......9...'...B.......X.......L...X.$.9.......X...9.......X...'...6.......9...'...B.......X...6.......9...+.......)...B.......6.......9...+...........B.......X.......L...X...+...L...K....SetOptionInt.GetOption.settings.msad.files.blocked&*AnalyticsCounterDownloadsBlocked.Blocked.msad.files.safe.PublishMessage.wssEventSender.AcceptRisk.interaction_type.DownloadBlock.name..........B-...9...B.......X...-...9.......9...'...B...+...L...-.......B.......X...-...9.......9...'...B...9.......X...-...B.......X...'...=...9.......X...-...B.......X...'...=...4...9...=...9...=...9...=...9...=...9...=...9...=...9...=...9...=...-...9.......B...-...9...D............transmit_analytics_event.set_analytics_event.ui_type.hit_label_24.colour.hit_label_23.hit_label_22.hit_label_21.browser.h

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\heronerrorslog.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2427
                                                                                                                                                                                                                                        Entropy (8bit):5.732144659562735
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:6/W/iBelQ1lYQ0M7atJAaPpJ5JjWJHZF8ko8jVJPUmQrWDJXRgAn3JYR9:jlQlAJHJSD8k9jqa1XSg3+L
                                                                                                                                                                                                                                        MD5:288AC378D70569DF1EAFB0A2072C2D46
                                                                                                                                                                                                                                        SHA1:2538EA493928C427B14A6ABF73A275E739782473
                                                                                                                                                                                                                                        SHA-256:6AC9459CF65A194391AAC0965054E2B0EB5DA3F1C3EB123177D53ECAD72544A5
                                                                                                                                                                                                                                        SHA-512:FC3D9362F2ADEE5381D8F87938A333CD4A1ED6E634972910A61F4B207E0B7FA5E4161025A7522DF1ACDEFEB68894077994FC7BAE9DC644CE2376D14FEBBB4914
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........#...6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......9...'...B...+...L...-...9...B.......X...-...9.......9...'...B...+...L...+...9.......X...9.......X...+...'...9.......X...9...6.......9...+...-...+...B.......X...-...9.......9...'...B...+...L...6.......9.......-.......B.......X.......X...'...X.......'...&...'...9.......X...'...9...'...&...'...9.......X...'...9...'...&...'...9.......X...'...9...'...&...'...9.......X...9.......X...9...'...9.......X...9...'...9.......X...9.......X...'...9...'...&...'.......'.......'.......'.......'.......'.......&.......'. .....'.!.&...6.......9.".....-.......B...+...L..........SetOption.}.{.,"metadata":.,"line_number":.,"error_code":.,"error_type":.,"function_name":."file_name":.metadata.error_code.".null.,.[-HeronErrorsLog heron telemetry disabled..GetOption.settings.default_no_value..in_contextGHeronErrorsLog handler called with an invalid event configuration..get_analytics_configPAnalyt

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\installedextensions.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1361
                                                                                                                                                                                                                                        Entropy (8bit):5.713932538636906
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6iagPrR/Jr3yCJOxTnZBCjsVudeH3cKxQ6FF9K6FXyvjocu/yYXl3JB1J5doiiFO:hPrP3BsZBCjoshqK3joD/yYXbvJLz
                                                                                                                                                                                                                                        MD5:D938FE3A4659D94036A3FB2007F0A03C
                                                                                                                                                                                                                                        SHA1:8F5D29431BE8A8BE70AC6B8F4446B214DBC5F936
                                                                                                                                                                                                                                        SHA-256:0D24C833B371D20FABA6EA7D9A5733522CCD12C14CABCB272FCA4754EE0E0B44
                                                                                                                                                                                                                                        SHA-512:DE7F49AF9427DCA11B80ADE08B1DA8D770083C924948069C9B29A6C0B5CC3A3492FF74D7B069286AC3AC9279E257B26555049B43B499C58E2E33E3212D0C372E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........+...L...........V-...9.......9...'...B...6.......9...+...-...)...B...6...-...B...H.B.6.......9...+...-.......&...)...B.......X...-...9.......9...'.......B...X./.6.......9.......B.......X...-...9.......9...'.......B...X. .-...9.......9...'.......'.......&...B...5...=...=...=...-...9.......B...-...9...B.......X...6.......9...+...-.......&.......B...F...R...K............SetOptionInt.transmit_analytics_event.set_analytics_event.hit_label_21.hit_label_20.hit_label_19....hit_label_20..hit_label_19..hit_label_21.._event_name.wa_installed_extensions. is *extensions json payload for browser: ANil installed extensions payload so not sending for browser .get_extensions_info.browserSettings8Ver_to_send <= ver_sent so not sending for browser .pairs.GetOption.settingsHEntering Analytics InstalledExtensions event handler's send_on_ping.info.m_logger.........6...9...............B...'...'...5...3...=...3...=...2...L.....send_on_ping..handle_telemetry_event....CH...ED..1Analytics_Installed_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\lowsearchusertargeting.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3307
                                                                                                                                                                                                                                        Entropy (8bit):5.670242931913642
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:p9hLYo14yWoUDkcqroiNpKs+5ahLiD70tWQrdkp1t:9PTWoUDqUD7Kd4t
                                                                                                                                                                                                                                        MD5:5AD098C6A7034EAF3E3C7DFE5E10786B
                                                                                                                                                                                                                                        SHA1:C1FC292FBC965D0E80E854036A22507D433BB627
                                                                                                                                                                                                                                        SHA-256:2284E6F124D86484C77ADF43A664B911A99930509FBAEE1B73D593C2A9A01D29
                                                                                                                                                                                                                                        SHA-512:FF55CD08015B7CA4AB2EFD94B88EA4DE516893E99B63F23F7D3A3DD658865FF10FD6F541AFE146454C083D27A2EA04DDA06EF8F322AEC7C5794CDC07C9B40F45
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........0...6...9.......9...'...B...'...6...6.......9...+...'...)...B...A...6...6.......9...+...'...)...B...A...6...9.......9...'.......'.......'.......&...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B...6.......9...+...'...+...B.......X...'...X.......X...'...6...9.......9...'...6.......B...'...6.......B...'.......&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B...6...6.......9...+...'...)...B...A...6...9.......9...'.......&...B...6...6.......9...+...'...+...B...A.......X...K...6.......B...6...9.......9...'...6.......B...&...B...6...6...9...'. .....B...A...6...9.......9...'.!.....&...B...5.".=.#.=.$.=.%.=.&.=.'.6...9.......9...'.(.B...-...9.).....B...6...9.......9...'.*.B...-...9.+.....B...6...9.......9...'.,.B.......6...9.......9...'.-.....&...B...6.......9...+...'.......B...6...9.......9...'./.B...K.....9send_low_search_user_targetting_telemetry() exitin

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\navigatedtoday.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1396
                                                                                                                                                                                                                                        Entropy (8bit):5.5656951735067155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6j+e/agXgQCWpI4M6JUhheWdJs1bWWSAJWIKY7jJw8JNHuuZJvJZHrRO2vJsKH4l:u+e/vPNMEUhhfdcb3VA7Y3Jw8JzZJv3M
                                                                                                                                                                                                                                        MD5:EE2843403649BFCE8EA9AD5CBDCADC07
                                                                                                                                                                                                                                        SHA1:716E6CA4736E116C4C7E4C615B5ADD268FCE4E5A
                                                                                                                                                                                                                                        SHA-256:A72D9898569BF323C3561362557F377267CED8B94C95FF4EFDEDDF54656BD05B
                                                                                                                                                                                                                                        SHA-512:4489B8DF79691991EEF6ACE3E93E485728039505A095803D24CE21566834D9D672B20049CE2F01E57C513F4AF104594529BE2E0DC7E0E3A0CC5C4E6948F8554D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........M6...9.......9...'...B...-...9...B.......X...9.......X...6...9.......9...'...B...+...L...6...9...9...B...7...6.......9...+...-...6...&...+...B.......X...6...9.......9...'...B...+...L...6.......9...+...-...6...&...)...B.......6.......9...+...-...6...&.......B.......X...6...9.......9...'...B...+...L...+...L.........aNavigatedToday Telemetry 3.0 handler unable to increment BrowserNavigationCountToday setting.SetOptionInt.GetOptionXNavigatedToday Telemetry 3.0 handler unable to set BrowserUsedToday setting to true.SetOption.settings.lower.stringXNavigatedToday Telemetry 3.0 handler was supplied a malformed event for processing..err.browser.get_analytics_eventAIn Analytics NavigatedToday Handler's handle_analytics_event.info.log.core..........6...9.......9...'...B...-...9...D......handle_analytics_event?In Analytics NavigatedToday Handler's handle_on_navigation.info.log.core.........6...9...............B...'...'...3...=...3...=...2...L.....handle_on_navigation..handle_analytics

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\pushnotification.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3033
                                                                                                                                                                                                                                        Entropy (8bit):5.649470533677633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:REIVPXKEKVUIc7JExkuuujJBjqb87lzXdM2LCkPTbxY4eSZrlMWuar7uLnU/Xaj8:REGPXKEKVUN8ukBjk8XMCCovbeK5MxnI
                                                                                                                                                                                                                                        MD5:1B705AF001B0664EB37FFD5AB3E8C51B
                                                                                                                                                                                                                                        SHA1:A24C5A85202153CE99FBD41D610753C8D8C5DCAF
                                                                                                                                                                                                                                        SHA-256:EE042550DD33A1677618F5BE2317BEA4D74CD130E00023763795DDDF9E66CA9F
                                                                                                                                                                                                                                        SHA-512:FA7BFB1B1EA44A59272C05E770B3BEC386BE8A3339807092FE61908C05083186B9D0DCA6C37CBA5EABFF897B7D923F5582D4CEC7097A1CB0B9AE11E5C7AD584F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........EAnalytics PushNotification ver_to_send < ver_sent so not sendingEAnalytics PushNotification ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings.........'...6.......B...X.......'...6.......B...'...&...E...R.......X.......9...)...)...B...........'...&...L....].sub.",.tostring.".ipairs.[........()...4...6.......B...X.......9...'...B.......9.......B.......9...'...B.......9...).......B...........X...6...9...........B.......E...R...-.......B...........J......insert.table..:.sub.//.find.ipairs..........5...=...=...=...L....hit_metric_0.hit_label_21.hit_label_19....hit_label_19.._event_name.wa_push_notifications.hit_metric_0..hit_label_21..hit_label_20.ch^.......-...............B...9.......B...9...D......transm

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1278
                                                                                                                                                                                                                                        Entropy (8bit):5.5972532358448905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6fW8dwKf88usGQE5KlQjbvEWYHhtaH30eS69gxuuHJjMfJsPzbaWCb61:c7Df7ufQEHjLAb+gx9HJQfJfT61
                                                                                                                                                                                                                                        MD5:5F025C27A30F601987A34A05D7E0A5A0
                                                                                                                                                                                                                                        SHA1:13D3D849C3876E820516652544A20C564B9EFD16
                                                                                                                                                                                                                                        SHA-256:95FE52D3A214C7C7E6749D7EA2755BD8D86BB83C83F250DC41345E7E5F5D5A99
                                                                                                                                                                                                                                        SHA-512:3282E461F9815DE3AB3A5082BE827B00769C7D32697F722AA0BEF535616D9CDF53054A2B1119FADD51E1D7E950A0302F85EA40A23F20C6E3B35D0D37F5B2929B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........r-...9...B...-...9.......X...-...9.......).......X...6...9.......9...'...B...+...L...9.......X...9...=...5...9...=...9...=...9...=...-...9...........X...9.......X...-...9...:...=...X...-...9...:...=...-...9.......X...)...-...9.......)...M.(.-...9...8...........X...6...9.......9...'...B...+...L...-...9...8...:...8.......X...6...9.......9...'...B...+...L...-...9...8...:...-...9...8...:...8...<...O...-...9.......X...-...9...=...-...9.......B...-...9...D........transmit_analytics_event.set_analytics_event.hit_screen8Malformed event passed into RemapAttributes handlerNRemapping part of config passed into RemapAttributes handler is malformed.remapping._event_name.Impression.hit_label_20.browser.hit_label_19.hit_label_18....hit_label_20..hit_label_19..hit_label_18..name.interaction_type.action_type9Malformed config passed into RemapAttributes handler.err.log.core.event_names.get_analytics_event..a.......6...9...............B...3...=...2...L.....handle_analytics_event.new.Analytic

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchreset.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3387
                                                                                                                                                                                                                                        Entropy (8bit):5.51809323714341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:+cEGPlKkKVUr0/VjzpzRILXFfj2vIWjRN5RlDk9w03ngpYjdI26VNPNBYwixtPmI:PEGPlKkK6gRzpzu0fPu91nYXHW3
                                                                                                                                                                                                                                        MD5:1AC6FB590ED89E1C61DF139AE215BF33
                                                                                                                                                                                                                                        SHA1:E219026213922B70A5004BC4FB529DF91D25E231
                                                                                                                                                                                                                                        SHA-256:95B413BF96F7577426BD3D57EF0DB136878F004A11D63E6C2703BD7D4DD1F43D
                                                                                                                                                                                                                                        SHA-512:0A1DF828B571B6F70C07B138D48BC68AEB309762A83C9A35D58627BCC6887DAD1B57B1E15693B2C91A2621F1AA698EC9A25492C87EE965A0713CFD68442A916E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...6...9...'...B...A...6.......9...+...-...)...B...).......X...)...L...!...L......GetOption.settings.!*t.date.time.os........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........<Running processes ver_to_send < ver_sent so not sending<Running procceses ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings..........-...9.......9...'...B...6.......9...+...-...+...B.......X...+...L...-...9...B.......-...9.......X...6...9...6...9...'...B...A...6.......9...+...-.......B...6.......9...+...-...)...B...+...L...6.......9...+...-...)...B...-...9.......9...'.......&...B...-...9.......9...'...-...9...&...B.......X.O.-...9.......X...-...9.......X...-...9.......X.C.-...B...).......X...-...9.......9...'...B...+...L...'...-...B.......X...6.......9...B...........X...-.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchsuggestcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1653
                                                                                                                                                                                                                                        Entropy (8bit):5.805792226422415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6Byx1SqTDVYwm11tUaIHP/zAWUlijyVudQ5ewccH3ZTqqyFAZzOTScud+WOJJAAg:JDSzV16a2/zAij2Hacz8SDAJJEyJOynO
                                                                                                                                                                                                                                        MD5:FC7E748053BB272803291FB0B56B6A8C
                                                                                                                                                                                                                                        SHA1:AE59D5DCF51769D2E300CAEA3E85E5ADE383ABDB
                                                                                                                                                                                                                                        SHA-256:26B2DA4C0D48C058A01936931830324E0CDEFE8A1B5073687F6683DD80E22429
                                                                                                                                                                                                                                        SHA-512:F63B417393F3D3AF90AF5C7BB049C52F0DAEDD39C8DA9B3BFE06E76BD2F227917E8A21C29204F37A289269AB158CB7FC8C6623A0E03B1D0CD14F0E6E016BA31F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........A-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...+...)...6...9...-...'...9...'...9...'...9...&...B...6.......9...............B.......6.......9...............B...+...L........SetOption.GetOption.settings._.lower.stringHAnalytics SearchSuggest Counter handler was passed an invalid event.err.search_type.interaction_type.browser.name.get_analytics_eventDEntering Analytics SearchSuggest Counter Handle Telemetry Event.info.m_logger.........J-...9.......9...'...B...+...)...+...5...5...5...).......)...M.8.).......)...M.3.).......)...M...6...9...-...'...8...'...8...'...8...&...B...6.......9...............B...).......X...5...8...=...8...=...8...=...=...-...9.......B...-...9...B.......X...6.......9...............B...O...O...O...+...L........SetOption.transmit_analytics_event.set_analytics_event.hit_metric_0.hit_label_21.hit_label_20.hit_label_19...._event_name.wa_search_suggest.hit_metric_0..h

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchterm.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5468
                                                                                                                                                                                                                                        Entropy (8bit):5.687289107640217
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:vEc6Kr6/joo1pKtk8LhEPeL4wM9IKV1BkU+DdZdgg9Jtzvejk:vBZr6cq8txNMKKrOU+RZdpJBmo
                                                                                                                                                                                                                                        MD5:6A4E22D3623993D1C7A627007DC09409
                                                                                                                                                                                                                                        SHA1:2CE4E0A3458EE2F6116290B41FF73CCDC82CC9CB
                                                                                                                                                                                                                                        SHA-256:E5035E36C936E124D014B474BEA4804652382E0521E3BB4CE6653701DE7F670F
                                                                                                                                                                                                                                        SHA-512:FD71E99A79F1DBEAA55DCD4C5A8A500C8EB11C1BA15B9DFF776C3FC47898903FD2FA5E0281B043F34951936486CEAD67A6830D248623F24E556076307C181D00
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..8.......6...9...6.......)...B...C....tonumber.char.string+...........9...'...-...D......%%(%x%x).gsubc.......6.......B...H...6...9.......9...B.......X...L...F...R...+...L....urlMatch.match.string.pairs........06...9...........B...7...7...6...9.......6.......B...6...9.......'...B...7...7...6.......X...6...9.......)...6.......B.......-.......B.......6...9.......'...'...B.......6...9.......B.......L......lower. .+.gsub.first2.last2.&.sub.first.last.find.string.2.......-.......-...8...9...D........firstIndicator........F'...6.......B...X.>.+...6...9...B...X...+...6.......B...X...6...9.......'.......'...&...B.......X...+...X...+...X...E...R.......X...+...X...E...R.......X...6...9...B...X...6...9.......'.......'...&...B.......X...+...X...E...R.......X.......X...9...X...9...'.......&...E...R...L.... .category.exclusion.%f[^%w_].%f[%w_].match.string.inclusion.ipairs.........+...L.............-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchhit.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8197
                                                                                                                                                                                                                                        Entropy (8bit):5.708887498543069
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:UD2A/mLB7AVWy/c9AbQLW/rNwGYFLB6Yf/x:gPAUVWyc9AbBeGYhfZ
                                                                                                                                                                                                                                        MD5:2E8E088B6F21282579A705824B6CF8E2
                                                                                                                                                                                                                                        SHA1:0945021E562D7CFC8280A5429C7E3796F1C4BEC3
                                                                                                                                                                                                                                        SHA-256:7774524BF6C913AD7EED483A4B02C65A7965F0359717053737FC3F43F45ABD04
                                                                                                                                                                                                                                        SHA-512:5731336ECA2BFDEAC450DFA05F7EEB049656EEE5F5337995FE0FF920CCEB97E39C8F5DAF27790BA0A3221E25E26FD3A5D8989A9A328DA8FD3011685F31D18899
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...6.......9...+.......)...B...A...6...9.......9.......'...6.......B...&...B.......6.......9...+...........B...K....SetOption.tostring. - count: .info.log.core.GetOption.settings.tonumber.........$6...9.......9...'.......&...B...9...9... ...).......X...U...........X...6...9.......9...'.......'.......'...9...&...B...5...=...=...9...=...L.......month..year..day..day., day: ., month: /Secure search hit add_month result, year: .month.year-Secure search hit add_month, num_month: .info.log.core..........!6...9.......9...'...B...6...9.......B...6...9.......B...6...9...........B...6...9.......9...'.......'.......'.......&...B.......L...., difference:., target_time: /Secure search hit days_until, start_time: .difftime.time.os!Secure search hit days_until.info.log.core...........~6...6.......9...+...'...)...B...A...6...9.......9...'...B.......X.f.6...9...'.......B...-.......)...B...-.......)...B...6...9...-...........B...A...6...9...-...........B...A...6...9.......9...'...B...6...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchtoast.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2843
                                                                                                                                                                                                                                        Entropy (8bit):5.774607329945961
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:QsSiaIqULiwOSJJWkGb2xvsXjjQtu7jULso2X16RYDQJ8v029vJQw/oIDu:QsRaIqx9gJWkGb2lEjcDL6IYDk8v029w
                                                                                                                                                                                                                                        MD5:DD276E140DB5F9E9C384EA3F9B394724
                                                                                                                                                                                                                                        SHA1:016FB236E9463715C5D4BA090F47B06F07F8775E
                                                                                                                                                                                                                                        SHA-256:898D80FE116CDB628988FC0430FD6E99B4D6AD765467F722EA2302B90A477450
                                                                                                                                                                                                                                        SHA-512:6E3B88DBD07E33941E889D17C09730E52D56A942585C0C3A9FFC464AE450547164A933C82B9FCD44907C8BB09DFF5E6702610F04F0D02F2A824E4A9A9EB33CD9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........>...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...'...'...9.......X...9.......X...9...9.......X...9.......X...9...9.......X...6.......9...+...-...9...&...9...B...X...9.......X...9.......X...9.......X...6.......9...+...-...9...&...'...B...=...6...9...B...-...9.......9...'...6.......B...&...B...6.......9...+...'...+...B.......X.A.6.......9...+...'...)...B...)...'.......X.#.6...9...!.......B...6.......9...+...'...)...B...-...9.......9...'...6.......B...'. .6.......B...&...B.......X...-...9.......9...'.!.B...'.".....X...'.#.....&...X.......'.$.'.#.....&...-...9.......9...'.%.....&...B...'...9.......X...6.......9...+...'.&.)...B.......X...6...9...!...B...).......X...6.......B.......6.......9...+...'.&.)...B...X...6.......9...+...'.&.....B...5.(.9.'.=.'.9...=.).9...=.*.9...=.+.9...=.,.=.-.9.......X...6.......B...=...6.......B...=./.-...9.0.....B...-...9.1.B...-...9...B.......X...9.......X...9.......X...-...9....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendimmediately.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):571
                                                                                                                                                                                                                                        Entropy (8bit):5.370010420896111
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6t5LzIKSSj3d2k0uknxFJ+PF4MVIRMJsYJJKhEfPanWn:6t5Pj3MbuuHJjMVtJsPh8i2
                                                                                                                                                                                                                                        MD5:1C910B0C831928349867F8896B9E17BA
                                                                                                                                                                                                                                        SHA1:9AC4C324E524AB94B35B05D347AA3DAFD9C31E1F
                                                                                                                                                                                                                                        SHA-256:C8D2630A63DDD14F2F96ACD7DA5769362D6AD37D35DD6EB0A636A922191A0FEB
                                                                                                                                                                                                                                        SHA-512:052B4096EA4CBB1A44E550FF149917C7C16803C079D9876BED8B043BC7F7D9B992FE66297EB843A17EA06FD0332911FAB9DE5DE194DF4C8C2F608BC5F9230A1D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........-...9...B...9.......X...+...=...9.......X...+...=...9.......X...+...=...-...9.......B...-...9...D......transmit_analytics_event.set_analytics_event.flags.timeout.analyticsSDK.get_analytics_eventa.......6...9...............B...3...=...2...L.....handle_analytics_event.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.SendImmediately4analyticstelemetry.events.AnalyticsEventHandler.require...//989324A47ACAD37B5E1BE6DBD17194B4D5434A13805D0D54956EE097E16373C630A290819EA12AFC584D1F8B1501157580A9F4C8D43CDE129BBE35532E5CD6D4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendonping.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):407
                                                                                                                                                                                                                                        Entropy (8bit):5.411704563258671
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6AWHuknxcW7NPl4MXFQMJsYJJK74o9s8NwMvqda6k:6FuuOMXFZJsP74whvvma6k
                                                                                                                                                                                                                                        MD5:E330903D028A26994C905635457FA2C9
                                                                                                                                                                                                                                        SHA1:A79229A27DB1B51C2378F4735E2B0043C2D3D5AD
                                                                                                                                                                                                                                        SHA-256:D3AA6EC80B0515A400BA504FB6B3EB855468654EDB0A7F38C1307DE5ABEC3036
                                                                                                                                                                                                                                        SHA-512:16FADB5FB57DBEB2083D690FA44D82E286A5934F56092A7E4B2F1197A48A3F0A4696409DA2D2C32E6AB2A8A6000F19AF619341C504FBC16088A9C7B8C59843B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..6.......6...'...D...!send_on_ping not implemented.errorW.......6...9...............B...3...=...2...L.....send_on_ping.new.AnalyticsEventHandler{.......6...'...B...4...7...6...3...=...6...2...L.....new.SendOnPing4analyticstelemetry.events.AnalyticsEventHandler.require...//40B6634B216868086C07AD17D2552313876C77417F703D901D7430B325B222DE1F382962119DD9E8D4AF613F34E5B0671130188F59B1036B9B0660460BFE3035++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\settingsdblookup.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):405
                                                                                                                                                                                                                                        Entropy (8bit):5.511545073381916
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:67klvhpCl2IWm7RYvfOH6eaA0JAkGmqcpuoO:6EeJViWH6bqjAO
                                                                                                                                                                                                                                        MD5:0DFF7294953EB5852595E7BC0B5790E6
                                                                                                                                                                                                                                        SHA1:2A95BA0163C8CC56CBE1E2DBCA6B196909759119
                                                                                                                                                                                                                                        SHA-256:6A24A43D5EF5F5249CA03BE98729F8FE54778650E686FD50EDA6DE160B1F46A5
                                                                                                                                                                                                                                        SHA-512:6F905CA6A813994B203030A6C86748B5AEC5464300C1A140A1D3CDC7DF4938C3E4C45782BD77A55889BFD1757C977E9E30F1A9D97246AC9D07DB9ECB8A511B36
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........'.......X.......X.......X...6...9.......9...'...B...X...6.......9...............B...........X...'...6.......D....tostring.GetOption.settingsAInvalid parameters supplied for get_setting helper function..err.log.core.(.......4...3...=...2...L.....get_setting...//D6323AC3E3CDF103B54E25F322DA07E675845663BF231A2D5DB068C0C8C13E81349BC4CECB6AB1DB379484A37CBF8C7B88B246BEA38F86DCEA61054520061155++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\smareputationcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1675
                                                                                                                                                                                                                                        Entropy (8bit):5.812636146799877
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CiDSFhorowIgf3Nah9LbjM1qj69dXoiz8SDAJJKrkJ1ck:PujxRgfE7bjM1qjsdXz8W0JKY7h
                                                                                                                                                                                                                                        MD5:297178FBFDB617CDE151740C4A56593B
                                                                                                                                                                                                                                        SHA1:9D5F220F802DA880B7695B7F1ED203945328FB76
                                                                                                                                                                                                                                        SHA-256:1BA7BC0C3A83E8D662BBA9D5D9BC1791540E9BA8FB7774A7020E99753167DF06
                                                                                                                                                                                                                                        SHA-512:1E9AAA8DFD93502684AE18F5A23C607FE330517B3526740B6511E123438F6DB60E64FDD26236154506FDB3BD595A8276BB20918491732AA0DCAC09E2B5C84A1A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........C-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...+...)...'...6...9...-...'.......'...9...'...9...&...B...6.......9...............B...9... ...6.......9...............B...+...L........SetOption.GetOption.settings._.lower.string.defaultFAnalytics SMA Reputation Counter handler passed an invalid event..err.count.color.site.browser.get_analytics_eventEEntering Analytics SMA Reputation Counter Handle Telemetry Event.info.m_logger........Q-...9.......9...'...B...+...)...+...5...5...5...5...).......)...M.>.).......)...M.9.5...8...=...8.......9...B...=...+...).......)...M.".6...9...-...'...8...'...8...'...8...&...B...6.......9...............B...8...<...).......X...+.......X...6.......9...............B...O...-...9.......B.......X...-...9...B...O...O...+...L........transmit_analytics_event.set_analytics_event.SetOption.GetOption.settings._.lower.string.hit_label_20.upper.hit_label_19....hit_la

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalytics.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):856
                                                                                                                                                                                                                                        Entropy (8bit):5.552992103124313
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6SrbpJ87HKzQTSJ9AnuZ+nzwEvcunhlSJgwM1tJsP+OUJkxB:Drbpu7dTSJMuZ+zzvDnmJU1tJdOwkxB
                                                                                                                                                                                                                                        MD5:5F87A5D28DBC14A2F92A158B3114CCB9
                                                                                                                                                                                                                                        SHA1:95AA34926B111F2E1C35D6D2359E5919C4E0DF5B
                                                                                                                                                                                                                                        SHA-256:5613A46FC0F1E97D43E3263676A657822D158709CC6BEA5755B720A94F8BE562
                                                                                                                                                                                                                                        SHA-512:B514770B18695D117142791CBF29BDE76F4C3B22CBF1E9CB1187DFB5B4FFAAC830AA892857B9AA7BE98CF326B9FAD92F3DDC910CA9F8615AB69A8F749D057584
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........0+...6.......9...+...'...+...B...........X...+...L...-...9...B.......-.......X...-...9.......9...'...B...+...L...-...-...9...8.......X...-...9.......9...'...B...+...L...6.......9...-...9...D..........PublishMessage.wssEventSender>Invalid message passed to WSS Analytics analytics handler.messageQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_event.*AnalyticsSendWss.GetOption.settings.........6...9...............B...5...3...=...2...L.....handle_analytics_event....msad.files.safe..msad.sites.safe..new.AnalyticsEventHandler}.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalytics4analyticstelemetry.events.AnalyticsEventHandler.require...//FE3409BA851EB05E9ABC44C8500A6DB78B3ADBC32F90283F302228F62F016250B6574B3A625B7FC75084263BA246F851EA56F75AA3F4D3D6A728C1F905356CCF++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalyticsraw.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):705
                                                                                                                                                                                                                                        Entropy (8bit):5.56117527697094
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6cDVIgpo+ktBbHB6WfEFyi9AnuyzRu+nGpIjbpZIf01uknxFJ+PF4MaoMJsYJJKQ:6Wbpn6bhcyi9AnuZ+nzwc1uuHJjMaRJn
                                                                                                                                                                                                                                        MD5:DA7F912C49765456E56B661E0B72C4FA
                                                                                                                                                                                                                                        SHA1:9D34DDB9BFCA453BBB5CF31388E71BD3A3BC51D9
                                                                                                                                                                                                                                        SHA-256:3569B71B765AADC58E237A4A4ADB24D06CC72182B15C45A6431B075542F322B1
                                                                                                                                                                                                                                        SHA-512:568C9E5C3CED1F89298B6AD71723F92D02115F870E930C9E2D0EE7F82ECEB75A64FE7A0267855D2DFB883CF832D385EE0F569F0C5F7ADB8DB4EEB8D19580C0F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ.........."+...6.......9...+...'...+...B...........X...+...L...-...9...B.......-.......X...-...9.......9...'...B...+...L...6.......9...-...9...D........message.PublishMessageRaw.wssEventSenderQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_event.*AnalyticsSendWss.GetOption.settingsa.......6...9...............B...3...=...2...L.....handle_analytics_event.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalyticsRaw4analyticstelemetry.events.AnalyticsEventHandler.require...//EDB531AD1726F3A22189DAD2A0A660D442D757B0E7A960910AC953980842FC549B800E01844E62AF041DFE289AF09809A8F35BB8AB054A850F266E8217870A22++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\browserhost.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3694472
                                                                                                                                                                                                                                        Entropy (8bit):6.532876150684731
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:FiCH26EmD5lINIBF7ncXjuqnpl/C4tcoWrIXj/z3li5QC6I:+6BTCbnRNW0Xjq
                                                                                                                                                                                                                                        MD5:6F01DA65F11F0C33BC0C24CC3FB2BEFD
                                                                                                                                                                                                                                        SHA1:44AD6A5AB22F91C20007824CA53D2F31657CEA81
                                                                                                                                                                                                                                        SHA-256:258B95AFD6078D1415CEC477F7C7BFADC870A0C0F527A0F3C5F651DA84DD25DE
                                                                                                                                                                                                                                        SHA-512:455C9CFBD7E68AF02F2726C6440459E7B7932C3883BB1039B3267F6F29B9724543929B587A22157962FB975B25487262FFEDF4DE08217D3D6FBB7902F675137F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......y.M.=.#}=.#}=.#}v.&|..#}..'|/.#}.. |7.#}..&|D.#}v. |0.#}v.'|'.#}'.&|<.#}..&|..#}..'|/.#}..'|<.#}v."|..#}=."}..#}..&|..#}'.*|..#}'..}<.#}'.!|<.#}Rich=.#}................PE..d.....>f.........."....$..(..........."........@..............................9.......9...`...................................................3......P9...... 7.d.....7..M...`9.|q..<.0.p.....................0.(.....-.@.............(.....@.3......................text.....(.......(................. ..`.rdata........(.......(.............@..@.data........03..t..."3.............@....pdata..d.... 7.......4.............@..@.didat.......09.......6.............@..._RDATA..\....@9.......6.............@..@.rsrc........P9.......6.............@..@.reloc..|q...`9..r....6.............@..B........................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5985656
                                                                                                                                                                                                                                        Entropy (8bit):7.997073443075553
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:98304:T+PQByUNM+wti12AJyTJs6mEzHohlciWocwyJ6TW9TFIfvxzNfuTeaFfPzemlu:i4ByU6+JyTKbEDoXciWoSdF+vhNf4TeV
                                                                                                                                                                                                                                        MD5:EFADC0D22983A99516DDBFBA3FD6F1A5
                                                                                                                                                                                                                                        SHA1:A64D75E07B8535FC7F71F33684CEB852E6784FA9
                                                                                                                                                                                                                                        SHA-256:B4F29215D91B81325283EA358CB73753D53392874637C501F3009F0718091461
                                                                                                                                                                                                                                        SHA-512:479F98D3D2C868F7189F09669A92F941979679F60525229F917F8B351BFCDEC8873E8D69D3153515F660A80D666E5F4A0DF8CC00F59EC1B423AE1DFD48C8B6E8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK............................app_launcher.js|Uak....._1..?.,r\...x.4.B.>..O.R......2;.+\.........Z.v.sfV^..... ...ww......Ow.........>.....{..-C^......<.7......#...!..j.:...G...`..........h....k.s.B...@q..@...HV...M.a'..~."E,'.N].."%.9[.O.R.O.....h@.j...,o',.9...../.^bLR.0i3.'.....)D........=K..M.V...B.;1.#`.Ta......3;;va...Hq..N...E..<.d.O%<...XX.2..`....FI.+W.H.t...`l3Fc.v6me.E....!1.5...O.e..c..]w.L.M........N.c.B.U...6.`..H...H.<D..&.S...1L."t. ..Q3zVg..k..A.-.X.....i'h.Y$..p:l..i/=. Y.i$B.]....Is&U.......H...I.....J.l....Q`.x.Gh......H.l..n|.!<u.....5...]b..T....F..W....u.7'......|-<s,.....p}.....&.?...;. ....@..%%T...v.[.jz........Tk..p.UA..T.P.jvu..T..**....:SU.|..2....../..4.X...\....w-.^;\...y.bPTR.Rz&.K..f...C._.v..|~....0Y.y...W......u......fC.~..}..i.vL.]...+.cS.s..s.(.P...Cxm..?.4.c..:j..\>..9Iz.\-...}.\!pT.,...W..Fw..K..*p(..P.}9..E.(..Hf..*M.UP'.\.OC._.rm..y.P.....~.....;.8....a...O.,.Xe:S\(.r.%..."y...Ynu...G...@..#VY.(.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):358
                                                                                                                                                                                                                                        Entropy (8bit):4.783729084285157
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:3FF2b4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:1YJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                                                                                        MD5:4BCE68B8CBF044EB70958BC6018D0F01
                                                                                                                                                                                                                                        SHA1:46B4482884D6062CF15E618B8035BD1E675A3EA9
                                                                                                                                                                                                                                        SHA-256:FE5A9A409388CD8E5D6AF76E3FC8E8708F697F2577886BC3B826B4D591CB4306
                                                                                                                                                                                                                                        SHA-512:0F3E86AEB29E202E2E36E4E1859AFED3F17CE65246E90291CA8413287B94798A42309EB27E5CFB67A0B48A8C6D14174FBFC3F36EBE25B7BD8D7800BB78671047
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor_v2.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):357
                                                                                                                                                                                                                                        Entropy (8bit):4.7907114893123115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:3FF2Eas4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:17aWJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                                                                                        MD5:BEEC1609B6AA63B29247C7C4805CBF32
                                                                                                                                                                                                                                        SHA1:A9AF06A9D648857FDFBB8BD0D1B6A49840FF0232
                                                                                                                                                                                                                                        SHA-256:BFFE531435235BF8801946B9BC8654A79727FD6D591DBB7BE173BE9A55FC6974
                                                                                                                                                                                                                                        SHA-512:36BBB47F67D2B112AF77759E637318CD79560156B3B5A1007FEE0CB0A9FDE3E26C99D980D2160DF0A730304A43D3D16D2F28742E44A5303B81C0FEAE78A176FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\eventmanager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4519144
                                                                                                                                                                                                                                        Entropy (8bit):6.566626256285646
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:3aFzCa4w+jR0pvF/AHtvoS4IfCMjvp1ZupuPkoM7rp0eGhfhTjYHHbLTCPI5Y0GW:6h+jR0pu4ICMjB13wQfOHHPRu0sn1/m
                                                                                                                                                                                                                                        MD5:522D3A1BA6CA58A669D0DE49F731ABFD
                                                                                                                                                                                                                                        SHA1:4E4301A5F4D3931F74E6445ABC20F3B0BF1D1133
                                                                                                                                                                                                                                        SHA-256:A07411B12627EB0A121D451C3406CDB1C37DD04141A763FA775BEA9D6E63CA9C
                                                                                                                                                                                                                                        SHA-512:162854D2847C547C28F3E05C56E3ADAE26A3910D22EF1CC9F8D7F3DD8088B60BB7D8CA9ACC97FE0C44FE519071A3C1E71BBCD13434D79A6EC8BC6A82CEDC8241
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......./C=.k"S.k"S.k"S. ZV.."S..\..j"S..\W.{"S..\P.a"S..\V.."S. ZP.r"S.q]V.j"S...V.E"S. ZW.O"S..WW.j"S. ZR.|"S.k"S.j"S..WW.8"S.k"R..#S..WV.\"S.q]Z.."S.q]S.j"S.q]..j"S.q]Q.j"S.Richk"S.........PE..d...M.>f.........." ...$.83..>.......o+.......................................E......pE...`A........................................p(?.@....7?......PE.`.....B..j...pC.....`E..h..,.;.p.....................;.(.....8.@............P3.@....#?......................text....73......83................. ..`.rdata..*....P3......<3.............@..@.data...lR...`?..J...H?.............@....pdata...j....B..l....@.............@..@.didat.......0E.......B.............@..._RDATA..\....@E.......C.............@..@.rsrc...`....PE.......C.............@..@.reloc...h...`E..j....C.............@..B........................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.456870049611267
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLp/XPJf:7rrSOX8BC0Bj5dXEC0BjyKSYPt
                                                                                                                                                                                                                                        MD5:B78DB2B2A35FEB05711A2940F8D1466B
                                                                                                                                                                                                                                        SHA1:7EE3A6D2A7C44F36972069580CCF510DB6237B89
                                                                                                                                                                                                                                        SHA-256:4F01E1C72B93E4DA1BD24705F8859469B7CCD013D1D837D9F05A3A5C37A9B54E
                                                                                                                                                                                                                                        SHA-512:D6237779C3D700D82DBDED54EEA81FC5AC6F00C3D730FBB807E3760FE6F1AA9CA53E6808C2689C2E7FBDCE052B34567745974E9217A08ABB36E6E44C57331228
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//93277DEEA5A528ECB1F6DE1A870833D110F5E01EAE82C9F257BCBEFD07B1B741FCB9F14AFE3A09D91510302347AFD4581E82304FE54DBC3B6B21C3466395B5E4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.457640405943752
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL4sRCTAS:7rrSOX8BC0Bj5dXEC0BjyKSDCCTAS
                                                                                                                                                                                                                                        MD5:3B81C86F6BDEF968D8D56F5F5A158790
                                                                                                                                                                                                                                        SHA1:65BD82944558CCE80285B4AA8BFA0B820446FB2F
                                                                                                                                                                                                                                        SHA-256:B67135786478ED6473591DE0883456FD930E4337A95DE711247DE172D260726C
                                                                                                                                                                                                                                        SHA-512:686B6C31C16B85DBC2E5502976BFFAE8B744C2DD555047EAA73BBBA57A9F70B77BA4924F5CA6CB2711222D816AADFDA5FE32D51F9070F5BE27A7E703A31FE31B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//1E8BB43CEAAF0048FB2C9AF5BED96816B1DE579CF58619B19704969837B98705523EFC1BE2D3B53E83EC1ABFBEE59F6A5FA7BC4DEB4715882824045EB7467D38++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.4671225990955135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL7YCrd8cVW7n5A:7rrSOX8BC0Bj5dXEC0BjyKStaG5A
                                                                                                                                                                                                                                        MD5:09685215032AF14FA526946B43415EB7
                                                                                                                                                                                                                                        SHA1:9D576CE3A144F17835E9245FFDA464479053B0B6
                                                                                                                                                                                                                                        SHA-256:A9792A3847D37BA06F06E2E7FB83845F7E65341B102FE3A2A4741774BCA6A833
                                                                                                                                                                                                                                        SHA-512:C5FB3275E81D6A9AA80F1E869AF4946A5FC2825D2E46468839B68EF9DA3FB2A5F988CAA952D7A49F5D8350ADF0A2FD8322D9331D7379EAD2B41E74573C0EFE6F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//FA3DDB264F03DDA4F4F976A7A89EE2B58D685379752749673637D845A8E314959EF33247A0DF8EED5262F3A6E509975B6B47ACE0234611BEB0AFC356561C4719++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.451643590103223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLGRYo1afUEqkZ6qP:7rrSOX8BC0Bj5dXEC0BjyKS+oWUkZ6qP
                                                                                                                                                                                                                                        MD5:554A67838F08648946A38101DE1C3C41
                                                                                                                                                                                                                                        SHA1:9D67A8439ED87B814FA806575704A213D8B56AA9
                                                                                                                                                                                                                                        SHA-256:AA297D2E51F56D28686EB24A5E4E0EF4113B7B97812789BE3FE644A0FBCD18C5
                                                                                                                                                                                                                                        SHA-512:8D2E0DE63899AD521AAC03DF1F428FAB73DCF29840B486E6F58E80039982CD42B2A53D36D6B37FAD3A3D2827BCC11EA2A2B3DF165E07FC97577F2B47C617E509
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//F18F133005D0A2A50DAFD82E8AC75461442FF1AC63A4F2602557F10F3965FDF54027AF0A6ADFF62FABE9E3AF449ED6426E2DE4D0B8B552DD8B82D2CF84AC4064++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.481559167867403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLDxnVFXF+ihFsUtn:7rrSOX8BC0Bj5dXEC0BjyKSwRTF+5q
                                                                                                                                                                                                                                        MD5:AF980A1FECB4CBF0BA720D72E78B00A6
                                                                                                                                                                                                                                        SHA1:8A66252323966BA31528D8100397C26B693CAB16
                                                                                                                                                                                                                                        SHA-256:E2FB05F5DFA8F0E904331A18080C7F2D1F70F65CC1A3FFD23A6E7330BC33ACF7
                                                                                                                                                                                                                                        SHA-512:2A3AD476A69D8BAC183332801E6D21919A7AB2F9778BE9BD25E66AE3DBC0F05FE7001702865760528C308EC6D610B647B84979BC591061F3F99D5CCBD7DA956A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//9038B59EF7A5C57EB64B74A823377441D0B3F7B8D68B7667C74F289C3D4EC99081AFBBC609C3AA58398956FAC3FB563156D160F4800924154BEF9412A0CF8F5A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.475992243112246
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLyOdssO:7rrSOX8BC0Bj5dXEC0BjyKSLgsv
                                                                                                                                                                                                                                        MD5:3A131E5003F161A7D72A686104A7BE0B
                                                                                                                                                                                                                                        SHA1:104B531A7BD3DFB723A5FF8551AC9351A25A7709
                                                                                                                                                                                                                                        SHA-256:978003FB55B9B43C4BC12F95E62C4269F28FC92574A96E825B3847982F57E458
                                                                                                                                                                                                                                        SHA-512:5AC203C8D5F961AA75A0D165F3500BF1DAEF337D846BA519B9EAADF24018F9E1D64A5460A46519611757EB7E13367F8908AF73B187E38F901C2E394D2A35581F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//F930A90D9EF70FB30C17B577A6D133EB42F2A1C2F22155F8CB80C069837A188466EFD0B172FD55731CF51850DF0FE2E5E0AD55C2A51F6FE64F80643534374D07++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.477458147632825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLf3dWSwbBQ8:7rrSOX8BC0Bj5dXEC0BjyKSQ3dWNV
                                                                                                                                                                                                                                        MD5:8A5DC5F0CAEE50BA6D5F600019972930
                                                                                                                                                                                                                                        SHA1:E5951027A37EB79ED9B814592928F5062D2289C9
                                                                                                                                                                                                                                        SHA-256:7905440CB4BBAF4013EF822DA5E485EA41658794040F4C72E2F97A470103768B
                                                                                                                                                                                                                                        SHA-512:FF8732FCA4C150A495D4B8F275CF8538A660B0610A7C0B073E5C33EB055766FD44E228B24960EC6DE46C604EDDCD4BFC57B5AA262248D215F8274C28D6C7BA36
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//8383AB73F54805BFFA0EB895ABA9A086197271370F7762332F72D210F6749759D4A6FC9F0B4ADBDB4E2671F221BB57DB12151617475952E4872C026DA345D12F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.4681631267021595
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLdAmH4nkXIHk:7rrSOX8BC0Bj5dXEC0BjyKSNmYnkXF
                                                                                                                                                                                                                                        MD5:0EDCCBEBB95B26FC76D42A2CECBAA764
                                                                                                                                                                                                                                        SHA1:F76ADD96CE496FBC4EE5B2AFBA2A84AE2B9B2489
                                                                                                                                                                                                                                        SHA-256:A77F1B24EC2192EFB8AE6633F59CE635EE4503474B0A3E764D3FC5150BCB8712
                                                                                                                                                                                                                                        SHA-512:25BC6742FCD0C2F5EC62EAFA0FE535FC9844A71CEF6C72F940AE7F8075E8E7565036760F71BFB83E93EB99A42C029723B84F8BB6139F417BE824B6E3BF75BE89
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//87961B9173F2D94D4B74ED2FCD63AE66A1C472919AA1359815474BFF6C322F96EA29AB1C71123EE095141ED564CF4C070082082667A8378CBBA4AF4642FE50B6++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.4640340211071345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLFnSYZ6efJx:7rrSOX8BC0Bj5dXEC0BjyKSGnSYZ6ehx
                                                                                                                                                                                                                                        MD5:43629103D5C59E676091DB97595EA4CD
                                                                                                                                                                                                                                        SHA1:D1E643970315142CCB7EF2BE85DD12C9E2266236
                                                                                                                                                                                                                                        SHA-256:C50BF073086761F18E4C19F6CF6760F1A5866862A6FDE41FFBC6DC1414C82AED
                                                                                                                                                                                                                                        SHA-512:868DD80EB6B9D35D6E17A2405722CBDC8DDC80B7643601ACCCF0851015A4C1C09C434061F0430202E4DEB7FE93A7EF7EADF21D9A3F11C0440A746FD28DFD10D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//6C715F00592C9A8E12BEDE7BB80E795FE67C395D193DCBC8E7993AA8FDDB284AB854045C405D4DC58AAF66284CDF6E8279BE540FF7468D2FB3B2BD06F6202FAE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.460044162924
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLUyi4nz4YkJgr:7rrSOX8BC0Bj5dXEC0BjyKSYik5Ygr
                                                                                                                                                                                                                                        MD5:B64D112D31F22B90E016390858A9DBE2
                                                                                                                                                                                                                                        SHA1:A59720785D185E863D4AA86C415124EEDDEA4C66
                                                                                                                                                                                                                                        SHA-256:E1168E60ED4A0A27938EEE8255346F8C878300C3939F8DE2A932029820A44D64
                                                                                                                                                                                                                                        SHA-512:A82B8DDE5D27FAC85AD6625321FFE88D1E1D159EC8AC63556970E88ED10061BC02B03CFEDC75950A4566DA585AC3ECD004AE27A0C74885D9C21A3DD3D0F2AC61
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//049ED71187DC9C7F5E3BDC3358CD2F55E578D8CFE7B26C32E470096F6E0A88D36EF91B91E153E72629A186668812AE45833C3CCAFFE672BDAF788087AF1B5A7D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.468365047833703
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLNoUZ+TKCtbjgt:7rrSOX8BC0Bj5dXEC0BjyKSJ0+uCVjgt
                                                                                                                                                                                                                                        MD5:92109842597EEA630DF20C9C91BDB8B1
                                                                                                                                                                                                                                        SHA1:47A480BCF91B4C8C2554516C8A51A294382E9194
                                                                                                                                                                                                                                        SHA-256:2F95C1FCC662384D4E2602B44A337E8205A55F49E944F9AA841C1D5B15985D60
                                                                                                                                                                                                                                        SHA-512:A6C8ADDB4509812141799ACEE0FC6E5023A9EFCA39102B999FCE148FA939D049D834571FA8B122A820761B5D65006CB5B3C45B585604E6C2C9B47725BC19AE44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//46300D8C516DF8B344F807A56743331BD8C57B2D46D9D7A680EE27B5B5114D56A35CEC648769583B5A35D68FFD4E4B8EB1742ACE38D98BF824AF5D3FE3740C24++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.476171696681836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL3PwrOGTnQEpD:7rrSOX8BC0Bj5dXEC0BjyKSoQOWnQEZ
                                                                                                                                                                                                                                        MD5:FBCF94DD7558E4ABC25D445C2B855038
                                                                                                                                                                                                                                        SHA1:AE0BB326AB407AEED6D298F2269AE9393ED3463A
                                                                                                                                                                                                                                        SHA-256:BBFC0137200C374E859418D6081F4DD0AD9693D4598428C8CB424B4287F3F0DF
                                                                                                                                                                                                                                        SHA-512:53701D5F8717C0AA869EC69391DFD96D6628B6200BFEB7A685A15335079557CE83CB2F82403873E4AD952102900295DEF74338CB2B4FFD1471DED76B38213CAC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//778E5A4E3320F55FDB941C098D28E947DFD49810F40C5A094A541D1911F98C01E0B83309EC0997DC5FD367330C59B306E34DFB0262234C8ABD9B4F4FA5B22E27++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.455769630259385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLhQkuDgK8Q:7rrSOX8BC0Bj5dXEC0BjyKS2qVX
                                                                                                                                                                                                                                        MD5:1FDD86842BF5AA25335F2A1D280CE6D6
                                                                                                                                                                                                                                        SHA1:3318D8CB64B173ED79FC9B3ACA92899EE9CBDD76
                                                                                                                                                                                                                                        SHA-256:06A89845ECB9AFEEFB68D753172B48FCB6D2C55923E5C0593A69FB18D8FA8039
                                                                                                                                                                                                                                        SHA-512:5281C0B22141D6B6F2136E7E689F6B326B5C30FB6189A9A2F7512F2675E6245A528E16213FB75CF479D48D2D60930969F6C0C15743D73741F26E99514CED41C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//8BA00D1026CDF80196137FE38F707DEB372BED1C5FC8A5BA9DB5E41F76A6B2C3A80E4DB2DF8F22F85DA7A0B192B5730AE6889296E815023EA46FF2815E66D08A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.458084367122415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLFarozROn:7rrSOX8BC0Bj5dXEC0BjyKSfoo
                                                                                                                                                                                                                                        MD5:64480BC326C67955F6F0A51024DA850D
                                                                                                                                                                                                                                        SHA1:ADD98D1CF69F478EA85484E9BD91B453762E5275
                                                                                                                                                                                                                                        SHA-256:9784D51583F47BBE01082ABF2EAC886790A949902651B7F49120E93748B96109
                                                                                                                                                                                                                                        SHA-512:33CB12B5632CC93819CD8D818A47040F333687C5F0E8CCA9DC8FE2EF18F9AE6ABDD5065C1685F53F19AA35821122ED9FBA1727A7EAC5A172A1C92033E3EF4C85
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//4EBFCF0494610E38E98779A04A90096BF15F24DF4CDE6D5DD2FD2EE30D6408D4C40C071B0654E5CE7D42D712F71987D68B2DFAA49FEF3E528CB7A5D5BC5CFBAE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.479222570670271
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLvbtCKyr9yO:7rrSOX8BC0Bj5dXEC0BjyKSvJyO
                                                                                                                                                                                                                                        MD5:C551CC2A5800AE6BC17FF064B3D51E9D
                                                                                                                                                                                                                                        SHA1:DA6387D8CCF66C1E99EC9DFD602F85D7F1D9C644
                                                                                                                                                                                                                                        SHA-256:FB3D85A984AFDDA575E080F3FB43E7348A507B8666C39A0890F3E9889375038C
                                                                                                                                                                                                                                        SHA-512:E5660838E3A00A3C76B979763B81D5256E3A2B5A9887AA190D7AA1E3E462774ECC97660D43A291477A15A87AE35A31890BBF9592FC24605449E171DDCE1DEAE0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//CD6C720C935358F945C79BA5C48234725982A56B3E893F7459E6ADBDAFD18E1DF17690901C93B8D3CE9326066ECD7C1823B75E70C5054A20092428A16C31092F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.465216358204473
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLQKpWB04LoGRADZ9O:7rrSOX8BC0Bj5dXEC0BjyKSjKpWB0m8s
                                                                                                                                                                                                                                        MD5:731AC54F710AA4B9C54B2CB3754D2046
                                                                                                                                                                                                                                        SHA1:E2DB19679344200E6EA7EA3A5549CC2261B34DDD
                                                                                                                                                                                                                                        SHA-256:C384B7F70C5E47F113ECC2C6327ED464E153192BE3B9D25585AD9C844AA008D3
                                                                                                                                                                                                                                        SHA-512:9589BD0BBA538C9FDD9EDFF6C598FDB41541EE2E30386FE9F055EAD268239FE220A8194ADEAD2E5C04EDFFD46DDEF2A6A82BB6CA8CD390C4085AEB7D0613753D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//0C6F55AD15B3081131C7DA5D55DA212FED171688DBDF5D3C45FC2736DE73807CCD0BB862CFBD341B88F289BAD6A3803CA894D38BA04ACA5541670CEE565839F7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.452339886868324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLj25wLFDZA:7rrSOX8BC0Bj5dXEC0BjyKS6zF6
                                                                                                                                                                                                                                        MD5:872ECC831BCF8BF2919EF7187AC62D1C
                                                                                                                                                                                                                                        SHA1:30EF273634C9C86E5BC317F852A8911D197ACF70
                                                                                                                                                                                                                                        SHA-256:B2EC6F8A8DD3B0D38D2C81F6133CD69A0A560B15F289BE2CEB852316D8B31178
                                                                                                                                                                                                                                        SHA-512:23233D20B16BC41C7C1B38C94ED72275FEDC9FABBB82484EA4A210858274DDFF7583EFABDBD4845C54DE0785C0F5159715FC772B051FFD0D35570B428450C47D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//12748ED71E97987E51969D12D77BBEEBB06433E03AEC7E512D10F2B32910B4C7800BCA5330B920F784887E5E23885148BD76917E823FA99921EB3E8FBA709C18++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.4688230129151405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSohckB5+iSr8:um8BC0d5dXEC0dyKSohj0iM8
                                                                                                                                                                                                                                        MD5:BB59C56DB2112B203176F01540BA19C1
                                                                                                                                                                                                                                        SHA1:6DC11B8E00216FE2928FA5F513D773906233AB0D
                                                                                                                                                                                                                                        SHA-256:610DAA025533ECB85A3CB9742C2146EDBC4A59B753E41D75C78BE43057A51211
                                                                                                                                                                                                                                        SHA-512:93ECA7D80A1C1FDE57FB7AFFCE3F8E71D3BD22AABFF27CC594CC87B4F9FA6CB28507BDE0809AEA58B05DC40BE12735B127DF4313FE6BBB83581A542662EF96FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//FE4E8692B6ACD523E8A52AD267020BD32B27F78052F344D621DAF878683548D74C4B5826EF8AA74764F4F83985119BA165ED7B1212CA1A9E100122DF433FF758++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.478222120972604
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLB7OS9VqfY8iyS:7rrSOX8BC0Bj5dXEC0BjyKSc7OzfY8i1
                                                                                                                                                                                                                                        MD5:8148B34B88B5367B0B0D27C11713FE37
                                                                                                                                                                                                                                        SHA1:C840B2BCC77E6CBEAAE6BAE5E95436496C0CF8A9
                                                                                                                                                                                                                                        SHA-256:607A7EB193F77B9856FFC7FA0A584AFBD272FD2FC2AB4605093A2CD5958EB965
                                                                                                                                                                                                                                        SHA-512:3F70DA8EC5E18FC2B395120241C349BC3722A913A215FEED6F1ED0376B41D0ADD73895BEDB7F7F6B88EEE664B2DD5CD39A4ACCE6AAD1F175A101E5BA09E4C7BC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//C72AB1F44FF0E7317CF3A63C40C3385222E0CFB77E4B0D06CDB0E3180F349B4F33C9812CEE85B9453786DD1114675419B127BE0C3F6CCA0FB608F5F466953341++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.4666527476313655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL5ppr3DF33jB:7rrSOX8BC0Bj5dXEC0BjyKSYdB
                                                                                                                                                                                                                                        MD5:B9F8F2F22FD42FFAA28A1388F098BF8F
                                                                                                                                                                                                                                        SHA1:D20D9DB4E7FE7FDEF75C50EAA4E5063CFBFBCF93
                                                                                                                                                                                                                                        SHA-256:7F60CBF3E246A7D987F67831F254968323C1C243FAFE8C20C0823DABFC005A47
                                                                                                                                                                                                                                        SHA-512:744048B7B79314727928410FDFEAEEB0172376C44A5F603C452AA10D38CB56FCB28DAFF4468CCB11AE48C1F46232335AD31183EB0B3D678EA950ABE898A75886
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//0BABEC8393ABFB82A84C43F759190E41600DB4795F370878B13F36486FEF8CC9E979363BF4D9D5679D3364C6FE889B429AE19A08B186F0968813F6A56E534CAE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.437639129023183
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSg/QcB2p/4+:um8BC0d5dXEC0dyKSNLv
                                                                                                                                                                                                                                        MD5:3521B8617F2497173CDEA2C608EBCE79
                                                                                                                                                                                                                                        SHA1:1B2CEC8CC5FC553B195746643CB65ABFA385BFAB
                                                                                                                                                                                                                                        SHA-256:253995B18377DF697F155B21B1436B45E2B755CC9EF3904C569CDBFFCA40C790
                                                                                                                                                                                                                                        SHA-512:261D412B168177D9DDB3A8A98F247738811C08ACB9EB0BEF4F6E02E961895CBFBCBBBABFF0FC8DFB1030397DAB701A240EE9EDB6FBB04DCFD0D4C46928E2CB5F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//587348052A00EFF6022DAE5EAA3EEC1BD3748E68209E91471E49125D304FB1FBDAE1ED817223AA2B0A85A74DEF861DCC0E161E1E2C1DF4BFD5B24AE67ACFC695++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.472280457591171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLDn5I3ndm0G0+3RkLX:7rrSOX8BC0Bj5dXEC0BjyKS2sTERkr
                                                                                                                                                                                                                                        MD5:EDDB82C4C3206EE3AD61604B7D0C1AEF
                                                                                                                                                                                                                                        SHA1:0B9D5CC2424480F20CE8437EDC7FD6C171F65C08
                                                                                                                                                                                                                                        SHA-256:5BBC81C6BFDE88B7A23A63AC9138A24CB4C934543DDA91A662BF8D13B4C4D79A
                                                                                                                                                                                                                                        SHA-512:926FAF735DFC4CCA49896867472646DF519FE995587DB3B94D9F050974FFD7ECE776277DAC7838C5AE7528690611C700DC2A7DA2CF6C245207C1D52A22C1B819
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//C2DB7E45678F5B4C989E5D0B5CF1A76DF7268450AD159735B6BB1F01AF2F90925818BEF97EA8D7D2446AB8FC4D5D4105D3F89D643C188DF964B4A0EA8B65C08B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.473198819030462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSjlkcfvgRVKc:um8BC0d5dXEC0dyKSjSc35c
                                                                                                                                                                                                                                        MD5:BAF685FF0C6C5A2FF48E482B6F06535B
                                                                                                                                                                                                                                        SHA1:9082F40F4D999F79887B18A6A26120FAF9457FDD
                                                                                                                                                                                                                                        SHA-256:7384E13D41C5BC2CC27264D50FACF1A6ECBF9B976966B36EB1FA051C994064C8
                                                                                                                                                                                                                                        SHA-512:0BDCF4B96D96C75D3D06ED5C76CF22C066561841A39C9228824149E49911F2FD842D17C4E9BF02C98DFDD54168B6B8F91844FC3DB8387D9C036BC2F83D807449
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//456758CFF398E625FED4ED9998009BAAE2FB51433E43F689F7A8F173E78232F3B41033D633E4A08FA7520F7B93169B8B544161679A714A25E02A3D59D10F3725++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.467933683241321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL0MejR4XzSM:7rrSOX8BC0Bj5dXEC0BjyKSV4XzD
                                                                                                                                                                                                                                        MD5:FF0157CB7CA478ABA29C229DC7FFF2F5
                                                                                                                                                                                                                                        SHA1:6016116641EE09001AE6C215EA0778DE7F908EF7
                                                                                                                                                                                                                                        SHA-256:5AA374813101912BF8681265E2B3DFF89C83FF384A402E6388FE118FFD2026D7
                                                                                                                                                                                                                                        SHA-512:3508618FAFE39023588F03F354AC77B3EAC9102CAE6872D57190926B802724FC2E025FAF39186B177AD505A83E1C9E9CF98D0BC5DAC629BD7D875E500F2CDEF3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//89443ECFFC69C3950B7E45124F2E1B9CB9543D5FFE09B562BB5FCD8D323562FD5909FBED63340F33ED88865BAE9BC85753CDCE676E815C2AE7EC69FC16D0D940++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.484054657480116
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLvxSN7R5+o2O:7rrSOX8BC0Bj5dXEC0BjyKSXR36O
                                                                                                                                                                                                                                        MD5:664AB83CA569917EE20048DB7E2ADD33
                                                                                                                                                                                                                                        SHA1:BE73B09B4B6D22FEF134BBC800B90612C89C2F8C
                                                                                                                                                                                                                                        SHA-256:5E8995EE749BA3A370C9108DFCECDD1D9CEBB7A78F441E5994E037ABE654F08D
                                                                                                                                                                                                                                        SHA-512:50F919182F838E93C2E9C9B160B5D9E78D105E32E2C072B3C5574D443291C153289A0A7BED7D59A5F853863DEAAEEF35162562C9AA637E890C61952D53F357A8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//B0820A251882C93809480740BF887950076CBC76074056EC968A1B35519E8688E2A99831CB5CBFB3EAF844FD035776698FD36DB988F155387F94732B833F431A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.467854846870318
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLvlVYNQWeQG0A4hhNEU:7rrSOX8BC0Bj5dXEC0BjyKSYVZNsNZ
                                                                                                                                                                                                                                        MD5:9A8C3FB1C6134B00D85ABB0A3022E867
                                                                                                                                                                                                                                        SHA1:36E41EB2BB19DA9171D6CD389A7D280E3FC2AA18
                                                                                                                                                                                                                                        SHA-256:46579E9DE225DCDFAED614BF0741B09888A89089FD71B5C103CF8B8C46614379
                                                                                                                                                                                                                                        SHA-512:A8D8FCCF56D2D401BA4C91A13E9182E90802AB1C1E8A7414DDF266310B4CCB15294B179A8D4E7DEAED4F136E1BD8E8BE33261D9F695B11D36F666F577983BFC7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//083A77309DC49B2536060DCBA9B611C37166AF85980A2EDE4686D5AFB2CDC5F2CC074E9B3269EC81B60EF6DF6F674347F5EC041C039CD86C32857C53AA9E68BE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):803
                                                                                                                                                                                                                                        Entropy (8bit):5.45628552610538
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLY8cqrn3h:7rrSOX8BC0Bj5dXEC0BjyKSycqbx
                                                                                                                                                                                                                                        MD5:93BA5421BF2594302976857A390BD5DB
                                                                                                                                                                                                                                        SHA1:5BDCD1B03227B7555FEDCAF6B4199ABF4DBEB0C1
                                                                                                                                                                                                                                        SHA-256:6BE4E73AA50737C25C591576CADA00EC21D9AA7F833125254B0F5ADAF0512209
                                                                                                                                                                                                                                        SHA-512:8426B2D4646C759AD6EBD43EB7C54AB1959E9E5790EB47C30E4802ABCEBB52F3AE9AA661D954BE3318B9E61F3B41F7F42D4CE72FC8A65BE4E8C420D9BF3E1599
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//AB612EB0E93BEDD126B6FA11CB3E439753F759BB3BB4A4F945DD4096E3179EC7D6614FE23D8E6FEBE4FDC8A987349C03B8C73A3203275C4010064A27A1971E11++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5377
                                                                                                                                                                                                                                        Entropy (8bit):5.641647665637404
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:WQVBazY8QxuorbT6roQ/CZwmBrqtXNMDUaGCrW+NlaVy98ZDcT7ek81p:WQvaz3AumireG6HYVygDcTqh1p
                                                                                                                                                                                                                                        MD5:4907A6CC8D9A389E260E43986E997942
                                                                                                                                                                                                                                        SHA1:48DECF20FC76CAB37A0565595DCA7972433B75CC
                                                                                                                                                                                                                                        SHA-256:A4F74FB2DC45ABBAA5A7F7A73196E6C48DEE50F9CC011852B1249144AC4B800C
                                                                                                                                                                                                                                        SHA-512:A188A6C7BC40C8C87518B153DBF03DEC0FB6B75F28B5E7B657D81FDE9643C92C1EAB3D56EA90149B07989DB0E717C49DEF3B527DD922BA8BC11B33D62FECC4E8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Prob.h. skenov.n..",.. DL_SCANNING_MESSAGE: "Soubor, kter. chcete st.hnout, pro jistotu skenujeme.",.. DL_BLOCKED: "Zablokovan. stahovan. soubor",.. DL_SCANED: "Skenovan. stahovan. sooubor",.. SS_ON_STATE: "Bezpe.n. vyhled.v.n.",.. SS_FIX_MESSAGE: "V.born.! Tyto zm.ny provedeme p.i p...t.m restartov.n. prohl..e.e.",.. SS_OFF_STATE: "Je vy.adov.na akce.",.. SS_OFF_MESSAGE: "Upozorn.n.! Ka.d. des.t. hled.n. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "P.idejte k v.sledk.m hled.n. hodnocen. rizika",.. SS_OFF_DIALOG_CONTENT: "Ov..te bezpe.nost odkazu d..ve, ne. na n.j kliknete.",.. SS_SEARCH_OPTION: "Nastavit slu.bu Bezpe.n. hled.n. jako v.choz. vyhled.va.",.. THREAT_OFF_STATE: "V.straha zabezpe.en.!",.. THREAT_OFF_MESSAGE: "Po..ta. je vystaven hrozb.m, ale m..eme v.m pomoci.",.. AVFW_DIALOG_HEADER: "Antivirus a br.na fire

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5126
                                                                                                                                                                                                                                        Entropy (8bit):5.339901939683557
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:uZb3Bdp2fhG5TrVo8Ybuoo/tFCld/lwrYeCEUVlku/TzmV9S9hSFmUihZL:QCfhwrrYbuoG4Z+VchgmZL
                                                                                                                                                                                                                                        MD5:ABCC949F3B27EFB5F5D6022BC58B4D30
                                                                                                                                                                                                                                        SHA1:39B9B69A2DF8986F559B452430B00A19CF720E5A
                                                                                                                                                                                                                                        SHA-256:FB964FBE9C761ABC20AAC64DDB2C8EABD2A33ACBEB84BAA0B5A7CD61AF13039A
                                                                                                                                                                                                                                        SHA-512:29323D14E1CA9B5BC0B2F648917348BA2339447B415F5EAB0D7A0F62DBC903A0CDDAA8FABEC35075975C8B27AC75F3323BF07DA2BD7A05C438808F5FC13A1208
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanner .",.. DL_SCANNING_MESSAGE: "For en sikkerheds skyld scanner vi overf.rslen.",.. DL_BLOCKED: "Download blokeret",.. DL_SCANED: "Download scannet",.. SS_ON_STATE: "Sikker s.gning",.. SS_FIX_MESSAGE: "Fint. Vi foretager disse .ndringer, n.ste gang du genstarter browseren.",.. SS_OFF_STATE: "Der skal udf.res en handling.",.. SS_OFF_MESSAGE: "Advarsel: 1 ud af 10 s.gninger indeholder et farligt link.",.. SS_OFF_DIALOG_HEADER: "F.j risikobed.mmelser til dine s.geresultater",.. SS_OFF_DIALOG_CONTENT: "F. at vide, hvor farligt et link er, f.r du klikker p. det.",.. SS_SEARCH_OPTION: "Brug Sikker s.gning som standards.gemaskine",.. THREAT_OFF_STATE: "Sikkerhedsadvarsel",.. THREAT_OFF_MESSAGE: "Din computer er i fare, men vi kan hj.lpe.",.. AVFW_DIALOG_HEADER: "Antivirussoftwaren og firewallen er ikke sl.et til",.. AVFW_DIALOG_CONTENT: "Ca. 864 millioner stykker personlige oplysning

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5366
                                                                                                                                                                                                                                        Entropy (8bit):5.333207392444786
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:F20O91pUKtemTKjnkGzgUIzeRF9DQ8YMLOeaTkHzp1E9Cm6uUUZJ:F29CKteQKjnkGzwzeRN8hA1EEtBaJ
                                                                                                                                                                                                                                        MD5:79E48401581302DF0AA154212DCAC69E
                                                                                                                                                                                                                                        SHA1:400D9750ECC5B20C00BDC5C661DA61DDC3496A9C
                                                                                                                                                                                                                                        SHA-256:E24A21D80C88AE6DE71B01D02761DF343D88017A4D624700B83D1FB77A28A004
                                                                                                                                                                                                                                        SHA-512:733E66CC4A3CA0BF52B9D2B3DF04317A90321B5FD00EC0D917B861C72F13C7237904480E5440E8E11AC4D7768FDCBB4D5D828294A52BD9E0DB5D6C89F174C811
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Wir scannen den Download zu Ihrer Sicherheit.",.. DL_BLOCKED: "Download blockiert",.. DL_SCANED: "Download gescannt",.. SS_ON_STATE: "Sichere Suche",.. SS_FIX_MESSAGE: "Sehr gut. Die .nderungen werden .bernommen, sobald Sie Ihren Browser das n.chste Mal starten.",.. SS_OFF_STATE: "Handlungsbedarf!",.. SS_OFF_MESSAGE: "Warnung! In 1 von 10 Suchergebnissen ist ein gef.hrlicher Link enthalten.",.. SS_OFF_DIALOG_HEADER: "Risikobewertung f.r Ihre Suchergebnisse hinzuf.gen",.. SS_OFF_DIALOG_CONTENT: "Erkennen Sie gef.hrliche Links, bevor Sie darauf klicken.",.. SS_SEARCH_OPTION: "Sichere Suche als Standardsuchmaschine festlegen",.. THREAT_OFF_STATE: "Sicherheitswarnung!",.. THREAT_OFF_MESSAGE: "Ihr Computer ist ungesch.tzt, aber wir k.nnen Ihnen helfen.",.. AVFW_DIALOG_HEADER: "Ihr Virenschutz und Ihre Firewall sind deaktiviert",.. AVFW_DIALOG_CONTENT: "Seit

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8385
                                                                                                                                                                                                                                        Entropy (8bit):4.965396187680861
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:BYz3hNXL4xrlON0pOqxptk2xgthUE6wfOhLQva:ULXUlObqTC2xgwmOhcva
                                                                                                                                                                                                                                        MD5:A8EFEB1C107D9193D0ED0350A2D57D4D
                                                                                                                                                                                                                                        SHA1:1AFF195231B3518332C0B51B14A57094DF4E07F3
                                                                                                                                                                                                                                        SHA-256:CAD6A50DFB58CBBAD929E6395FB35B7D6DDB614002EBF791429C8971D43402B6
                                                                                                                                                                                                                                        SHA-512:BA973F676DEE196775ED3BBD90950E1402551295C2E2C7778716705632D7966A18541762A58622AA8BFCDFA27A24F1E6A07681CB66BF565585D7592312466B07
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".........",.. DL_SCANNING_MESSAGE: "......... .. .... ... ... ...... ..........",.. DL_BLOCKED: ". .... ............",.. DL_SCANED: ". .... ........",.. SS_ON_STATE: "....... .........",.. SS_FIX_MESSAGE: "......! ..... .. ....... .. ........... ... ....... .... ... .. .............. .. ......... ...........",.. SS_OFF_STATE: ".......... .........",.. SS_OFF_MESSAGE: ".......! 1 .... 10 ........... ........ .......... .........",.. SS_OFF_DIALOG_HEADER: "........ ............. ........ ... ............ ..........",.. SS_OFF_DIALOG_CONTENT: "...... .... ........... ..... .... .........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4755
                                                                                                                                                                                                                                        Entropy (8bit):5.33837511405271
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:uU3x9/eMjflrS5xsyoBkXqLB+Qz/Q1wU9pYOosphegh:3x9Jjf2Kkm8GQ1NPjV8O
                                                                                                                                                                                                                                        MD5:C64AF74760FBAEF0F40E6F4A73DA76E0
                                                                                                                                                                                                                                        SHA1:629FFF8203F2E48CA77390766238A591CDAEB577
                                                                                                                                                                                                                                        SHA-256:1048BEF13EAFE85D79231CD443D51D1B890BEFA3FC2C332AF1D0E19596AB6230
                                                                                                                                                                                                                                        SHA-512:8F7C52109F179A6C6267B43C37D25921A78624C2B6AE52E27E6C3E7DBB5AE8D145CBE49A145816D49E78289BFE805C5E83E8027B409B1B4E6302ED1EE4484C14
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanning...",.. DL_SCANNING_MESSAGE: "We're scanning your download just to be safe.",.. DL_BLOCKED: "Download blocked",.. DL_SCANED: "Download scanned",.. SS_ON_STATE: "Secure Search",.. SS_FIX_MESSAGE: "Great! We'll make these changes the next time you restart your browser.",.. SS_OFF_STATE: "Action needed!",.. SS_OFF_MESSAGE: "Warning! 1 in 10 searches contain a dangerous link.",.. SS_OFF_DIALOG_HEADER: "Add risk ratings to your search results",.. SS_OFF_DIALOG_CONTENT: "Know how dangerous a link is before you click on it.",.. SS_SEARCH_OPTION: "Make Secure Search my default search engine",.. THREAT_OFF_STATE: "Security Alert!",.. THREAT_OFF_MESSAGE: "Your computer is exposed, but we can help.",.. AVFW_DIALOG_HEADER: "Your anti-virus and firewall are off",.. AVFW_DIALOG_CONTENT: "About 864 million personal data records have been compromised through data breaches since 2005.<br/><br/> Don't browse

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5193
                                                                                                                                                                                                                                        Entropy (8bit):5.30010006130118
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:dRey5rMscODKKai5iihhi6VnRSyLK3yAEK9WOM0CKAXN:dUWr+ODhai5SknRSkNKPM0Vi
                                                                                                                                                                                                                                        MD5:839E82A59DCA6539F9104EF226AB12B5
                                                                                                                                                                                                                                        SHA1:531F958928821034D667E56FA40AB8F56D587EE9
                                                                                                                                                                                                                                        SHA-256:94ADB603E0D02B063CD0854B6B7B4ECC7A99BAE32BA29EB0146492808A7F27CC
                                                                                                                                                                                                                                        SHA-512:B87A56D7012FFFEDE9D074FB94AA3FB7A0208415426E3ACC08E683E6F2E2BFE5EAC8AAFCAC5EEF8F69406C0F552AB80D80DDC63F54AE16FD319D287E39207428
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando...",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Genial! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Debe tomar medidas!",.. SS_OFF_MESSAGE: "Advertencia: 1 de cada 10 b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de sus b.squedas",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Definir B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Su equipo est. expuesto a riesgos, pero podemos ayudarle.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desactivado

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5216
                                                                                                                                                                                                                                        Entropy (8bit):5.313902280964203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:zyErLx7VO33aiG/qshhi6VnRfylmDiP2QuyMLii9j0OsKbKk:zXrXO33aiiMknRfyp/Haiitfz2k
                                                                                                                                                                                                                                        MD5:9049FF294A992AEF9345CAFA6A091F9B
                                                                                                                                                                                                                                        SHA1:D7DB2B214C26C2BBA3E3D6700E3D7C624EAC640F
                                                                                                                                                                                                                                        SHA-256:33335130D6AC24CAA2BDC2D559A77E7258C262AB83CB38A57DAF761E742D9774
                                                                                                                                                                                                                                        SHA-512:00286C6D76F7043A999E5580CE6F4C7A0D5FE1CAC41DF415F0B66FB1A2639FCCE41EEEE8579C055ACEFF06089F582060A030E3D93E35B1ED2D8355BE4DD5988C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando.",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Excelente! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Se requiere acci.n!",.. SS_OFF_MESSAGE: ".Advertencia! Una de cada diez b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de la b.squeda",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Establezca B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Tu computadora est. expuesta, pero podemos ayudarte.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desac

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4959
                                                                                                                                                                                                                                        Entropy (8bit):5.310989114654901
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:5ZZ4vNUD1ns7pqxqkRKk/eFt+2jiLRQoYWzZ0pu96M1cEC:PZ4vNlq4kRKkGSRcpuw4M
                                                                                                                                                                                                                                        MD5:6791985A7778CB6DDB716ED5DBFCC87C
                                                                                                                                                                                                                                        SHA1:8E2ABD344EAE69130A305F607925B0765DF1C1DA
                                                                                                                                                                                                                                        SHA-256:8EE1B851A66E10AA7282A50D11156D14ED2D4AFB6D835137953169B24247137F
                                                                                                                                                                                                                                        SHA-512:4C34F09E4613799F4546068066CB55FF3ED6187EC82985C017AC537C5DCCF7C208546FAD4636C51D0938815ADFC03EF3AA7C00326AED1661535C6443D71E88DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Tarkistetaan.",.. DL_SCANNING_MESSAGE: "Lataamasi tiedosto tarkistetaan varmuuden vuoksi.",.. DL_BLOCKED: "Lataus estetty",.. DL_SCANED: "Lataus tarkistettu",.. SS_ON_STATE: "Suojattu haku",.. SS_FIX_MESSAGE: "Hienoa! Muutokset tulevat voimaan, kun seuraavan kerran k.ynnist.t selaimen.",.. SS_OFF_STATE: "Toimia vaaditaan!",.. SS_OFF_MESSAGE: "Varoitus! Joka kymmenes haku tuottaa vaarallisen linkin.",.. SS_OFF_DIALOG_HEADER: "Lis.. hakutuloksiin riskiluokitus",.. SS_OFF_DIALOG_CONTENT: "Luokituksen avulla n.et ennen linkin napsauttamista, onko se vaarallinen.",.. SS_SEARCH_OPTION: "Aseta Suojattu haku oletushakukoneeksi",.. THREAT_OFF_STATE: "Tietoturvavaroitus!",.. THREAT_OFF_MESSAGE: "Tietokoneesi on alttiina uhille, mutta voimme auttaa.",.. AVFW_DIALOG_HEADER: "Viruksentorjunta ja palomuuri ovat pois k.yt.st.",.. AVFW_DIALOG_CONTENT: "Noin 864 miljoonaa yksityist. datatietuetta on jout

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5692
                                                                                                                                                                                                                                        Entropy (8bit):5.305547418395284
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:0MxyhGiDkpQQrrENOqplZuFfrYnWv6HScq48Ky6o9Q+W55fTsr:0ZhGVQQrrENOqYIH2V6o/W5g
                                                                                                                                                                                                                                        MD5:A1435246B2737313DF1A554BF9560796
                                                                                                                                                                                                                                        SHA1:1B14398A75FA4E6568E8C8FD5730B36E43AEB491
                                                                                                                                                                                                                                        SHA-256:ECD13B5D66F793747747F2A6D3F5AB7E54F12C70C558F07CFC778915F6D22B0E
                                                                                                                                                                                                                                        SHA-512:9BCD40400EC3F4FA0AA99E6DCE441A9979111DFF99DBA245D62B0C1FB1C7581D874373E97B2B25FDA05FD0DD70ABF32FD2A2F4AA9E7DE303C873E7095235F820
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Nous analysons votre t.l.chargement par simple mesure de s.curit..",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien! Nous appliquerons ces modifications la prochaine fois que vous red.marrerez votre navigateur.",.. SS_OFF_STATE: "Intervention requise!",.. SS_OFF_MESSAGE: "Attention! 1.r.sultat de recherche sur 10 comporte un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajoutez des cotes de risque . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Connaissez le niveau de dangerosit. d'un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "Ajoutez Recherche s.curis.e . mon moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit.!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est vuln.rable, mais nous pouvons vous aider.",.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5621
                                                                                                                                                                                                                                        Entropy (8bit):5.3156344705208065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:yp99a4ffmtaCS1mELq47byJXGUmytipUS22d9h+/ijfTEqZ:yXAaCpELq4Fr2c/2it
                                                                                                                                                                                                                                        MD5:E5B0EA0245FB6CBAAB8C4D3A08C393B0
                                                                                                                                                                                                                                        SHA1:A31DA25DF14733B0D70226907E71C71CB26A6B49
                                                                                                                                                                                                                                        SHA-256:9F02BDF4628C45E7ECEB7A5FE8ADBB7F1419A56BC64DABB3A266DC70E8100EB1
                                                                                                                                                                                                                                        SHA-512:8D0AF6205301C91613A08A5DFB193C5447133EC1EC8FF6CA7FD56C62DB5554CDC4F6B0539F6E232206305ED8CD5921804D229F7563FA8D8B3F3E9216788BD6D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Par pr.caution, nous analysons votre t.l.chargement.",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien. Nous effectuerons ces modifications au prochain red.marrage de votre navigateur.",.. SS_OFF_STATE: "Mesure . prendre.",.. SS_OFF_MESSAGE: "Attention.! Une recherche sur dix contient un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajouter l'.valuation des risques . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Prenez connaissance du danger que repr.sente un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "D.finir la recherche s.curis.e comme moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit..!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est expos. aux menaces, mais nous pouvons vous aider.",.. AVFW_DIAL

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5041
                                                                                                                                                                                                                                        Entropy (8bit):5.412768950482965
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:W82DDbczNyMnf3MeFH+JDxk/zay9SIhFO8DF84sSbuoU0zDub9FONkd3V/p5RPo:W34zwMfceFHSDxa1FcZbLONslh5K
                                                                                                                                                                                                                                        MD5:BF9C06BC82347C4226E83618E45E0ECD
                                                                                                                                                                                                                                        SHA1:1BB74A3680E9D973B29B99EE482FC5C22FE15D85
                                                                                                                                                                                                                                        SHA-256:EE84CA9451E450B17F3FF42981F1159304BE13FF4976DC79740DAD6E90C7E577
                                                                                                                                                                                                                                        SHA-512:4C491DB0FE54FD64CDFE9876AFDBFE49D88F1F9C012ED9AD9644B85ED192AC93AD033D5FFCAC35C0661358526F92803BEAB2F8CBD0DAFE83A32CB8831E02C011
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Pregled...",.. DL_SCANNING_MESSAGE: "Pregledavamo va.e preuzimanje za svaki slu.aj.",.. DL_BLOCKED: "Preuzimanje je blokirano",.. DL_SCANED: "Preuzimanje je pregledano",.. SS_ON_STATE: "Sigurno pretra.ivanje",.. SS_FIX_MESSAGE: "Sjajno! Ove .emo promjene uvesti sljede.i put kada ponovno pokrenete preglednik.",.. SS_OFF_STATE: "Potrebna je akcija!",.. SS_OFF_MESSAGE: "Upozorenje! 1 od 10 pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocjenu rizika rezultatima pretra.ivanja",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je veza opasna prije nego .to kliknete na nju.",.. SS_SEARCH_OPTION: "Postavi Sigurno pretra.ivanje kao zadanu tra.ilicu",.. THREAT_OFF_STATE: "Sigurnosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va.e je ra.unalo izlo.eno, ali mo.emo vam pomo.i.",.. AVFW_DIALOG_HEADER: "Isklju.eni su antivirusna za.tita i vatrozid",.. AVFW_DIALOG_CONTENT: "Oko 864 milijuna z

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5401
                                                                                                                                                                                                                                        Entropy (8bit):5.530601362994458
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cDlYr1MDbtVqXiZgRRGXtsXPG8sZT15INx7h6X9mwu9Dvymc+cE0AHBN//:hZYHqXiL8y5WzN6gwuBKmzP5Hr/
                                                                                                                                                                                                                                        MD5:F7502F5266899395B3AB919B9BA50564
                                                                                                                                                                                                                                        SHA1:58559A24F7030C7CCDD7BDFB878925AE1BE055F9
                                                                                                                                                                                                                                        SHA-256:8E403D65811F0AF8B86AFD7B61E539920C3D7C4F97CE99E6BC826997E9401F0F
                                                                                                                                                                                                                                        SHA-512:64E8CC9B193C21A3D0906C5FEB4F3DB02F5C293598D063E7AFDF7434B152412F8A7C0F42DFDD5EA5C6F6A4CAFA39BBA929682D14A27FEBE1FB70434D18096274
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Vizsg.lat...",.. DL_SCANNING_MESSAGE: "Biztons.ga .rdek.ben .tvizsg.ljuk a let.lt.tt f.jlt.",.. DL_BLOCKED: "Blokkolt let.lt.s",.. DL_SCANED: "Megvizsg.lt let.lt.s",.. SS_ON_STATE: "Biztons.gos keres.s",.. SS_FIX_MESSAGE: "Rendben. A b.ng.sz. k.vetkez. .jraind.t.sakor v.grehajtjuk ezeket a m.dos.t.sokat.",.. SS_OFF_STATE: "Beavatkoz.sra van sz.ks.g!",.. SS_OFF_MESSAGE: "Figyelem! Minden tizedik keres.s vesz.lyes hivatkoz.st tartalmaz.",.. SS_OFF_DIALOG_HEADER: "Vesz.lyess.gi besorol.sok megjelen.t.se a keres.si eredm.nyek mellett",.. SS_OFF_DIALOG_CONTENT: "Ismerje meg a hivatkoz.s vesz.lyess.gi besorol.s.t, miel.tt r.kattintana.",.. SS_SEARCH_OPTION: "A biztons.gos keres.s legyen az alap.rtelmezett keres.motor",.. THREAT_OFF_STATE: "Biztons.gi riaszt.s!",.. THREAT_OFF_MESSAGE: "Sz.m.t.g.pe sebezhet., de seg.thet.nk.",.. AVFW_DIALOG_HEADER:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5110
                                                                                                                                                                                                                                        Entropy (8bit):5.2259082446153595
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:ZDrBAuuEnhYJMxwmH77265IcUNspZPBDNMTix+wwyHTd9H7pmC2eN:drLnhYJ2wmHf2MIcUYQw1HJR74gN
                                                                                                                                                                                                                                        MD5:9113F8E064FFC5DE68DCE1F9824EF11C
                                                                                                                                                                                                                                        SHA1:B438C3E5223A6C57B69D5099665FF9950CFB1A6F
                                                                                                                                                                                                                                        SHA-256:5E702F758B7F5A02763953C4D51ACDF367E62514FFB9214AE414415232307318
                                                                                                                                                                                                                                        SHA-512:782C20090FFE7C565C826958DC56C708353E0701925D1B6112598C62309A50153C4F02F6A0E8892BD22BEA2AAB05968CFD878A1C81052DF4996E68A4D212082F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scansione in corso...",.. DL_SCANNING_MESSAGE: "Stiamo eseguendo la scansione dei download per verificare che siano sicuri.",.. DL_BLOCKED: "Download bloccato",.. DL_SCANED: "Download scansionato",.. SS_ON_STATE: "Ricerca sicura",.. SS_FIX_MESSAGE: "Perfetto! Apporteremo queste modifiche al riavvio del browser.",.. SS_OFF_STATE: "Intervento richiesto.",.. SS_OFF_MESSAGE: "Avviso. 1 ricerca su 10 contiene link pericolosi.",.. SS_OFF_DIALOG_HEADER: "Aggiungi le classificazioni dei rischi ai risultati di ricerca",.. SS_OFF_DIALOG_CONTENT: "Conosci la pericolosit. di un link prima di accedervi.",.. SS_SEARCH_OPTION: "Imposta la ricerca sicura come motore di ricerca predefinito",.. THREAT_OFF_STATE: "Avviso di sicurezza.",.. THREAT_OFF_MESSAGE: "Il computer . esposto a rischi, ma possiamo aiutarti.",.. AVFW_DIALOG_HEADER: "Antivirus e firewall sono disattivati",.. AVFW_DIALOG_CONTENT: "Dal 2005, circa

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6573
                                                                                                                                                                                                                                        Entropy (8bit):5.724191230398909
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:NTUsvaiozLJ9h9yY4smsT7h0O71Kw1JFi:esv4J9HyY4smsT7h0O7Pvc
                                                                                                                                                                                                                                        MD5:95F4F07FCAEFD0F191DB1AF3660F987D
                                                                                                                                                                                                                                        SHA1:C5233B770A8E6E5B6411E10375AAFB94F9EA4D65
                                                                                                                                                                                                                                        SHA-256:A2F3D794CE3A032F2C8AB49E937387EDC7B0E62D2C836B02BBBB117C88A5D2EC
                                                                                                                                                                                                                                        SHA-512:8FA51C644A954B3EF9A3F888DBF874F8B405C5E40ECE3D69A907792F201B0730AC1259856BFBE23E67F086451269BE07E39FB144893BDA7C52CDB58720C9CD1D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "........",.. DL_SCANNING_MESSAGE: "..................................",.. DL_BLOCKED: ".............",.. DL_SCANED: "............",.. SS_ON_STATE: ".....",.. SS_FIX_MESSAGE: "....................................",.. SS_OFF_STATE: "..........!",.. SS_OFF_MESSAGE: "... 10 .. 1 ......................",.. SS_OFF_DIALOG_HEADER: "...................",.. SS_OFF_DIALOG_CONTENT: "..........................",.. SS_SEARCH_OPTION: ".......................",.. THREAT_OFF_STATE: ".........",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5497
                                                                                                                                                                                                                                        Entropy (8bit):5.849839332018994
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:A4T4OfEAmKkUvLS/fDa8s9If8LNaSkXLwjk2XEgvR6z0O739OBqKkLHtNqa:Bff7Jk3a8iNaSEKtODYBqKoNNt
                                                                                                                                                                                                                                        MD5:E867DE3330202FF6383BE8974C1A65E4
                                                                                                                                                                                                                                        SHA1:E29CE7C32BC63EA538C10BD12C70BE46953B1454
                                                                                                                                                                                                                                        SHA-256:2B3F3701936D5EF7E201EFF182D226D5711E5808999350DE90FD626BF76CA702
                                                                                                                                                                                                                                        SHA-512:037D69A7476F786277C278E5632A1E306C50E659EE0F53D51181BCCBDC9625787C4F024DEA20BCDBE34ADB6FC396C6DB79D9B5C0AAC5A3ACDFC982A12F3AA905
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".. ....",.. DL_SCANNING_MESSAGE: "... .. ..... .. .....",.. DL_BLOCKED: "... ....",.. DL_SCANED: "... ....",.. SS_ON_STATE: ".. ..",.. SS_FIX_MESSAGE: "....! ..... .. .... .. ... ......",.. SS_OFF_STATE: "... .....!",.. SS_OFF_MESSAGE: "..! .. .. ... ... ... ... .. 1/10....",.. SS_OFF_DIALOG_HEADER: ".. ... .. ... .......",.. SS_OFF_DIALOG_CONTENT: ".... .. ... .... .. .......",.. SS_SEARCH_OPTION: ".. ... .. .. .... ..",.. THREAT_OFF_STATE: ".. .....!",.. THREAT_OFF_MESSAGE: "... .... ...... McAfee. .... . .....",.. AVFW_DIALOG_HEADER: "...... .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4937
                                                                                                                                                                                                                                        Entropy (8bit):5.338801804814231
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:iith6b8IIs/ySd0vgZwxwud8eWgwbYeCCVKduaN3z559JBhoAsUnxUh/:J36nR1swuD8boN951hvsUnxI
                                                                                                                                                                                                                                        MD5:D32CD86E9F87A1BA10425730152DDC20
                                                                                                                                                                                                                                        SHA1:CF0C3540AFCFE3D901B176D24A16DCB209E95B6A
                                                                                                                                                                                                                                        SHA-256:1F3DDDCA9026492CCEB90483D089B3C7F77C2A24F523CCA7C344D4B1A1ABC07A
                                                                                                                                                                                                                                        SHA-512:814BD41F897495BB92EE8ECD305839F66727F87EC99934F8E0AA1F905196F0CC3B24D2DC17667D2366126D406175FB8F3F668C9CCCA151900B4C52826C202F68
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanner..",.. DL_SCANNING_MESSAGE: "Vi skanner nedlastingen for . v.re p. den sikre siden.",.. DL_BLOCKED: "Nedlasting blokkert",.. DL_SCANED: "Nedlasting skannet",.. SS_ON_STATE: "Sikkert s.k",.. SS_FIX_MESSAGE: "Flott! Vi skal gj.re disse endringene neste gang du starter nettleseren.",.. SS_OFF_STATE: "Handling kreves!",.. SS_OFF_MESSAGE: "Advarsel! 1 av 10 s.k inneholder en farlig kobling.",.. SS_OFF_DIALOG_HEADER: "Legg til risikovurderinger i s.keresultatene",.. SS_OFF_DIALOG_CONTENT: "Vit hvor farlig en kobling er, f.r du klikker p. den.",.. SS_SEARCH_OPTION: "Gj.re Sikkert s.k til standard s.kemotor",.. THREAT_OFF_STATE: "Sikkerhetsvarsel!",.. THREAT_OFF_MESSAGE: "Datamaskinen din er eksponert, men vi kan hjelpe deg.",.. AVFW_DIALOG_HEADER: "Antivirusbeskyttelsen og brannmuren er av",.. AVFW_DIALOG_CONTENT: "Omkring 864 millioner oppf.ringer med personopplysninger har havnet

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5046
                                                                                                                                                                                                                                        Entropy (8bit):5.304070450754554
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:IHFRCH1qpecUFhzJizV+kE1XGwRZYzg0u0Qu2OOkMCJuzXvu9odS+daUmhKS0:IHFRCVqpAFh4zV+kol56Q1EJ2vufCaLc
                                                                                                                                                                                                                                        MD5:4F2F0235C6B56B0EE2F3B2D0F92C6A54
                                                                                                                                                                                                                                        SHA1:E51899D9E6214D545AB1491CD96779A4CC1373EF
                                                                                                                                                                                                                                        SHA-256:0A793BDD3C3B200EDEBFF314381E8ECEB527288676279939AB6266025DF65109
                                                                                                                                                                                                                                        SHA-512:46A8F092629B3C120FDE2A9AD77EE23D167869C5F183C33D5232ED78FB88B14B0A44E65F3DE87D8C85C935D688A55C4968FBE5008192813DA7410C84F435EA6C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Uw download wordt voor de veiligheid gescand.",.. DL_BLOCKED: "Download geblokkeerd",.. DL_SCANED: "Download gescand",.. SS_ON_STATE: "Beveiligd zoeken",.. SS_FIX_MESSAGE: "Fantastisch! Deze wijzigingen worden ge.mplementeerd wanneer u uw browser de volgende keer opnieuw start.",.. SS_OFF_STATE: "Actie vereist!",.. SS_OFF_MESSAGE: "Waarschuwing! 1 op de 10 zoekopdrachten bevat een gevaarlijke link.",.. SS_OFF_DIALOG_HEADER: "Voeg risicoclassificaties toe aan uw zoekresultaten",.. SS_OFF_DIALOG_CONTENT: "Weet hoe gevaarlijk een koppeling is voordat u erop klikt.",.. SS_SEARCH_OPTION: "Maak Beveiligd zoeken mijn standaardzoekmachine",.. THREAT_OFF_STATE: "Beveiligingswaarschuwing!",.. THREAT_OFF_MESSAGE: "Uw computer is blootgesteld, maar wij kunnen u helpen.",.. AVFW_DIALOG_HEADER: "Uw antivirus en firewall zijn uitgeschakeld",.. AVFW_DIALOG_CONTENT: "Sinds 2005

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5241
                                                                                                                                                                                                                                        Entropy (8bit):5.553403468878537
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:qUIwsXVPIcXdt1qJZHybN1qfWl9my9bpE3TiYv5YTKSjzxj4dsd9DFsxeei:q1wsXVgcHoZHu2OlqukURj4di5tei
                                                                                                                                                                                                                                        MD5:BDCBE2B46E0F8E42CB382F92046C8755
                                                                                                                                                                                                                                        SHA1:D170ADD8DC587CA9D9409028712408DFCA70EC9B
                                                                                                                                                                                                                                        SHA-256:3850ADDB1FBC970EB24DCC13A3DA4C1E90DE51FE6A78EFE02A227C98F612CFFA
                                                                                                                                                                                                                                        SHA-512:E10B7038BDC7F321420E31F17284FD22EC29A7E3968204EB5E84F8AE988D40C72C2E9DD700A5ED6D3387E93244E18929FF4476A622A8432478DB0559C2A5D36E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanowanie...",.. DL_SCANNING_MESSAGE: "Na wszelki wypadek skanujemy pobierany plik.",.. DL_BLOCKED: "Pobieranie zablokowane",.. DL_SCANED: "Pobieranie przeskanowane",.. SS_ON_STATE: "Bezpieczne wyszukiwanie",.. SS_FIX_MESSAGE: ".wietnie. Zmiany zostan. wprowadzone po ponownym uruchomieniu przegl.darki.",.. SS_OFF_STATE: "Wymagane dzia.anie.",.. SS_OFF_MESSAGE: "Uwaga! 1 na 10 wyszukiwa. zawiera niebezpieczne ..cze.",.. SS_OFF_DIALOG_HEADER: "Dodaj oceny ..czy w wynikach wyszukiwania.",.. SS_OFF_DIALOG_CONTENT: "Dowiedz si., czy ..cze jest niebezpieczne, zanim je klikniesz.",.. SS_SEARCH_OPTION: "Ustaw Bezpieczne wyszukiwanie jako domy.ln. wyszukiwark.",.. THREAT_OFF_STATE: "Alert zabezpiecze.!",.. THREAT_OFF_MESSAGE: "Komputer jest nara.ony na zagro.enia, ale mo.emy Ci pom.c.",.. AVFW_DIALOG_HEADER: "Antywirus i zapora s. wy..czone.",.. AVFW_DIALOG_CONTENT: "Od 2005 r. bezpi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5076
                                                                                                                                                                                                                                        Entropy (8bit):5.345477894463682
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hzqsY64tGeMe1EjJDQYz8VMntBYv4tBg9Wq90Qp:hWnjE7e1iJl44BgD9t
                                                                                                                                                                                                                                        MD5:C8128AB2639F3C1430F6768D16EF1BBB
                                                                                                                                                                                                                                        SHA1:74DFE8DEBC898F21DD1E7CB57B4FCB0A2A48F4A7
                                                                                                                                                                                                                                        SHA-256:AA19F424D66AFEF6469A3239DB13A15968BB6A5ADF57FADC72346F3E395D6F71
                                                                                                                                                                                                                                        SHA-512:70D92B306E0343F7D70FF418247630910096B9E4ECDA86F62F8B39BD2D21A6292564941E3D778C883AC140012E62C5AD8395F87826A5A9703574D9C0CA195043
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Varrendo...",.. DL_SCANNING_MESSAGE: "Estamos varrendo o seu download apenas por seguran.a.",.. DL_BLOCKED: "Download bloqueado",.. DL_SCANED: "Downloads varridos",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: "Excelente! Implementaremos essas mudan.as na pr.xima vez que voc. reiniciar o navegador.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aviso! 1 em 10 pesquisas cont.m um link perigoso.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Saiba qu.o perigoso . um link antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa segura meu mecanismo de pesquisa padr.o",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "Seu computador est. exposto, mas podemos ajud.-lo.",.. AVFW_DIALOG_HEADER: "Seu antiv.rus e sua firewall est.o desativados",.. AVFW_DIALOG_CONTENT: "Cerca de 864

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5194
                                                                                                                                                                                                                                        Entropy (8bit):5.339695100553609
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:L60E2K+GRZAEbZoyh5Mj+WkfVptFa9GqDXyIf:L6SKhDAmlk+bVLFaXDr
                                                                                                                                                                                                                                        MD5:54D3163A3DF7B90F2128DECDAEAAD24C
                                                                                                                                                                                                                                        SHA1:4A7ED30A2EA49F4FCEB5279B7F08C8CE008E453B
                                                                                                                                                                                                                                        SHA-256:57B2DBE0EE13BFD55BEE986BA1CC88CC28D0490379954156FA6EBE3AFDA9A941
                                                                                                                                                                                                                                        SHA-512:72A48893AEFDCE823E157EDD8461B5463B313CEE374614489D1562AA2C41769D76E220002E7556212684DBA03C0D0162C2A7A6B7A6DA9A5EB7FD81480CDDE40C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "A analisar...",.. DL_SCANNING_MESSAGE: "Estamos a analisar a sua transfer.ncia para garantir a m.xima seguran.a.",.. DL_BLOCKED: "Transfer.ncia bloqueada",.. DL_SCANED: "Transfer.ncia analisada",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: ".timo! Aplicaremos esta altera..es quando reiniciar o browser.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aten..o! 1 em cada 10 pesquisas cont.m uma liga..o perigosa.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Conhe.a o n.vel de perigo de uma liga..o antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa Segura o meu motor de pesquisa predefinido",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "O seu computador est. desprotegido, mas podemos ajudar.",.. AVFW_DIALOG_HEADER: "O seu antiv.rus e firewall est.o desativados",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7499
                                                                                                                                                                                                                                        Entropy (8bit):4.998188336397494
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:J8/c1QuytDV2s488V+TtWHkWUIU9RyVXM:J8/c1Qu+DwgWlUf9AV8
                                                                                                                                                                                                                                        MD5:4519FA0D609964498B3ACE9EBBEB62AE
                                                                                                                                                                                                                                        SHA1:E131EB5EDCA9144868E79D0DAC56297281D3724C
                                                                                                                                                                                                                                        SHA-256:AE356B2B740F9D603B8F199756156B83FE8C3D2DA947AB4812923E249BFB82CD
                                                                                                                                                                                                                                        SHA-512:1F37B0AE14475BCDEF283187C6E58E7E5DF4EDE8AAA3A22BEFE6A1F2A6930814E8D0624B7797306EFE715E25765C2F74464B75577DF0FB035C05D3CBA1950254
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "...........",.. DL_SCANNING_MESSAGE: "........... ............ .........",.. DL_BLOCKED: "............. ........:",.. DL_SCANED: "......... ........:",.. SS_ON_STATE: ".......... .....",.. SS_FIX_MESSAGE: ".......! ......... ..... ....... ... ......... ........... .........",.. SS_OFF_STATE: "......... ........!",.. SS_OFF_MESSAGE: "......... . ........... ....... ........ ...... .... ....... .......",.. SS_OFF_DIALOG_HEADER: "........ ....... ..... . .......... ......",.. SS_OFF_DIALOG_CONTENT: "..... ......... .. ...... ......., ......... ... .......",.. SS_SEARCH_OPTION: "....... ........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5398
                                                                                                                                                                                                                                        Entropy (8bit):5.643322055021691
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:jTm1b9h9okCKuoXx9byC6n+Ih6hXV7ILNadt6rDSczFk9HVXrSQ:jTob/9SKuqbyC6nYhScSicBk5BSQ
                                                                                                                                                                                                                                        MD5:21AE9DD870D0395CDF679CC778C7406B
                                                                                                                                                                                                                                        SHA1:077DFBEBE42D14A825AD4CC9368575B0EA44B8A4
                                                                                                                                                                                                                                        SHA-256:B9D8D83C1BEAB63134289FCCC7F129D8EAD78D928E2FDE9A655057A56C552B3F
                                                                                                                                                                                                                                        SHA-512:8961A01FF1FE2AF16942A4C08BADE209393BFB55048750756BE2E333D29B79991E8B193C51DE65468D3A119866B2655B24EE7ABC36A376F0A801CECB41E5E40B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Kontroluje sa...",.. DL_SCANNING_MESSAGE: "Stiahnut. s.bor sa kontroluje, len pre istotu.",.. DL_BLOCKED: "S.ahovan. s.bor bol zablokovan.",.. DL_SCANED: "S.ahovan. s.bor bol skontrolovan.",.. SS_ON_STATE: "Zabezpe.en. vyh.ad.vanie",.. SS_FIX_MESSAGE: "Skvel.! Zmeny sa uskuto.nia pri najbli..om re.tartovan. prehliada.a.",.. SS_OFF_STATE: "Treba kona.!",.. SS_OFF_MESSAGE: "Upozornenie: 1 z 10 vyh.ad.van. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "Pridanie hodnoten. rizika k v.sledkom vyh.ad.vania",.. SS_OFF_DIALOG_CONTENT: "Sk.r ne. kliknete na prepojenie, mali by ste vedie., .i je nebezpe.n..",.. SS_SEARCH_OPTION: "Nastavi. slu.bu Zabezpe.en. vyh.ad.vanie ako predvolen. vyh.ad.vac. n.stroj",.. THREAT_OFF_STATE: "Upozornenie zabezpe.enia:",.. THREAT_OFF_MESSAGE: "V.. po..ta. je v.ohrozen., ale m..eme v.m pom.c..",.. AVFW_DIALOG_HEA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5115
                                                                                                                                                                                                                                        Entropy (8bit):5.424447298391993
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:a7um49Rmkzg/G5dK+J8tkaUnSlBS2DFA4s+roJGEUuzvYb9NKNvt3w/yhD:3VNzgOWS8ttFFV/b3KNlgqhD
                                                                                                                                                                                                                                        MD5:23D1E57C5E6801C3A395E8FE822B3EA1
                                                                                                                                                                                                                                        SHA1:8A7B2D19DFECE3B147AC66F12D38E71B1143E41F
                                                                                                                                                                                                                                        SHA-256:10C985EFB183280E09884C0CF075FB5EC9AEEC43150C5D5ECD82B9DC50AE57C7
                                                                                                                                                                                                                                        SHA-512:3121BA113C7CDF72270A79BF86FF30CFDE9661086C7E329519B5D2AC6EE385DC467EE83B464519902D8E22B8E51F7792ED55834521EE9558AC101568509F80F1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skeniranje...",.. DL_SCANNING_MESSAGE: "Skeniramo preuzeti sadr.aj radi va.e bezbednosti.",.. DL_BLOCKED: "Blokirano preuzimanje",.. DL_SCANED: "skeniranje preuzimanja",.. SS_ON_STATE: "Bezbedna pretraga",.. SS_FIX_MESSAGE: "Odli.no! Ove izmene .e biti unete kada slede.i put pokrenete pregleda..",.. SS_OFF_STATE: "Potrebno je preduzeti odre.ene korake!",.. SS_OFF_MESSAGE: "Upozorenje! Svaka deseta pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocene rizika u rezultate pretrage",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je neka veza opasna pre nego .to kliknete na nju.",.. SS_SEARCH_OPTION: ".elim da bezbedna pretraga bude moj podrazumevani pretra.iva.",.. THREAT_OFF_STATE: "Bezbednosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va. ra.unar je izlo.en pretnjama, ali mi vam mo.emo pomo.i.",.. AVFW_DIALOG_HEADER: "Antivirusni program i za.titni zid su isklju.eni",.. AVFW

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4882
                                                                                                                                                                                                                                        Entropy (8bit):5.407373336741728
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:fl+hIZSmigy7tw5va0ZPYVhH9lSIkMKJU9xIGRQtVRTE:d+hIZC7twtn8HQJJUQGRITE
                                                                                                                                                                                                                                        MD5:37847F32CB29BA0E0979E7064E0C011D
                                                                                                                                                                                                                                        SHA1:F3E9AB1006A8C2CE39647D7924254CD0DB314E58
                                                                                                                                                                                                                                        SHA-256:8B0CFC737B5DF8A6229093D0DD8A442267C56DD2A7E9860B6C5A6A5D2B52F3E1
                                                                                                                                                                                                                                        SHA-512:729B4F0EBB22CBE34859BF5CFAF8433369385AE3DD4E6318735B04E2D96E2A9769066B3EF1248B648D4DF03035ED013A03F62B84177624A2F16B6F8C6C788B57
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Genoms.ker...",.. DL_SCANNING_MESSAGE: "Vi genoms.ker h.mtningen f.r s.kerhets skull.",.. DL_BLOCKED: "H.mtning blockerad",.. DL_SCANED: "H.mtning genoms.kt",.. SS_ON_STATE: "S.ker s.kning",.. SS_FIX_MESSAGE: "Perfekt. Vi utf.r .ndringarna n.sta g.ng du startar om din webbl.sare.",.. SS_OFF_STATE: ".tg.rd kr.vs!",.. SS_OFF_MESSAGE: "Varning! 1 av 10 s.kningar inneh.ller en farlig l.nk.",.. SS_OFF_DIALOG_HEADER: "L.gg till riskklassificering i dina s.kresultat",.. SS_OFF_DIALOG_CONTENT: "Du f.r veta hur farlig en l.nk .r innan du klickar p. den.",.. SS_SEARCH_OPTION: "V.lj S.ker s.kning som standardalternativ f.r s.kmotorer",.. THREAT_OFF_STATE: "S.kerhetsvarning!",.. THREAT_OFF_MESSAGE: "Datorn .r utsatt f.r risk, men vi kan hj.lpa till.",.. AVFW_DIALOG_HEADER: "Antivirus och brandv.ggen .r inaktiverade",.. AVFW_DIALOG_CONTENT: "Cirka 864 miljoner personliga da

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5273
                                                                                                                                                                                                                                        Entropy (8bit):5.491521575119149
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:THxCtJRQDY8NoBGZOpo/n2ovqXm/IwjfdZ1zT4x9hEKHCnAzvwy:7xCtANoBGnR/TdZJ4xEsvd
                                                                                                                                                                                                                                        MD5:CA8D764BC6C0C0E7213CCDC0D64B7586
                                                                                                                                                                                                                                        SHA1:34015112D0FDD49C2D0FDAA3D21F84BD0BA243DF
                                                                                                                                                                                                                                        SHA-256:8AD9D5E386269FADC001AAFD2D640711ACFAE912CA4B213F66C2CA2BA7903670
                                                                                                                                                                                                                                        SHA-512:424FF71D902737B654527F0788F0ECE4220022D19505B4E8EA8B25ACB7A3F6C8BFD18047F86F01E57A8FB5C1E999CC1FCDBFA9CDDB088202A2BCF565CCBE51FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Taran.yor...",.. DL_SCANNING_MESSAGE: "Her ihtimale kar.. indirmenizi tar.yoruz.",.. DL_BLOCKED: ".ndirme engellendi",.. DL_SCANED: ".ndirme tarand.",.. SS_ON_STATE: "G.venli Arama",.. SS_FIX_MESSAGE: "Harika! Taray.c.y. bir sonraki sefer ba.latt...n.zda bu de.i.iklikleri uygulayaca..z.",.. SS_OFF_STATE: "Eylem gerekli!",.. SS_OFF_MESSAGE: "Dikkat! 10 aramadan biri tehlikeli ba.lant. i.erir.",.. SS_OFF_DIALOG_HEADER: "Arama sonu.lar.n.za risk de.erlendirmeleri ekleyin",.. SS_OFF_DIALOG_CONTENT: "T.klamadan .nce bir ba.lant.n.n ne kadar tehlikeli oldu.unu bilin.",.. SS_SEARCH_OPTION: "G.venli Arama'y. varsay.lan arama motorum yap",.. THREAT_OFF_STATE: "G.venlik Uyar.s.!",.. THREAT_OFF_MESSAGE: "Bilgisayar.n.z savunmas.z ancak size yard.mc. olabiliriz.",.. AVFW_DIALOG_HEADER: "Vir.sten koruma ve g.venlik duvar. kapal.",.. AVFW_DIALOG_CONTENT: "2005'ten

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4673
                                                                                                                                                                                                                                        Entropy (8bit):6.274707877991155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:THIWI0hyh/2vKsPMP0VIQUuGOPpBM9Yc81vzNVv:T5Qh/Yq9joBMGz1pZ
                                                                                                                                                                                                                                        MD5:EEBBD5F74D8CD14AF8A7E8E331718D33
                                                                                                                                                                                                                                        SHA1:357203402B62970B06EBBEA35E81DA1B7BD57A03
                                                                                                                                                                                                                                        SHA-256:580EF1F4FBF83671178D5BFFF3EB02B917378BDCCD39EF53BD23E7121E0BC882
                                                                                                                                                                                                                                        SHA-512:2170E6F3EB1CA7F0581208F994593E902B1BF4C0731B308CE1AA1FA2BD8B94A1A795D55637535959CFA20B30EE925F11A336AA7E280E0C3D0D326DB37E2AA3CF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..................",.. DL_BLOCKED: "......",.. DL_SCANED: "......",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: "...! ....................",.. SS_OFF_STATE: "....!",.. SS_OFF_MESSAGE: "...1/10 ............",.. SS_OFF_DIALOG_HEADER: "...........",.. SS_OFF_DIALOG_CONTENT: "...................",.. SS_SEARCH_OPTION: ".............",.. THREAT_OFF_STATE: ".....",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "............",.. AVFW_DIALOG_CONTENT: ". 2005 ....... 8.64 ..................<br/

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4704
                                                                                                                                                                                                                                        Entropy (8bit):6.283296298210526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:+54tUIE58+sUHLz4111bAmwqkFvHOVJXBxC7RP9LX9Qom/6tYXi:+utkVAdAm8uf0X6/StCi
                                                                                                                                                                                                                                        MD5:A212B894B297E2D84BFEB9919E972DCD
                                                                                                                                                                                                                                        SHA1:A0BB17299A6441B9673F5F4B89F081CCDB427B23
                                                                                                                                                                                                                                        SHA-256:9DA285DBCD3BB6D4B3124CD71D4B9E89AAE497114E1D8F548E1072FAC41D0C47
                                                                                                                                                                                                                                        SHA-512:CD3B7E4CFD7234F4293E5B4FA537EC659CB067EC88EFFF7EFC34A816E12D42AB07299BD92CBC3C173CD2669C87DA473E6E7FFDB39F37FCCB560999FD9EB4869A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..............",.. DL_BLOCKED: ".....",.. DL_SCANED: ".....",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: ".......................",.. SS_OFF_STATE: ".....",.. SS_OFF_MESSAGE: "...10 ..... 1 ........",.. SS_OFF_DIALOG_HEADER: ".............",.. SS_OFF_DIALOG_CONTENT: "..................",.. SS_SEARCH_OPTION: "...............",.. THREAT_OFF_STATE: "......",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "...........",.. AVFW_DIALOG_CONTENT: ". 2005 ...... 8 . 6 . 4 ...................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1510
                                                                                                                                                                                                                                        Entropy (8bit):5.73579018012565
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTt2GGq0IQDhhlGGqg4o1GGGqUdVkrN0/Fq9eA0dmUNsmagG8gP:w3q0Fhl3qg71G3qUvkrNeq9f0dmUNs7n
                                                                                                                                                                                                                                        MD5:B9350CD4143A11CA939B4336E9F7F7CA
                                                                                                                                                                                                                                        SHA1:977C8812B64AC6F2BE3DEA06E04CED72404131B7
                                                                                                                                                                                                                                        SHA-256:8F68CBF6D79664180AC7F018D7F3CEF867324A55C1195CF3455168AD0D4E6A99
                                                                                                                                                                                                                                        SHA-512:6A530392193BF5A2FEF0C4089F1F99E2B69850A180DD18F4DDB2D5146B00BB04FFF00B55F468C73EEE67ACEE3DD8893BF42315DCEB25C74E58EB355BDA60534A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skejte bezplatnou ochranu p.i proch.zen. internetu od spole.nosti McAfee kliknut.m na mo.nost {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Pomoc. mo.nosti {0} zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Pomoc. mo.nosti {0} budete d.le chr.n.ni online d.ky t.mto funkc.m vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechat zm.ny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Pomoc. mo.nosti {0} programu McAfee. WebAdvisor zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_PERMISSION_ADDED_CONT

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1414
                                                                                                                                                                                                                                        Entropy (8bit):5.535728885027179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTEz6tBWYCISc5ciWzCISNOFBWYCISrrVpz92w56WYaFFcTU6GG:U4nCISc5cvCISNOFnCISrxRmWnFhS
                                                                                                                                                                                                                                        MD5:5EE8C3C305D4913F1192DBCF6D661D7A
                                                                                                                                                                                                                                        SHA1:7C01430241E1C549238CE8B62DEF2BDEE9457FF1
                                                                                                                                                                                                                                        SHA-256:EFBB8AA78F9F3CEA7ABA0E42B139BFBB65E6FC08D29B1F70E09BD816469DA1FE
                                                                                                                                                                                                                                        SHA-512:F76E3E53DAF8A2F6DBD5AA783F12550C5D910021EA406F97138A2BD71B6D916EAD5C67A59CF36030DC4BD7CD2FC561278E490F12D7CCE2B0FB387D3C90FE0F20
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hent den gratis webbeskyttelse fra McAfee ved at klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for fortsat at v.re beskyttet online med disse ekstra sikkerhedsfunktioner fra McAfee.: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold .ndringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillad",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ak

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1494
                                                                                                                                                                                                                                        Entropy (8bit):5.531276701871135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTjZ+CqIYh/aCCqIYVdQvTMzTIAc7HQmKnCqIY4DMEIWljVRmRF:zZ+lxVlxVebMzTEQmKnlx4DO+JURF
                                                                                                                                                                                                                                        MD5:780769B29D2D4A294E42D29774A7592F
                                                                                                                                                                                                                                        SHA1:641506E186463122F055E1F16DFC282EFBB895AE
                                                                                                                                                                                                                                        SHA-256:5DD61A8ECB1FA3443D40E7AD5A8CDC31B0E7C93305D324EA3CE05AFE5D6ABFA5
                                                                                                                                                                                                                                        SHA-512:59C95092A1A77697A536268895705F7AD141939CAEC7A386A49CEB35154560299B4D0E644F02F44413DA0394E618FCE37306C31CDAD15921D7C63381E5692226
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Nutzen Sie den kostenlosen Web-Schutz von McAfee, indem Sie auf "{0}" klicken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Klicken Sie auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu nutzen: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Klicken Sie auf "{0}", um weiterhin mit den folgenden Funktionen des zus.tzlichen Schutzes online gesch.tzt zu bleiben: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".nderungen beibehalten",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Klicken Sie f.r McAfee. WebAdvisor auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu aktivieren: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2138
                                                                                                                                                                                                                                        Entropy (8bit):5.217106004209873
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTYCoYrWTMeJ3P/oYeITMeJ3Pq2dnzgWTMeJ3P+PPvKoYC0EDdX0y2wyiKX3w48:TWRpEIRpq2dzgWRp+Pt0EDdZMX8
                                                                                                                                                                                                                                        MD5:7C811EEF90BE62C1372F9B6D5C9C79E3
                                                                                                                                                                                                                                        SHA1:A9D44321A6E2782F8F081B9BB38CFEFEA374B23B
                                                                                                                                                                                                                                        SHA-256:D232EE84B69B1F936742470A4627B4D4EDA72B5C2D9C33547C6F106C31C40DCD
                                                                                                                                                                                                                                        SHA-512:6B4721F2A4488EB723833520EE9A83C14EBF3D061A69437B6BD3C76A62DD4F5F85217CEF439A112A03FB4D6B6B4023B18C8FAF8C8DD664CE5064137FBD529A08
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "......... ...... ......... ... .. McAfee ........ .... ... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} ... .. .............. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ... McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} ... .. ........... ........ online .. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1249
                                                                                                                                                                                                                                        Entropy (8bit):5.475466071763099
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTBv4lHkVKlHNEAkulHrRH/T5fLU3XxTL:V4lHkVKlHNpkulHrRH/hUxTL
                                                                                                                                                                                                                                        MD5:45AB7513DE22E7BF777F54BF5DAA1D5A
                                                                                                                                                                                                                                        SHA1:E773CF7D8D7ECD68DA6F801E3C717607D42488E3
                                                                                                                                                                                                                                        SHA-256:F7D3FEA1A54E02D2819779BD5C744EA593DF1C4922359611F19981D363B3C961
                                                                                                                                                                                                                                        SHA-512:01D81EEF7FDB584D7AE632B880FD2DD643C15B9003A9A762496E678DA0DC6324E3FBA171282918D80F15923D39A4FCE3013B621183BBB5B636CC1EBA9BEBE110
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Get your free web protection from McAfee by clicking {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} to continue staying safe online with these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Keep changes",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Allow",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Enable extension",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "to finish setting up WebAdvisor.",.. CHROME_ENABLEMENT_GUIDE_C

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1447
                                                                                                                                                                                                                                        Entropy (8bit):5.4842748555333385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT81my6MaXBldRzVenBldR+MQOAz/HQ2BldRiud91QHIc0x81mHIy4YzgtBpxb:M1m/MaRlXVeBlKMQOAz/HZleudEr0O1n
                                                                                                                                                                                                                                        MD5:10C64A2D24DD2762BC54D27747C91B2A
                                                                                                                                                                                                                                        SHA1:4CA6C8D029251F07A7E154898CE96D0D5F258928
                                                                                                                                                                                                                                        SHA-256:0DE43E89236A63EFF98D360DC674B0A4D0CA553723B9C6A8EB35EDF774BC6B39
                                                                                                                                                                                                                                        SHA-512:CE52479A2C742C9648E95D2D75AE4E7B85E040B807A135A0B84E91051235A2A29E22227591B5C813D55B9A8FF5EDB4D22C040E621E99372E555E745BF09CB6CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Disfrute de la protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para seguir estando protegido en Internet con estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} WebAdvisor de McAfee. para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHR

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1434
                                                                                                                                                                                                                                        Entropy (8bit):5.489369059184306
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTBWmy6caQmDdJVe9mDdsMQOAzdmDdQ0a0yLh1mHiRiNRPD3sLO:Em/caQs/Ve9s6MQOAzdsuPRLh1mHVNRf
                                                                                                                                                                                                                                        MD5:65643821443DFC716EE783319FCB4B10
                                                                                                                                                                                                                                        SHA1:8DE147EDAD27F8F596533A1EF3CB398A6E9BF153
                                                                                                                                                                                                                                        SHA-256:241ED6E6626F3E39E0911461C472E5D160C5716048EAD05198F887B21F290347
                                                                                                                                                                                                                                        SHA-512:489D92FD3677E5028D133B5228732719CBC75C2D6A1F4073C085C1851CB2D5E7F31F2C7E0079129A10EBCCFE4893B7A816FE08E33F15A511E60578A4CCBD4544
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenga su protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para continuar seguro en l.nea con estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1371
                                                                                                                                                                                                                                        Entropy (8bit):5.527092072237777
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTigoQ6AHPXTSgVCPP3TOcJ9PgTKTSzogH07RQuzSZCsQJwzi+zMKZO:PZtXbVQ3qcJt3+zVUVXXN2m+NO
                                                                                                                                                                                                                                        MD5:48EB26DB3C75A7E90D9BA8D27EE99B1B
                                                                                                                                                                                                                                        SHA1:6DF05E52A6940199C1B605EE4D1A2DE464B3FE93
                                                                                                                                                                                                                                        SHA-256:B8ED498A1B7A7480BD5ACBA66B48C6BA5E2D42FF6893CF3ECC5E818E5D46B177
                                                                                                                                                                                                                                        SHA-512:50DE7A4DA7B432C2558C985B31C53E3C14527B68D7F92FA4C96B086210FB00C49646321BAA96A49BE9DA6BB2E732D3C8E205FCF47B863985BAFAC1BD3411CF5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hanki McAfeen verkkosuojaus maksutta napsauttamalla {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, jotta voit k.ytt.. n.it. lis.suojausominaisuuksia: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, jotta pysyt jatkossakin turvassa verkossa n.ill. lis.suojausominaisuuksilla: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "S.ilyt. muutokset",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, ett. McAfee. WebAdvisor ottaa n.m. lis.suojausominaisuudet k.ytt..n: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Salli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ota laajennus k.ytt..n",.. CHROME_ENABLEMENT_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1453
                                                                                                                                                                                                                                        Entropy (8bit):5.482993460723332
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTBU39MC7soZ8JyVt0oZ8JVuh6oZ8JTm6Tb41mgEyKUXznoUPN:S7BasV3aT6HahmKU1PnDoUPN
                                                                                                                                                                                                                                        MD5:080EE4CBF54D56B59FB1BD0B929926C4
                                                                                                                                                                                                                                        SHA1:EC000084EE2917267D4879E808F8586D7316A42E
                                                                                                                                                                                                                                        SHA-256:0EAFA34B72C8E39228AFB1EBA4A9DE498CB964CA40049DD0C57D6934CADFD4F6
                                                                                                                                                                                                                                        SHA-512:5E6E64E5E518D2477C16EE11D81A8F26CF3BF0E02FBFDF0404E28603C19C914C5080497DEEA947EB7A89FC618B4E410287CBCFFBDE06DF7C85B9B0F3F9140973
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenez votre protection Web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .voluer en ligne en toute s.curit. gr.ce . ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Maintenir les changements",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Autoriser

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1510
                                                                                                                                                                                                                                        Entropy (8bit):5.515796144361116
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTCKMC7mZ8yHVt2ZGNZ8ysMQu0Z8yQjSFbV+bzFtWrsIXnRS:yq7ma0VwSa7MQu0apeFMpmhM
                                                                                                                                                                                                                                        MD5:C3B83F57C5DB793F62179CFE863652D9
                                                                                                                                                                                                                                        SHA1:F98A26E85363AF4270C91221E11670401C24EB72
                                                                                                                                                                                                                                        SHA-256:029ECAE2C857E16E66B2D03044F35FA9CF077ED773EC55D194721B7C87759C09
                                                                                                                                                                                                                                        SHA-512:608C11C7C9F59CCDF72BAA749F398A1AFD4CC6836C1446E1A9BB5844032B4754490F05F562352DD8B86FB1224C1938AC84B2A5CEDDA828ED256534FAADBD303D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "B.n.ficiez de la protection web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .tre prot.g. en ligne avec ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conserver les modifications",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_PERMISSION_ADDED_CONTENT

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1402
                                                                                                                                                                                                                                        Entropy (8bit):5.617957341369353
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HThh5mCPPDSIuREwP3ycRCCPPDmetuqELFbiFKwu:Rh5mCPPDSI6xP3ycRCCPPDm6pELFOFKP
                                                                                                                                                                                                                                        MD5:45FF7A82FC7AB39C9F05998D651E3F0D
                                                                                                                                                                                                                                        SHA1:452F0735A200E27254251E740963BB794BA65F26
                                                                                                                                                                                                                                        SHA-256:4651A05474899F22C51FFDBD7272A63B9E095EE1D1BD77467F8F103DB7F6AFCA
                                                                                                                                                                                                                                        SHA-512:E65978795D1FCE8778B6DB9C8DDD5A45F0ED4BF54FC2DCB469542AB94BF7AD9578A25C66C2257697EBCBD55ECAA0387213F2AEFD17C5D4AB063528BA5960E73C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Dobijte svoju besplatnu web za.titu od McAfee-a klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste nastavili biti sigurni na mre.i s ovim dodatnim zna.ajkama za.tite: McAfee. Sigurna pretraga, Blokada oglasa i blokadu alata za pra.enje.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Spremi promjene",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Odobri",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.i pro.irenje",.. CHROME_E

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1518
                                                                                                                                                                                                                                        Entropy (8bit):5.690876771225287
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTt3WD/Pwd03L7mtPsJePwd0kYGc8hQwde/WCpeT4zAsjWNl25oBKodn:5EP20bStUwP20kYGcIQ2e/JYeAsyC5o3
                                                                                                                                                                                                                                        MD5:34B510FA2617AA7C2D4DB39E727A25EE
                                                                                                                                                                                                                                        SHA1:4540482C8911FBB317AB27A7557F714838CE1DB5
                                                                                                                                                                                                                                        SHA-256:12A2D8E80634E3935E95CB72AE5DDB5273D1BC222CCD7E87E9817064E40A259F
                                                                                                                                                                                                                                        SHA-512:E29D2D792299050A5AC3E373795FBE4552CC9114C2116993DA9BF8F28392E96BEB02EF07099A2426FB2AC4365605D9CF805C703F8517185789DB322EA82766D0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "A McAfee ingyenes webes v.delm.nek ig.nybe v.tel.hez kattintson a(z) {0} elemre.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "B.v.tm.ny enged.lyez.se",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s bekapcsol.s.hoz.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enged.lyezze a b.v.tm.nyt",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, hogy tov.bbra is biztons.gban legyen online a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s r.v.n.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".rizze meg a m.dos.t.sokat",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, hogy a McAfee. WebAdvisor bekapcsolja a hozz.adott v.delmi funkci.kat a McAfee. biztons.gos keres.st, a hirdet.sblokkol.st .s a k.vet.blokkol.st.",.. ADBLOCK_PERMISSION_ADDE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1405
                                                                                                                                                                                                                                        Entropy (8bit):5.477748197455182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT1z0nFTVKnrpGpcJVKnrpGNG7FTVKnrpGrjQDej2lDuzg+5ZZiv:Fz0FTYrpGpcJYrpGNGBTYrpGrjQCj2lV
                                                                                                                                                                                                                                        MD5:3E13B6FFA1DF56F2E6E9C557BD44C235
                                                                                                                                                                                                                                        SHA1:8A576E14BD22531BB6055A7A33051308C8B2546E
                                                                                                                                                                                                                                        SHA-256:5FE696817A76C84F40C95982885A8B283940FFB60D2715338249D4C6A077A14C
                                                                                                                                                                                                                                        SHA-512:2C9B2555480019ED63398F5A16B3B139C10A31D943E8CADE2DAB08D0869DD2461D9E9ED9BFCBE8398AAB58CFE03A7DA744C53B2C8CA61A5D7DD80294855AC9F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ottieni la protezione Web gratuita McAfee facendo clic su {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} per attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} per restare protetto online con queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Mantieni i cambiamenti",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} a McAfee. WebAdvisor di attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Consenti",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Attiva

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1682
                                                                                                                                                                                                                                        Entropy (8bit):5.7635131481206905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:x8H0vGRwMvNaRw8CvrbQRwA8vxvovyZWHU2:a2UwuewDrWwA+pyqW02
                                                                                                                                                                                                                                        MD5:F6C303151ECB2A64E3B4F10017383242
                                                                                                                                                                                                                                        SHA1:2A56C8ED24195EBEEE91EAD74BCDBE12E81DC3D2
                                                                                                                                                                                                                                        SHA-256:C35DD47CF24418B17F19DBE066173D077525D78390BD481D7C5F7D746F0CBD5A
                                                                                                                                                                                                                                        SHA-512:ABB35DD0F3AB9A9B517E2FE25A6C74A1D5C05F8D738C44FDAA7DCA4BDBA968BEB79550B907E20CA59F1AEFB0439398CE529753606D4F58F64A794EB2FF3AD0AC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}................. Web ............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}.......... .... ..........................................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}.......... .... ..........................................................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".......",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "...... ..........{0}.......... ...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1350
                                                                                                                                                                                                                                        Entropy (8bit):6.013580409926289
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT5dVhbu+vNh0/p7OvmksBv01I+vqNhGjB+Xx2vT6xw:pXvkJOvmdBvAvq5B2vT1
                                                                                                                                                                                                                                        MD5:930B6DC453EAD2619F890AF365827A4D
                                                                                                                                                                                                                                        SHA1:217B96E54F84EBF66696E64BE8D31A8F6DCB1D43
                                                                                                                                                                                                                                        SHA-256:F427DB4C58CA1D68D5E205C5379B313A9B56E4C330B9F14D8955EDBC61BE9A42
                                                                                                                                                                                                                                        SHA-512:5F68BF8010C031A5032F01DC5AF6968A610D3FDAA549935B45D2394BEE6DC9F40664EFDF73FEE6E89750EA622FB65D6B51EDF31E4609AF6F0C4350AB59DF74FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}. .... McAfee. .. . ... .....",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}. .. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}. .. .. .. .. .... ... ... ... ..... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".. .. ..",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "McAfee. ....... {0}.. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: ".. ..",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1389
                                                                                                                                                                                                                                        Entropy (8bit):5.557002184576427
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT7bqCaYyGIG3aYEgdXCCaYIRSPuA9/3QFSgknL:rWCaPQ3a3gdXCCa1oPuAN3KSgknL
                                                                                                                                                                                                                                        MD5:AE96F0EB7B6A0114ADDDB671A02D436F
                                                                                                                                                                                                                                        SHA1:4C9D1FF8417C558F717B4BC42AC78D927473393B
                                                                                                                                                                                                                                        SHA-256:D3DE3302208DF87A7129CD7C6F9CEA510934570C230CFF02F110F0656E02C654
                                                                                                                                                                                                                                        SHA-512:AFDBCD96159CE17DD91C2CEA561FA757CFB13F0BCDDDA655120FADA74AC8BE4DBCE9650FC323365083ECD78640EBF82F72293FA6FD0F3564E8885B00DE6A6E8E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfri webbeskyttelse fra McAfee ved . klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for . f. uavbrutt nettsikkerhet med disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold endringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillat",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktiver utvidelse",.. CHROME_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1362
                                                                                                                                                                                                                                        Entropy (8bit):5.484157922194386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT+2CwmVpm7KECQc6WpV6LqKECh6zhpTnKECZ6BMcpS3KfwDwzxFRbOrRjA:ulHXQc6CVsph6znTCZ6BMIS3KQAxFRbr
                                                                                                                                                                                                                                        MD5:8A306DDC26F816873BC14BD321287937
                                                                                                                                                                                                                                        SHA1:B888B66AC1F4AEC7AF79A26AEDCBE0B08F53B9B0
                                                                                                                                                                                                                                        SHA-256:70F7A0C61F508C0F5E3CE16AD8CDD34A4FDA3B232135E16477FB651FCD2909E6
                                                                                                                                                                                                                                        SHA-512:E62D0439F3A3D89FFC4F9D596DC1D98D67805C8F50B3DF038E703BFFC9B52BF71EB78FA6DC42DF10442DE787929B774F3CD211D43F5070323380C4D087D727C6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Activeer uw webbescherming van McAfee door op {0} te klikken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} om deze functies voor Extra bescherming te activeren: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} om online veiligheid te handhaven met deze functies voor Extra bescherming: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Wijzigingen behouden",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} dat McAfee. WebAdvisor deze functies voor Extra bescherming inschakelt: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Toestaan",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Extensie inschakelen",.. CHROME_ENAB

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1445
                                                                                                                                                                                                                                        Entropy (8bit):5.700658362217022
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HThG9K7qoBXUUyTNHyAoBXs0W17ZGoBXQLVTEaWjNwc4ukTtW4wmP:xG99IXnkHyAIXs0W17ZGIXQLVoaKNwc8
                                                                                                                                                                                                                                        MD5:918B3D85C7BAB54488133F892D405957
                                                                                                                                                                                                                                        SHA1:892401F7AE231A9ECFF64D922BFF2C9357E84B1D
                                                                                                                                                                                                                                        SHA-256:AD610B240853C7680D28CEC557E3E8741A85577F17361EC13667BC3034793D36
                                                                                                                                                                                                                                        SHA-512:B53A073C24986A6B71187252DE492F15A998E5561364D77CF249999ADB110C7080D6CA251A3FCB67B13C528723BAD89A7F0381B6134915067881B2D84EDE1645
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Otrzymaj bezp.atn. ochron. w sieci Web od firmy McAfee, klikaj.c {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, aby w..czy. funkcje Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, aby zachowa. bezpiecze.stwo w Internecie dzi.ki tym funkcjom Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zachowaj zmiany",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} programowi McAfee. WebAdvisor na w..czenie funkcji Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Zezw.l",.. CHROME_ENABLEMEN

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1387
                                                                                                                                                                                                                                        Entropy (8bit):5.499240169006433
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTBsKJqk3NnebNgHbrxkHjFRt7Siu44fRZsXSPdB:yaqk3NnebNg7rxCFq44jPr
                                                                                                                                                                                                                                        MD5:6D4F0D3F25AA3C20385146CEFA2875F6
                                                                                                                                                                                                                                        SHA1:C442A3FF67D72D66E60ECEB1C87E823BC2CCE258
                                                                                                                                                                                                                                        SHA-256:B071D3F93FD9FF724AA2A6ED20EB28331504959A40C89687D6B1A2899FCE38F2
                                                                                                                                                                                                                                        SHA-512:177EF9F35B3BCF4B6E4F6BA587FA6DB9D08C906D41A1944B7C861622086CD7C5576C9F73144250364F04D3710D0D65B2E322C591641F1364C6754C12FF83372D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha sua prote..o gratuita na Web da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter seguro com estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} o McAfee. WebAdvisor para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ativar extens.o"

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1439
                                                                                                                                                                                                                                        Entropy (8bit):5.5232815708931575
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTBV0k3gQWF3+be0GQWF3+hgoQQWF3+vxkHjJYPJWkVHKFgH:D0k3gQWObe0GQWOhgvQWOvxCJuW+qFq
                                                                                                                                                                                                                                        MD5:3A6CCD236774E94692D8831D1095E28D
                                                                                                                                                                                                                                        SHA1:40AC8C7E618E57D55CBA198196F6F443D596A8C2
                                                                                                                                                                                                                                        SHA-256:DF634E07E19FD468B8752405ACCECD4CED512E7B21296EC453C5CD9D36A6EA79
                                                                                                                                                                                                                                        SHA-512:CCEDBFB624A0276C6D649CB66802B34D201AF7FB7AAC8FEDB89D263BC6C6CC85B1601638018C1E1B1FC458F9FAF44147A0690B10874368A7DC80272C5450FBD9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha a sua prote..o Web gratuita da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter protegido online com estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} que o McAfee. WebAdvisor ative estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. C

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2030
                                                                                                                                                                                                                                        Entropy (8bit):5.2555078939473105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cjVIb3DoC64sVmb3D1tazjVIb3DzImiLvyxvMxo:QVi3Z2VM3enVi3v2vy5
                                                                                                                                                                                                                                        MD5:49116B4586ADAD085BACF5816F43CCFF
                                                                                                                                                                                                                                        SHA1:134CDEE381A624BFC09FE15FAAFF1C7897640AD7
                                                                                                                                                                                                                                        SHA-256:A074E87B4C8CB8B43E5A44FD314B88FA26B10B82FAF69172B798D529F261924E
                                                                                                                                                                                                                                        SHA-512:3FB449422772D272A3FF42CA5BEB290BA0D95C19D62196FE6D43D0C1AFFBF1B5B4BD9E420B5291FCEDDED41A7B746B0F3BFE27FFFBDEF5431ACDAEA9701392C6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "........ .......... ...-...... .. McAfee, ..... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, ..... ............ ......... ....... .............. ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, ..... .......... . ............ . ......... ......... ............. ......... .............. ....... ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_SEARCH_W

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1420
                                                                                                                                                                                                                                        Entropy (8bit):5.8082208936198585
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT/iSRyjWeDvEPpRK2NF1I5DyjePD+hCf3c4kcWVmEG:P3YSeYpccF1Ic6Chm3jca
                                                                                                                                                                                                                                        MD5:C6C03AB9C27D537A39384631C8862D1C
                                                                                                                                                                                                                                        SHA1:1F496B05499701B2B062F7EEFB504755E33C9C64
                                                                                                                                                                                                                                        SHA-256:0C3F20AE72B99E39B3DA815175EBB52D3803FDF777FEE84A8CBA803A41B60079
                                                                                                                                                                                                                                        SHA-512:D429EB9DB550BB156995C329B694AC492CFD05A9FB31C1712D00036CCA86CF8E360D0201D3B51CD3CC5EBC718D5CFFBB92EA0686F1016EBC4FE2105E0A97A0AC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skajte bezplatn. webov. ochranu od McAfee a.kliknite na mo.nos. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapn.. roz..renie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a.aktivujte funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapnite roz..renie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} a.nestra.te ochranu online v.aka funkci.m zv..enej ochrany: zabezpe.en.mu vyh.ad.vaniu McAfee., blokovaniu rekl.m a.blokovaniu sledova.ov.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechajte zmeny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor a.zapnite funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Povo.te",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Zapnite r

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1338
                                                                                                                                                                                                                                        Entropy (8bit):5.638254403296148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT4eGvvtCawa+dCIHrFwa+Npp1mCawa+rUoDOGnDksYKC0U:IeCvtCawa+dCIBwa+NVmCawa+rUoDOGe
                                                                                                                                                                                                                                        MD5:7ADB0F79C46E50DF5CF9A16EEB0ECC77
                                                                                                                                                                                                                                        SHA1:D1D559D0D6CDE2FE2D5860061224561E6C1A00E5
                                                                                                                                                                                                                                        SHA-256:5327D46ECD92286BE152D7BB1B423179C39C29EB7FF2BA8EEE98FBD9251450F3
                                                                                                                                                                                                                                        SHA-512:06A31B4B1E3674F1A039B6322108777E1288EE198333CB30DDE89E58642E41E80E130F1E87530CDD9D6C6E63707914F2EEC90BD90EC730735ECC4C4542A81093
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ostvarite besplatnu veb za.titu kompanije McAfee klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste ostali sigurni na mre.i uz ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zadr.ite promene na",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Dozvoli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.ite ekstenziju",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "da zavr.it

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1361
                                                                                                                                                                                                                                        Entropy (8bit):5.648778534988783
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT7ecjfypbD4qpbD02gVpbDYX/P33zMc2YSUi:rDOpbD4qpbD0JVpbDYX/P33zd2vUi
                                                                                                                                                                                                                                        MD5:3D15C21CFF5E3ECC5336CCE7D4B1A2A2
                                                                                                                                                                                                                                        SHA1:EBE7CC5AC8D1AA223C0D43711021E37380DD7901
                                                                                                                                                                                                                                        SHA-256:BF0BC9B3AD2463911818262737C9FCB53307407CFD214266E3CA389A6FEE10C5
                                                                                                                                                                                                                                        SHA-512:C3F4B6C869E471D3B3F05F643C49298602997171F86D06921F44C8B080DA543CB47144F6B7C0187A46F73AA6F9881346A139F366A2F48D30F5B1418BDD21D2BA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfritt webbskydd fr.n McAfee genom att klicka p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} f.r att forts.tta h.lla dig s.ker online med Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Beh.ll .ndringar",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Till.t",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktivera till.gg",.. CHROME_ENABLEMENT_GUIDE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1404
                                                                                                                                                                                                                                        Entropy (8bit):5.679619166920541
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HT3Nd7QUN3Z/UVXMJgYZ/v94oIuZ/Nc7I4dBng5cFolHxQGh:tBQUNGVcDxBc7HTFW6w
                                                                                                                                                                                                                                        MD5:EC51F4B2B1976323B1039E57972E2920
                                                                                                                                                                                                                                        SHA1:D88C401BA821A0D2946B75C15974E05CFD9BECC7
                                                                                                                                                                                                                                        SHA-256:1FFFC6F32412ABA1D9C38344F04DDF42AC9D7232F29D793749BDCB581DFBCBCF
                                                                                                                                                                                                                                        SHA-512:73DA279D5A0732B6272929848231215FDDAF7798DDE098F3E95E2001E65E4046AEE78255B6C21CB871FC13B0639B2686CF211BB956E4827C7C4E2F62144E2CE3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0} .zerine t.klayarak McAfee'den .cretsiz web korumas. edinebilirsiniz.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Bu Ek Koruma .zellikleri ile .evrimi.i g.vende kalmak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "De.i.iklikleri kaydet",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in McAfee. WebAdvisor'. {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: ".zin Ver",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "WebAdvisor kurulumun

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1303
                                                                                                                                                                                                                                        Entropy (8bit):6.298795891595002
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTjjZ8CKz+1CaxNs/CthZvG7qXduRnIT4:pQzaxmahZv9q
                                                                                                                                                                                                                                        MD5:D4901609161D89F6C7D773EBBB7A0188
                                                                                                                                                                                                                                        SHA1:5077376A6B5FEF6FC370B792DE326F05234E9C4A
                                                                                                                                                                                                                                        SHA-256:D207C071672564CE3523290BDC65FD6714DFBA0AC211C216E76430760C585779
                                                                                                                                                                                                                                        SHA-512:520CDE96410E936516ABDBE7B474D40610189B60118007D63CCDE6E5B0133C9C3571A05CE83D6B33A47CF467CDFEC108C13A79A052F31881DCCF89C633B7EF68
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} .............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} .................. .....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} .................. ..............................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} .... ...................... .....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1249
                                                                                                                                                                                                                                        Entropy (8bit):6.293694275315816
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HTAOzmcPZeSlGkyTDnZZeSlGCGtDcPZeSlGW17/10lQZ0GbLeOUpO:dzmkCkyTDn/CCGtDkCW1HFUpO
                                                                                                                                                                                                                                        MD5:9C66A62095B0DF5F7988B3C28C7F42C4
                                                                                                                                                                                                                                        SHA1:966FE0C650EB1E98809380C6777DA2B6B47740DB
                                                                                                                                                                                                                                        SHA-256:8CB1C010BB5012FE04032047EB561DD29C0877836A85CE25120D908319DC525E
                                                                                                                                                                                                                                        SHA-512:47AFE6E11F7684906E3EBD8171CBF8468509816F9ED3E7C55830CC1C05EB2D78D271D4DD447B255FCE1F092F6273537E5C71DFB350538A59B3951EF60FA7A4B2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} ..... McAfee Web ...",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}............McAfee. ....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}....................McAfee. ....................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor ...........McAfee. ....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "... WebAdvisor ...",.. CHROME_ENABLEMENT_G

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1048
                                                                                                                                                                                                                                        Entropy (8bit):5.754294961570996
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGY406vV41eK+59CpMSqKBgvtdUeniGdZIVsPbG4p:24e+59YMdZZ5bG0
                                                                                                                                                                                                                                        MD5:F499F5DDE3467291EBD659DDD43E9EC6
                                                                                                                                                                                                                                        SHA1:E178D4BC80B2E0483AD657C92BB8CEF1F0DFF185
                                                                                                                                                                                                                                        SHA-256:CA9C04AD75EC56C766F5EC69262EE72EAD8B6343032E6F8DA165C62EAD203507
                                                                                                                                                                                                                                        SHA-512:4EE4163EC70F65BEF0415F384A34C093C9353E0652C14A89771A22C8AB45A4CCC74A7A51152E572CC2C8E0023C5B6CAD52805B27B943CDA9FD030C5A133A8E6E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Zajist.te si ochranu v digit.ln.m prost.ed.",.. WAIFF_TOAST_DESC_1_COHORT_1: ".kolem n.stroje McAfee. WebAdvisor je chr.nit va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_1: "A. ji. nakupujete, vyu..v.te bankovn. slu.by nebo proch.z.te web, na.e bezplatn. n.stroje v.s pom.haj. chr.nit . a kyberzlo.inci nebudou m.t .anci.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, kter. chr.n. va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Povolte n.stroj WebAdvisor a zajist.te si ochranu p.ed viry, malwarem a dal..mi hrozbami pro va.e online zabezpe.en..",.. WAIFF_BUTTON_ACCEPT: "Zajistit ochranu",.. WAIFF_BUTTON_REMIND_LATER: "P.ipomenout pozd.ji",.. WAIFF_BUTTON_DECLINE: "Ne, d.kuji"..}..//104A189D876E9195DD18C7DB90C41FBB5173731BF7A3B4FF4C3D4267252A3A877FCC645A3AC84AECBD

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):986
                                                                                                                                                                                                                                        Entropy (8bit):5.446975642041266
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uG92vXRwV/YIehPFXc9vLfcRwV/YIeSP/GIi7dZMVIa/CxXX:nVYC9rVYttZy69X
                                                                                                                                                                                                                                        MD5:E72490BE10EE3C477AA9FEF0C8E415FD
                                                                                                                                                                                                                                        SHA1:8E5833CAD027BF061DB29525339A068AD99A40CE
                                                                                                                                                                                                                                        SHA-256:61BCD8179381585A846772537BF936217ACB1FEEBBAB449C17FBC0FC4CE3BE09
                                                                                                                                                                                                                                        SHA-512:2F1614374913CBBD01E271604D6E9C5AE6CDE00B7FC2AD60158BA747B5CB486ECD2D2DBA17153AB80CFCB547634A4E4275163B50205335CEC8985E3B1EA13232
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskyt dit digitale liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Uanset om du bruger internettet til at shoppe, g. i banken eller bare surfe, holder vores gratis v.rkt.jer dig i sikkerhed og beskytter dig mod cyberkriminelle.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et gratis v.rkt.j, der beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiv.r WebAdvisor for at beskytte dig selv mod virus, malware og andre onlinetrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "Sp.rg mig igen senere",.. WAIFF_BUTTON_DECLINE: "Nej tak"..}..//6C9C81551C4DC11C16BFE0D67100C65C53A242649922DC37DCC7B4AFE00C5C96CE49E48EA9F623A15BC63905A192DF6280193F93DCAAAEC060DC7F5AFC9377D7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):5.433867966058985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uG+QvxOeGg/OA9kNlv1VOe3F0Sui7xQd/y/QVZSjjn:QWX9GftF0SJxMa/uSjjn
                                                                                                                                                                                                                                        MD5:76422299E1FA73E582A10AC91522F8A4
                                                                                                                                                                                                                                        SHA1:6C95479E55742AAB2A60F93A4353AEC1BA14823B
                                                                                                                                                                                                                                        SHA-256:1F826A593AA6D2288750A3023C93AACE004A43B039B5B1C84C8ACDBA5425D4A2
                                                                                                                                                                                                                                        SHA-512:0144AE3278DCB9B9DF2430BE91FC6B787A5769DA56AD9A630654CE74A10736D80B9EE8D720BC53E1F7889D36D711D455F66F0CC3AFFCD8D7F2575BB45CB6F539
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Sch.tzen Sie Ihr digitales Leben",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ob Sie nun im Internet einkaufen, Bankgesch.fte t.tigen oder surfen: Unsere kostenlosen Tools helfen Ihnen, sicher zu bleiben, damit Cyberkriminelle keine Chance haben.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Das kostenlose Tool McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivieren Sie WebAdvisor, um sich vor Viren, Malware und anderen Bedrohungen Ihrer Online-Sicherheit zu sch.tzen.",.. WAIFF_BUTTON_ACCEPT: "Schutz einrichten",.. WAIFF_BUTTON_REMIND_LATER: "Sp.ter erinnern",.. WAIFF_BUTTON_DECLINE: "Nein danke"..}..//52E6F9FAB6999A5332DB0B65A715C9023BBDD2DE94E2D1CEFB5969DB0F6A4EBD1465666AE540BE6DA779E4906689966CDD08FF6D

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1606
                                                                                                                                                                                                                                        Entropy (8bit):5.131561741827058
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGwvlT6DePnEHleEnM+na8cEseDrXHrRvu1QGRXePoEHlesD3ir3rwqDijGduag:4HEHXnjKEXDrXrgKeEHXbirDduDBwa
                                                                                                                                                                                                                                        MD5:399D2D13722FAACB773C922FCD5C9BFB
                                                                                                                                                                                                                                        SHA1:75DF79D1539DC7C62D09F69E6AD87709607B3ADD
                                                                                                                                                                                                                                        SHA-256:39CF37193CD4F8171310548E099B5794D1C56C8EAB9940E2CB48D6D5715BED1D
                                                                                                                                                                                                                                        SHA-512:511048EFAAF9C39510848BE63945C2A1D192CC4746529010A102C599F414313CF9F72DBE4C3DFC0720DC003C618D74504C7C952F4CE4F066BA94BACDAB7E575D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "......... ... ........ .... ...",.. WAIFF_TOAST_DESC_1_COHORT_1: ".. McAfee. WebAdvisor .... ..... .. ... ......... .... .......... ........... ... .. ...... .. ..... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".... ............... ......, .......... .......... . ........... ... web, .. ...... ........ ... ....... .. ... ......... .. ........... ........ ... .. .......-........... ... .. ..... ..... ........ .. ... ...........",.. WAIFF_TOAST_DESC_1_COHORT_2: ".. McAfee. WebAdvisor ..... ... ...... ........ ... ........... ... .......... ........... ... ... .. .. ...... .. ..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):915
                                                                                                                                                                                                                                        Entropy (8bit):5.4868103858896475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uG/4Iv74Ge+uVfWMhCHJHvU0hGecZrD5i9dwdS/VrdeHvm6mh:l4guUMgHJM06ZSdsSNdbhh
                                                                                                                                                                                                                                        MD5:916BFB2901BA75CF716C5871FC0FEF28
                                                                                                                                                                                                                                        SHA1:53C2F6D276C5E34AB0FF39C8177220B22B5D41C2
                                                                                                                                                                                                                                        SHA-256:E71B0ADFD689246D30021EE9F2190B2EEF6A80663780BEFB563DC3F3EF3020E4
                                                                                                                                                                                                                                        SHA-512:5E58E7AD4B903F22CBB4F9A31A71D9443E53B618A42205EDD4281E6E16AA34DE9AD2762BDFFBDA0D83FB44D37911EB22511548A2817F3097CCC00A0D2DF03D22
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protect your digital life",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor works to safeguard your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Whether you shop, bank, or browse the web, our free tools can help keep you safe -- and cyber criminals won't stand a chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is a free tool that safeguards your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enable WebAdvisor to protect yourself against viruses, malware, and other threats to your online security.",.. WAIFF_BUTTON_ACCEPT: "Get protected",.. WAIFF_BUTTON_REMIND_LATER: "Remind me later",.. WAIFF_BUTTON_DECLINE: "No, thanks"..}..//CE6DCFB8995929B04A23BFC78141867FA975135219C46A8ADE765324EBB73B970D0F3DCA40C69F81E2875A3A126037940A41C7A6402D410441F67E19E266EB9E++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):965
                                                                                                                                                                                                                                        Entropy (8bit):5.417004963784236
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGKvMwKimzpe4sTtkAFvZxR/mzpeWLdvRYjiOdSXkHVSxUmx:V/RcKkxspJYbSXk6Umx
                                                                                                                                                                                                                                        MD5:5F9975DB2D2A13094F6F71B74D03A9BC
                                                                                                                                                                                                                                        SHA1:5D5D1142B64E8DD760F152CD8D82A8BF6E7A8FD7
                                                                                                                                                                                                                                        SHA-256:63C186F12E44053196E82784F84440281D23E3C2FB012C01628E08F6294F29A5
                                                                                                                                                                                                                                        SHA-512:E9C526B5B43CDA4028D13C33E50A677E3F60522ED4224CD75DEB776CE3A10246056F6D07F59CBCBE27D84142BE31AEFFF674150219F574DCEABA67495B4D9914
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja su vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor est. pensado para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nuestras herramientas gratuitas pueden protegerle al navegar, realizar compras y gestiones bancarias. Los ciberdelincuentes dejar.n de ser un peligro.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita pensada para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para mantenerse a salvo de virus, malware y otras amenazas para su seguridad en Internet.",.. WAIFF_BUTTON_ACCEPT: "Protegerme",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//EE9AFAA2C097E0D19660D706B76369720B6BE26ACE9C49F34BFCE271FAABBB418AED0E3C18A14E6A98951CC8967CD281ED942A3112ED814434E26BBDDF60011E++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):938
                                                                                                                                                                                                                                        Entropy (8bit):5.463464862847338
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGSvyUpep4n0OlvZxxzpeWLZV2iadSXkHVhcgNrYY:R4nHxP9KSXkMgmY
                                                                                                                                                                                                                                        MD5:E6D04B0C20BF52B2F9A4E64A16682820
                                                                                                                                                                                                                                        SHA1:90206612AA0EAA7DAEA9E60D9014CBD19797ECEF
                                                                                                                                                                                                                                        SHA-256:C1EC4C1A4DD40B5CF689CBC32F46D7119D40F8ED4CDC6A9F221DB624FDE7484F
                                                                                                                                                                                                                                        SHA-512:5816E2757D1353F5997721CB2828C83D24417605058C60C27C64F31285C15493D8DED6FFA71B73AF254F0878D561706DE374E000AC875A5D7A68588F36CB2152
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protege tu vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabaja para evitar que su informaci.n caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Sea que compre, haga operaciones bancarias o explore la web, nuestras herramientas gratuitas ayudan a mantenerlo seguro, y a derrotar a los cibercriminales.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita para evitar que tu informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para protegerse contra virus, malware y otras amenazas a su seguridad en l.nea.",.. WAIFF_BUTTON_ACCEPT: "Prot.jase",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//6A7B81B69A41786B20EA5FC78543F463F2A5C4AAF7EC76507913639B0794EE36C3C5F16601981124A4C954527FDBEA0B6573F68DF8C4E93AF5360BEC9935FDE8++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):992
                                                                                                                                                                                                                                        Entropy (8bit):5.539031316790054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGrvpj8feM9FkTJ/XvQEbJjZjeX3EliRDd8tmQVBmcYIwet:3qF4Z59lQEmdJc7wet
                                                                                                                                                                                                                                        MD5:330C44CDFF643E5CCEB37E8CB36999F1
                                                                                                                                                                                                                                        SHA1:8D064AE344E88634C85745AC60E106084A9E3840
                                                                                                                                                                                                                                        SHA-256:9EBA8FFF04A6F52AD7C0B7F126CE9D3E3633B91E17C619B2DE54EBACD8166663
                                                                                                                                                                                                                                        SHA-512:33EF6F4F7673469A06C398244FBB0CDA4358E84A60694FF1346F97E19243B44625E3C9EACC56A0CAE8C1A0BED224CB1A5F7616228AD402593C550A39469B9582
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Suojaa digitaalinen el.m.si",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor pyrkii est.m..n henkil.kohtaisten tietojesi joutumisen v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Miten tahansa viet.tkin aikaa verkossa . ostoksia tehden, pankkiasioita hoitaen tai sivustoja selaillen . pysyt turvassa maksuttomien ty.kalujemme avulla. Kyberrikollisilla ei ole mit..n saumaa.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor -ilmaisty.kalu est.. henkil.kohtaisia tietojasi joutumasta v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ota WebAdvisor k.ytt..n suojautuaksesi viruksilta, haittaohjelmilta ja muila tietoturvauhilta.",.. WAIFF_BUTTON_ACCEPT: "Hanki suojaus",.. WAIFF_BUTTON_REMIND_LATER: "Muistuta my.hemmin",.. WAIFF_BUTTON_DECLINE: "Ei kiitos"..}..//F56C28AB5BE6B24340A55AB82857287DBD42DD5618A957F2188683FFB6EEF732CBD90926254ACF4F40963FD847965050909C198EB0A30B36F162D449B1989A91++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1082
                                                                                                                                                                                                                                        Entropy (8bit):5.441765638431357
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGNwvlMmlPcePzFzW0AvZrONq2lPce+XRKjwihGyAdCVqPPKIawFm:SMmlxpq0YrR2lkRKRUpP0x
                                                                                                                                                                                                                                        MD5:773077FD7334622ED682E19C77A08373
                                                                                                                                                                                                                                        SHA1:45F9C28B11EA06F2DAEF75BCF119EF9F72B72630
                                                                                                                                                                                                                                        SHA-256:E8EEF9CAE944BDFA697AEE6696B3D7A16C012AB4039945EA6D3A7687B09A2459
                                                                                                                                                                                                                                        SHA-512:01DD1C8FDC0744755F6C6E7F2D079A540D45EDFA5C7EA0CA574D9E64BB957F0438277B665DC743E5BAA3C12CEEE7672E883DEA023138273CF883B744F5E47C8C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre univers num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor oeuvre . s.curiser vos donn.es personnelles et les emp.cher de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Quand vous magasinez, effectuez des op.rations bancaires ou parcourez le web, nos outils gratuits contribuent . votre s.curit. -- et les cybercriminels n'ont aucune chance contre vous.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui s.curise vos donn.es personnelles et les emp.che de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, les logiciels malveillants et d'autres menaces pesant sur votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: ".tre prot.g.",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler plus tard",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//B5FA92D010C8648573816560898B86C73DDC139321F592FB

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1128
                                                                                                                                                                                                                                        Entropy (8bit):5.416067733817426
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGmowvBtNhlFsceiA/6FVFzupllnF4vZrJ5NhlFsce+XvJ+wiZQdqVqoy+hL:eNhllA/6FVFOlOrJ5NhlNUM6yW
                                                                                                                                                                                                                                        MD5:42C9DB30A7DEA555F66B490E3428AC1E
                                                                                                                                                                                                                                        SHA1:C0D3803F5E043851BFE59CFC0EA7B0335FF2CB2D
                                                                                                                                                                                                                                        SHA-256:068E5D0641C6E30E56040F5073B0E11783343430EC862C59BA430144A89F3063
                                                                                                                                                                                                                                        SHA-512:446941D15565A3B5BD0900AB550580445D1482FC461591824C3810E5BD7221B4D724BEBB32CB54031BED3BBCE3A6913143AC982A57D3F8A0D32401B84A1191F6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre vie num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor s'efforce de prot.ger vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Que vous fassiez des achats en ligne, effectuiez des op.rations bancaires ou naviguiez sur le Web, nos outils gratuits vous aident . rester en s.curit..: les cybercriminels n'auront aucune chance d'arriver . leurs fins.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui prot.ge vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, logiciels malveillants et autres menaces pour votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: "Obtenir une protection",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler ult.rieurement",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//21

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):970
                                                                                                                                                                                                                                        Entropy (8bit):5.53672570509657
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGjvA5v/6FewAv/dHvav/6Fe0QhJ4Mmi6dwVrdAUFb:S5vyAvlSvSG2M0sFb
                                                                                                                                                                                                                                        MD5:623E9D7261579F2DC8D5139471C86CE4
                                                                                                                                                                                                                                        SHA1:36FE02A952595E0ABF443D205F2F34ED14A9084C
                                                                                                                                                                                                                                        SHA-256:A511F56531A96536DAA610469281E4734CAEB18FAFCB6D6D050808F539A09E07
                                                                                                                                                                                                                                        SHA-512:60472DF0042DC429CFE38AEF556A2E1103128007216BF66D388A747AA6B738F14151FB2131E6C31136B9E27888B10D4F6D3E66CC39D00D064DDD99DC72D12188
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor djeluje kako bi za.titio va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, bankarite ili pregledavate web, na.i besplatni alati mogu vam osigurati sigurnost - a cyber kriminalci ne.e imate .ansu.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatni online alat koji .titi va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite WebAdvisor kako bi se za.titili od virusa, zlonamjernog softvera i drugih prijetnji va.oj internetskoj sigurnosti.",.. WAIFF_BUTTON_ACCEPT: "Za.titite se",.. WAIFF_BUTTON_REMIND_LATER: "Podsjeti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//106927A791426D5EE8E56003EF8DCFC892B2E51CDF1625364DB1625D0FB9CD860E42D28766CB5A038D334622780A3CD8B6ADEC9F0FD84BE0ADAA74D7BD055ABA++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1111
                                                                                                                                                                                                                                        Entropy (8bit):5.597035620289851
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uG7bmvSr5Mycde/FsuaVvQG2Qe5MycdefYasTyrikPId7r6QVbTzfe0T3arUh:RTUju5UJ3TyVE7NzvT0Uh
                                                                                                                                                                                                                                        MD5:51E9CED60AD61C8B37F31E7F3D955F40
                                                                                                                                                                                                                                        SHA1:9DA02CFCCE9C438EEE7C89C32FBEFAF06DC9B6B9
                                                                                                                                                                                                                                        SHA-256:C8C3EF8245997F7845243A308CD73B576363B59328917E639952C4643C6D90AD
                                                                                                                                                                                                                                        SHA-512:94B40689B5D8FD62D176B62A02C7471F5AF8B6C636366A398A456EAD6AF477CA4ECDDC433D3216B65D151C36C943AE9DCF0ED35B6D8FED2152932A030F05788C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Gondoskodjon digit.lis .let.nek v.delm.r.l",.. WAIFF_TOAST_DESC_1_COHORT_1: "A McAfee. WebAdvisor megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ak.r v.s.rol, banki .gyeit int.zi vagy b.ng.szik online, ingyenes eszk.zeink gondoskodnak v.delm.r.l, hogy az internetes b.n.z.knek es.ly.k sem legyen.",.. WAIFF_TOAST_DESC_1_COHORT_2: "A McAfee. WebAdvisor egy ingyenes eszk.z, amely megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enged.lyezze a WebAdvisor funkci.t, hogy biztons.gban legyen a v.rusokkal, a k.rtev. programokkal .s az egy.b vesz.lyforr.sokkal szemben, amelyek online leselkednek .nre.",.. WAIFF_BUTTON_ACCEPT: "Gondoskodjon a v.delemr.l",.. WAIFF_BUTTON_REMIND_LATER: "Eml.keztessen k.s.bb",.. WAIFF_BUTTON_DECLINE: "K.sz.n.m, nem"..}..//232D5A00089B8BB7B61

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):978
                                                                                                                                                                                                                                        Entropy (8bit):5.3744908013197366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGKk2vkvtdeLny8MK9GEreLYvl6lvtdeVHD/ikdCeitVlqCJG:tBQxMK7eLjYCeZ+G
                                                                                                                                                                                                                                        MD5:DAC1FFEB7065B677932EC33912B2DDDC
                                                                                                                                                                                                                                        SHA1:6817A9F7F0EE6F04FC10CC2DA8B5E59CF22E5089
                                                                                                                                                                                                                                        SHA-256:8F9FFD1977BB5B8D02702D04A9209733E1C210367FCC45DE317A4A2CFCEA092E
                                                                                                                                                                                                                                        SHA-512:2D22AC567E219F849B8B07B77A3EDCA2C4CDF97549D86A40CD91C39B30CC226F1A75511A1A3D75D99C141187E2ECD628365A7538DC20AA98D3895F3ABE316398
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteggi la tua vita digitale",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_1: "I nostri strumenti gratuiti ti aiutano a restare protetto e tenere alla larga i criminali informatici quando fai acquisti, esegui transazioni bancarie e navighi in Internet.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uno strumento gratuito che impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Attiva WebAdvisor per proteggerti da virus, malware e altre minacce alla tua sicurezza online.",.. WAIFF_BUTTON_ACCEPT: "Proteggiti",.. WAIFF_BUTTON_REMIND_LATER: "Visualizza in seguito",.. WAIFF_BUTTON_DECLINE: "No, grazie"..}..//D10217E906D7949B03A9A1679D1F69ECBD058541E926DC4ED6695604F6DE13C40C04C702D67BC6501C3D7793851410C4E2360FD7D5277BCA8C175864E0BAC70D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1220
                                                                                                                                                                                                                                        Entropy (8bit):5.721227001060117
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uG7QvTYRFqOqeEnckuxTvlRFqOlesuhxkOQihdPvIVbMx56:ZQYRFqkZrRFqcuzBvPvbx56
                                                                                                                                                                                                                                        MD5:D4CFE0C7880BB6C2E405808703F823B3
                                                                                                                                                                                                                                        SHA1:CBB6309A21221E68CAAACDC5B6796BDF6FCB7659
                                                                                                                                                                                                                                        SHA-256:CBCAD81AA937FA79EC443C66040D965C8B61A2ED2493729CE39C1F945F5BD9D8
                                                                                                                                                                                                                                        SHA-512:729AA8E39082289F6DE9E2931F4409CB5F4B1C0D9323A23911A0406C37230D96195D7B4D54E6EE84D6CF15635C9550153AEFB3662B08627819CACF0A063D402A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: ".... ...........",.. WAIFF_TOAST_DESC_1_COHORT_1: "...... ......................................",.. WAIFF_TOAST_DESC_2_COHORT_1: "..... ............ ................................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "...... ............................................",.. WAIFF_TOAST_DESC_2_COHORT_2: "..........................................................",.. WAIFF_BUTTON_ACCEPT: ".....",.. WAIFF_BU

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):986
                                                                                                                                                                                                                                        Entropy (8bit):5.991772625561834
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGqSv513heSk6BcSVpFrhjvG13DaJe/MhCowW/irdijVAJv6e4:0cdFvrhqD0QRPii6e4
                                                                                                                                                                                                                                        MD5:436AB9FE9B7F870E66E3BB1DE9F8FD5A
                                                                                                                                                                                                                                        SHA1:96CD6E19BB6ED690E51551320F410F12264A9ED7
                                                                                                                                                                                                                                        SHA-256:5FD75C3FEB4D94F06511C0B51F013FA80627281DCC59144CD53AC1DF5985B938
                                                                                                                                                                                                                                        SHA-512:703A618CE6FFAC63CAB9688E4AF36C5DC0B11217E32C9B0DFF97733D938F1B2B7973084B61316AEF3B2F45DC36A3F62A8319373B6828CE332A41FF0BF6342431
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "... ... ..",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. ....... .. ... .... ... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".., .. .. . .. . .. ..... McAfee .. ... ... ... .... ... .... ... ... . .....",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. ....... .. ... .... ... .... .. ......",.. WAIFF_TOAST_DESC_2_COHORT_2: "....... .... ...., ... . .. ... .. ...... ......",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: "... ..",.. WAIFF_BUTTON_DECLINE: ".. . ."..}..//739CE786B84ECBE5162F8327FE9774DDBBD7966A40F2DDC27A164FE12F88CAF35973DD4DBED9143E9C6873259272BB849F23B84D1B20DDFF69ADC251BDA3F422++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                                                        Entropy (8bit):5.468603330970894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uG9IvAh1IerDGuH9tvIzzh1IeLkGAlIi7dkVpLSUvfH:fLd+LtkHtSe2/
                                                                                                                                                                                                                                        MD5:C0C7054DBE460E2AA24A570DBCC682BE
                                                                                                                                                                                                                                        SHA1:CC21AD2332DFC62D9487E1FB20059ABAF66C0C71
                                                                                                                                                                                                                                        SHA-256:9FCA5DA76F329FBCF913648954DE53466F902754E182CEE1FF4978ADEFBB4ABA
                                                                                                                                                                                                                                        SHA-512:49EE69445B4DF37151507A69CC86232E11CA556B192DB1AFDAAB75137E9FF5AAC36A10648FE206B2F4F30A2C2FC88E11398B687C60A714DBEF97272560D00C44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskytt det digitale livet ditt",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Enten du handler, bruker nettbank eller surfer p. nettet, kan de kostnadsfrie verkt.yene v.re holde deg trygg . og nettkriminelle har ingen sjanse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et kostnadsfritt verkt.y som bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiver WebAdvisor for . f. beskyttelse mot virus, skadelig programvare og andre nettrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "P.minn meg senere",.. WAIFF_BUTTON_DECLINE: "Nei takk"..}..//8408B4E4298CC26552C9F710EBCA43F659AF624B2B88F9BE8C7EE76BA476BAC72D7C26606ECEC6E4BC308B0350980E07214F5BFBDC3C829E74B64DFDF9E01116++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1008
                                                                                                                                                                                                                                        Entropy (8bit):5.383677635023662
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGCbQvNQ/JHeGLwpBgvNTHUQ/JHeHgjQui8QydMiQVFMm24LJphn:wbE+JjwpMU+JeaQuHxWlLfh
                                                                                                                                                                                                                                        MD5:16A75E11A55764D81F88C6D1E37CEF87
                                                                                                                                                                                                                                        SHA1:D2DB337E8122056A00FAC68AA78F69805B6E9ED2
                                                                                                                                                                                                                                        SHA-256:68DA03C51BA0E4EFF5C046A431AC9635DC1279950D00C0C241E854C6DC204E24
                                                                                                                                                                                                                                        SHA-512:62ED7E8088A717D2582704D2D241FDC97BB94EB4AE290B006A789AA4BE4F7C553B9530B45A2C3CE206C7D266CE7403AB28F4BBD87013C880473216FDF0CB507E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bescherm uw digitale leven",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beschermt u door te voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Of u nu online winkelt, bankiert of surft, onze gratis tools kunnen u helpen om uw veiligheid te handhaven. Cyberciminelen maken geen schijn van kans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is een gratis tool waarmee u kunt voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Schakel WebAdvisor in om uzelf tegen virussen, malware en andere bedreigingen van uw online beveiliging te beschermen.",.. WAIFF_BUTTON_ACCEPT: "Zorg dat u beveiligd bent",.. WAIFF_BUTTON_REMIND_LATER: "Help mij herinneren",.. WAIFF_BUTTON_DECLINE: "Nee, bedankt"..}..//AB9283191B4A33D41DA5D86B32690A7BCD9B879E28E304C2E411D1BFA13753CE0CCD94FA746AD7AFB700CCAF4DCC87F8FBA636C42BA596BEA72B20F424

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1093
                                                                                                                                                                                                                                        Entropy (8bit):5.6498547897368265
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGVNFvLnLYFCeTKTv0vmNGHKZYFCeoVmPbYCjisi2d8VVN2/v+4wje:PnLaKTvdckXVmPbvUO8cnhYe
                                                                                                                                                                                                                                        MD5:B78B35E5EA55BA9273C9D246543037CF
                                                                                                                                                                                                                                        SHA1:8555F0D433DED82688B6D8DD2151E2EDA8CF2136
                                                                                                                                                                                                                                        SHA-256:88B5AAF3D4345C350C2E46513C91C3398FB13525DAFC8D4D6EDACEA205DDD7B6
                                                                                                                                                                                                                                        SHA-512:21E564C783FA6AF4BF471BE370B665AAD02C50FC19EC71FB1259F45532824B93447BBD96ACE10AA729827EF2E14FB1D5B7E5CD7C94883F5949DB0B507488A277
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bezpiecze.stwo w cyfrowym .wiecie",.. WAIFF_TOAST_DESC_1_COHORT_1: "Rozszerzenie McAfee. WebAdvisor dzia.a w celu zabezpieczenia Twoich danych osobowych przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nasze bezp.atne narz.dzia pomog. Ci. zabezpieczy. przy zakupach, korzystaniu z bankowo.ci lub podczas przegl.dania Internetu . cyberprzest.pcy nie maj. szans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Rozszerzenie McAfee. WebAdvisor to bezp.atne narz.dzie chroni.ce Twoje dane osobowe przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_2: "W..cz rozszerzenie WebAdvisor, aby chroni. si. przed wirusami, z.o.liwym oprogramowaniem i innymi zagro.eniami dla bezpiecze.stwa w Internecie.",.. WAIFF_BUTTON_ACCEPT: "Skorzystaj z ochrony",.. WAIFF_BUTTON_REMIND_LATER: "Przypomnij mi p..niej",.. WAIFF_BUTTON_DECLINE: "Nie, dzi.kuj."..}..//3CEFF0D219400EF2E772F7DD517B9B2BAF326

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1007
                                                                                                                                                                                                                                        Entropy (8bit):5.482919574516214
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGWvGqe4TqfWHvxYLqeo3L9iGdtHVN0+PMhR:JsTmLA3LNtoSMD
                                                                                                                                                                                                                                        MD5:5000AAC8F0023D7461A6D2A14E74A249
                                                                                                                                                                                                                                        SHA1:0CED03322476C5D4507E8EDF9C0308632F3BA9EC
                                                                                                                                                                                                                                        SHA-256:95BC979A46C7466619895EA357B7F1727B311E8CC91ED79079793775BD378831
                                                                                                                                                                                                                                        SHA-512:C470C892EAA908B27F4D41356DF6B72EC12C6434E475ED5FEF48CBF7AED77F8A5617EA49C7337D63553C75186D0042017375E937B7F5EBF401F4602CB67CA10A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabalha para impedir que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Seja para comprar, fazer transa..es banc.rias ou navegar a Web, nossas ferramentas gratuitas podem ajud.-lo a manter-se e seguran.a -- e os criminosos cibern.ticos n.o ter.o a menor chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uma ferramenta gratuita que impede que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para proteg.-lo contra v.rus, malware e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Proteja-se",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar-me mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//2151AAB785EE6EA3BEF2B969565F44C064A909CC0CB316CA3993C72490791AD109EBF6C2D1E1C67244FFC28C88F164AAC1DF57978FF738A2102919649E1

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1038
                                                                                                                                                                                                                                        Entropy (8bit):5.4453506972063455
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGWvXqemtvxo8lo8Fv0YYqeorp9i7d0HVD5:munlVYArpm0b
                                                                                                                                                                                                                                        MD5:7D09DD65BE6C260DCAF75AF8C8C91ED4
                                                                                                                                                                                                                                        SHA1:F112768790FB0FA6AA69A0D997350DDC3D3F67CC
                                                                                                                                                                                                                                        SHA-256:157FB70A429065A4009BDAC2796AD6CB98E125B23838C3FEAF59789A55E74421
                                                                                                                                                                                                                                        SHA-512:88B8B2F0331FECF9BA241AA2288D3F6873AAA28E13B18E2C001A04B7FAB3302443CEF74CCF658E87B9FFCD824EFEA26DB05F6D795C213F48BB5A8281B804DE87
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "O McAfee. WebAdvisor trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Caso fa.a compras, realize opera..es banc.rias ou navegue na Web, as nossas ferramentas gratuitas podem ajud.-lo a manter-se em seguran.a, e os cibercriminosos n.o v.o ter qualquer hip.tese.",.. WAIFF_TOAST_DESC_1_COHORT_2: "O McAfee. WebAdvisor . uma ferramenta gratuita que trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para se proteger contra v.rus, malware, e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Obter prote..o",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//925C3D4C1E4B26D90C170C43D2A3D0CF72E059E4F1AE06E600A312A879A45534B3425AA599559AE1B64ADBE53397

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1396
                                                                                                                                                                                                                                        Entropy (8bit):5.221989024507171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGgmLHv4r6HeS0WPHH7XQfOc5TwvFovr6HeyHiM7avIixQd3ImlVyQIJXf:amMm7Uh2zaq4dQAP
                                                                                                                                                                                                                                        MD5:109D89B4C94CDD9010BA309A36E66EE3
                                                                                                                                                                                                                                        SHA1:C8991ACA2106BCE52D631079D942E520E4EA009D
                                                                                                                                                                                                                                        SHA-256:C02BB01EB9B2FE16FA749BA0E05626E24644D9129A21CCB089C5B3AFA69473EF
                                                                                                                                                                                                                                        SHA-512:2DFFE49A74D54ADC7D81D7461E08BCC56CD4A37E77696AA0D162C3C0EB07A33BE2DFC0F0359B1054EF19562F4B123C9D3C610ED0E12718C7412B11FB68A709C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........ .... ........ ...",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ............ .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".......... .. ...., .......... .. .. ......., .......... ........ ... .............. ...-........, .... .......... ........... ....... .......... .... ...... .. ..... . ..................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . .......... .........., .............. .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_2: "........ WebAdvisor, ..... ........ .... .. ......., ........... .....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                        Entropy (8bit):5.792782971881207
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGqvUTke2+u4Z2M2vtd2keuEAvECuiFdCVtg3bgFP:s2OvpJgFP
                                                                                                                                                                                                                                        MD5:854B92770B25816C3101B45506733AB5
                                                                                                                                                                                                                                        SHA1:F2ECB88D93AE84592B3D8990AEDCC6FAF3F0D749
                                                                                                                                                                                                                                        SHA-256:90BD1626DABF841DB7DB0AEDCB4D704FA497DAE379BAFADFE3B19454B822BD88
                                                                                                                                                                                                                                        SHA-512:DA3E296A3662D1BF448FA51D9684DCA1B1B87B483C3A70E6660C7C9C720068396C08DC573FA59425E42A1AEE299D3C0B6B0D0A8012BD1D7253068BE8278EB2F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Chr..te svoj digit.lny svet",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor v.m pom..e ochr.ni. osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Na.e bezplatn. funkcie v.s ochr.nia pri nakupovan. online, elektronickom bankovn.ctve alebo prehliadan. webu a.nedaj. .ancu kyberzlo.incom.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, ktor. ochr.ni osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Zapnite WebAdvisor a.ochr..te sa pred v.rusmi, malv.rom a.in.mi hrozbami, ktor. na v.s ..haj. online.",.. WAIFF_BUTTON_ACCEPT: "Z.ska. ochranu",.. WAIFF_BUTTON_REMIND_LATER: "Pripomen.. nesk.r",.. WAIFF_BUTTON_DECLINE: "Nie, .akujem"..}..//054F59544E87874B9FE9A912D9B9EA0B6CD47101FD1CDF624935BDC00569097F0FB1000C5F6977641CD87A733A7F605C6B3D33E7E25963DE380F4ADD2F60DC48++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                                                        Entropy (8bit):5.599519177835905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGjvY4FembeVgtvKSFe0WLmLTlwFi1dAVVSS:mlQJnlH0
                                                                                                                                                                                                                                        MD5:0D9BC3AEA3B2ECE9C13DC91765CC08D6
                                                                                                                                                                                                                                        SHA1:4D41D9B6B24B6E007839C6915F1394F8EB52C038
                                                                                                                                                                                                                                        SHA-256:011DE0E980D9401FDEADFE5A44FEE9D9DEDC6B77726852EE2606250149B741C6
                                                                                                                                                                                                                                        SHA-512:AB8D882A7D1E7BDDC44D37295A299066F80860002C728370B2326F78ED55A5CECBE63F7CA5264C472429139406DD35874FEA4326D1D1CFFCEF8CEC8C70360D39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor radi na .uvanju va.ih li.nih informacija od padanja u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, koristite bankarske usluge ili pretra.ujete veb, na.i besplatni alati mogu sa.uvati va.u bezbednost-- a sajber kriminalci ne.e imati .anse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatan alat koji .uva va.e li.ne informacije od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite da vas WebAdvisor za.titi od virusa, malvera i drugih pretnji po va.u bezbednost na mre.i.",.. WAIFF_BUTTON_ACCEPT: "Za.titi me",.. WAIFF_BUTTON_REMIND_LATER: "Podseti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//9532B41C2A7965B5481247D9F811C72DFFFB47B79668E3661708C693084E38C84F503335617BE9E2B98985E10D327859793ADD3FFBC0228B4AD93259916C21CC++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1002
                                                                                                                                                                                                                                        Entropy (8bit):5.515745154315555
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGKlvc49IeIuZR6/Otvo6WT8E9IehgNMxi72dUVIMgWkf4:Y9au+2M8E9nqMSOsg/f4
                                                                                                                                                                                                                                        MD5:D988050053B7EF738FC41E5B7014A199
                                                                                                                                                                                                                                        SHA1:9BA692A6E6879EE845014E2F48E0554CD2E69429
                                                                                                                                                                                                                                        SHA-256:7EC3D94DD1D7AA13B6BEE47E09A0CDA5AF35DFE9347BC9AB42E164BECB98284A
                                                                                                                                                                                                                                        SHA-512:C2FEDDD1B9FAAAF3D7FA1F06CBE5C39D21C4DE1724BEC23D1C5FA9A7D99E7CC066F0A87DC3A2933034A26E7121B649F0CEEE803CB450F2DBF5B828755CB09ED3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Skydda ditt digitala liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor jobbar f.r att f.rhindra att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Oavsett om du shoppar, utr.ttar bank.renden eller surfar p. internet kan v.ra kostnadsfria verktyg hj.lpa till att h.lla dig s.ker -- och n.tbrottslingarna kommer inte ha en chans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor .r ett kostnadsfritt verktyg som hindrar att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivera WebAdvisor f.r att skydda dig mot virus, skadlig programvara och andra hot mot din s.kerhet p. internet.",.. WAIFF_BUTTON_ACCEPT: "Skydda dig",.. WAIFF_BUTTON_REMIND_LATER: "P.minn mig senare",.. WAIFF_BUTTON_DECLINE: "Nej tack"..}..//E39491D304978BACD9070562E0A6EEE651A98CF6837F1DB2468B9C7E0CC6375A44644A24FA97350CC007188E7C576FC514EAE331457E92269C12BA773718F5F5

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1061
                                                                                                                                                                                                                                        Entropy (8bit):5.641484195960407
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGS2QvNaIeIse0jz0CtBsvzCOvje4DFkNHiNQd1NHVtwKf7knlI:PaahjzHtWbnZMHfxf7knq
                                                                                                                                                                                                                                        MD5:DDDD98CBEB0B4CAA3EBD07A5E0CB1E66
                                                                                                                                                                                                                                        SHA1:B0BE8D31697E77F8B380A8C8744BFEDBB1D6FED5
                                                                                                                                                                                                                                        SHA-256:539E992BF9283E7846071EF37D49262DCA453C35E1F3D5083D62C6401FD85CEE
                                                                                                                                                                                                                                        SHA-512:D6E1643AF322A9EBF61A20844C1878C0190101063AAFB196392F302159073AA7DB31A6DD14CEFB0AD4F2C0AAABD90283CCA8A45685475A23AED1EB5DC20A96F5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Dijital ya.am.n.z. koruyun",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ki.isel bilgilerinizin yanl.. ki.ilerin eline d..mesini engeller.",.. WAIFF_TOAST_DESC_2_COHORT_1: ".ster al..veri. yap.n, ister banka i.lemi ger.ekle.tirin, ister web'de gezinin, .cretsiz ara.lar.m.z g.vende olman.za yard.mc. olur; siber su.lular.n hi.bir .ans. kalmaz.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor, ki.isel bilgilerinizin yanl.. ellere ge.mesini .nleyen .cretsiz bir ara.t.r.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Kendinizi vir.slere, k.t. ama.l. yaz.l.mlara ve .evrimi.i g.venli.inize y.nelik di.er tehditlere kar.. korumak i.in WebAdvisor'. etkinle.tirin.",.. WAIFF_BUTTON_ACCEPT: "Kendinizi koruyun",.. WAIFF_BUTTON_REMIND_LATER: "Daha sonra hat.rlat",.. WAIFF_BUTTON_DECLINE: "Hay.r, te.ekk.rler"..}..//90C4BC23F401D54C761EB4F5C9C37A9A8E3B6C4B4121D48AD1B98270647BEFFDB7E3D

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):917
                                                                                                                                                                                                                                        Entropy (8bit):6.338403140080997
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGFvQsaInleBd82wvxsnInlehoyliIodS8Vq99NZwFaN:RaI4i2ZnI9OXZwwN
                                                                                                                                                                                                                                        MD5:DC6DAF97B9DC13B3E898E6A5A787E3BA
                                                                                                                                                                                                                                        SHA1:74B37D418300292F280096EB57FE95B9BFFB871A
                                                                                                                                                                                                                                        SHA-256:599630556936E8F8473153F205CAC57CCB91FA23C33DA69F7078044C99DBE791
                                                                                                                                                                                                                                        SHA-512:3A3B5806A153416D0C847FE72E57D5B07CEB873597BB31F2D4CB216E563C0384BE9F44B97CEB3975B66A379D7B7906E621C40B20D464A144416A75D849C6FBED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: ".... ...................",.. WAIFF_TOAST_DESC_2_COHORT_1: "........................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: ".... ............................",.. WAIFF_TOAST_DESC_2_COHORT_2: "................................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "...."..}..//5D540ED2997AD3923C0C63D702CC355961BF56FD4341F724E9BF3638107BE27CB27A92330BA3EC6D0C56110ADE4387F6CBD7AEFC331292A60A2E4CE2B78C8775++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):915
                                                                                                                                                                                                                                        Entropy (8bit):6.359291283545329
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7uGYvJeiCCpqKvZeedNsyinkdSgVq4cUyd5r5kP:GJRNxPy/r5kP
                                                                                                                                                                                                                                        MD5:CCB489D76BC04DBC638C5820F1A8E08A
                                                                                                                                                                                                                                        SHA1:891CBAE5DA51CA90B3EF926EA6ABA13270900929
                                                                                                                                                                                                                                        SHA-256:5B8BB1EB6E70C2FC24553267F6030491DC3AFF3457013638F1AB3681B9057160
                                                                                                                                                                                                                                        SHA-512:CE1946F142C98EDCFB111183E12EF8D68E08F1AB56F6D9A984916A6D92349C2289F33CB31AA0F8E9FF0840F965FD2C9134B7C5FA2EA1DB9161938ED953183FC2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor .....................",.. WAIFF_TOAST_DESC_2_COHORT_1: "...............................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor ..........................",.. WAIFF_TOAST_DESC_2_COHORT_2: ".. WebAdvisor ...........................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "......"..}..//A53A1D176110E16229498D10D83EC45A343D44AF4D96555DD63EDE071FFE3FA817E6EC66B631ECE9CEDED1E7A8AD700568C3E0A87E2E434C413361E53E8BB43D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4962
                                                                                                                                                                                                                                        Entropy (8bit):5.653261060794862
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Ht5PSpPUGEAopoM4odOR9EPH1h1bTzUXToCnqIK92n4laxOQDgmA:rqpcGEAQ54ROdhlTCTXqIKM4lansmA
                                                                                                                                                                                                                                        MD5:8DF9D2513C2B79AB08C8C4AD6F7677C6
                                                                                                                                                                                                                                        SHA1:CA6978CA05314803D5B3E1CA65F951B2D23823FE
                                                                                                                                                                                                                                        SHA-256:6CA4BE72D71942C3E833E18980E2A0E4373DD6F959800B8BE3CF589095B48C72
                                                                                                                                                                                                                                        SHA-512:071B22D7412CFF0266A1FF53E0736A6C175DB504482443D4A4F7840F106DFA3C7A211B11F5C5E25ECEE00C9A7D96A7F49E4B1E462C742477D084D196FDA3E260
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ete svoji ochranu na internetu . ZDARMA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Jen tak d.l!",.. OEM_TOAST_VARIANT_INFO: "M..ete se na internetu c.tit mnohem bezpe.n.ji. P.idejte zabezpe.en. vyhled.v.n., abyste dokon.ili ochranu p.i proch.zen. internetu McAfee a zv..ili sv. bezpe.. na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Aktivov.n.m zabezpe.en. vyhled.v.n. jste dokon.ili nastaven. ochrany p.i proch.zen. internetu McAfee.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Zku.ebn. verze antivirov. ochrany McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana internetov.ho prohl..e.e",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prohl..e.e je va.e linie obrany proti nebezpe.n.m webov.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4454
                                                                                                                                                                                                                                        Entropy (8bit):5.392312635713834
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Hud7h5xpL1yuPQacJspPbkwriNTSwcvEFyFQFgWr0:M7hTpByuodJspPbrriNmwcvkZFgWY
                                                                                                                                                                                                                                        MD5:A085A7DC8F71332B1EE6E5C2C547766A
                                                                                                                                                                                                                                        SHA1:01D051FFFC82C520DA6BADECD24C7842539CDB19
                                                                                                                                                                                                                                        SHA-256:AEC41D4D1F594B178C635BF9C92FA22E18DF23D1D5DB31E1B43AFE9470F34441
                                                                                                                                                                                                                                        SHA-512:F44E42EDFF79D232553E70089D48A88E8B6EB343C0C76B941D85F802677B6AEF66B8CE3E9D8C02A50375A888E94A44359C2CC55C05EC4E23183F81F9365B62F5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "G.r konfigurationen af din onlinebeskyttelse f.rdig . GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.dan!",.. OEM_TOAST_VARIANT_INFO: "Du kan have en endnu bedre beskyttelse online. Tilf.j s.gebeskyttelse for at g.re konfigurationen af McAfee Web Protection f.rdig og forbedre din sikkerhed online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har afsluttet oprettelsen af din McAfee Web Protection ved at aktivere s.gebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversion af McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeskyttelse er din f.rste forsvarslinje mod usikre websteder, links, downloads, malware og meget mere.",.. OEM_TOAST_VARIA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4525
                                                                                                                                                                                                                                        Entropy (8bit):5.360098805453375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Hu7HbtZh8r8XUawmvah/R70a0+PNIk02+qjdLcSpQkHDm:yHbF8rbme/RRpOk02+QtcSuka
                                                                                                                                                                                                                                        MD5:0F20449C6A646A4C5B52C12329032082
                                                                                                                                                                                                                                        SHA1:D2B1610A94E44239C86FAC7E0627D083B6139A97
                                                                                                                                                                                                                                        SHA-256:34B3DE122E45991A24FE3985C3F329212B6C52BD3DC088096FFEBC6DBDE7CEA1
                                                                                                                                                                                                                                        SHA-512:2EA327537878068947CEFACA02A175197B515D23158E76B3819CADA4DA6E729039E23F471557982F8846F820616E963EE1CEE10A34DFD4D7D057BD0BDE49448F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Komplettieren Sie Ihren Online-Schutz . KOSTENLOS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Sie nutzen nicht alle Funktionen!",.. OEM_TOAST_VARIANT_INFO: "Ihr Online-Leben k.nnte noch viel sicherer sein. F.gen Sie Online-Suchschutz hinzu, um den McAfee-Webschutz zu vervollst.ndigen und Ihre Sicherheit im Internet zu erh.hen.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Sie haben den Suchschutz aktiviert . der McAfee-Webschutz ist jetzt vollst.ndig eingerichtet.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee-Testversion",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Browserschutz",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Der Browserschutz ist Ihre erste Abwehrreihe gegen unsichere Websites, Links, Downloads, Malware und mehr.",.. OEM_TOAST_VARIANT_F

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6944
                                                                                                                                                                                                                                        Entropy (8bit):5.100770852336955
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HwrU5F9ob1w9r4vQZEiH/MkCyf9Wxi8+cw2tV9fnozQRfQ7oR3r:QrU5FixMrp/MksxbhtV91I7oRb
                                                                                                                                                                                                                                        MD5:95EA2A80364715217C7DDE840FE3D462
                                                                                                                                                                                                                                        SHA1:7246F52A2EFE698337A6FC0D4D4244F98742AE39
                                                                                                                                                                                                                                        SHA-256:94C5146CDD2C457E7B528FC83B36D040F1D0236093314EAA6A3B8B7CFDA6A2C6
                                                                                                                                                                                                                                        SHA-512:DE4DBE388079E214FE1E85B5237BB7D7A4DA93DE8581EFC1A2B5BF2D54FD20ED518E41F81E6FD794E5EFB7DDE08FB70550B2FF798D387256E8D981563003450E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........... ... ........... ... ......... . ......!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: ".... ........ .. ..... ... ........ ... .......... ......... ... ......... .......... ... .. ............ .. ........... ... ......... McAfee ... .. .......... .. ........... ... .........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............ .. ....... ... ............ ... .......... McAfee .............. ... ......... ...........",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...... McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABL

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4727
                                                                                                                                                                                                                                        Entropy (8bit):5.362226940627459
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HVm7IJTUE/c0dnhD6HaTKz+cfItWHMtDJHRLWyk7mEQheMxBu:IYUcno6mpbONH5Wt7mPheMxBu
                                                                                                                                                                                                                                        MD5:CF7E8691DB656D2A455232008F2D5499
                                                                                                                                                                                                                                        SHA1:85CCCF6A9B6B25B45CA9D1003D97A1E583BD6831
                                                                                                                                                                                                                                        SHA-256:2D0665CD7FF4C21DA2C5A9305013A569F6681DF864D06B48BA66A28001AB2A87
                                                                                                                                                                                                                                        SHA-512:1406E7D9995BA0102D5CB18B92E3F7316366B1609758FB0567E0F7FA157043675774FA0E6E3866E86CE989BF8C3820A021CE7F3E989E5AB31B73B44F08681828
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Refuerce su protecci.n online GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Muy bien!",.. OEM_TOAST_VARIANT_INFO: "Puede navegar con mucha m.s seguridad. A.ada una capa de protecci.n a sus b.squedas en Internet con McAfee Web Protection.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Ha terminado de configurar McAfee Web Protection con la protecci.n para las b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Versi.n de prueba del antivirus de McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n para navegar por Internet",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es su primera l.nea de defensa frente a sitios web, v.nculos y archivos de descarga poco seguros, adem.s del malware y otras amenazas.",.. OEM_T

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4645
                                                                                                                                                                                                                                        Entropy (8bit):5.370734830236917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:H+uLpSRLUr0y8YDhD5MkLb6kyoRV41uRyrF4QVzpmM:euLiQgu4kLbLyqMuRAFjV8M
                                                                                                                                                                                                                                        MD5:B4BADA60479585FC51970242851DFBCE
                                                                                                                                                                                                                                        SHA1:A4105A7C966647FBE1F0C8004ADC89C9E1F6B91D
                                                                                                                                                                                                                                        SHA-256:27A21B7806748B574738996E34452C432C93099569CE4F1CDAD0C978AA5A5865
                                                                                                                                                                                                                                        SHA-512:B983B7DE8F17CAB93171458840C63A3D228F35EA433E8A186A111D5401ED181CD6E68D3EAA2DC03BB0BFDF287BFE7493505BF45F8743179C0A2C1B745FDD8E15
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa tu protecci.n en l.nea. .GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Fant.stico!",.. OEM_TOAST_VARIANT_INFO: "Puedes estar mucho m.s seguro en l.nea. Agrega la protecci.n de b.squedas para completar McAfee Web Protection y mejorar tu seguridad en l.nea.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Has completado la configuraci.n de tu McAfee Web Protection activando la protecci.n de b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prueba de McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n del navegador en l.nea",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es tu primera l.nea de defensa contra el malware, los sitios web, las descargas y los v.nculos inseguros, y mucho m.s

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4369
                                                                                                                                                                                                                                        Entropy (8bit):5.38535014315059
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HCY1buqqISrqXmaENWWAyROr+DTVgjifdQhyXEi1:i2bURGOAlyROrWgjCChEF1
                                                                                                                                                                                                                                        MD5:A385C19F5D51E3AADE4ECE527CEC23CC
                                                                                                                                                                                                                                        SHA1:05F0E93A29B2F89240B205DAFE98BA389E9FBD7E
                                                                                                                                                                                                                                        SHA-256:997E842550F5578AAEEA2E9273538F4B21BDECD564760F900A45C254B7C9B913
                                                                                                                                                                                                                                        SHA-512:5A88BC87A43C4B9C73484509F07B33B0FBB4446F8EFD5E8CB866993490CB393E1F33108B318329A9C03B49F3023301C5D3970935D425DA6800A1AB40FC0BEB3A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "T.ydenn. verkkosuojauksesi . MAKSUTTA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Hienoa!",.. OEM_TOAST_VARIANT_INFO: "El.m. verkossa voi olla turvallisempaa. T.ydenn. McAfeen verkkosuojaus hakujen suojauksella ja paranna turvallisuuttasi verkossa.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Viimeistelit McAfeen verkkosuojauksen ottamalla hakujen suojauksen k.ytt..n.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus -kokeiluversio",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Selaimen suojaus verkossa",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Selaimen suojaus on ensimm.inen puolustuslinjasi muun muassa vaarallisia verkkosivustoja, linkkej., latauksia ja haittaohjelmia vastaan.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Hakujen suojau

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5002
                                                                                                                                                                                                                                        Entropy (8bit):5.357317440955675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HZzGKZjPEluOR2wzvjc8/MWaAE+XZKn3mTvARBdphbmbQQQJA3jqtQjQ7ceO4:lVEzx/Zk3uvAdfdJo1jzeO4
                                                                                                                                                                                                                                        MD5:52A4698F37724F10151BE3C096FBE2F7
                                                                                                                                                                                                                                        SHA1:B426BD001FFEB7DE0E7D09C49DD77FC068E73510
                                                                                                                                                                                                                                        SHA-256:1697BF0B33AABE52BFAD66776DEF2768C91542C5A022B3802B4B3186D6055F1B
                                                                                                                                                                                                                                        SHA-512:F2E671427105E55AD544AEE245517A4783A9AE04264BBB5EBD3DA34884BA9FCE640B5E343D2527847199B55DDA266A5EBBF00A68E440399EA779D12C2F5EB31E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Compl.tez votre protection en ligne - GRATUIT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Quelle bonne d.cision!",.. OEM_TOAST_VARIANT_INFO: "Vous pourriez .tre beaucoup mieux s.curis. en ligne. Ajoutez la recherche s.curis.e pour compl.ter la protection Web McAfee et pour renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez compl.t. la configuration de votre protection Web McAfee en activant la recherche s.curis.e.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation gratuite de l.antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur est votre premi.re ligne de d.fense contre les sites Web, lie

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4951
                                                                                                                                                                                                                                        Entropy (8bit):5.370840416068541
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:H1dQtHATWE0/hUcGNyFmjjc8md8QPSsnRxKGF7juyNmYSff9j5rQgw2m:VKtrE0pIUL6sR727FBygVm
                                                                                                                                                                                                                                        MD5:F4E3435EF272E7C4DE3FFF427BFEE8C9
                                                                                                                                                                                                                                        SHA1:E438962D0DE9398F50C9273C34AB329445B89EAA
                                                                                                                                                                                                                                        SHA-256:53CE15AA15770BDCF583538338A4CB84978848C155A01079D109CBE920F4F29E
                                                                                                                                                                                                                                        SHA-512:0FD66D67C0D80265E0F9D13210A4C250FAB9C235DEFBE2D9B817A02DD99F856DE87AD46B9B50D839BEFB0F6ABCFDC21539468BD3A05817387E6A4C69BC861D8E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Terminez la configuration de votre protection en ligne . GRATUITEMENT.!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Bravo.!",.. OEM_TOAST_VARIANT_INFO: "Vous pouvez .tre beaucoup mieux prot.g. en ligne. Ajoutez la protection des recherches pour compl.ter votre protection web McAfee et renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez termin. la configuration de votre protection web McAfee en activant la protection des recherches.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation de l'antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur constitue votre premi.re ligne de d.fense contre les sites

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4651
                                                                                                                                                                                                                                        Entropy (8bit):5.4612289686312865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HCsNsKVqer5TZNOZG9OBhwMsvA0+Ovho6rQYBi9ECH:zNsiqsZ4cM6A0+Ove60YM1
                                                                                                                                                                                                                                        MD5:4E70D4BE2D762E463BE5A3A3861586AF
                                                                                                                                                                                                                                        SHA1:A098501DB91EC5F4B5C8720501B748A46B90C6F7
                                                                                                                                                                                                                                        SHA-256:B20DF2F111439916FC2F45BCC41BB4BFC6205A9797BC53C442A9234CB68AE430
                                                                                                                                                                                                                                        SHA-512:C6A3121F62156D1A13537CCC65AB61364E2E923827745CC5CAFAAE597C690CA1B7688CA5088859C061FF2DA1464725B73B41D77626E91625D8AE32C4A1E92A79
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dovr.ite svoju online za.titu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tako treba!",.. OEM_TOAST_VARIANT_INFO: "Na mre.i mo.ete biti puno sigurniji. Dodajte za.titu pri pretra.ivanju kako biste dovr.ili McAfee Web Protection i pobolj.ali svoju sigurnost na mre.i.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Dovr.ili ste postavljanje svoje McAfee Web Protection omogu.avanjem za.tite pri pretra.ivanju.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita preglednika na mre.i",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita preglednika va.a je prva linija obrane od nesigurnih web-mjesta, poveznica, preuzimanja, zlonamjernog softvera i jo. mnogo toga.",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4620
                                                                                                                                                                                                                                        Entropy (8bit):5.54480423719366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HfqjRDpi/v3XWyYNDX5XcmPcnrW2S6CatskM0QlHDS:/q7gGFDX5dorWKskCFu
                                                                                                                                                                                                                                        MD5:1CA78A205192F52EA676515486C81AAC
                                                                                                                                                                                                                                        SHA1:A01170B5808372F575FF7455F68A586D2FB48D36
                                                                                                                                                                                                                                        SHA-256:CA594084A6D915EB7B5BD130FD8D16C64621EEE9D8D6A69E82523D0AE785A945
                                                                                                                                                                                                                                        SHA-512:3571524AC31B6793ADBFDBE00E789440406AECE578CDC4DF2D45C5E4004EAD74CA08C36A9C0F0533F9C9E15B050D8FD4F9DA167FC9658DF324349FA8DC1FB210
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Eg.sz.tse ki online v.delm.t . INGYEN!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Nagyszer.!",.. OEM_TOAST_VARIANT_INFO: "M.g nagyobb biztons.gban lehet online. Enged.lyezze a v.dett keres.st, hogy teljess. tegye a McAfee webes v.delmet, .s n.velje online biztons.g.t.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "A v.dett keres.s bekapcsol.s.val befejezte a McAfee webes v.delm.nek be.ll.t.s.t.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee v.rusirt. pr.baverzi.ja",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online b.ng.sz.v.delem",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "B.ng.sz.je v.delme a frontvonal a nem biztons.gos weboldalak, hivatkoz.sok, let.lt.sek, k.rt.kony programok stb. elleni biztons.g ter.n.",.. O

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4608
                                                                                                                                                                                                                                        Entropy (8bit):5.244617136812891
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HQj/oecik1Rs8CwrTww7Jr6QdIBOG1XY4RO2YC+qQAj7j1Z:4/obl1VnUw7Jr6QdIh1XY4RO2YC+pC7P
                                                                                                                                                                                                                                        MD5:A1CFE943711D68E29FB0BAF515C3BE30
                                                                                                                                                                                                                                        SHA1:3DF269E7BBAA6F5661D6BF38736F6C9D93C3C6BD
                                                                                                                                                                                                                                        SHA-256:AD7191575F92C5208DD7589BF0A61AECB8E3DDDDF65A0274DA1F87DCD21C1C4D
                                                                                                                                                                                                                                        SHA-512:4E7A11C2F071A006D64766091FEF24B177194F2788D228B11BFF8992D8567BDBB0336800DE9D01F93B4DB7E355763C30ABBDAD481753485217301D976A3C0919
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa la tua protezione online - GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ottimo!",.. OEM_TOAST_VARIANT_INFO: "Puoi migliorare notevolmente la protezione online. Aggiungi la protezione delle ricerche per integrare McAfee Web Protection e migliorare la tua sicurezza online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Hai completato la configurazione di McAfee Web Protection attivando la protezione delle ricerche.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prova di McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protezione online del browser",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protezione del browser . la prima linea di difesa da siti Web, collegamenti e download non protetti e dal malware.",.. OEM_TOAST_VARIANT_FEATURES_DISAB

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5215
                                                                                                                                                                                                                                        Entropy (8bit):5.863428248831096
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HaYG+SPT4mep9K9B95H1bccLyf/9f71bYwNKiVEVH9skXbrbQCQ6L2nKQKUGsS:q+SPT4mnh5d/KVYwNZiZ9RrOJ6sS
                                                                                                                                                                                                                                        MD5:CCE06280CB507190ADCE8BF0A6168DCA
                                                                                                                                                                                                                                        SHA1:218C69735C706098057A38D39B5832F61ED248A5
                                                                                                                                                                                                                                        SHA-256:C7033A7615EC1A3C25E5A150B3475408BDC0ABDBE2B2DE8D000ECB0DDE65C448
                                                                                                                                                                                                                                        SHA-512:FDC6D207F4361EF8E9EE4339C7508F88DF9073E1D276BA352544F7609AAB2C5C7AC6E0EBBBBEB737D5437E35C9F032C80BBE368F20D0EBF7ED5FADAC999D65C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "................. - .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".......",.. OEM_TOAST_VARIANT_INFO: "............................... McAfee Web Protection ..........................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".............McAfee Web Protection ...............",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "..... .............",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".........",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4770
                                                                                                                                                                                                                                        Entropy (8bit):5.834254412199816
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HNby+JvldshnPhOVGUZoI+0MYAT2T1eHEzdaVQkwpSMXH:tGk3sNhxHI+0cUKu06kTMX
                                                                                                                                                                                                                                        MD5:1B44458C43DD2FA2C7142399F4FE9834
                                                                                                                                                                                                                                        SHA1:6851B11509CD2477E7E145A3A332AA616CFCC0E3
                                                                                                                                                                                                                                        SHA-256:8107755D51D54BA5E22FC4C25A2E6E0ED10E50A37D4D8A0CD6E83D8A7A69A480
                                                                                                                                                                                                                                        SHA-512:6C7E1BAEB538CD145B86BCE80CF53D33039ECBB213B6F15A2150AB19C6806EF4728D5430675AEC803D04BB792173753585D29C17AB4E1FA36A4880BAA6B1668B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "... ... ... ... ......",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: "... ... ... . ..... .. ... .... ... McAfee . ... ... ... ... ......",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ... ..... McAfee . .. ... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee ...... ...",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "... .... ..",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".... ... .... .. . ..., .., ...., ... .. .. ... ... ......",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4467
                                                                                                                                                                                                                                        Entropy (8bit):5.389537176674528
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HqSH3f2pqCBDGeE36ZmcQf5xPCN1LeCYrWbVhYqeQGE/MS4e:KmW4eClJ/PCN1LXYr2LYqdGE/x4e
                                                                                                                                                                                                                                        MD5:A4C6807924B6BF966555B5DBD9EC1793
                                                                                                                                                                                                                                        SHA1:F5A8B3D64BF446D90445028D5E7BA44E049EA241
                                                                                                                                                                                                                                        SHA-256:2ED4452C9D2E821FD0972277502EA4C6D2C2B19BA95731FC5A9829B2D5A52E48
                                                                                                                                                                                                                                        SHA-512:F58EF195FD3D4E0861C7A0F2B4AE1F104CACBE777D2D85B112B7F8F9BB7F639A9F1C3311E1A53EAA3D800B926AA65F33DBEF96D3294AAB4C362DD9ED6FD3BBBB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Gj.r nettbeskyttelsen din komplett . KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ikke verst!",.. OEM_TOAST_VARIANT_INFO: "Du kan bli mye tryggere p. nettet. Legg til s.kebeskyttelse for . gj.re McAfee nettbeskyttelse komplett og forbedre nettsikkerheten din.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du fullf.rte konfigureringen av McAfee nettbeskyttelse ved . aktivere s.kebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversjon av McAfee antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Nettleserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Nettleserbeskyttelse er ditt fremste forsvar mot usikre webomr.der, koblinger, nedlastinger, skadelig programvare med mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4299
                                                                                                                                                                                                                                        Entropy (8bit):5.383943743957999
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:H2AwS9S9NzRHuSpGikmkH4XRgPKvpR1E1B2azPDcF2g+FeksVMkgR1pfQ5V:WAweeN9hGikmkHDKpRS1EaTDw2g+Ffs9
                                                                                                                                                                                                                                        MD5:17EE9A390B4432C9B6B56E5D646D17ED
                                                                                                                                                                                                                                        SHA1:33FCBB02679F92B160DE38F9B7E94BA88101A392
                                                                                                                                                                                                                                        SHA-256:9A05EAE0A7A690674C34D88CD6774E8CE18747338511182716D32AF14A263EB9
                                                                                                                                                                                                                                        SHA-512:22D4ECF9B2C6CD1FAE91F9932ED94BFC2EF2A83092149829B243E97342199266BC6D29AA9E1DF1E3696D0EF93F9407386400B0E77E825466BB130A480E4A999A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Voltooi uw online bescherming . GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Goed gedaan!",.. OEM_TOAST_VARIANT_INFO: "U kunt online veel veiliger zijn. Voeg zoekbescherming aan uw McAfee-webbescherming toe en verbeter uw online veiligheid.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "U hebt het instellen van uw McAfee-webbescherming voltooid door zoekbescherming in te schakelen.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Proefversie van McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeveiliging",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeveiliging is uw eerste verdedigingslinie tegen onveilige websites, koppelingen, downloads, malware en meer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Zoekbescherming",.. OEM_T

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4749
                                                                                                                                                                                                                                        Entropy (8bit):5.574820600496478
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HeH6Ry8L5clQB1MuoIbuNO8Q2STtWQLpXsJi6jiTZ/80zthQX2wyOjj:+Ht8tclQB1AnO8Q2STtWQLpXsJrEZ/87
                                                                                                                                                                                                                                        MD5:A9AB933906D018444065E6AFF57AA269
                                                                                                                                                                                                                                        SHA1:E562CF39C58DA9099185F983FA0E5413E7657D95
                                                                                                                                                                                                                                        SHA-256:60D4D1098AC398CC82F0C16998CCB9195AC0B637C274BFC516BF667C3FCF7A69
                                                                                                                                                                                                                                        SHA-512:4A596D6308FBFAF12B2277A6F452766805AEF1CD512507F7F9F8745DD84AB70CBEC6B85885E19812DF7C137488A05E181FC73844021A364D444DEA0BF820EEE6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Wzmocnij swoj. ochron. w Internecie . BEZP.ATNIE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Dobra robota!",.. OEM_TOAST_VARIANT_INFO: "Mo.esz mie. znacznie wi.ksz. ochron. w Internecie. Dodaj ochron. wyszukiwania, aby wzmocni. ochron. funkcji McAfee Web Protection i zwi.kszy. swoje bezpiecze.stwo w Internecie.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Uko.czono konfiguracj. funkcji McAfee Web Protection poprzez w..czenie ochrony wyszukiwania.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Wersja pr.bna programu McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrona przegl.darki w Internecie",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrona przegl.darki to pierwsza linia obrony przed niebezpiecznymi witrynami, ..czami, pob

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4556
                                                                                                                                                                                                                                        Entropy (8bit):5.385079849437009
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Hlahgzv62PaQaLuR89CrPnzGS77lq+XQs6s:FaqvFL7R89MPnzGS77U+Asz
                                                                                                                                                                                                                                        MD5:87290CB0A50077449336BE1E2A3DDDCE
                                                                                                                                                                                                                                        SHA1:5121E1F7916B651BEA3F91BB17BB2A797E75BF82
                                                                                                                                                                                                                                        SHA-256:3743A392AD98A9F5A89B07AB5FB4B403185317C18F31AA235A1BD5001A1C5391
                                                                                                                                                                                                                                        SHA-512:A098FAE2FAAF60242C5768C35D9DFE497988EE442D064C08461D6B3D7A890D2740ABF0005F4B9454533EBDDE7D0D02DE0498653CE43B8BE63320869D24B8E57B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Conclua a sua prote..o on-line GRATUITAMENTE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ". isso a.!",.. OEM_TOAST_VARIANT_INFO: "Voc. pode ter muito mais seguran.a on-line. Adicione prote..o de pesquisa para completar o McAfee Web Protection e aumentar sua seguran.a on-line.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Voc. concluiu a configura..o do McAfee Web Protection ativando a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o gr.tis do antiv.rus da McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o do navegador on-line",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o do navegador . sua primeira linha de defesa contra sites, links e downloads inseguros, malware e muito mais.",.. OEM_TOAST_VARIA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4478
                                                                                                                                                                                                                                        Entropy (8bit):5.369224961069465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HI2q8anq+9cCh9FcTVvtObxsp0R1vsfYRq+XQwroKh:o38eq7CTWRvtO6pe1vsfYg+Aw/
                                                                                                                                                                                                                                        MD5:69D59C7DFB5269E2AB75A5C8E37A5E92
                                                                                                                                                                                                                                        SHA1:B5433B6A152ECA99D46DA9EFE6C8D16765E63735
                                                                                                                                                                                                                                        SHA-256:D2D6D2735601FA9F1383A98D9EC40D9478E695B669011AD965EE7F5CED8B0B31
                                                                                                                                                                                                                                        SHA-512:48D121A0122D9A72717286EA567A3057D2600B4180565A916DD403E30D88174AA1C4F5AA1310FFC5D4B850856853DDE6B2A0922953FF79C9A44A3AAD4135EFAE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Complete a sua prote..o online . GR.TIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Boa!",.. OEM_TOAST_VARIANT_INFO: "Pode estar muito mais seguro online. Adicione a prote..o de pesquisa para completar o seu McAfee Web Protection e aumentar a sua seguran.a online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Terminou de configurar o seu McAfee Web Protection ao ativar a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o do antiv.rus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o de browser online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o de browser . a sua primeira linha de defesa contra Web sites inseguros, transfer.ncias, malware e muito mais.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "P

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6441
                                                                                                                                                                                                                                        Entropy (8bit):5.187043096010651
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:H3P3dV2BQF3iK4ttHiUWB3E4L2bLrrDSiaA1oSUd0BSO+Vft1ZQpmvfRoLCF:v/2Bo3L4iPdMPnSvA1UQbGf6pMfRoL8
                                                                                                                                                                                                                                        MD5:4A0A8E10A499BF1F70DCF4BA51AE5175
                                                                                                                                                                                                                                        SHA1:D4AD51BCE9EA3E40D965E873F91D4D0C387E6D77
                                                                                                                                                                                                                                        SHA-256:7AAFE063CF64C6B1BB6CF1727E8C540FE3747A26388C946AA746142FACF93164
                                                                                                                                                                                                                                        SHA-512:85DB099271143BBCC3257D9D6C906E7F3C091F02AB9B2255E07D1250EDFDC0F0241F3401625578909ED430F7883496199CDC204B4A895A2EBECF32799920F8C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "......... .... ...... . ......... . .........!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "... .......!",.. OEM_TOAST_VARIANT_INFO: ".. ...... ........ .... ............ . .......... ........ ...... ......, ..... ......... McAfee Web Protection . ........ .... ............ . ..........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ......... ......... McAfee Web Protection, ....... ...... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "....... ...... McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "...... ........ . .........",.. OEM_TOAST_VARIANT_FREE_LABE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4713
                                                                                                                                                                                                                                        Entropy (8bit):5.641615193218826
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Hu/cMHiS0zIB64Vb8JmdTv6zInPVO+mMQ9s/:2c+iE64xTdTvPVng9s/
                                                                                                                                                                                                                                        MD5:17B5E926E53D416E6C7395B987BD52A2
                                                                                                                                                                                                                                        SHA1:549F957E65575B218B9164A3BF6971864F7372D7
                                                                                                                                                                                                                                        SHA-256:F15C7E907A4CC72C439493387D645BCBB5D646D39BE1EE56E5D82A680BAEFA71
                                                                                                                                                                                                                                        SHA-512:1EBF984B89D6E0E6808A5B8C6A87C871EE56F8954C4FACC98818B6E6B12E6C90BBECAF78A4B19B423E82984ECF8DA7570E5328BE9BC33DDEE174DE5E31CDEC7F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ite nastavenie online ochrany ZADARMO.",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Chr..te sa.",.. OEM_TOAST_VARIANT_INFO: "Aj online m..ete by. v.bezpe... Pridajte ochranu vyh.ad.vania do produktu McAfee Web Protection a.zv..te svoju bezpe.nos. online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Zapnut.m ochrany vyh.ad.vania ste dokon.ili nastavenie McAfee Web Protection.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Sk..obn. verzia antiv.rusu od McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana online prehliada.a",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prehliada.a tvor. prv. .rove. ochrany pred nebezpe.n.mi webov.mi lokalitami, odkazmi, stiahnut.mi s.bormi, malv.rom a .al..mi hrozbami.",.. OEM_TOA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4628
                                                                                                                                                                                                                                        Entropy (8bit):5.435037641966001
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:H7718TA7STZFOZGOA9wSdASMoNNPDgYK0hQOLYBB/:b7glDu8ASMAtjK0mOEBx
                                                                                                                                                                                                                                        MD5:4FF05AF3D37C4012A38429AE926782FA
                                                                                                                                                                                                                                        SHA1:E46BDF4664FD2D15F2149C383314C672E41E5024
                                                                                                                                                                                                                                        SHA-256:2313221E408F8DA8253D7BE37B2258E7F0E1C5164467CA3FD8FDA80A8526BFD6
                                                                                                                                                                                                                                        SHA-512:ACF0561CF71B932AECDF3FF96846BB93E820CD71520CDFCFFE234352B59C598590D737DD5710423ACEC819DABF8BE55D77E40352208B7B6CA694AC380DD7DF61
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Upotpunite za.titu na internetu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Prava stvar!",.. OEM_TOAST_VARIANT_INFO: "Mo.ete biti mnogo bezbedniji na internetu. Dodajte za.titu pregledanja kako biste upotpunili McAfee Web Protection i pobolj.ali bezbednost na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Upotpunili ste postavku McAfee Web Protection omogu.uju.i za.titu pregledanja.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee antivirusnog programa",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita pregleda.a na internetu",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita pregleda.a je va.a prva linija odbrane od nebezbednih veb lokacija, veza, preuzimanja, malvera i jo. toga.",.. OEM_TOAST_VARIANT_FEATU

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4220
                                                                                                                                                                                                                                        Entropy (8bit):5.441827768317273
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HkTQd3F1N1KuBfzHv7afFmZMfSseE08bwzGt9S0NpQIrCF+AQmGIuBm:KWVBbz5vsec0zK9p1LL/IN
                                                                                                                                                                                                                                        MD5:6AC7167B48887B8D895EB9C18B5BC4CC
                                                                                                                                                                                                                                        SHA1:CDD06D618920399CF9DD35D57B947E6275B6057B
                                                                                                                                                                                                                                        SHA-256:D81F7D4E27502BC091269685E6F0C01F44E2974B6C81B47A65AFABF3AB98E9F5
                                                                                                                                                                                                                                        SHA-512:846D7DE66FADB9717F43837DDD978C4852FD6C5505C9724BCCAA33DB161EB86BD4BDF9D03D6918D866D84824744040BDB69272096CA01518DBA71E2547E2FED5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Fullborda ditt skydd online - KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.d.r ja!",.. OEM_TOAST_VARIANT_INFO: "Du kan surfa mycket s.krare. L.gg till s.kskydd f.r att komplettera McAfee Web Protection och f.rb.ttra din s.kerhet online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har fullbordat inst.llningen av McAfee Web Protection genom att aktivera s.kskydd.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Provversion av McAfees virusskydd",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Webbl.sarskydd online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Webbl.sarskyddet .r ditt f.rsta f.rsvar mot os.kra webbsidor, l.nkar, h.mtningar, malware och mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "S.kskydd",.. OEM_TOAST_VARIANT_FEA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4525
                                                                                                                                                                                                                                        Entropy (8bit):5.527304959583617
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HsafCWrSckFzm3EzHFSCvXV4lsQtFT76w:MaKWrSzm3EzHFSCP43Pmw
                                                                                                                                                                                                                                        MD5:6F533DB4BBA76B4DA5C26495E054A633
                                                                                                                                                                                                                                        SHA1:E5D21FC51C2B7E5C24B4BC0AB6AEC75DC6B0C6BC
                                                                                                                                                                                                                                        SHA-256:A62F652BEA97725BEF4AADDF987040CCE0A98541E582EA2F6985BA6AD2944701
                                                                                                                                                                                                                                        SHA-512:7F0ED02AEFE8FF7222090BBB5BE89F8D60F4BAE1A3C8CEB475E39B20BC01296927727590BCE086C1E5E40DD3C378DDB9D23CD08023DD19D56657AA59AC154E38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".evrimi.i koruman.z. tamamlay.n - .CRETS.Z!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tebrikler!",.. OEM_TOAST_VARIANT_INFO: ".evrim i.i .ok daha g.vende olabilirsiniz. McAfee Web Protection'. tamamlamak ve .evrim i.i g.venli.inizi art.rmak i.in arama korumas.n. ekleyin.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Arama korumas.n. etkinle.tirerek McAfee Web Protection'. .evrim i.i kurmay. tamamlad.n.z.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus Denemesi",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".evrim i.i taray.c. korumas.",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Taray.c. korumas.; g.venli olmayan web siteleri, ba.lant.lar, indirmeler, zararl. yaz.l.m vb.'ine kar.. ilk savunma hatt.n.zd.r.",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4033
                                                                                                                                                                                                                                        Entropy (8bit):6.10730871533129
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:H69N08pRNQ/OJJNZsjB90G3Qm/aCQVHmkum6Q:a9+qN7JJ7mBKUQCaBNduA
                                                                                                                                                                                                                                        MD5:B644D5BA4787DDEE3DED56D60963AB57
                                                                                                                                                                                                                                        SHA1:E39137D5D68610A1F288B8E2F387E50832A8FF27
                                                                                                                                                                                                                                        SHA-256:094A9B8854353572BC1835CC97C0B75DD2654804AD524911D1432D0C5D53F356
                                                                                                                                                                                                                                        SHA-512:79567528F7659444943EE32827F95B2BD0AEC5EA2D466851CB4E7F7561055B00001C579345338073C9F7EC2679E6C49AC26A89D48DF872B1ABB83B0B9E59BC45
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........ . ..!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".....!",.. OEM_TOAST_VARIANT_INFO: ".......................................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".......................",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...........",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC: "......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4288
                                                                                                                                                                                                                                        Entropy (8bit):6.169799601205913
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HummxlGEjsinJjE8X7IujB0LbIF5fFrQTyK6w:OmmOvkEU7IuN0+5fF0v6w
                                                                                                                                                                                                                                        MD5:5858CF78FE8413A686CF0458B7F06938
                                                                                                                                                                                                                                        SHA1:39C3E27397B99F01B9103214EBBC968EFCBD41F4
                                                                                                                                                                                                                                        SHA-256:4634E77F8ABF2E2C545B7DF9D485706C0652AECC343B4CDF29F357DD6973C9A9
                                                                                                                                                                                                                                        SHA-512:D8E59383665B8286FD141FAA40AC7D6C8626ECB301E517DC76AEE76DD0325D059BF98490C4101F63C3C6E7B4FE67A9DB3BEB6B4FEA02B55436127E1A5FC98822
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".......... . .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......",.. OEM_TOAST_VARIANT_INFO: "................ McAfee Web ...................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............. McAfee Web ......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus ..",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".....................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3415
                                                                                                                                                                                                                                        Entropy (8bit):5.667545190162343
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:calbcPcTkV6hxvM/L4PgzN/6hxO232sN4agGum9t:GUwdkec2sN4agGum9t
                                                                                                                                                                                                                                        MD5:D0CAE9E568091C64A2774F4835937CF1
                                                                                                                                                                                                                                        SHA1:FE471F087C875DCC96F8C899BE1E3B7EC18AD3FA
                                                                                                                                                                                                                                        SHA-256:BBFF6BB3FE60B5664D67D2EEE9AF3D5DC888113D303E2DEA7CD21CBC8930AD19
                                                                                                                                                                                                                                        SHA-512:D308DE0690577DD8B1D8C442A3857D76DE55F639C322E2268AF20E16B8E389967DFDE9C08B38ED49F95C85C8CD68414BE58BD7830E2649DAB47B354A9A525716
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "N.pov.da",.. HELP_FAQ_TITLE: "Nej.ast.j.. dotazy",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Za.lete n.m e-mail na adresu",.. ABOUT: "O aplikaci",.. ABOUT_DESCRIPTION: "D.ky aplikaci {0} se m..ete na internetu l.pe rozhodovat.",.. CREATE_SAFER_PASSWORDS: "Vytv..en. bezpe.n.j..ch hesel",.. DOWNLOAD_CONFIDENTLY: "Stahov.n. bez obav",.. SETTINGS_SS_OPTION_ALL: "Informovat o bezpe.nosti v.sledk. hled.n. ve v.ech vyhled.va..ch",.. SETTINGS_SS_OPTION_NONE: "Neinformovat o v.sledc.ch hled.n.",.. SETTINGS_SS_OPTION_SS: "Informovat o bezpe.nosti v.sledk. hled.n. pouze ve slu.b. Bezpe.n. hled.n.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Vlo.te nebo zadejte adresu URL.",.. TRUST_SITE: "D.v..ovat str.nce",.. DONT_TRUST: "Ned.v..ovat",.. HELP_FAQ_SECTION_ONE_HEADER: "K .emu slou.. aplikace {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "D.ky aplikaci {0} se m..ete na in

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3222
                                                                                                                                                                                                                                        Entropy (8bit):5.395400252005755
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cIWPf2VFTTGDGMZO4WVFwT/s9vyNnma/DvOvEiFk83qS8sDQTjmHBgpK+:9FMZAOgFiizJMjmWA+
                                                                                                                                                                                                                                        MD5:024CF90E2338E85A4DD9BE80B3BE1F74
                                                                                                                                                                                                                                        SHA1:40498CEE4A4F878D8B4EEE21688B6E0D7759DCFC
                                                                                                                                                                                                                                        SHA-256:173E39943AE937D9D927589BBB9FA733810C5F41D8CDA7F827B5F93FF99D6E49
                                                                                                                                                                                                                                        SHA-512:06D98804E904B94DECB76CF89E8C0E7DB83BDA72C07BFD6667DE234ADDB33D369BB0DE5FDA522E3DC0CEFC13C4EEA2C17A29EDABEB5930D8854D32C2DA5F38B7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Ofte stillede sp.rgsm.l",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Send en mail til os p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. CREATE_SAFER_PASSWORDS: "Opret sikrere adgangskoder",.. DOWNLOAD_CONFIDENTLY: "Sikre overf.rsler",.. SETTINGS_SS_OPTION_ALL: "Fort.l mig, om et s.geresultat er sikkert i alle s.gemaskiner",.. SETTINGS_SS_OPTION_NONE: "Fort.l mig ikke om s.geresultater",.. SETTINGS_SS_OPTION_SS: "Fort.l mig, om et s.geresultat kun er sikkert i Sikker s.gning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Inds.t eller skriv URL-adressen",.. TRUST_SITE: "Har tillid til websted",.. DONT_TRUST: "Har ikke tillid",.. HELP_FAQ_SECTION_ONE_HEADER: "Hvad er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. HELP_F

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3302
                                                                                                                                                                                                                                        Entropy (8bit):5.381142569836547
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:c5vPqTKqMocuMD9nd/9j25ktHec9VYwpu4sD2oitoWD:BNMVLac+uYwp9sD2ptH
                                                                                                                                                                                                                                        MD5:E66FC7059526AE7B9BA1EBDFFC1F77D2
                                                                                                                                                                                                                                        SHA1:8A8E8554C9D9D62AAC14D7BE66FD538F48954C0A
                                                                                                                                                                                                                                        SHA-256:1C56CC1C5C3E0AEC60D67DE136C6660C83C2F1AA179605D995ED6F0A1B664D08
                                                                                                                                                                                                                                        SHA-512:97F65793A7CAC1887CD35808D549131BDBE332B55A599B34A00C108BD1B4A656A68AC491F05B99CD5EF76326048ED39DE7EB4CA8698027AEA6CB1560CC4BD16E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Hilfe",.. HELP_FAQ_TITLE: "H.ufig gestellte Fragen (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Senden Sie uns eine E-Mail:",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "Dank {0} k.nnen Sie besser entscheiden, welche Websites Sie unbesorgt besuchen k.nnen.",.. CREATE_SAFER_PASSWORDS: "Sicherere Kennw.rter erstellen",.. DOWNLOAD_CONFIDENTLY: "Sichere Dateien herunterladen",.. SETTINGS_SS_OPTION_ALL: "In jeder Suchmaschine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_NONE: "Keine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_SS: "Nur bei der sicheren Suche Bewertung von Suchergebnissen anzeigen",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL einf.gen oder eingeben",.. TRUST_SITE: "Site als vertrauensw.rdig einstufen",.. DONT_TRUST: "Nicht als vertrauensw.rdig einstufen",.. HELP_FAQ_SECTION_ONE_HEADER: "Was ist {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Dank {0} k.nnen Sie

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5323
                                                                                                                                                                                                                                        Entropy (8bit):5.032069401968367
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:czSqYMiAFSTIbO48c2aO490VuVMGzqRcAF+gx/ijYz2HC8Tt7iVJnIjz1NCPcWF2:DMO8w3BVGt22jz1QPltZIHx
                                                                                                                                                                                                                                        MD5:BE98E64A61F6063DB453D8E3B14498F9
                                                                                                                                                                                                                                        SHA1:B156FD2DB25166A750B997794DD829A6F4349369
                                                                                                                                                                                                                                        SHA-256:8B42619BB2293B4C6D65659A8233E4CE78C73AE42F778179F44A95E97F39CD99
                                                                                                                                                                                                                                        SHA-512:CF2D582B9B90C8B86B20056E1DF75A176E04BDA07A0D66231A1148A915891DAF7559C4C659978EC96F9A4A97025D41A40B55DFC4D1722276ED055763B8A53D3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "...... .........",.. HELP_SUPPORT_TITLE: "..........",.. HELP_EMAIL_US: "....... ... ...... ............ ............ ... .........",.. ABOUT: "...........",.. ABOUT_DESCRIPTION: ".. {0} ... ..... .. ......... .......... ......... ....... .. ... ......... ... ... Internet.",.. CREATE_SAFER_PASSWORDS: "............ ............. ........ .........",.. DOWNLOAD_CONFIDENTLY: "......... ...... .. ........",.. SETTINGS_SS_OPTION_ALL: ".. ............ .. ... .......... .......... ..... ....... .. ........... ......... ..........",.. SETTINGS_SS_OPTION_NONE: ".. ... ............ ..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2970
                                                                                                                                                                                                                                        Entropy (8bit):5.3552337380317
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cwr9pTTyT7Few0MxjU99E/E0v7StLuJHTuiGextXq/JXTGpUx86NQ4QeQr4+8LkK:cwr9pPyTEMxI99E/fTStLOz7xtulGOxZ
                                                                                                                                                                                                                                        MD5:6EF2CE5B8B5BB90A461735562BCF31E0
                                                                                                                                                                                                                                        SHA1:7DBE5D2A39B5C94C4DFD6128AF3B930B1E3FFB11
                                                                                                                                                                                                                                        SHA-256:AC8416144F7F4A34F299D7636BB7CABB411AFD3C770DE0E101442FEA4927532A
                                                                                                                                                                                                                                        SHA-512:492E95E4C9002F19C076DBC8032CB141687B61A523D47F020B01BA875C1810055124557ED0A97B4323760E5EB6D964F34FEAA45F90CB6C185DAC837179D57F7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Frequently Asked Questions (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Email us at",.. ABOUT: "About",.. ABOUT_DESCRIPTION: "{0} helps you make better decisions about what you do online.",.. CREATE_SAFER_PASSWORDS: "Create safer passwords",.. DOWNLOAD_CONFIDENTLY: "Download confidently",.. SETTINGS_SS_OPTION_ALL: "Tell me if a search result is safe in any search engine",.. SETTINGS_SS_OPTION_NONE: "Don't tell me about search results",.. SETTINGS_SS_OPTION_SS: "Tell me if a search result is safe only in Secure Search",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Paste or type your URL",.. TRUST_SITE: "Trust site",.. DONT_TRUST: "Don't trust",.. HELP_FAQ_SECTION_ONE_HEADER: "What is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helps you make better decisions about what you do online.",.. HELP_FAQ_SECTION_TWO_HEADER: "How do I share {0} with others?",.. HELP_FAQ_SECTION_TWO_CO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3318
                                                                                                                                                                                                                                        Entropy (8bit):5.389092677966564
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cDEMyiTKKM+hOeBgn/qfBJq3/GQjD7mQujWoIcsp1lX:vieH+g1D7mfIcsJX
                                                                                                                                                                                                                                        MD5:D3B0B728BAEBD877C17C71E64FDC9FA9
                                                                                                                                                                                                                                        SHA1:E8FECA73463725DDDB6F74FE3BFC4C02EC78B15D
                                                                                                                                                                                                                                        SHA-256:FE0643FE7A711D26E1788044C83B0441FC73A2B0B6F6108E25BC7D6978DABA01
                                                                                                                                                                                                                                        SHA-512:AF5A0C6AEA94229B45A2E99976501B3BA971882C6FDE6545805ACBCACC4EB42EFE33B87827AA0EA0D08A1AFF86E1D99CB12298242CCA8F296989C62A4EC0152A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico a",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} le ayuda a tomar decisiones m.s fundamentadas acerca del uso que hace de Internet.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con seguridad",.. SETTINGS_SS_OPTION_ALL: "Informarme si un resultado de b.squeda es seguro en otro motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No informarme de resultados de b.squeda",.. SETTINGS_SS_OPTION_SS: "Informarme si un resultado de b.squeda es seguro solo en B.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Confiar en el sitio web",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} le ayuda a tomar decisiones m.s fu

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3269
                                                                                                                                                                                                                                        Entropy (8bit):5.398972901259208
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cDEMRrT9tM+hOeBJDfE/ZABFWeLT91e5kkmpouToIc2eoxkHkO:SRO+gEDUkkmAIc6wL
                                                                                                                                                                                                                                        MD5:CF051BBF410DA11C4306F862D05EA2C4
                                                                                                                                                                                                                                        SHA1:1BD9711B079001803CC23C88A42BAAB91721F076
                                                                                                                                                                                                                                        SHA-256:D0D3F4DEDEB9F09E7647CBB740B6B8CE59B055A685FE75496A4DF786B710F917
                                                                                                                                                                                                                                        SHA-512:C27595E5B4B03997CA28F7B632E0A517706F3E29640DAE30083756B6C1077080911E239791BC1BFF1A380B4E074F2B8D42D2377EF377518D1474E99A5B3EF9D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} lo ayuda a tomar mejores decisiones acerca de lo que hace en l.nea.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con confianza",.. SETTINGS_SS_OPTION_ALL: "Comunicarme si un resultado de b.squeda es seguro en cualquier motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No comunicarme sobre los resultados de b.squedas",.. SETTINGS_SS_OPTION_SS: "Comunicarme si un resultado de b.squeda es seguro solo en b.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Sitio de confianza",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} lo ayuda a tomar mejores decisiones acerc

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3156
                                                                                                                                                                                                                                        Entropy (8bit):5.343809524094855
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cFjnmzGSTEMQHo+X/lFYpHNVbA5yZq0Ui45u:dzGSxDlNFR8i48
                                                                                                                                                                                                                                        MD5:45A30EFBCDF6CD89C36B373F755342EB
                                                                                                                                                                                                                                        SHA1:59F75D6715E90BFFBB138244352271F8E60E26DF
                                                                                                                                                                                                                                        SHA-256:365D34F5BFE5082FB0E450C88D0275D9EA0C59130E5E6D7DFFBC9AF8AD76B3C5
                                                                                                                                                                                                                                        SHA-512:6564A0E58E07E67CAFCECABAF0CACAC041C950E48608BBB4B2D7B222AC19A8C2430D8362CB57760322FDF31B97C3B690C5CA9FFC4D3B1B819356C18A04BAA452
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Ohje",.. HELP_FAQ_TITLE: "Usein kysytyt kysymykset (UKK)",.. HELP_SUPPORT_TITLE: "Tuki",.. HELP_EMAIL_US: "L.het. meille s.hk.postia osoitteeseen",.. ABOUT: "Tietoja",.. ABOUT_DESCRIPTION: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. CREATE_SAFER_PASSWORDS: "Entist. turvallisempien salasanojen luominen",.. DOWNLOAD_CONFIDENTLY: "Luotettava lataaminen",.. SETTINGS_SS_OPTION_ALL: "Ilmoita, onko hakutulos turvallinen, miss. tahansa hakukoneessa",.. SETTINGS_SS_OPTION_NONE: ".l. n.yt. ilmoituksia hakutulosten turvallisuudesta",.. SETTINGS_SS_OPTION_SS: "Ilmoita, onko hakutulos turvallinen, kun k.yt.n Suojattua hakua",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Liit. tai kirjoita URL-osoite",.. TRUST_SITE: "Luota sivustoon",.. DONT_TRUST: ".l. luota",.. HELP_FAQ_SECTION_ONE_HEADER: "Mik. on {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. HELP_FAQ_S

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3475
                                                                                                                                                                                                                                        Entropy (8bit):5.383263860190444
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cyXk9LMTrBXOkXco29M5t6QUxT//fM5NzyKt6yQjhejXe:zZR+ksoX4xgbyK1Qjhere
                                                                                                                                                                                                                                        MD5:5953D9D74D83EB95B8ADDA87FD3B448C
                                                                                                                                                                                                                                        SHA1:8E2F7EA82DFE259178F8E2D8673874CF82F2009E
                                                                                                                                                                                                                                        SHA-256:FFCFE25E78E4834BA0E7F4BE8BC94DDC8969E75B5D7822B53907D529C47F6911
                                                                                                                                                                                                                                        SHA-512:F3465940646170AA4F897405834F05EB0F77D7EE8233A1FAE302714E3C64C31480A66EAECAD65EC31A9719FE5C96482401DD4C965325B354EE21385B6E705C9D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Soutien",.. HELP_EMAIL_US: "Envoyez-nous un courriel au",.. ABOUT: ". propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre de meilleures d.cisions sur vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.er des mots de passe plus s.rs",.. DOWNLOAD_CONFIDENTLY: "T.l.charger de fa.on confidentielle",.. SETTINGS_SS_OPTION_ALL: "Me dire si un r.sultat de recherche est s.r dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne pas me parler des r.sultats de recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si un r.sultat de recherche est s.r seulement dans la recherche s.curis.e",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Coller ou saisir votre URL",.. TRUST_SITE: "Faire confiance au site",.. DONT_TRUST: "Ne pas faire confiance",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3557
                                                                                                                                                                                                                                        Entropy (8bit):5.404581861931083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cyXkPWgMTpX56126MJk7OQTxN//i46XeNWtd0lDqKStVGC4jRgosKT:zrN1XU1G2xKnINCieosg
                                                                                                                                                                                                                                        MD5:11C6828B2F40BE0618C5D069D43DD379
                                                                                                                                                                                                                                        SHA1:329CEEB6CEE7A0AC76D8430213B3A0D432C292D1
                                                                                                                                                                                                                                        SHA-256:F2EDCCA3D6BA41FAFFD11174E4B6FABBDE66B85FBE4F05DC9797B8254EB08F85
                                                                                                                                                                                                                                        SHA-512:0428084E4F0C20D3C86CAF0E5A7F8D1E43AD1CD60EA893A82C2D481EC8A4D6F5B05B0FD3B17D3D8802A80615F94650FDF36111DD5C95212E975953F3596B259C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Contactez-nous par e-mail . cette adresse",.. ABOUT: "A propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre les bonnes d.cisions en ce qui concerne vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.ez des mots de passe plus fiables",.. DOWNLOAD_CONFIDENTLY: "T.l.chargez en toute confiance",.. SETTINGS_SS_OPTION_ALL: "Me dire si le r.sultat de la recherche est prot.g. dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne rien me dire sur les r.sultats de la recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si le r.sultat de la recherche est prot.g. dans la recherche s.curis.e uniquement",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Collez ou saisissez l'URL",.. TRUST_SITE: "Approuver",.. DONT_TRUST: "Ne pas approuver",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}.?",.. HELP_FAQ

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3286
                                                                                                                                                                                                                                        Entropy (8bit):5.4526391390715085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cv359TfWlMbZ5ur/cOKc+vOOES9Wxt9yzoIEZUDrBdj7T:iLW2yYlVES9+96UuDrBdj7T
                                                                                                                                                                                                                                        MD5:54576C02A4EDB6FB80DE5A4874E042FA
                                                                                                                                                                                                                                        SHA1:013B9279EDF53248FB7F06BBBA8CF4C2BF5251B5
                                                                                                                                                                                                                                        SHA-256:23129E0D7391D4AEA2F5D06FF7DB29F8111102A09FF84D99A0F0A0D56011E5EC
                                                                                                                                                                                                                                        SHA-512:6EB88689A2BDEBE3110DFBFD681D2395BBB01820D491BF8B5CD16E309CFBBF0541746425E366AAB52C26491EDAB8361F69A024631E8D2FCB3FC9A5347EA06370
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: ".esto postavljana pitanja (.PP)",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Obratite nam se na adresi e-po.te",.. ABOUT: "O aplikaciji",.. ABOUT_DESCRIPTION: "{0} poma.e vam u dono.enju boljih odluka o tome .to .inite na mre.i.",.. CREATE_SAFER_PASSWORDS: "Stvorite sigurnije lozinke",.. DOWNLOAD_CONFIDENTLY: "Pouzdano preuzimajte",.. SETTINGS_SS_OPTION_ALL: "Obavijesti me ako je rezultat pretra.ivanja siguran u bilo kojoj tra.ilici",.. SETTINGS_SS_OPTION_NONE: "Nemoj me obavijestiti o rezultatima pretra.ivanja",.. SETTINGS_SS_OPTION_SS: "Obavijesti me ako je rezultat pretra.ivanja siguran samo u Sigurnom pretra.ivanju",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Zalijepite ili unesite svoj URL",.. TRUST_SITE: "Mjesto smatraj pouzdanim",.. DONT_TRUST: "Ne smatraj pouzdanim",.. HELP_FAQ_SECTION_ONE_HEADER: ".to je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} poma.e vam

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3670
                                                                                                                                                                                                                                        Entropy (8bit):5.56678554502903
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:c491zbQ9T9aMhF7fQdq/SvRonzXfFNtvf1B1BER7yU8Q:tbQ9hfQfRonzb/3iRGU8Q
                                                                                                                                                                                                                                        MD5:F46ED1CD4F8975B7B21EF2B69088B95F
                                                                                                                                                                                                                                        SHA1:80925875018C4F8502C7EADE81351D2687DAB262
                                                                                                                                                                                                                                        SHA-256:6BFADE8B2E1EAF6F976A19FA4AE02C8FF6889FD5A640A61D5E5ADA6CDCDCECEE
                                                                                                                                                                                                                                        SHA-512:CBBEF5C7EDAE45DC45E4A9D4BED4A1DAC93160B824AB13B969EE63173A4A524E421145A2593D01AFB036E78D669D55E690A2C70DB6C99733B4D3E419B353435F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "S.g.",.. HELP_FAQ_TITLE: "Gyakran ism.telt k.rd.sek (GYIK)",.. HELP_SUPPORT_TITLE: "T.mogat.s",.. HELP_EMAIL_US: "K.ldj.n nek.nk e-mailt az al.bbi c.mre:",.. ABOUT: "N.vjegy",.. ABOUT_DESCRIPTION: "A(z) {0} seg.ts.get ny.jt ahhoz, hogy jobb d.nt.seket hozhasson az online vil.gban.",.. CREATE_SAFER_PASSWORDS: "Biztons.gosabb jelszavak l.trehoz.sa",.. DOWNLOAD_CONFIDENTLY: "Biztons.gos let.lt.s",.. SETTINGS_SS_OPTION_ALL: "T.j.koztasson a keres.s eredm.ny.nek biztons.goss.g.r.l b.rmely keres.motorra vonatkoz.an",.. SETTINGS_SS_OPTION_NONE: "Ne t.j.koztasson a keres.si eredm.nyekkel kapcsolatban",.. SETTINGS_SS_OPTION_SS: "A keres.s eredm.ny.nek biztons.goss.g.r.l csak a Biztons.gos keres.sben t.j.koztasson",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL beilleszt.se vagy be.r.sa",.. TRUST_SITE: "Megb.zhat. webhely",.. DONT_TRUST: "Nem megb.zhat.",.. HELP_FAQ_SECTIO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3280
                                                                                                                                                                                                                                        Entropy (8bit):5.323424979090058
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cF+xiITUmLgSM+xy07Zg/ikrQs9N46fkjorok0jQxsxj:QIIag/+fENbsErI0xsN
                                                                                                                                                                                                                                        MD5:6745D840D9E4B0098098B1197662A26F
                                                                                                                                                                                                                                        SHA1:4FBFBC104243E1789DAC7475614DBB70B10C3809
                                                                                                                                                                                                                                        SHA-256:25804D3A20129062A9E4119F3410954279F0E60C517D6722A47078E3AF24431F
                                                                                                                                                                                                                                        SHA-512:51D007A90380A93029AC51471C43EC52C0BD9AE046AAAEAE443431331CC4844354E0638BBDC9D316ED1E9BD658CFC0443DEA91C7CF1BD125F318D502334F401D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Guida",.. HELP_FAQ_TITLE: "Domande frequenti",.. HELP_SUPPORT_TITLE: "Assistenza",.. HELP_EMAIL_US: "Contattaci via email all'indirizzo",.. ABOUT: "Informazioni su",.. ABOUT_DESCRIPTION: "{0} ti aiuta a prendere decisioni pi. consapevoli sulle attivit. online.",.. CREATE_SAFER_PASSWORDS: "Crea password pi. sicure",.. DOWNLOAD_CONFIDENTLY: "Scarica con la massima sicurezza",.. SETTINGS_SS_OPTION_ALL: "Comunicami se un risultato di ricerca . sicuro in un motore di ricerca",.. SETTINGS_SS_OPTION_NONE: "Non comunicare nulla riguardo ai risultati di ricerca",.. SETTINGS_SS_OPTION_SS: "Comunicami se un risultato di ricerca . sicuro solo in ricerca sicura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Incolla o digita l'URL",.. TRUST_SITE: "Considera affidabile il sito",.. DONT_TRUST: "Non considerare affidabile",.. HELP_FAQ_SECTION_ONE_HEADER: "Che cos'. {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ti aiuta a prendere dec

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3760
                                                                                                                                                                                                                                        Entropy (8bit):5.75270028130737
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cFuvhOT6tGCuqZu0KMV1V6Gq//0bNbJkKjixAwRm4wegixVU09T:1YGtGCuyu0HfDFBPiKem4/gi/9T
                                                                                                                                                                                                                                        MD5:C64DC3B4046B207FC4B51F7C8A5AC13F
                                                                                                                                                                                                                                        SHA1:94D55C841A88B1625899AF31D322CDF019331D57
                                                                                                                                                                                                                                        SHA-256:F21F7A0ABB5CC7107EB213CA30375F2EB4F9B19369EF4165D72067AA93CC7751
                                                                                                                                                                                                                                        SHA-512:4FA9F9F8670E0B923ADEE298DEF0EF3C979DF1FDA715B024C7FCD56C5AB199221347C111B7D2835DB00971B0E7BD83FA71E6A21BD44878AE787C5683B86F0977
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "....",.. HELP_EMAIL_US: "........",.. ABOUT: ".......",.. ABOUT_DESCRIPTION: "{0} ...................",.. CREATE_SAFER_PASSWORDS: "...............",.. DOWNLOAD_CONFIDENTLY: "...........",.. SETTINGS_SS_OPTION_ALL: "..........................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: ".... .....................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL ................",.. TRUST_SITE: "........",.. DONT_TRUST: ".....",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} .......",.. HELP_FAQ_SECTI

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3451
                                                                                                                                                                                                                                        Entropy (8bit):5.828760629956441
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:c0hbqh5TgP81LM2z7i6B/+XP6HUdYXx/gAw8otAJ2y8BwMrN:JWQ8S76X6Avot3hDh
                                                                                                                                                                                                                                        MD5:0CA54218CF33566B86262F674A780C28
                                                                                                                                                                                                                                        SHA1:3CE9452FCBAAB39D8939130C9B5BD917D22AECE5
                                                                                                                                                                                                                                        SHA-256:2FC9CCBB7235D2B8E2A870DE4851F64F40C9D927D4AF731F1E6D411CDED55450
                                                                                                                                                                                                                                        SHA-512:2F90A0D45275F4412D93CBA0D0998FC69F92BA2395EFD890662C5A8F13BAA820CDECBF3559BE6EFDDD54D7ACD4E94A0797BA83AFF44701DCCC7470364325AAEC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "... ..(FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "... ..",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}. .... ... .. . ... ... .. . ... ......",.. CREATE_SAFER_PASSWORDS: ".. ... .. ...",.. DOWNLOAD_CONFIDENTLY: "... ....",.. SETTINGS_SS_OPTION_ALL: ".. .. .... .. ... .... ..",.. SETTINGS_SS_OPTION_NONE: ".. ... .. ... ..",.. SETTINGS_SS_OPTION_SS: ".. ..... .. ... .... ..",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL. .. ... ......",.. TRUST_SITE: "... ..",.. DONT_TRUST: ".... ..",.. HELP_FAQ_SECTION_ONE_HEADER: "{0}. .....?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}. .... ... .. . ... .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3107
                                                                                                                                                                                                                                        Entropy (8bit):5.348525118195868
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cA9ffAT6MuE50WT/CGoDAUtGZpn2g3BBIxY:ejVoxtepD3B6xY
                                                                                                                                                                                                                                        MD5:7641FDF95399F1C6651B98DB1A9FFEE2
                                                                                                                                                                                                                                        SHA1:E2C8A08BA45495226EBB58B184C7C5B119B92D77
                                                                                                                                                                                                                                        SHA-256:55586E96C76FBBDBFE4A988DCF9F79ABB5A480C4F8D55207215ABD597855EBF0
                                                                                                                                                                                                                                        SHA-512:4833C74E156BF150266AFC28F2FE656F1F56AE117FC159B94129D411CDD81977DFDC77C5362BE8A4505349C4A6D9AA6417FBE92E91D40F73F85369CEDD98037E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Hjelp",.. HELP_FAQ_TITLE: "Vanlige sp.rsm.l",.. HELP_SUPPORT_TITLE: "St.tte",.. HELP_EMAIL_US: "Send oss en e-postmelding til",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. CREATE_SAFER_PASSWORDS: "Opprett sikrere passord",.. DOWNLOAD_CONFIDENTLY: "Last ned uten bekymringer",.. SETTINGS_SS_OPTION_ALL: "Fortell om et s.keresultat er trygt, i enhver s.kemotor",.. SETTINGS_SS_OPTION_NONE: "Ikke fortell meg om s.keresultatene",.. SETTINGS_SS_OPTION_SS: "Fortell om et s.keresultat er sikkert, men bare i Sikkert s.k",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Lim eller skriv inn URL-adressen din",.. TRUST_SITE: "Klarer omr.de",.. DONT_TRUST: "Ikke klarer",.. HELP_FAQ_SECTION_ONE_HEADER: "Hva er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. HELP_FAQ_SECTION_TWO_HEAD

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3196
                                                                                                                                                                                                                                        Entropy (8bit):5.336277046109412
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cwMUf5ztTk0aUPDMavouzNv/lzz0TldANPQ3tBvlvS4:rhtaUQWiMctBvBP
                                                                                                                                                                                                                                        MD5:85B883CD451BC374F81809129A590763
                                                                                                                                                                                                                                        SHA1:6375FF032AE11DD4C29FFF03CFD784DE12336746
                                                                                                                                                                                                                                        SHA-256:F02D164EDB34EB0E6B625C84AD25ACEDC870DC99A1E55A0B8D2C5260D7DF0FC0
                                                                                                                                                                                                                                        SHA-512:DE883DB1DD2D0CC651530D58583ABA5BB84678F72D69E9AF59BBA2613478BE8396181B83DED43D1E07CBC107BFB0788F966A41D7E3A38DF4F02F8B6EB398C487
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Veelgestelde vragen",.. HELP_SUPPORT_TITLE: "Ondersteuning",.. HELP_EMAIL_US: "E-mail ons op",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. CREATE_SAFER_PASSWORDS: "Maak veiligere wachtwoorden",.. DOWNLOAD_CONFIDENTLY: "Download probleemloos",.. SETTINGS_SS_OPTION_ALL: "Laat mij in elke zoekmachine weten of een zoekresultaat veilig is",.. SETTINGS_SS_OPTION_NONE: "Niets zeggen over zoekresultaten",.. SETTINGS_SS_OPTION_SS: "Laat mij alleen in Beveiligd zoeken weten of een zoekresultaat veilig is",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Plak of typ uw URL",.. TRUST_SITE: "Site vertrouwen",.. DONT_TRUST: "Niet vertrouwen",.. HELP_FAQ_SECTION_ONE_HEADER: "Wat is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. HELP_FAQ_SECTION_TWO_HEADER: "Hoe kan ik {0} met

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3433
                                                                                                                                                                                                                                        Entropy (8bit):5.622176979721996
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cnWv3LDTIKXe8FDXdIzMn5VRe/8gAR+3jRsFAEEGs6L49l0v2dUPJJby:ZPUKpFDOIiRc7EA+lXUPJJby
                                                                                                                                                                                                                                        MD5:91E06E8152D4CAF64489BB3180D95811
                                                                                                                                                                                                                                        SHA1:0E2AE5052049A2DF1D125C311A54219F55CC0E72
                                                                                                                                                                                                                                        SHA-256:057F28198CDF4A30C32C867C840A2C27DA3905CAD400410C868ED8AEA353759D
                                                                                                                                                                                                                                        SHA-512:4E6AB64E73436CB76419FF28AF9EB912C61A91566778A360DA8612210B080AA88CEF71DB500002A5FA1728B1C3841983FAF047D4E7B1FA7CDCB46D57B105FA48
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Pomoc",.. HELP_FAQ_TITLE: "Cz.sto zadawane pytania",.. HELP_SUPPORT_TITLE: "Pomoc techniczna",.. HELP_EMAIL_US: "Wy.lij wiadomo.. e-mail na adres",.. ABOUT: "Informacje",.. ABOUT_DESCRIPTION: "Program {0} pomaga podejmowa. rozs.dne decyzje podczas przegl.dania Internetu.",.. CREATE_SAFER_PASSWORDS: "Tw.rz silniejsze has.a",.. DOWNLOAD_CONFIDENTLY: "Pobieraj bez obaw",.. SETTINGS_SS_OPTION_ALL: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania w ka.dej wyszukiwarce",.. SETTINGS_SS_OPTION_NONE: "Nie pokazuj ocen wynik.w wyszukiwania",.. SETTINGS_SS_OPTION_SS: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania tylko w wyszukiwarce Bezpieczne wyszukiwanie",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Wklej lub wpisz adres URL",.. TRUST_SITE: "Zaufaj witrynie",.. DONT_TRUST: "Nie ufaj",.. HELP_FAQ_SECTION_ONE_HEADER: "Co to jest {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Program {0} pomaga podejmowa. rozs.dne

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3252
                                                                                                                                                                                                                                        Entropy (8bit):5.390656972550379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cc0m2Tpgz2z24eMgUWy0/IULhYRukp+ATR8tXVfNTe:wloYdMIuQ8FVfhe
                                                                                                                                                                                                                                        MD5:B3137F167E12E8FB6F4139D9CE0F1FB0
                                                                                                                                                                                                                                        SHA1:61FBFFE96E15180C90502D18FE804F0BF23D8904
                                                                                                                                                                                                                                        SHA-256:CF56A842A4E893C16CC2468996EC2EF39193ACC98CDB2C8D65DAB9418E8BF3E1
                                                                                                                                                                                                                                        SHA-512:16C206F76023BDFEF16549AD613FF1DA29F36E87CB26D620633568629978AD4401902BB59768EB179C6AD995A124C23FBE646BB248932AA6A6B56330414E2766
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas frequentes",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie um e-mail para",.. ABOUT: "Sobre",.. ABOUT_DESCRIPTION: "{0} ajuda voc. a tomar melhores decis.es durante suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie senhas mais seguras",.. DOWNLOAD_CONFIDENTLY: "Fa.a downloads com confian.a",.. SETTINGS_SS_OPTION_ALL: "Avise-me quando um resultado de pesquisa for seguro em qualquer mecanismo de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me avise a respeito dos resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Avise-me quando um resultado de pesquisa for seguro apenas com a Pesquisa segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Copie ou cole seu URL",.. TRUST_SITE: "Confiar no site",.. DONT_TRUST: "N.o confiar",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ajuda voc. a tomar melhores decis.es durante suas ativid

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3264
                                                                                                                                                                                                                                        Entropy (8bit):5.387347023229262
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:ccGmQ7XTlHUszMAqjI/O/rgZaFWCG3Ix5amxnDVl:I7hHUlmwamxnr
                                                                                                                                                                                                                                        MD5:38506448EEEA4C34B7260FE73D62A263
                                                                                                                                                                                                                                        SHA1:F4838BDD4E4112AD26DEA12B63CC8F38332F41C1
                                                                                                                                                                                                                                        SHA-256:D377F2ED3B9043363F402140DC33FCCDE8AD7DB87C0C8307AEC8FE28AFB22B82
                                                                                                                                                                                                                                        SHA-512:88BFCAC7ED99D172AE1DF723191E1CD2AD293EDB1F980E1011ACA1BBAF5084190DA597253D7ACA3E6099FAD629C940065C2A919BF5C3B509833FCD33BD9DE6A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas Mais Frequentes (FAQs)",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie-nos uma mensagem de correio eletr.nico para",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "O {0} ajuda-o a tomar melhores decis.es acerca das suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie palavras-passe mais seguras",.. DOWNLOAD_CONFIDENTLY: "Transfira com confian.a",.. SETTINGS_SS_OPTION_ALL: "Indicar se um resultado de pesquisa . seguro em todos os motores de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me informar sobre os resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Indicar se um resultado . seguro apenas na Pesquisa Segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Cole ou escreva o URL",.. TRUST_SITE: "Considerar site fidedigno",.. DONT_TRUST: "N.o considerar fidedigno",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . o {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "O {0} ajuda-o a toma

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4697
                                                                                                                                                                                                                                        Entropy (8bit):5.057383556240693
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cgyp6VTFkLeMF+TXVjM/2m9VzTUmw9+WTnoXTAqsWH:LVRkHARMH4TnoDAqsWH
                                                                                                                                                                                                                                        MD5:151405351E296400AFEE1A4CA6ACDB74
                                                                                                                                                                                                                                        SHA1:6262FB5988FC56F64716F6C4D693B32A1751A729
                                                                                                                                                                                                                                        SHA-256:EB4909E3CDB71D23A929CFD30AFDB3638334F854C682468648ECCB564722E5E1
                                                                                                                                                                                                                                        SHA-512:CCAAEF428F00ACC5D2178A9B404B5A764656156C1A79DF19BDC08CD7A88AC8FB97E9E3F70FA25EE175005951AF80658D5889937C0ADE741AE65FE1DA43133B04
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "..... .......... .......",.. HELP_SUPPORT_TITLE: ".........",.. HELP_EMAIL_US: "..... ........... .....:",.. ABOUT: ". .........",.. ABOUT_DESCRIPTION: "{0} . ... .........., ........... ..... ......... ........... . ..........",.. CREATE_SAFER_PASSWORDS: "........ ........ .......",.. DOWNLOAD_CONFIDENTLY: "........ ... ........",.. SETTINGS_SS_OPTION_ALL: "........ . ............ ........... ...... .. .... ......... ........",.. SETTINGS_SS_OPTION_NONE: ".. ........ . ............ ........... ......",.. SETTINGS_SS_OPTION_SS: "........ . ............ ........... ...... ...... . ..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3534
                                                                                                                                                                                                                                        Entropy (8bit):5.646985735241136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cwP+i9HTsGeKlMMUjY3n8BEM/f0vlJuOquLlXElBfoWagWpWrdimER7r+05+Zv4A:cwPb9HTcKaMUy8aM/sX0ajnecmSr+iAx
                                                                                                                                                                                                                                        MD5:0E11AC2841DF8F85ECF176CB1930D094
                                                                                                                                                                                                                                        SHA1:1D0BBC898745A4D8438447F1BD577E6BB547A999
                                                                                                                                                                                                                                        SHA-256:442B0E0F347D54F19DD08106DEE3EEB84E467F1C9BE3D259F82A5D44C7392EDC
                                                                                                                                                                                                                                        SHA-512:BB43DB3FEC25B914FCD38BA941D3759E223757AF0D33F437ABF962322CC63492799601B0A6AA0097213DD9323FD65892EEB3AEB356034D2EF5D15CC1CAFC9B01
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Pomocn.k",.. HELP_FAQ_TITLE: "Naj.astej.ie ot.zky",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Po.lite n.m e-mail na adresu",.. ABOUT: "Inform.cie",.. ABOUT_DESCRIPTION: "Aplik.cia {0} v.m pom..e robi. lep.ie rozhodnutia o va.om .ivote online.",.. CREATE_SAFER_PASSWORDS: "Vytv.rajte bezpe.nej.ie hesl.",.. DOWNLOAD_CONFIDENTLY: "S.ahujte d.veryhodn. s.bory",.. SETTINGS_SS_OPTION_ALL: "Informova. o bezpe.nosti v.sledku vyh.ad.vania v ka.dom vyh.ad.vacom n.stroji",.. SETTINGS_SS_OPTION_NONE: "Neinformova. o v.sledkoch vyh.ad.vania",.. SETTINGS_SS_OPTION_SS: "O.bezpe.nosti v.sledku vyh.ad.vania ma informujte len v.zabezpe.enom vyh.ad.van.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Prilepte alebo zadajte adresu URL",.. TRUST_SITE: "D.verova. lokalite",.. DONT_TRUST: "Ned.verova.",.. HELP_FAQ_SECTION_ONE_HEADER: ".o je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Aplik.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3203
                                                                                                                                                                                                                                        Entropy (8bit):5.448332276099897
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cvh5lgT19NMMgHg8/9WQqRZt8JZZmVau8KP8jvv/FUD8VSDLVyO:BhlmJXPdSD8VSoO
                                                                                                                                                                                                                                        MD5:12457027079FCC7D897DAF08E1257702
                                                                                                                                                                                                                                        SHA1:AA81AB4ACE7438E385B5B36F188E5A43D995C1E3
                                                                                                                                                                                                                                        SHA-256:E435502D1D2627686DA1F3C70CDBF9F450D34C8F56D1872AF5C59D6A81151CE9
                                                                                                                                                                                                                                        SHA-512:C9143A959EB70209F260B23C0379BBDE9A164DC4ED2CCF62B6F22FCE3D404C73E412BD37C14A78F80613E0D3B9CB6731B046A1B2BA44A9B9694B94A3BAF9DEEE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: "Naj.e..a pitanja",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Po.aljite nam e-poruku na adresu",.. ABOUT: "Osnovni podaci",.. ABOUT_DESCRIPTION: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.i.",.. CREATE_SAFER_PASSWORDS: "Kreirajte bezbednije lozinke",.. DOWNLOAD_CONFIDENTLY: "Preuzimajte bezbri.no",.. SETTINGS_SS_OPTION_ALL: "Obavesti me u svakom pretra.iva.u da li je rezultat pretrage bezbedan",.. SETTINGS_SS_OPTION_NONE: "Ne obave.tavaj me o rezultatima pretrage",.. SETTINGS_SS_OPTION_SS: "Obavesti me samo u bezbednoj pretrazi da li je rezultat pretrage bezbedan",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Nalepite ili unesite URL adresu",.. TRUST_SITE: "Veruj lokaciji",.. DONT_TRUST: "Ne veruj",.. HELP_FAQ_SECTION_ONE_HEADER: ".ta je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3145
                                                                                                                                                                                                                                        Entropy (8bit):5.462516087386713
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cayPkTXsNMjOlH/PROv5eFqNzXl9Rjz8BU5Uv:3Dsu/TNl9Fz3Uv
                                                                                                                                                                                                                                        MD5:B0201777E47A3822D0C9F6DC7A519B40
                                                                                                                                                                                                                                        SHA1:DF5B162E7171E4736AC9CC3CC89FF6245ADD489C
                                                                                                                                                                                                                                        SHA-256:ACF5AC77D83EC100B4D5B4FD476F37FD6C2569B21C9109637E7EB905B5814239
                                                                                                                                                                                                                                        SHA-512:57692A8EAAAADF129E0562F4191A1C5028B8EC5968F02C155D04967727982360026CB9A33BBB40F206C810A0A207E15C8F3908716951539B89BF21C10C7D38E6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Vanliga fr.gor (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Kontakta oss via e-post p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. CREATE_SAFER_PASSWORDS: "Skapa s.krare l.senord",.. DOWNLOAD_CONFIDENTLY: "S.kra h.mtningar",.. SETTINGS_SS_OPTION_ALL: "Informera mig om s.kra s.kresultat i samtliga s.kmotorer",.. SETTINGS_SS_OPTION_NONE: "Informera mig inte om s.kresultat",.. SETTINGS_SS_OPTION_SS: "Informera mig om s.kra s.kresultat, men endast vid s.ker s.kning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Klistra in eller ange webbadress (URL)",.. TRUST_SITE: "Ange som betrodd webbplats",.. DONT_TRUST: "Ange inte som betrodd webbplats",.. HELP_FAQ_SECTION_ONE_HEADER: "Vad .r {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. HELP_FA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3451
                                                                                                                                                                                                                                        Entropy (8bit):5.513302802356553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cUCFiIkATzMz/k1/DJMWeTc3a/B6eCVt/zes6t3K8SLcwl39cNyX:gngIDKQ/ei/Bik39cNQ
                                                                                                                                                                                                                                        MD5:A6F7892A4A11EB839391EA6BC79D2D08
                                                                                                                                                                                                                                        SHA1:1A1A098DCD347B09A5B0E55D97D6459215C97329
                                                                                                                                                                                                                                        SHA-256:000FED23BD41E57505991CE7FC983488922BB2496C0CE12502E56D21A555C8F3
                                                                                                                                                                                                                                        SHA-512:27D38B371900F851B36FE74FA79E134C9B802880561EE5CB22C07C8155783D88234DF8B19EFE0E2BCE382AC56A2554AFF1CE6DC982BD31D5BFCC21828B958C93
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "Yard.m",.. HELP_FAQ_TITLE: "S.k Sorulan Sorular (SSS'ler)",.. HELP_SUPPORT_TITLE: "Destek",.. HELP_EMAIL_US: ".u adresten bize e-posta g.nderin:",.. ABOUT: "Hakk.nda",.. ABOUT_DESCRIPTION: "{0} .evrimi.iyken ne yapaca..n.z konusunda daha iyi kararlar alman.za yard.mc. olur.",.. CREATE_SAFER_PASSWORDS: "Daha g.venli parolalar olu.turun",.. DOWNLOAD_CONFIDENTLY: "G.venle indirin",.. SETTINGS_SS_OPTION_ALL: "Herhangi bir arama motorunda bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_SS_OPTION_NONE: "Arama sonu.lar.n. benimle payla.ma",.. SETTINGS_SS_OPTION_SS: "Yaln.zca G.venli Arama'da bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL'nizi yap..t.r.n veya yaz.n",.. TRUST_SITE: "Bu siteye g.ven",.. DONT_TRUST: "G.venme",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} nedir?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2969
                                                                                                                                                                                                                                        Entropy (8bit):6.150609371498994
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cii4bo8iTBSeLHzMP0jnlOe/50vovlun8uTAlHWx3sMvZpSIOeN5SfKj0gPBFlpA:cii4boXTNHzMP07we/OQvl08GN8oZkI+
                                                                                                                                                                                                                                        MD5:E94DD21CE106A10C8C5D7B8526CC046C
                                                                                                                                                                                                                                        SHA1:25EFF3F43F1925F5FB2E7291D08590C60F89FA0D
                                                                                                                                                                                                                                        SHA-256:8B4C9CF5547317F0BFAAA90002BED826E4BE978C90DF9818CAD24C1DC017FD3D
                                                                                                                                                                                                                                        SHA-512:C82A452F0117AF287FD6320C1888ABB0A4CD5A8CFC30FE044E250DF5E4D77B869DAA7B287FCCDF4256CE57A6A629B80734E097678BD2483F3626578181EDCB53
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: ".........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}.................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: "......",.. SETTINGS_SS_OPTION_ALL: ".....................",.. SETTINGS_SS_OPTION_NONE: ".........",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "..... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "...",.. HELP_FAQ_SECTION_ONE_HEADER: "... {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}.................",.. HELP_FAQ_SECTION_TWO_HEADER: ".......{0}?",.. HELP_FAQ_SECTION_TWO_CONTENT: ".

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3046
                                                                                                                                                                                                                                        Entropy (8bit):6.144914801057749
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cjEUAb0CTgSztJYMreb0j9ruR/o0v5uJufDeQO1LDohNp+i6Zj5dCQU8+N/SoVL2:cjpAbxT2Mru0p6R/TBmWDVMz7fU/N/Sf
                                                                                                                                                                                                                                        MD5:6DF2BA0F96F889FA95566DF7B57FBE90
                                                                                                                                                                                                                                        SHA1:2B5C07E1150FFD7B1D31B44647B03ACD6C1E3B5C
                                                                                                                                                                                                                                        SHA-256:091D29BA14960F92C2BF45A954A221273FCF8109D463ED3216C308CC0EEEBCE1
                                                                                                                                                                                                                                        SHA-512:CF3A9C0ECAE1D0FCA5E024876F878AFD112D1768A8ED4652CCAC6D7CB8E016BDD07873001301A1DBEFF08F26700C91AAD4CA0D628FE9D0592E256E2DE56B4F13
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "..... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "...........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0} ..................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: ".....",.. SETTINGS_SS_OPTION_ALL: "....................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "....... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "....",.. HELP_FAQ_SECTION_ONE_HEADER: ".. {0}.",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ..................",.. HELP_FAQ_SECTION_TWO_HEADER: "......... {0}.",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3708
                                                                                                                                                                                                                                        Entropy (8bit):5.70787396766121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Kar2MPa6uw0VE2HYP9ouKQaMF2B8KVj5YVj8ftB:K8zb0VE24FfKQXF2B8aftB
                                                                                                                                                                                                                                        MD5:39DF19E23483926EBE6ADA612E306C8C
                                                                                                                                                                                                                                        SHA1:7C8311F64BCAFB848ECF78A16B9E62565706422D
                                                                                                                                                                                                                                        SHA-256:71AB139E20FB54CD4B952C30F845362A486F16CE2481E55980DB16C1EE59E05C
                                                                                                                                                                                                                                        SHA-512:77D948A3A8650C5A4AB013A920EEF1BF67CC08DB68B8ACB440530C9A7B0B8A46F89C32D7F5C05C6876FDF7F5AB19D52367D2B83567D1BC1A69DD81D4B0D54CCC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknut.m na mo.nost {0} dokon..te nastaven. programu WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nejste si jisti v..e uvedenou zpr.vou? Bu.te bez obav . va.e soukrom. je v.dy na.. hlavn. prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Pokra.ujte kliknut.m na mo.nost {0}. U. to skoro je!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "P.i p...t.m vyhled.v.n. budete po..d.ni o proveden. akce {0}, abyste dokon.ili nastaven. funkce Bezpe.n. hled.n..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponechat zm.ny",.... SETTINGS_OVERLAY_CONTENT: "Klikn.te na zpr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Bylo p.id.no roz...en. McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otev.ete nab.dku prohl..e.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3577
                                                                                                                                                                                                                                        Entropy (8bit):5.442938588315211
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:AqjTIrwTeQCMF0yt0nWmumEbX0B57Oye2wos/ctmwufpsdb4jHpsd9rijTCLqn:JIsdCMYnWmnEc7FxtmwipsGpnmqn
                                                                                                                                                                                                                                        MD5:EF543C1C3D6C4601778C132DAFB8E81B
                                                                                                                                                                                                                                        SHA1:49BA7075CCF441EB697B11730E358E95F3E9CBA7
                                                                                                                                                                                                                                        SHA-256:5FC92EC393B7AF964B0F649DCA07B44A17B6F9668E3EDAA10DF39BB013893D64
                                                                                                                                                                                                                                        SHA-512:DD6D98499509CF8B41043EA2B2F5AF80DC6A986B71145B3FEB5FF7D64835B6C4021E96CDB94A4C5E99D85AC67AE6D7F8752274DD8E2E12AB1E29A2EB0977FFAD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik p. {0} for at fuldf.re konfigurationen af WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Er du i tvivl om, hvordan du skal forholde dig til ovenst.ende meddelelse? Bare rolig . dit privatliv er altid vores h.jeste prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik p. {0} for at forts.tte. Du er n.sten f.rdig.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "N.ste gang du s.ger, bliver du bedt om f.lgende for at fuldf.re konfigurationen af sikker s.gning: {0}",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold .ndringer",.... SETTINGS_OVERLAY_CONTENT: "Klik p. meddelelsen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-udvidelsen er blevet tilf.jet",.... INTRO_OVERLAY_CONTENT_1: ".bn menuen i Edge for at konfigurere Web

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3813
                                                                                                                                                                                                                                        Entropy (8bit):5.411886577143403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:KClwI7loU8z+JpKGZVp978ACtA6YI2l46D6sITl2klcYp:KUToUfZVp978AmA6Rw46D6sIp2+t
                                                                                                                                                                                                                                        MD5:07B62454E79AF6E6ED7B5CFB656B77B6
                                                                                                                                                                                                                                        SHA1:B14752A7F3BD882F895BC155FE16638F3E6133F6
                                                                                                                                                                                                                                        SHA-256:A6EB900CA329F99D51666D541F51B41253D2E73290A7A48726C86870D76C4DDB
                                                                                                                                                                                                                                        SHA-512:679928C4AEC3F2F971F794497657BFB8B68AFD54CFED0A1D6DE4F5ADBE8D04954AEE62853FE8692D444CF5F734EE07E79DF212375EDA8E42519D2CBD1160A56A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicken Sie auf {0}, um die Einrichtung von WebAdvisor abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Sie sind sich unsicher wegen der oben angezeigten Meldung? Keine Sorge . der Schutz Ihrer Daten hat bei uns h.chste Priorit.t.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicken Sie auf \"{0}\", um fortzufahren. Fast fertig!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bei Ihrer n.chsten Suche werden Sie aufgefordert, auf \"{0}\" zu klicken, um die Einrichtung von \"Sichere Suche\" abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".nderungen beibehalten",.... SETTINGS_OVERLAY_CONTENT: "Klicken Sie auf die Meldung \"{0}\".",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-Erweiterung wurde hinzugef.gt",.... INTRO_OVERLAY_CON

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5373
                                                                                                                                                                                                                                        Entropy (8bit):5.066746898030147
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:PKUYel5agUIM392dF9xVV/vT2Kc9xKUOl:aePhFLC4
                                                                                                                                                                                                                                        MD5:37BCB3C2871EF5DF7B14F8A237FE1631
                                                                                                                                                                                                                                        SHA1:021187CC052683748BDE08F0599CCFAA87250EF4
                                                                                                                                                                                                                                        SHA-256:97D8D29617338DEDED5C88AFFC49DFFBC1CB24CB4558937582073808B5833368
                                                                                                                                                                                                                                        SHA-512:39251A30AAAD214B69914FEE5CFD7B73F687D5D421BEE30FDCC70C2A6A983F79B6EA12653630938480172F785BD69A2D3FEDF6188A786B1CA3865983282FF022
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "..... .... ... {0} ... .. ............ .. ....... ... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "... ..... ........ ... .. ........ ......; ... .......... . .. ........ ... ..... ..... . ...... ... ..............",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... .... ... {0} ... .. ........... ...... ..........!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ....... .... ... .. ...... ........., .. ... ....... .. {0} ... .. ............ .. ....... ... .......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3091
                                                                                                                                                                                                                                        Entropy (8bit):5.436213343008664
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hX+nTmLZpNvS6qfKmtBBiNgsbjBLNZoIJon512xyQyBB0k:FpfqfKwegw7jen2MT
                                                                                                                                                                                                                                        MD5:34E62E6ED0CAD489103EA4192295FE28
                                                                                                                                                                                                                                        SHA1:985BD829AC9CF52BF911721B67BEEB06002E3001
                                                                                                                                                                                                                                        SHA-256:16574D8EFC4BB9528A1B8DA448EE06A9FCBEF241A2FB8C439A80F4DB33659B26
                                                                                                                                                                                                                                        SHA-512:FC581CC7AF342676C7B04AB58857E251BD5B825304702B130BCCDC2F7AE8EB8247E8DC871D101B69529B940A1BFE0308494DAF19169FEA52236DCF58A56B0AA2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Click {0} to finish setting up WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Unsure of the message above? Don't worry &mdash; your privacy is always our top priority.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Click {0} to continue. You're almost done!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "The next time you search, you'll be asked to {0} to finish setting up Secure Search.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Keep changes",.... SETTINGS_OVERLAY_CONTENT: "Click the {0} message.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor extension has been added",.... INTRO_OVERLAY_CONTENT_1: "Open the Edge menu to start setting up the WebAdvisor extension.",.. INTRO_OVERLAY_CONTENT_2: "Avoid risky sites while you browse, shop, and stream with free web

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3561
                                                                                                                                                                                                                                        Entropy (8bit):5.43403680872909
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:795vs3WVLAOOxYqGEsU9b5TaBl/t6/Pv5ec:7LvKVk3U9tTa/E/PBec
                                                                                                                                                                                                                                        MD5:2AE5065576656D3760E5E9D40EF9E348
                                                                                                                                                                                                                                        SHA1:0EB617A0C2543BC0FC24B7ADECA5E5BB5A68EAC0
                                                                                                                                                                                                                                        SHA-256:3D79DCDD04B65D41DC3080624DABEFA5CC7E274195E10534E62525DD2D92DA11
                                                                                                                                                                                                                                        SHA-512:F84A189817E2973D3B39EEBC38F77B5E18189A7A43EA68966071C5BD56B8425F42F19F97A76BA520216202E22F3FF3E0F180CEA92F1BB07B5B1F9F49AD69D305
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para terminar de configurar WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".No est.s seguro del mensaje de arriba? No te preocupes; tu privacidad siempre es nuestra m.xima prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. Ya casi has acabado.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para terminar de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se ha a.adido la extensi.n McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para empezar a configurar la extensi.n WebA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3447
                                                                                                                                                                                                                                        Entropy (8bit):5.410954085805761
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:7qs4c3WBLAOuAd6j9bTNbOEQyNxe6x1es:7qsZxa6j9FbyExtx1X
                                                                                                                                                                                                                                        MD5:EF450A23DBAFD6549C2596D11ADFAC05
                                                                                                                                                                                                                                        SHA1:003F95D19924308919841679A7E26491E5DAF2FB
                                                                                                                                                                                                                                        SHA-256:3FF066BBF4836081F43A9F9E290FAA05F0984DE2DC0B3696A2DE6D209297BADC
                                                                                                                                                                                                                                        SHA-512:04956B42EEF20C9C5120F24304ABFF6C3E8D17BEC00A4909B6D5355B3BD0E768C498F64501EF3C26B7A50BDE866D39FD72B93A21F778B02447826957074AB8F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para completar la configuraci.n de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".Tienes dudas sobre el mensaje anterior? No te preocupes. Tu privacidad es nuestra prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. .Ya casi terminas!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para que termines de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se agreg. la extensi.n de McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para comenzar a configurar la extensi.n WebAdvisor."

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3511
                                                                                                                                                                                                                                        Entropy (8bit):5.43678132205377
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:PNyeWArmSSL0jMwX/Bz7N208N2Kv7qw0qhah7ddaXETuMgPl+5UAeWO/m:PMYGwvBz7Np8N7wj1ddaUi145UAm/m
                                                                                                                                                                                                                                        MD5:883F08F42AC1B02D0ADBEF1440781453
                                                                                                                                                                                                                                        SHA1:74ACA32C3FF86A7ED76D3DD78A7025E63EBF668D
                                                                                                                                                                                                                                        SHA-256:2B0CA9FC75DE7173C4826C8DC238EB80AF242272CFAA5A6FCC4F9D3CBC2A11F9
                                                                                                                                                                                                                                        SHA-512:4A79E081BE7BC03A225FBBC7427472B411AC18471170DB3769A0B987D2FEAC0FBF2B906F816934E011B7AF826732DDF34D6056F441E18F9B8341C304F3FCCA4B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Napsauta {0}, jotta voit viimeistell. WebAdvisorin k.ytt..noton.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Etk. ole varma yll. n.ytetyst. viestist.? Ei h.t... Tietosuojasi on meille aina t.rkeint..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Jatka napsauttamalla {0}. Melkein valmista!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Seuraavalla hakukerralla n.et pyynn.n {0} Suojatun haun k.ytt..noton viimeistelemiseksi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "S.ilyt. muutokset",.... SETTINGS_OVERLAY_CONTENT: "Napsauta viesti. {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor -laajennus on lis.tty",.... INTRO_OVERLAY_CONTENT_1: "Avaa Edge-valikko aloittaaksesi WebAdvisor-laajennuksen m..rityksen.",.. INTRO_OVERLAY_CO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3808
                                                                                                                                                                                                                                        Entropy (8bit):5.387151544240124
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:RvCshWLo4LeWU3EWP8/41QYd2WwawjOk51nBXwQw81NimwIu4W8u4kVusExXX:hVt3EWPmWFwawSkpgQNYmwIHbHMUn
                                                                                                                                                                                                                                        MD5:940F2DA3642AD546289FB20351FCF338
                                                                                                                                                                                                                                        SHA1:131A002B67D5100459E3668FDA121AED2ED36E0D
                                                                                                                                                                                                                                        SHA-256:13DC5E988D870F1BFD40FF479FA86E596ED3F79C86D6B3DCD3D47FDAFBABA176
                                                                                                                                                                                                                                        SHA-512:DBBACBE47681CF4055AE9335C7988AF31C112B71D2F9DE44F9BC02902CC5E14528D47A3B1DB4BEE33C73C0B81AD302F3D2AA07223A16CD55D66BAC8603B706E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous avez des doutes sur le message ci-dessus? Ne vous inqui.tez pas. votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin.!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuez une recherche, l'action suivante vous sera demand.e pour terminer la configuration de la recherche s.curis.e.: {0}.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Maintenir les changements",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3820
                                                                                                                                                                                                                                        Entropy (8bit):5.3997981408701525
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:q4Hj53EWP1ww63K2z1gUYmwEF2HfuVHfuf4B:q4HywPUYZ0C2N2f4B
                                                                                                                                                                                                                                        MD5:763DCD30D87C61B79548AD3CA514CC47
                                                                                                                                                                                                                                        SHA1:25EC772F9DEEA156916358D19819DD4F9DEA4247
                                                                                                                                                                                                                                        SHA-256:17E5544DC1E669F3B4925E4EC86CF3C5B43919AE85453019049E49BE8087C299
                                                                                                                                                                                                                                        SHA-512:EFCAA3F8E5384F1DA6759847982725EE094F6151B9833CE3575C67111E68D4240AB2C5F777B09268E7B2D9C109DE031EF2277ED7714EBAF77908FD15FB7ED10B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous n'.tes pas s.r du message ci-dessus.? Ne vous inqui.tez pas, votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuerez une recherche, il vous sera demand. de {0} pour terminer la configuration de la recherche s.curis.e.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conserver les modifications",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CONTENT_1: "Ouvre

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3559
                                                                                                                                                                                                                                        Entropy (8bit):5.5044930817966655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:iKtsjv9hNkY6z3qRQRMmCxgFXNNXxXlU201Ii8nm:iKev9I3oQRMmCxgFXNNXxXlv0ii8nm
                                                                                                                                                                                                                                        MD5:8CA4A0BFBD420EC5DBF0855FEAE88213
                                                                                                                                                                                                                                        SHA1:2AD8F0A786441ED2FA135FDE321DC365DED57559
                                                                                                                                                                                                                                        SHA-256:5A3E3EDE8F7186129FE6F39392AED1C6AEA1F9A4F6636E4AEF63B06ABC200C76
                                                                                                                                                                                                                                        SHA-512:D62629EDC204A98C7F303ACD4E0D87C06C78BD7CB34191B3AA5BF96EED58E649579C741D67F807197F949A8D4BE98DAE968899DDF87B759E56FA34442932C199
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite {0} kako biste dovr.ili postavljanje WebAdvisora.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni p.to zna.i gornja poruka? Ne brinite . va.a privatnost je uvijek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite {0} za nastavak. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Sljede.i put kada budete pretra.ivali, od vas .e se tra.iti da {0} da zavr.ite postavljanje sigurnog pretra.ivanja.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Spremi promjene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano je pro.irenje McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni izbornik za po.etak postavljanja pro.irenja WebAdvisor.",.. INTRO_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3871
                                                                                                                                                                                                                                        Entropy (8bit):5.602204570416175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:BjeL2klA7qs9fOpTbYFBbyN6t6rksl9EJky2twp+2mTpTW25:x7qwmJLrksTE74lR
                                                                                                                                                                                                                                        MD5:8B177D472E81B01CB1637DEC446F28F9
                                                                                                                                                                                                                                        SHA1:0592908F8700AB6D7E67FECA93E87CAE074B0D16
                                                                                                                                                                                                                                        SHA-256:D0F653F4A9FDBD2CE53FE0AB8F6AA655C2769FDD80FE3D658BB7E399FB713F4B
                                                                                                                                                                                                                                        SHA-512:A2210B2FC32BCAB7CC3E9C348F6711168A1A90A61255505D37DCA8E2E87862BE8D29D49F8DA115471383D1044E8E3353203DB2EDE88AE58728415379F61D425A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kattintson a(z) {0} lehet.s.gre a WebAdvisor konfigur.l.s.nak befejez.s.hez.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nem biztos a fenti .zenetet illet.en? Ne agg.djon. Szem.lyes adatainak biztons.ga a legfontosabb sz.munkra.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kattintson a(z) {0} elemre a folytat.shoz. Majdnem k.sz.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "A k.vetkez. keres.sn.l megk.rj.k, hogy fejezze be a Biztons.gos keres.s be.ll.t.s.t ({0}).",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".rizze meg a m.dos.t.sokat",.... SETTINGS_OVERLAY_CONTENT: "Kattintson a(z) {0} .zenetre.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Hozz.adta a McAfee. WebAdvisor b.v.tm.nyt",.... INTRO_OVERLAY_CONTENT_1: "Nyissa meg

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3451
                                                                                                                                                                                                                                        Entropy (8bit):5.346116627167779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:9w0wJWteojRUyUw5Jaw5+/3Aw+ydJPw1he:9VA0jB9aK+vA+Pyhe
                                                                                                                                                                                                                                        MD5:3FF00E0250B550132CB0D18019491D83
                                                                                                                                                                                                                                        SHA1:168B8AB54CA052E99E8EC513D28D97669E99C415
                                                                                                                                                                                                                                        SHA-256:FD45F10B9A1EE05AD44F4C68D1D1F01D0F2434D3EC4464D9CFBF70A496259FF1
                                                                                                                                                                                                                                        SHA-512:30832540A430CFEABAA411AA39B7497B8564D31204BB389AC82B86298781DC6DEE3BBB4F09F7D923EB5FA1D206519332A23333B348D6F5F514ED3C7D6EBB745A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Fai clic su {0} per completare la configurazione di WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Hai dubbi sul messaggio mostrato sopra? Non ti preoccupare: la tua privacy . sempre la nostra priorit. assoluta.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Fai clic su {0} per continuare. Ci sei quasi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prossima volta che effettuerai una ricerca ti verr. chiesto di {0} per completare la configurazione di Ricerca sicura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Mantieni i cambiamenti",.... SETTINGS_OVERLAY_CONTENT: "Fai clic sul messaggio {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'estensione McAfee. WebAdvisor . stata aggiunta",.... INTRO_OVERLAY_CONTENT_1: "Apri il menu di Edge per iniziare a configurare

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4710
                                                                                                                                                                                                                                        Entropy (8bit):5.64199460658645
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:5mF9hGIitPqUUJnILJn90N3l3QLzb3Nl3CprHEwPbbDiabGdtiDR9hGrv:5mF9hC91nQmLzTNoprH1b3JbctiDR9he
                                                                                                                                                                                                                                        MD5:21A93521B3AA24B619C4F4EC52F31B21
                                                                                                                                                                                                                                        SHA1:FABD6D48E9C792EA83084699C9A8254ED6859596
                                                                                                                                                                                                                                        SHA-256:258D3FAEDB47A7186EE67EA4EE651762DBC3745BDBB2A5B2EFA75E27757D99D9
                                                                                                                                                                                                                                        SHA-512:429517196A66EAA58A4A6157817C67BD1D7467A5C90E038638850D43340343CAD509FA09B832B2D47E79E0946DF1CC933EAC8A1FF66EE1D2785DC03EE1DFB2AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "[{0}] ..............................",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "..............................................................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "[{0}] ..................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".........[{0}] ........... ........................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".......",.... SETTINGS_OVERLAY_CONTENT: "......{0}.......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3733
                                                                                                                                                                                                                                        Entropy (8bit):5.886458213537712
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:QYCvdMrjNB9ZGI4BGSS1FdMUB2dgSG36cBJsg57AB2vCC1vyqtYIvdli:36ynuBGpFyUBkYBJsmcB2ZGQe
                                                                                                                                                                                                                                        MD5:57A23B2DEBF453CF273AE6F0F240E3B7
                                                                                                                                                                                                                                        SHA1:C4DECCD19DCDF2E1F8660300B1A9D2794C07C301
                                                                                                                                                                                                                                        SHA-256:8D929181D0E1B8167CF95AD725F7AB0DE543E2F97E5F9120CFEE75BC122FA414
                                                                                                                                                                                                                                        SHA-512:B2A2B5A1AC6B44BD4C512DA8FDED6219BA75047820F3A23861C6E13B74DF8AB77EF26DE13CA3FDBF835106F9FF8CF0A9C9EE12B3A5516AAFBEAD3FB456C5B659
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "{0}.(.) .... ...... ... .......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".. .... .... ......? .... ..... ... .. ... .. ... ... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... {0}.(.) ....... .. ........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ... . {0}.(.) .... .. .. ... ..... .... ......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".. .. ..",.... SETTINGS_OVERLAY_CONTENT: "{0} .... .......",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. ...... ... .......",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3225
                                                                                                                                                                                                                                        Entropy (8bit):5.454339158545961
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Kx63r03o9AwnQ5deXavDKYw7unkf56lQepfbVdqwqkMpHCxdnlpZ9R0lpZ9OCZ+8:JQjwncYXavDKvukfwlPpu1pHSTpJMpGi
                                                                                                                                                                                                                                        MD5:EE219966B84BF8D2F1C262A9D6558947
                                                                                                                                                                                                                                        SHA1:8A9C926AC624B90AF18FC8D75B346D3DA5B35DC7
                                                                                                                                                                                                                                        SHA-256:5CA84380ABE0D90BE92A944E0862CC34A69C093D8B6D58B124FF1C4917277F0D
                                                                                                                                                                                                                                        SHA-512:9DF641C7C0C0F438DAD081B6BF686225F5DB43F9379E8F50E31BF817C964094D9FA26279ED682FCF96251B8B43F439C0CBF5F85180FD31B5DA1C379823A048B5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klikk {0} for . avslutte oppsettet av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Usikker p. meldingen over? Ta det helt med ro; ditt personvern er alltid v.r topp prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klikk {0} for . fortsette. Du er ferdig om et .yeblikk!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Neste gang du s.ker, vil du bli spurt om . {0} for . gj.re ferdig oppsettet av Sikkert s.k.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold endringer",.... SETTINGS_OVERLAY_CONTENT: "Klikk p. meldingen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-utvidelsen er lagt til",.... INTRO_OVERLAY_CONTENT_1: ".pne Edge-menyen for . starte oppsettet av WebAdvisor-utvidelsen.",.. INTRO_OVERLAY_CONTENT_2: "Unng. risikofylt

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3315
                                                                                                                                                                                                                                        Entropy (8bit):5.383260260230869
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hYNSUmrH9+LhVyH81/nxxM3P7zLFSOXYNXwBxrcB5w7qTF951eUq5j6YUNGUUY:qWoM81/3czLFLYNa4BO7qTB38/6
                                                                                                                                                                                                                                        MD5:AD8AF3012ECB1D0AB08EB45F93AE0444
                                                                                                                                                                                                                                        SHA1:E6967BD4B4B6C8021CE62487DC4EE70E2BACF5CC
                                                                                                                                                                                                                                        SHA-256:D99282D5366399128611A24A55050FDAB779E58AFB865DFA6D2167CD9F7DDE13
                                                                                                                                                                                                                                        SHA-512:63C10AE56743A8A11C02E4E76569AFA933A51A13509B70C4D7A3BEE389C97C35FBD563398DE8B8D5EC56596D80B90A1CEB391B9E5A77AC976F99E4FC3FEB4DEC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik op {0} om het instellen van WebAdvisor af te ronden.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Twijfelt u over bovenstaand bericht? Geen zorgen: uw privacy is altijd onze topprioriteit.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik op {0} om door te gaan. U bent bijna klaar!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "De volgende keer dat u zoekt, wordt u gevraagd om {0} om het instellen van Beveiligd zoeken te voltooien.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Wijzigingen behouden",.... SETTINGS_OVERLAY_CONTENT: "Klik op het bericht {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-extensie is toegevoegd",.... INTRO_OVERLAY_CONTENT_1: "Open het Edge-menu om de WebAdvisor-extensie in te stellen.",.. INTRO_OVERLAY_CONTENT_2: "Vermijd risi

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3592
                                                                                                                                                                                                                                        Entropy (8bit):5.649106032090047
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:UMCvtaaOZWKfNNz9KqIbQUZW9TRNcWRlP+im+oS+oGIUwI0qU4o:UMC1aaOIxbQUI9TRpR95mhShnUB0qU1
                                                                                                                                                                                                                                        MD5:726F68AD88CBAE5DDE8F9F71EB78AA15
                                                                                                                                                                                                                                        SHA1:7D1E3A6E0547401B19BD96C154851F1C8C5792C4
                                                                                                                                                                                                                                        SHA-256:5F39AC918E7C98A8B1A073ECBEFD10EB8C90F103CC9820AF13DED319D0A9CF91
                                                                                                                                                                                                                                        SHA-512:A2FB4D89826ACE62C332EBB54229784355031E7CA01E152062385B1048E1C40033C7BF040811242E01ED01A6EEB84B11E4748C5A297872CE426FCD28CEAAD4D9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknij przycisk {0} aby zako.czy. konfiguracj. funkcji WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nie masz pewno.ci co do powy.szego komunikatu? Nie martw si. . Twoja prywatno.. to dla nas zawsze priorytet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknij przycisk {0}, aby kontynuowa.. Ju. prawie gotowe!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Przy nast.pnym wyszukiwaniu pojawi si. monit o u.ycie opcji {0}, aby doko.czy. konfiguracj. Bezpiecznego wyszukiwania.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zachowaj zmiany",.... SETTINGS_OVERLAY_CONTENT: "Kliknij komunikat {0}",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano rozszerzenie McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otw.rz menu przegl.darki Edge, aby zacz..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3368
                                                                                                                                                                                                                                        Entropy (8bit):5.417047473922712
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:tBRKXbIv/U8cc0dGvgObgbIc1JS+RUkwo:tg8ccqsXcPSsUkwo
                                                                                                                                                                                                                                        MD5:BB9F407FCAD1DA167A53D52B0F4E1619
                                                                                                                                                                                                                                        SHA1:4A42EE1485DE39ED517481D2A3EAA795DEF3DA8A
                                                                                                                                                                                                                                        SHA-256:F1FFB00352F061D648F9A1B8E1E905B9628AC8D578A63C34DACC1050DBEBF901
                                                                                                                                                                                                                                        SHA-512:A44FD183263382EADCC743A44B31779D7C4441EF928AF6253918D4911E25E9EAAEFB0733D151672648C40C6C3115D8B77B2E9F8E3B6D59A876E32F027EC1B3CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o entendeu a mensagem acima? N.o se preocupe . sua privacidade . sempre nossa prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase terminando!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez em que pesquisar, ser. pedido que voc. {0} para terminar de configurar a pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3444
                                                                                                                                                                                                                                        Entropy (8bit):5.406293897230586
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:tcgHxIKIF/UyvFz7d+J0b5H3JgJSgnDlF:tfHzC/V15gggnDlF
                                                                                                                                                                                                                                        MD5:E12C90DF248A480202C06D2D51898966
                                                                                                                                                                                                                                        SHA1:8B68612EBDD0409363459EE9B4E76D11652F9DF0
                                                                                                                                                                                                                                        SHA-256:2B64E5733EE1468548BA2ABC382895A80A0B71A28FE8C06A7A8C5FDFD6712D6C
                                                                                                                                                                                                                                        SHA-512:FAD59A438A5A2AD407306D75E4119DEC584FF856BB3892E0E9E230BBFF6F2AD98B4E53AA810FAF6B569A5E0E128DEDF59FF16059E96575403C3CD9D594A79019
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o tem a certeza sobre a mensagem abaixo? N.o se preocupe: a sua privacidade . a nossa m.xima prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez que pesquisar, ser. pedido {0} para terminar a configura..o da pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem de {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o do McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4888
                                                                                                                                                                                                                                        Entropy (8bit):5.138776833826638
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:km1cmOcoujLEUXirQfZVaSy/lcv8xv0pv6eyH5Z6LX6L0YA5ANvPuYV1kwgkebOH:bSP52Z7Iqv8IvzSt/vPuYV9gkbEYZAa
                                                                                                                                                                                                                                        MD5:9FA7AB4D2815FCC3958672CD78AD6814
                                                                                                                                                                                                                                        SHA1:3BB86B53E36CAE395DF4054B4C77D3F020A58784
                                                                                                                                                                                                                                        SHA-256:63950AA1F92D341E56EFC52F7AF07CEAA09239F8EF088422CAF57569EC17B46D
                                                                                                                                                                                                                                        SHA-512:AF1B5BBE892FFC57C8C6E8A280B95D3D776EF90CC6ED11993DE2414004DEFAF8E38E1BF50172A9CA3A256CD7FC9B186E9E90ADA7D90DB271A698CA62E87A7F2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "....... {0}, ..... ......... ......... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "............ . ......... ....? .. ............, .... .................. ... ... ....... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "....... {0}, ..... ........... ..... ......!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".. ..... .......... ...... ... ..... .......... {0}, ..... ......... ......... ........... .......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "......... .........",.... SETTINGS_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3645
                                                                                                                                                                                                                                        Entropy (8bit):5.659564746812874
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Za1q+c5nLPgGcp7rGEaqHNGXaGWSnEBCxu:Za1CcGcpPGEaoNGXaGWSnEBCxu
                                                                                                                                                                                                                                        MD5:66BE792D42304C3BDC3BD554436CA100
                                                                                                                                                                                                                                        SHA1:0FA1D4CDBFB80CDBC3EEF06998331D2AE47A28F7
                                                                                                                                                                                                                                        SHA-256:549A722F6482FEFCEC51349C4E5526967632B1F261D8ACCA9AC6A097569CBD80
                                                                                                                                                                                                                                        SHA-512:A095710FC12FBA841F49DE94CDCDD62CD4EC955FE12819AF5C3CF9BE5AE4B7D58DCA8B8B5F0F19513EBDD1208E4CB104BB8F23EE04505B7EA71568F7B9ADDF2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na mo.nos. {0} a.dokon.ite nastavenie slu.by WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Neviete, .o znamen. uveden. spr.va? Nemus.te sa b.., va.e s.kromie je na.ou prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na mo.nos. {0} a pokra.ujte. U. to skoro m.te.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Pri .al.om vyh.ad.van. sa zobraz. v.zva {0}, aby ste dokon.ili nastavenie funkcie Zabezpe.en. vyh.ad.vanie.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponecha. zmeny",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na spr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Roz..renie McAfee. WebAdvisor bolo pridan.",.... INTRO_OVERLAY_CONTENT_1: "Otvorte ponuku Edge a spustite nastavenie roz..renia We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3448
                                                                                                                                                                                                                                        Entropy (8bit):5.52345775049827
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CKwa7ruIwBho7Pjxm+FhiJcrERrEztNou:CK1kK7Plm+Fhi2rYrqt1
                                                                                                                                                                                                                                        MD5:38F4238742D878971219DA6633F4BBB4
                                                                                                                                                                                                                                        SHA1:311296E41397550642D1C83A9D31FCDACA10D44D
                                                                                                                                                                                                                                        SHA-256:789704DBC72C097172B5E1FF035403F1CBC9AB41679D557A0EBDFD0E901A926D
                                                                                                                                                                                                                                        SHA-512:7B227D31D848261FC236B898E81624FD2DAE4AC7BB33117B2D09995251287D3AAC5216DD9A36EB197DDCE667867FC34B840F6BFBC3EF11A623875CF3A3534929
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na {0} da biste zavr.ili pode.avanje WebAdvisor-a.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni u gornju poruku? Ne brinite . va.a privatnost je uvek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na {0} da biste nastavili. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Slede.i put kada budete pretra.ivali, od vas c.e biti zatra.eno da {0} da zavr.ite pode.avanje bezbedne pretrage.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zadr.i promene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodata je ekstenzija McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni meni da biste zapo.eli pode.avanje ekstenzije WebAdvisor.",.. INTRO_O

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3419
                                                                                                                                                                                                                                        Entropy (8bit):5.533271832723571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:XLtr87bPTBKfvmX6L9AvAMbEFGt9M+WRRZJ1aq3CTCc2IEqr:btkPdKfvLLGS3NDI9
                                                                                                                                                                                                                                        MD5:6404D773DA16F832FD5AF2FA301DAA1C
                                                                                                                                                                                                                                        SHA1:93C8F95587D554B7CB03095876CA155EE62F3A92
                                                                                                                                                                                                                                        SHA-256:13DF10ECC89C09F9DDCC3D979BDB045E67B92E217F21BEFCA0744C64DBAEE234
                                                                                                                                                                                                                                        SHA-512:DFEC2D4D96FEAB5994152DDEC6F2B5AA05DC1FB07241FA102717FEBF0B2A04A04C7250D495B5EC31FB634025F46E9B36DD63413405E4ABE3C505D76CDF54F76F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicka p. {0} f.r att slutf.ra konfigurationen av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Os.ker p. ovanst.ende meddelande? Oroa dig inte . din integritet .r alltid v.r h.gsta prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicka p. {0} f.r att forts.tta. Det .r n.stan klart!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Du blir tillfr.gad att {0} f.r att slutf.ra konfigurationen av s.ker s.kning n.sta g.ng du s.ker.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Beh.ll .ndringar",.... SETTINGS_OVERLAY_CONTENT: "Klicka p. meddelandet {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-till.gget har lagts till",.... INTRO_OVERLAY_CONTENT_1: ".ppna Edge-menyn f.r att b.rja konfigurera WebAdvisor-till.gget.",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3505
                                                                                                                                                                                                                                        Entropy (8bit):5.554179967722551
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:8gTrSRlazqTSoc8T4mq+pxP3yfK2XsCzjW3A/O20q5HBjgr:LMTSzUtCBwOBjgr
                                                                                                                                                                                                                                        MD5:1C1B8A9EEB71DA4B74B5B3235CF4D111
                                                                                                                                                                                                                                        SHA1:A61B33886405DE9589A4825ADD9EE2AFA62E70BD
                                                                                                                                                                                                                                        SHA-256:558E5DC9C25728F1F49747AF9A227D9E00C98F9341C96269922471E7A46D8923
                                                                                                                                                                                                                                        SHA-512:62DD74DF9D888DE75CE955C831ED8086B1FE135CEDE6C79012B2B06A4D9B806BAE8CA1B285656CBD561D1B4047ACD2EA4FBBA957D9C596C1F7ABBD280F1731C3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Web Advisor kurulumunu tamamlamak i.in {0} ..esine t.klay.n.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Yukar.daki mesajdan emin de.il misiniz? Merak etmeyin . gizlili.iniz her zaman birinci .nceli.imizdir.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Devam etmek i.in {0} ..esine t.klay.n. Neredeyse bitti!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bir daha arama yapt...n.zda, G.venli Arama kurulumunu tamamlamak i.in {0} i.lemi istenecek.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "De.i.iklikleri koru",.... SETTINGS_OVERLAY_CONTENT: "{0} mesaj.na t.klay.n.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor eklentisi eklendi",.... INTRO_OVERLAY_CONTENT_1: "WebAdvisor eklentisinin kurulumuna ba.lamak i.in Edge men.s.n. a.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3122
                                                                                                                                                                                                                                        Entropy (8bit):6.217812122783
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:6UrfcU6lnW9tyEQeLJrcwfrZaq0KSVnUUJfQpriFJ:6UrkF0t2excYzSVnUU9KriFJ
                                                                                                                                                                                                                                        MD5:C3ACC492D138FE86B0A1917314544DBB
                                                                                                                                                                                                                                        SHA1:EDE0EC946AA0421052A640A432510A07C19F0C73
                                                                                                                                                                                                                                        SHA-256:51B1351E5BFFEE659C60B7D26B04FED5EF2D96BA6B8178E1BF8A6595BB4C2944
                                                                                                                                                                                                                                        SHA-512:201AC39006B1A1484CADF600FD486909706B09366F2416B10198E656E7096C1CC62EE5F2ACF980648971164BA4F351EEEC075CD109CA68A4FEC43ED4F87B8A27
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: ".. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: ".. {0} .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: ".. {0} ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: ".... ...........",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ................",.. INTRO_OVERLAY_CONTENT_2: "..........................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3232
                                                                                                                                                                                                                                        Entropy (8bit):6.287479166634276
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Fnm6KjBr0E5eC+WKA4DKoYwWAV85brkeUwmxm3VBpRBpG2m6a3:JbM5dtKPDVfeZrkRwGm1pDb6
                                                                                                                                                                                                                                        MD5:5BCBB44A2769F617655839A50782A8B4
                                                                                                                                                                                                                                        SHA1:3C4E08E7A76EA624FEB1966B15E003981DB19046
                                                                                                                                                                                                                                        SHA-256:B30F7E4AF3275943E6A6C246676A633FA4203E43EE4AF578B2C82D0BB05A0FDD
                                                                                                                                                                                                                                        SHA-512:BB451632C4EE68094447D7C44132292904D6DA40FCC93C0AF85A0D793C5A4E54DB528C2D347ABCED86C297A989F6A7197C656B0C8345D616F200064F8A0CA713
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "... [{0}] ... WebAdvisor ...",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "... [{0}] .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............... [{0}] ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: "... [{0}] ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "... McAfee. WebAdvisor ....",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ........ WebAdvisor .....",.. INTRO_OVERLAY_CONTENT_2: "...............McAfee .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.4758106681040415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHmBjCQenDHMM:CRsyeBmWfV8ZSXSH6enQM
                                                                                                                                                                                                                                        MD5:FE207EFC1D1F63A4D549083FEAA01FC5
                                                                                                                                                                                                                                        SHA1:30A5ED12A58902138ABB290B0CDF710E4A07D218
                                                                                                                                                                                                                                        SHA-256:4CA46325F70B8F53BB46EED7A33F3F5188436441E434E8E41DD928B75D074869
                                                                                                                                                                                                                                        SHA-512:F9C85EF03BB237479CAA60AD04CA997AD4FB5EF1C2C29CBB9C40BDBEA31DFA927CB8CCF24CFAB3BDB92ED6BB14F1ACE09A39301D88D2D64E5B4EEA12B0103AE0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//9B7C7E8EBBBC447B5537C8A97AB5E1B199370B388A1B1C80D191D7391D235851E91065AA52952C7BA745BBDF2D248266D6C3279723A9ADFC126A1D93A063B67F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.481832957925144
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHXW9eAV7Di+gWSb:CRsyeBmWfV8ZSXSHG9s+gWK
                                                                                                                                                                                                                                        MD5:ED6C4DF9FF122601857DAA470E979881
                                                                                                                                                                                                                                        SHA1:AADDD247269D05C789534DACCC8B4DDC2DB753F9
                                                                                                                                                                                                                                        SHA-256:0B5A1D4193F0EFB40AAC5F1350957A5798E70CCAB6FB0F015629CD6EFC523EBE
                                                                                                                                                                                                                                        SHA-512:8A3C6342C1EB379B50B3D55ACE2AB293C18A00686C43B856732C2278822A3584826AE777491FFC5F0D471A067E319C9AE3FDBD0BD8992A6932AD01F9246662D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//1812DFFC4360496CE2E6004D4E5F722C7724845CCC68A360204D449171F6DDA825D1FE1B72118DC4FCAD453E194F3219A6F95796639A0F7E5D80B8CFC5EE4B7C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.495091095046002
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRSLZ94qesLa4r:pCPR+2cyeBmNEfSU8ZpoXSHx3te4/1a8
                                                                                                                                                                                                                                        MD5:C09144B45710EFDDD7A48083C1863478
                                                                                                                                                                                                                                        SHA1:293DE1F5110D77FF4789185BE982FC53D4167736
                                                                                                                                                                                                                                        SHA-256:A3A78267541D736410C668E0BDD44FF4EB8457E9B2D167AA25C0AD804BB253A8
                                                                                                                                                                                                                                        SHA-512:B55334160178BAC01D99EDEA7450CF94234EFF7531103CC578092E8895E23E3BC864D62340D353FACB6BCED85A58CAB267168AB33A8205816D783CE8946A07FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//B70C62FD017C6D5FC50432B9F240DA710CCF7869A23B66B18D15CB67AF2D863A35101D2145CD9E8DE283994B90F9C07581D12036962DFD00C5A67F8FBA51D957++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.471831051494513
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHGHRY04QWUku13:CRsyeBmWfV8ZSXSHGxf4QWUkuR
                                                                                                                                                                                                                                        MD5:4B52DF3831532268C073A22DDD76EB08
                                                                                                                                                                                                                                        SHA1:F0C9446406F08D7ED69B2BB127521D667621DD99
                                                                                                                                                                                                                                        SHA-256:BC9B2AB8EDE4C07F8FC46D29DD1EEA1B37805B37C7EADC0971ADD7C01F439582
                                                                                                                                                                                                                                        SHA-512:76FECA263ED43FA600795AA7CC8E5CCF85287AF64BEC188E5709F6C4AA10951F0389B8E5E8E0857D85BA772D4C77E5E068937475139C81C3D36DF85D8F6C2A33
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//A8C901B5AE19074C3BA0948E85341671C46B35A741FA1627DF1ABC8991DC90B80F3323A4EC25CFE5A9435DFCE4CB2AEE64B08AFBD2D5BCFAF2516B32AAC2AF20++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.47040040499985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHS3ORpymh6duoy:CRsyeBmWfV8ZSXSHS3OHymhKy
                                                                                                                                                                                                                                        MD5:DBF540A3561B3B3F17F2D494045FE660
                                                                                                                                                                                                                                        SHA1:1FAF035DE82EFC9BE99B63046DB46D78C075F129
                                                                                                                                                                                                                                        SHA-256:143CC14CE4E4B0226369BFE707F2DD5FAAC5664C4343F11811FC8F9F0F957A46
                                                                                                                                                                                                                                        SHA-512:59B6EA41993EB11740E0FE02D4E5726C9A37559C7900BA588C34910C806D88BD296BA8B115EED76FB8FB7DFE44868ECD539B6C9469A5CD3D0124F8B4BAF42695
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//B5440D399E1EB1FB924A26E1D2228FB7BB4E8034A0BE0FACDA4BDF04626A8FE7D86630F5B71F6BFD1638EBC26C9184787D38EADBEB08A14E716C68639A8C8658++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.4307378142966165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHjPNKp7XIsRc:CRsyeBmWfV8ZSXSHjsIec
                                                                                                                                                                                                                                        MD5:49D76CF2617639E1D949091D75B9A35A
                                                                                                                                                                                                                                        SHA1:556C990E0243A385F30F7124BCCFFC174A31892A
                                                                                                                                                                                                                                        SHA-256:4237377B85143E1CC3C11C0BB1CC95005F11594B577CAFC8FD157B36006C323E
                                                                                                                                                                                                                                        SHA-512:89D855D0E61CA1CDC29BF5C72EF02291DDACED7C1EA9AD0C350D70E12DBE05446F5E68DF1FEA36D04658EACFE69D73BBDFE0AEA2F429F3213AD95FB4F39E0FF0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//CEB5CD70E0DB458F5B4CD30C6CBEB97FCC49E84893F4E0BE8C3C76F1B99BC68FB36CD19411CAC0BFC9B3C7DB57C265A546184D74D3AAB2EADC900AA1E7C10BCA++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.47435822751087
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHHwF7ORhn2FOnu:CRsyeBmWfV8ZSXSHHyCIOu
                                                                                                                                                                                                                                        MD5:E119B6F3E45E92E092CCE6DF906DEF20
                                                                                                                                                                                                                                        SHA1:3A323CE6A1F80191841DA26FCAB0277475BC59F7
                                                                                                                                                                                                                                        SHA-256:FA8CF6BC1FFB61D9FE98FC8685B6FB8E8B29B9AA6680FD54B11D2690C8574E72
                                                                                                                                                                                                                                        SHA-512:1C60A6A304FC2073B74FDED7F960AE734AF2D19A0A112C40632BF486E04DA5F57977ADFF8D3B131768EE5F99BDA63E1F955CBD8FABC4BF6DDE4224F46B17DAF9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//B1D0B04C2AC3C816AE041A99A0A444C5C57A4B715C0AD7EABDE0C2C33D3B491A48768F813DC38966C2501D36C555F39512969838CEFA4637CCF634379D1C82B0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.479123914275465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHZa5nJdGoYcV:CRsyeBmWfV8ZSXSHZMHGotV
                                                                                                                                                                                                                                        MD5:45700F425D5E40AC2DD84233976773D3
                                                                                                                                                                                                                                        SHA1:78B3C8D1CBAE263306DAB46978494F06086F5BAE
                                                                                                                                                                                                                                        SHA-256:A130771AE3A9C400F6D1F5B9CB52A571209C26A752156B97842E44D53C90F18E
                                                                                                                                                                                                                                        SHA-512:1BB697F3ED203F91F5EF49D316048AD4D7F4FFC8E896E3DADA4B902F0C5D3976A949C5351D921F7795FDF42B971FFD00D126365AD82E539A927E227244273EA1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//D54C1F8A4CD47DD94F8374AFAAB95D3EC9CFAF8E9893977F864E86D424A52955E81625E650E110E3777232F689A9F9849285ED9F8217751DD5BA14431E021889++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.462731863639466
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHv9kSnlRGkRFVm9M:CRsyeBmWfV8ZSXSHvG6GIFk9M
                                                                                                                                                                                                                                        MD5:90C63FBEF9319D87F172047942E53C94
                                                                                                                                                                                                                                        SHA1:9495CE1FFCB132734BD7D6D8448FD9787E033FE7
                                                                                                                                                                                                                                        SHA-256:FE0E89053829AEDC19CE90FD34B2376169C9C7EF3AA61E92FD119108489352E0
                                                                                                                                                                                                                                        SHA-512:35D39F07D1BF8564B5AD26FFAF5D08B9EF935C1567678230FFF251EEDAD4B1A709C6BDC6A2BA19EA456DD4E1F61EE783A6B9A1E7A7D9940F86A5189A76FCC2DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//FF5995D85DA229F7EBA74F9746AFF56F7001B3BAE16D758EC641E7ED1EB6697EB1C76BEFEC2162895B0DDA6575358667A9E8DFEEA69BF5A0E922148B0C1246A6++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.443578744550161
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH5OtXhnZrYY1yrO:CRsyeBmWfV8ZSXSH5enqgyrO
                                                                                                                                                                                                                                        MD5:465548A4CEDEDFC0A3E5752E375F4873
                                                                                                                                                                                                                                        SHA1:3C4432435867C420EF3AD6351788C26D2504A455
                                                                                                                                                                                                                                        SHA-256:D4933E59325CB1697DC4C7C0A10D2709899C6073DB55E3C034CC8ED0DC98B59C
                                                                                                                                                                                                                                        SHA-512:6626397EA94E89AA696A64011ACFCEF65AE345E5C2ED89359340CE96FC2FADB64621BE5090A22063F565FF99609585AC102FB5593348C7F464E6C46E7332F2C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//EF9AA7C3B59E831BFC3E5629A3C70BEB963D81CF66AA9D5FC6186E56FC3A7D30A6EC6F777CADB1768BEB8B3B8561200D2BD1AE94DFE930B0AEE301D26BA0F60D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.475960282259572
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRM4qTbE0AS/Ji:pCPR+2cyeBmNEfSU8ZpoXSHh/E0bJeD
                                                                                                                                                                                                                                        MD5:9B8FA9B7ACFB4311432168C153170741
                                                                                                                                                                                                                                        SHA1:18F8FFDB9EB3A5E839F5A6D5C04033C1F21E4F19
                                                                                                                                                                                                                                        SHA-256:8E9B8DDED930A115BFAE560EB16861A53EDE5522396AADD340E76E056D39C686
                                                                                                                                                                                                                                        SHA-512:B559A1E4D773A38ACCB5F970BB5F2D2BCF31B258809487FA15C55B86F8D91FD6590953BC09B95E8844665C8830F700F4832F748C95E5F6F3BB907F41C162DB1A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//6456AB811C53668A6B2E515F3AF2FDE6639FB3A580D0D09427DB47F4BC4746C66A157100CDCEDA14C9AFB01B3DA037A88B3077808A86CCEC070CF3ADF0F8144B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.483353476014259
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHadhXn7CGVg:CRsyeBmWfV8ZSXSHadhrdg
                                                                                                                                                                                                                                        MD5:890D321493F4127CE4D926DD0C05266B
                                                                                                                                                                                                                                        SHA1:0AB7E230C7417C6965DED3F82339447A0FAD3FD4
                                                                                                                                                                                                                                        SHA-256:8759C3CF0E235DBAD9134B35D1A2A9300E24157B804BCB08B2FE41B6ACA3E84B
                                                                                                                                                                                                                                        SHA-512:D0113CEEAFC33D90EEEA86FD9A02F0EDB29B22926C4C6B08CE6F44C1B799485CCEA7AFC913E1854FF04C8E04F96A7ABAE24B8F61C22494BED19D6FE723D58AB3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//BDB5A0A665C57F5C51D8383DB4D1BBF8E3E61B686AC9DC649BE7938E72210C062D1B77BB158636291473994AF223D48E22823A1435E87DD23D80CE3106B26D5F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.448184357719359
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHknIKF68zcdm2JRRTh:CRsyeBmWfV8ZSXSHpAj2JRj
                                                                                                                                                                                                                                        MD5:AB8614D5308C49BA531C930B37FA92F4
                                                                                                                                                                                                                                        SHA1:8230295D1E30DE23BE56F5D65797E224C243D354
                                                                                                                                                                                                                                        SHA-256:528E052026984F89ADFE9489D9658A91C8B14C455791544D29E9E70CA99C7C79
                                                                                                                                                                                                                                        SHA-512:F5B2EB27AB0CF9E69A6C496DF9685B6DDAF80A632A4BE24D3F486349E825D13A00EFA3B82F4A59681314CCB89279977926B160BF3E389A2C8ABA2228266F7118
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//8DCADF21EBE41A72AF4F28870726C03694FCA878887CF2E7B838852004B6BFF58820F81C578E6628A84DECF85671963FCD32682ACB2AE815C0CEE0FB4464AC82++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.478085141923155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHelTEUXFWa2/3rQ:CRsyeBmWfV8ZSXSHepEUXIl/8
                                                                                                                                                                                                                                        MD5:004810B643348F82B0B92DAC6FC43859
                                                                                                                                                                                                                                        SHA1:9C410CD3AA1402A756B5AAF376EEA432271D6659
                                                                                                                                                                                                                                        SHA-256:E41B3B2F4BD327CCC1813C949C081FCF52A4547AC6734CB8A214C142C95CECAD
                                                                                                                                                                                                                                        SHA-512:220F5E6E3E2670E6B2A12B4B58434D16D4166A1F27B2E381882B0C6736CD00378959C48889671807C08C2BCB5E2944AA3DD1B1DF5031133AC2E88C541EE94F8A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//A77CB812FBDBB3E757CAC50899849B7E3BD083FBDD4F874AF42EB2466A658C7E28B1D386A2A4943C63A71C0944E5A263B7683E003E9B4563358EBFA5068DAF5C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.491038109455585
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHddp3g2ezYc:CRsyeBmWfV8ZSXSHdZecc
                                                                                                                                                                                                                                        MD5:139478E90AAF608C4ABC9FB040DC45D5
                                                                                                                                                                                                                                        SHA1:B3BBBD1755CCC7C07F5BEE8E9209409CDD2F8881
                                                                                                                                                                                                                                        SHA-256:81685015E6C7DA4C68D0C6B31200643F6549B28B4ADE6F07BD55AFE74D9822AB
                                                                                                                                                                                                                                        SHA-512:163C140C7D1C06170D547DC0209B06724DA4D7D4B1C89F1A2CFD442406AA79C9B2F93578EA9B6B8854AA91CAB4B0F2D855441892872618A898BE9F1BBB5D9D6E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//D41493B50028FA8C2DE76CCE94593C98E881B9F37F2E9FF5A1F23F06AE82D1A56D1009893C4F7CB126C03279B7466208799BE1059CEFDEF41409F16341C4113A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.454642148955664
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRTJ2t058/hvLU:pCPR+2cyeBmNEfSU8ZpoXSHkOxle
                                                                                                                                                                                                                                        MD5:DF15DAB74FA4DBCE9E8878573E9179B2
                                                                                                                                                                                                                                        SHA1:8AF092312427ADC0D97B35940FFC3417EF7ACEEE
                                                                                                                                                                                                                                        SHA-256:96E8883A9EE15C9916130AAF963846A479058328560CFFD1068C8FABF1193D07
                                                                                                                                                                                                                                        SHA-512:0D6C4D4F8FED98A67C3798E5C5681A638C800C4265CDF2874DE13B1FC95C90B495018F9091AD7F3C58DB9A4B53B444B9367265F074374EDB9FED08F32FE5B69D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//4F9A158A393A4E42B52F4367C94C00D15E424EFE1E9AB00D9DF96A2C0C96E0898D3BABB8835BFC4E6B08E7D79230F8CD6AD532E8093EBE33E5CAB49457E2C8EE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.4435879544367785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHd5hnXWeS5U:CRsyeBmWfV8ZSXSHvhX3SK
                                                                                                                                                                                                                                        MD5:C6626B62DFED6725A5A4DDE03E46FE44
                                                                                                                                                                                                                                        SHA1:5B36273D30BDA060C86DFCC46EF239BE88A1D0A5
                                                                                                                                                                                                                                        SHA-256:F0F5DF76A2D313BAF60751B54B8D0AE7EF4C422F8BEDA3C6054B4AFFC4F08C9F
                                                                                                                                                                                                                                        SHA-512:21827B132AD910AE5A27C09FA1611BDE7A66892C1EA06CEDF255B07CA167C4BE7903E71839181408F5EE4C1D481D8EBCE6A92FADD1D7D4EB84A3C1D898B74E34
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//AE6A27BDE408F65B5701FEB493A22AB286C3BB54CDDBE20482A76442E2ACD9EFFA6612AE4A5E8EBE09CBA9C363FDC680D0EA44227D33FED2D4BC606D51BD651E++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.463513217681237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHVjmiQukwPRH:CRsyeBmWfV8ZSXSHJawPx
                                                                                                                                                                                                                                        MD5:2C9D7937F982E7DA29751EB2BC031FD8
                                                                                                                                                                                                                                        SHA1:C68C00B221F70204F9022AB380AD35FC9F2802E9
                                                                                                                                                                                                                                        SHA-256:45C1CE3A57C70679EF573DF52D0A375CA76D6DB03D4BD6F9AF7F1B28CB55D808
                                                                                                                                                                                                                                        SHA-512:D01A21D2FB2969D22BF4EEA084B6C87AF7C292EA9DF638ECC574C52C876885742309903FE61DE4FBE531C79E3ED3DBF851287C6C1F60D69878A8A08D10FCA0B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//6D68A495BDF8FC574B7565B4B075D715D0D7B7EC3288B2FA3E85D1CCC7E4B9E139086AEE4D6342959D4C6865285B5AA88468D46EB75136D29B83982683EC6D41++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.474688718068832
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHP1b2nRhRjsp:CRsyeBmWfV8ZSXSHhI0
                                                                                                                                                                                                                                        MD5:DB60705077F2F8F52FBF71FB808710FA
                                                                                                                                                                                                                                        SHA1:CA4239AA9549C18C63C26D548D4CBD12F1E14918
                                                                                                                                                                                                                                        SHA-256:568244A252618BBD192F529CF00F8F34FBDA8AF7DADB4AF11604DE361DCE5208
                                                                                                                                                                                                                                        SHA-512:4183BED126777F13125826D096F4E68A373015D93957A22CE975D2F8925C9F1CC4FC245B0C3A35C2040FFD903F7B0A5495ED769E7922649ECF7F5EE65ADF22C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//71D074919F166A2866A2BB7E4DA639CB92A391665B4555E7E62A45607B4DCB475C1EFBEDC21A9A155FD23DB57F50037F7730EEBAD960A920479C169A233D60D9++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.458074089048836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHoxXTdQ1ggvdhn:CRsyeBmWfV8ZSXSHkjdQZVh
                                                                                                                                                                                                                                        MD5:D7030879A1CD886767C2956A05F3E80A
                                                                                                                                                                                                                                        SHA1:AF22439F94DFFA48CFE827B1877A793388238D06
                                                                                                                                                                                                                                        SHA-256:D20CD9BD0543BB7A860D23095DC22406641C6DEF448449A143F7E818E784B9E9
                                                                                                                                                                                                                                        SHA-512:041E50BA2F8D2E66E29DBE46895B27C3FBDBC58707984C88939D1E774E23D63284FE57F9E63D7913BA8C9AA54721A20411E8644026086FF2BCF5042CC26FEC20
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//A9600F19215FBE491226EBD40A0D9D963AA4D25230F42A0DD9541CE9912D7C4944241112B34C5687256BCB8E6ACA9CA4E4AE2EF85B87EDAFB16AED073CE26EE0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.481344686655015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHSA69cHbPcjVdzER:CRsyeBmWfV8ZSXSHSAacH4jV5K
                                                                                                                                                                                                                                        MD5:2534ECE97EB182B4A51D5588713736F3
                                                                                                                                                                                                                                        SHA1:A9D1FCBC8DF9D250E2E94BE2886A79E39238DCFC
                                                                                                                                                                                                                                        SHA-256:3C390FCE3F4FDF1BF6C0127F910E006CD52230145B9815CCC7D5D064F0862C27
                                                                                                                                                                                                                                        SHA-512:3EF22C8AF9213FE1ADF589A9E51B30110C1BC70FD0E682D86CD4EBE031590ACB1B38A00148DAD04AA763E0415301CAF7349F917D5E33FA86A7D4DDE967EAC2B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//3A6507E6FE48B47BC4C1F02114E35D4D52F1C5E08A222F8FFE72AF52D9FDB7E857859AFFD5DDD3B566F577B52579DB31A35ECACFB2A098A039A3470579C0B027++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.466027731100819
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHPdU5OccXo1+R:CRsyeBmWfV8ZSXSHdccX5R
                                                                                                                                                                                                                                        MD5:37F1B93F4C785E8D779FE5D6681DA998
                                                                                                                                                                                                                                        SHA1:792AD3E763666DB2493E43CC6AFF6EC6FB0C314D
                                                                                                                                                                                                                                        SHA-256:C699A6A19F2E9B09330E97EF633DBE8D79D3BDBECC5AEDD12704BCA31F2E5308
                                                                                                                                                                                                                                        SHA-512:B77468B2B238B92E79B5060E19358C54496F0FA9E55AE3E5A192D45BE30550EB4DAEB1A141A97E15D865CA52AEF01C2A484233BD6F7A13E04A962F6BD2F778CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//11510DCE0F7C5918C3B25CC120E2A204AF5B051DC0009BD7DE82A2D7BCDDA171977FEB6D5DE89D5A4EE81EF01A5549857E562A8F4B21FD737D9B96630F31AA01++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.4787556586911155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH84Itih9oziqh:CRsyeBmWfV8ZSXSHqih9oR
                                                                                                                                                                                                                                        MD5:4E97243E498B29E9C3D039745CB97FB9
                                                                                                                                                                                                                                        SHA1:5A318BC4F0A38EDD0EE32DC648E46CF1C212F3A0
                                                                                                                                                                                                                                        SHA-256:266E2BCE743B4FB4B8374F2B9F744764019BE49063F2D6319E210544A2906927
                                                                                                                                                                                                                                        SHA-512:82A084162FE56D4DAC1E6014366FC05E457E396E0C7AC0DE5F2620226DB18B68EB156B9E0C2376FA73C5F06E845A0018C711CF8D129A025743FD1C6A8811135C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//0EFA169094261DD536B0FA26C237BE24F84C4AA0FC5A74F53645EE5D44F8CAB2AB9DF1D316020B841C1E2BCA84FDAC357774C3C90566FDC6ADD1A85FA9CD9734++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.488813032392837
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHGhSZzNY2TyDwO:CRsyeBmWfV8ZSXSH22y2TW7
                                                                                                                                                                                                                                        MD5:FB0AEE157672520C1625E58842658DAF
                                                                                                                                                                                                                                        SHA1:EF3F8617466E91B9E39754A9A61536DAED1D3054
                                                                                                                                                                                                                                        SHA-256:55387D9551216BB11D61DF0433105175CBFF2099BA56FB96D498C301FCDE52DE
                                                                                                                                                                                                                                        SHA-512:3B36F798A6C176100A4F492354282C62E97DECD4F0A78EBA4546DA149A6C45C6C0ABA9E7574DFBB4ACF91BE70A82B24F912D4EDA296696AAD41565B4D31510AB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//5CB74A920FE99EEF01CD66BDA2414BD45DBE2BE13A2BD2FA3364122721A2693D3C949ECD5013B31D5694B88EA58693B7081A15E5B353A3F89F9298A74C804072++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.463311687549381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHhb5F2seVJmqO:CRsyeBmWfV8ZSXSHhb5wUqO
                                                                                                                                                                                                                                        MD5:BE294E9582CE78D78C6E0C4673D0B563
                                                                                                                                                                                                                                        SHA1:EF2B0253721E02B8B6D2DE02B4170611E5034541
                                                                                                                                                                                                                                        SHA-256:2A512268E8B675F9DAE07C594E6A9C4602184A72AE891B997F8F748AD5B07057
                                                                                                                                                                                                                                        SHA-512:966F6FC8BBA48F61A5AAF8700DE4D346DCF1CB1545B51B73A905C8B7DF5B3067E7C644500732DE6D9822DB558E013FAD7B39D67B037B1B0FBBADDD7459B9D9FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//B9AABF9FC26A9244FBE2CA074FB3CF8AC3DDA8BC9A7192EA19C4472FEDD29A82EB200BA67C2297D69654F6A925270B5353718D80DB277BF5330A2CECFA7D0D42++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.477610503111263
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHIdISjg4eq2iCh:CRsyeBmWfV8ZSXSHI+St7Ch
                                                                                                                                                                                                                                        MD5:397A8AA01D128C07BC7C55A949DD3DA5
                                                                                                                                                                                                                                        SHA1:7012001F4A68B9EAD9765E4BE78FE5CF1C6A60FC
                                                                                                                                                                                                                                        SHA-256:DE2740ED7BE8A7337586BBEE83D8646235D3F1AE427904979E865AC8FA59B8D3
                                                                                                                                                                                                                                        SHA-512:438DD113DFB5BD98787CEDC02482CECFDFDA4C10F102B82CEAB31DCA32BDA9B4A1DB70164B9D199EEC67DB8D7A7511B8287B620F902E0B8B39FDC6D3520006E3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//9E4C8ED710BC5567A1DE50AEB93249DDEB710D3A16CE785BD2F6B288CE84F5FF1F81EDBC2DFE6F655875A8D3AA19F34846100A6D1B95C541B398193485F0D8F5++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.481021717019209
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRm/r4UYwh4nbE:pCPR+2cyeBmNEfSU8ZpoXSHjnVvfqRGX
                                                                                                                                                                                                                                        MD5:C407E5A5955B7542D99192CDAFC66F14
                                                                                                                                                                                                                                        SHA1:D630B5BC6E9EF91BF63C28F89D69AA3FE2D4E543
                                                                                                                                                                                                                                        SHA-256:500CD57CEBC52D51606C1DF525CF267646ECE554603612CDDC22F9AC06A466C1
                                                                                                                                                                                                                                        SHA-512:F3496B6C5C013BF4FB61A4BE0BB2DEBB5B44FDB8705692195206EF8B321BA3BA6772C4051440B17CBC8D3ACDF59C120FC0D9D4A1489057D52B2406D8EF6D496A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//C7B68584711F77A5823D538B36D64E804C35C2BABE7FC6F8B0F09AA2B01BA005762AE1CB28CCBA736B910DBC5036F5C205DF0A39D3893E0803FF86164B25FBEE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):716
                                                                                                                                                                                                                                        Entropy (8bit):5.603466386701819
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRTos4SxQrKOCj:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9t
                                                                                                                                                                                                                                        MD5:8794C890BD2E81943C82C292F66F3667
                                                                                                                                                                                                                                        SHA1:3B4C2828FD3DAB4F81A8C31B1D4317970A19712F
                                                                                                                                                                                                                                        SHA-256:074AC361DD559BAD3396B7D2BBAB1DD617F0D703F1F9EDD187A01A70E5469C4F
                                                                                                                                                                                                                                        SHA-512:A092DDCA133709C3E07A59FF231F97ED03FAAE2DF99D819E92B0D49CDB0A832CB8C913405C438A7A9322466BC41D5BDD9D392EB8FA0100A8D15910239EE86082
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//A33A9CEAAE4D249C0FFCF86B46DD3CFE7CFED92C807371FAAD24F10184439BD12196A90CAD70144F27B4D1487BF8C1647F83CB050B21FF0689425EE4A0E9E96D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):728
                                                                                                                                                                                                                                        Entropy (8bit):5.561213207315339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bikzbkLwT5zxjAHo8wN9wuRToIDlUMJMlE9:7e9SlNLiafLYFv9KO4dWIOHo8wN9ZR0g
                                                                                                                                                                                                                                        MD5:A051DAA9B5606E594E4CD75E82068988
                                                                                                                                                                                                                                        SHA1:7AFC13E52ADC302A9E3835FC418A8ABB501957D9
                                                                                                                                                                                                                                        SHA-256:0F18C38792BB96A8CD3F11E91E8F8C05C463D7755945D5D0630C459A6EE90995
                                                                                                                                                                                                                                        SHA-512:341F223CDF8F49FB8CC8126B610026949E9171F85B24970E797F5EB75D3CAE9EC6C066B94DA62283972C57737D80C77241DE02B238D0B078FC012AFFC961B027
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//775927AF51C58C15181597C0E40C51FFB2B46720C140702E55EDD759C98B1BBB9BB1BB67EBC5319E66CEC6C06F4E63D92929522DEBA419907802E4311F4B6AB1++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):695
                                                                                                                                                                                                                                        Entropy (8bit):5.546960598972389
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRToh88JwGdOO:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZRw
                                                                                                                                                                                                                                        MD5:4CA73911A8549309C48D4E2DBCCD384A
                                                                                                                                                                                                                                        SHA1:D5E3B5C8D2C4353315B93EF16DA69F8E6F7445F6
                                                                                                                                                                                                                                        SHA-256:145DB2CDB5B8FD781A5F84E84A57CDA055A47551DC291D3335ED695E459AEDED
                                                                                                                                                                                                                                        SHA-512:8E9DBAD8225952584310480BF67DE048C2FD27D6EC7776F30F5EFB3C5821AB60513618B7E98BCEC0BAB954BC5197154CE03A6965E64D506C190E0A8EC2EE6AA4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//37B600152353029B4EE0D51C5F5DC779FA4154C41F9E987CBBF78A388CF7EAD941C181F0D37CD82E6A42E1523AF2D045963BF87889701AF7027EEA10566B41D7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):750
                                                                                                                                                                                                                                        Entropy (8bit):5.75038358315992
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRTo2ma+apHkGKb:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9Q
                                                                                                                                                                                                                                        MD5:6FE7F9625E2B43D3DFA72219A32CD797
                                                                                                                                                                                                                                        SHA1:AAA18255C4C9228FAAC221451CC599881DFE99F0
                                                                                                                                                                                                                                        SHA-256:99DB09DCA477A43E3C1230DED9DB306527A648BC9CDD1FE4D11396EECBC4E8A3
                                                                                                                                                                                                                                        SHA-512:F60D3F083BB557ADA563E07568ADBA9E81BA9FEA3A385F9C57BE02B313DFF4AAB51A2B3EA42CC3B23BEFD3385A67C43BBA39098D711819B04226E397FF618E8D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//5D3C085C46ADBA2C87236F283C7F7A6F9F8528F5D95484748AD517E395A273333B09FFE5C5AD7832E2A2AECCDA0A44E491DE1E4FCE209B0AF2F79D34A9089B03++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):688
                                                                                                                                                                                                                                        Entropy (8bit):5.5148376008517355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRTouGQN:7e9SlNLiafLYFv9KO4zkCWIoT9ZRxT
                                                                                                                                                                                                                                        MD5:96F06BCE2F8241D3FAA99D215D5165E9
                                                                                                                                                                                                                                        SHA1:6CC4465149BA689E6509BA85C199C357DA5E76B9
                                                                                                                                                                                                                                        SHA-256:E6806211EC82E58650186D6CA0E2586158031052AFB622AF8D669B6DF8B10586
                                                                                                                                                                                                                                        SHA-512:294C816E99BFEB230C629FC90CA4DEC3E969731B25D0DC252A833C914AAED54E686005F875284488EC6432555EBA23C63DA0C27E05A0EF0B23CFFEE85603D2F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//B470C7AAF5FDD24BBF32F7476686D802B0DDD7A2E27E19E227FC11A318F1F178EE4A187DD27F062D9068D7C9D3AF476F7739316C707BFE1246DBE8BCCB582598++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.53027365887532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToFVoEmUo/GbXn:7e9SlNLiafrFv9KO40gnWIqgV9ZR2Vo+
                                                                                                                                                                                                                                        MD5:6B40E984877643345441286818FD3E70
                                                                                                                                                                                                                                        SHA1:72C8EBFC44446664E55F7789FCEA06CA1B18DF44
                                                                                                                                                                                                                                        SHA-256:B49C9D62E2060E3BBFAF24ECC36016322B8E11A11CDFEAF1BCD5AC34605AE51F
                                                                                                                                                                                                                                        SHA-512:0542309BAB98597D6DE4608B2F14DECD65322D8517F9D9D95D7169EF5E9A1DAEECD9ED0894D8621B0AAFE9AAE58BB5DF95D8E49EDAC8404FDD527F961CD466B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BFC1DB273BDD11606013A9CE4642C9329CA41AD21F8C5F38531ECDD48BE2385679A485CD0BCFACF2455A2D5D9F53158546E6970F6E6C56ACBC14DB30A9FB7FB0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.524664431479274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToJcdLRDonXqU0Xn:7e9SlNLiafrFv9KO40gnWIqgV9ZRHdVd
                                                                                                                                                                                                                                        MD5:06DD08181921F52A83115283267E31C2
                                                                                                                                                                                                                                        SHA1:34E1A98CAC15200DACF84A5C4EAAE3C48769F48A
                                                                                                                                                                                                                                        SHA-256:36C38D7E0367F32F8A4390424B826F337E3717AF61610D3B6DE7355735252DE2
                                                                                                                                                                                                                                        SHA-512:804FD02DC4B162A9D25A8F395E904100CD87073DE18AAB1941E56571BAB2EDC4904FCEA4FE3AA9DE27DA85EC723CFDAE0AFC6FE981E07EFA3992A4E90E56EEFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//754B3DBDEB13314364EEB697D5B6FCC9D319892836CC4544C9D93068886BD51329DF441F3502D2BEA4DD61E90BF9BABABFDF8DBDC811D9B264B26A0CD94D3A62++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):692
                                                                                                                                                                                                                                        Entropy (8bit):5.516986272783081
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biu6gbkLwT5zxjAHo88WN9wuRTo8pcqxFaSRa:7e9SlNLiafsv9KO4RWIOHo8Z9ZR1cIav
                                                                                                                                                                                                                                        MD5:3C20435CCED9E2BECB29CAB56E69538B
                                                                                                                                                                                                                                        SHA1:406AEED3490CAAE193A4944197A3C682DEE6A427
                                                                                                                                                                                                                                        SHA-256:E0691F6FFCC80E2D932F5E32A9825BD7C4ABFC929C2DA9F74BC432F50AB8142A
                                                                                                                                                                                                                                        SHA-512:B472AD0D1AC7196F070CEB9E7D23ED70EBE5F6B2065C53FA98F0B1E10E9C9986CA8612DB622DBBAA938BBAB8AE0E5DD7D62CB03B864CFCC8FEBE840EA5102A0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0645A2C63F8874B2644CB688496CC128F3D37ADF4FC5C554ACED68A88DA43DABEF8D1954B6DD7DF54AD1137215CE6B6683F5A9571F7336393F5858DE05A9DAC2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710
                                                                                                                                                                                                                                        Entropy (8bit):5.554042069584347
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRTounXHUyEe:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRv7
                                                                                                                                                                                                                                        MD5:779EA85FBBF62C1510D3E05AB20C26EC
                                                                                                                                                                                                                                        SHA1:A57E416890AD142307798E99AAFF5E2F3BE4EEC0
                                                                                                                                                                                                                                        SHA-256:DBB25AEB94E9C422846AC42C27EEC7E640F1319EDD2AFFC2FD5567CC6B4A6B40
                                                                                                                                                                                                                                        SHA-512:A068B003B7F34147F770415F2934F03E4693197542897CC9BAB4E11C7155630B8A4F1AC2E50EF07C59FA5551E86C0D94872E55303F39212AE582310DB6777C14
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9E70D09B967A834FE69317BA4B5B2CDCA5AC0F8BA4BCE75D9F9BDA71C2AFC01B14569FD2CB1D7E039B498BB092871C7EE39C6108057E2C26BF900E4805FC2775++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710
                                                                                                                                                                                                                                        Entropy (8bit):5.541459694602625
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRTo7NoqnUXLpKn:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRaD
                                                                                                                                                                                                                                        MD5:638D9816DE2A345FA16AE761F050A6AE
                                                                                                                                                                                                                                        SHA1:532A74ACD0DDF25BE6045AAD208641E89709CE68
                                                                                                                                                                                                                                        SHA-256:08098B71086F96092F73853EF83B8A022A91C47E63898F30B844A9E743C972D9
                                                                                                                                                                                                                                        SHA-512:0AE92E9CA59CF34623952AC68E61ACD46F09EE74BBD0CAF2CACA87D93DF7503C953229FDDF39E497FC1A0295F5A54EEB658E49690A95D0AB79FE4C4FA4C89627
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6F7E8BC63672E5124455E40C6A50391F50FF34D1A21C9CC76B56B5DDC555534CC35BD263EF7C7A12E42D75356E165C5A39E0AA148F5F8A7BDE6016BA541E147F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):703
                                                                                                                                                                                                                                        Entropy (8bit):5.556912313975577
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRToUePBNIm2Xg:7e9SlNLiaflv9KO43BoWIVT9ZRzdQ
                                                                                                                                                                                                                                        MD5:0354889B640A12B309CC946C5354C21B
                                                                                                                                                                                                                                        SHA1:022A64BFDF5B8F2D679A6E156C152507498E16AA
                                                                                                                                                                                                                                        SHA-256:E1541C5B527D9D1E3A8811D5A6A7C507A8603416043B053CA97C288209BB8A4F
                                                                                                                                                                                                                                        SHA-512:72EA0BE258BA654EDDC88CB869FD0942ED95BAB5CB406E6B7F51B85446C2907E318C794D19B45D5D4FCD22A8A17459E903D95AB61FDDF2A02D90B272A0886295
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BD9F914B7A0128058D12F3AC184833E8A377909F9AA32B164D1780B4F12C26513CB70BE7383900D24E79F5DFC4F0B91CD6E9656E92B21310D6C6A3CDCCEB2021++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):699
                                                                                                                                                                                                                                        Entropy (8bit):5.595019305091011
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRTozXbVNVXc/yP:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwv4
                                                                                                                                                                                                                                        MD5:2CDA0C30A354370C38A338217D211433
                                                                                                                                                                                                                                        SHA1:E9847A549D61A27ABC0ED964FD5274CE0445A353
                                                                                                                                                                                                                                        SHA-256:2386382712EE52F5FBECA3B47504F3D4B5A4721A7D04A1E778F2E26E87F8C19D
                                                                                                                                                                                                                                        SHA-512:3619B598B49B9988EC39E1E3D6157F20657F89D01CC28D429DB0D7437190BFBAAF4059B5474140D28D4DD955DF16F019686B47D58E515CAA2AE81A93C55073B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//B646A3402844D34E1A3BA92A3ECDCFB4D75F7956083C08493BAC3027813F5D2321C77A171338350B777AE9128F7DF21D1E437C0236713F2161F293A88ACF137C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):697
                                                                                                                                                                                                                                        Entropy (8bit):5.5303189627766365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNkbkLwT5zxjm79wuRToHMqjKVYVPT/idrr1n:7e9SlNLiafVv9KO4akWIo79ZRlqjKG/8
                                                                                                                                                                                                                                        MD5:7EB6790A46F59D57836EB565C8660794
                                                                                                                                                                                                                                        SHA1:DD58C46B3B5F26B17928EDE27D1A8E906B545634
                                                                                                                                                                                                                                        SHA-256:69B6D743C89B74E2C9E84D16C528D200CC2DA5CB664B0A42EDB63EDAAFB2C31C
                                                                                                                                                                                                                                        SHA-512:F6ED66EAC521E498E00C489C851D33B923160B13AD843393634F90D62737D2F41F676A19384C8574962766619B3E32A6EAFEB176C78E81E5E5163B4EBB7735F9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E9BE2387F2CDBC3D449C22604AD71B570D5065387929BCD0066BA637E8BA9FE83771F4F1EA6F7C81CD037BAD09A8DCDE212A3E4D7A5EAA079206B856D67B6B39++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):808
                                                                                                                                                                                                                                        Entropy (8bit):5.724439798276386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZRDZNZU34F:K9fLdICdfA49XLAWIOfUHFz3ZJ
                                                                                                                                                                                                                                        MD5:07FDBD0D28F682026EEBC7916F698498
                                                                                                                                                                                                                                        SHA1:CDD412C22D0D717EA237AEBB8290191FE06CB248
                                                                                                                                                                                                                                        SHA-256:BF7E520F826F1B040E673EB83D63F59335E19555B8D30E13DB5D292BE76E65FE
                                                                                                                                                                                                                                        SHA-512:15BB86ADE7D71AD2FBD33735D6FF39C0B2E22E87D82FB4B3658BF777D0138AFD8F7A1C584441787782EEEAD50F30C0B170FE4E9033A4AE6AA374BC1F9A361324
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7783325CA0B03097EBECF6759CE913AB93310E7D91DC918C9BA143A6ADA9FE7E0F2EF884278D3A99A8FC3097885BEB1D9FF0CF7E6AE5F0A3979CD545BE514079++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):742
                                                                                                                                                                                                                                        Entropy (8bit):5.824735575206991
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRTopvNWL2zXkK7h:7e9Ed13isnfVtv9kc4sWIViQ9ZRmz9h
                                                                                                                                                                                                                                        MD5:E8C5D1545F9A393D61EFD20253BF601B
                                                                                                                                                                                                                                        SHA1:B0BB63E52182556570FE309FE544C58833AA3246
                                                                                                                                                                                                                                        SHA-256:3A7D35147BE6D99B49508736EB75272896262B026B84DCAA2B549F3B4DFDB4CE
                                                                                                                                                                                                                                        SHA-512:B753B23CA68DC1D4A3ADEAD1B85B74A0A5C2EEC4E7A441AAB2C206C474FC2892F156B02B9046807BF962824940C044E05F875DFAE1F4BF492F75F3B036391114
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D23508851469B0EA5EED19A4C0E5034E8AA911B017BE0301EAC8EC7767872C403759927A82BAD01581A53086B63B596E8A716496FDDEECFBF302529D7FCE4548++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):696
                                                                                                                                                                                                                                        Entropy (8bit):5.556600355543895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRTo3scybWLO:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZR1cG
                                                                                                                                                                                                                                        MD5:03F5F916ED430732D2218BB14B0B42DC
                                                                                                                                                                                                                                        SHA1:4D0EF8E67F16E6552DA5A74F45A1AFA8D56300A8
                                                                                                                                                                                                                                        SHA-256:5400F723BC1A0E3F88990BDEB6271BB676FAA6EA6517EB6FC89609357CB7438C
                                                                                                                                                                                                                                        SHA-512:2F457D2C3059DD51F948379AAC6E7A60E0AAA4DF17C3353963787A72DCA7B6D6DFDC000C5EB12F545B80231AF8703C69A8BD4FBE0D52C8EB81395B6E858D0E48
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//98255434BED62EA15F51E86E3B8DE2FA4C5ED375452638A40C358F773F990D4A535C2EF1B49A47703266BCFF789DC96D2BC830BE3EB996D903CA66C70EE2BA29++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):746
                                                                                                                                                                                                                                        Entropy (8bit):5.612753891806925
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biqLEnbkLAWB2CT5zxjAHo8CW9AWB2CuRToHWRsVWsO:7e9SlNLiafyv9KO4zLEnWtB26OHo8CWk
                                                                                                                                                                                                                                        MD5:775D563614C64FD3F82E7DAE40FA502E
                                                                                                                                                                                                                                        SHA1:FF27DAF15836E916D1E45F7EC26A92CF4BD9B64F
                                                                                                                                                                                                                                        SHA-256:A7344FC245049318767A5397C3B9E36A975201559F2B829D9B1B7B0F4370EA6C
                                                                                                                                                                                                                                        SHA-512:8FB67852EA2A891379F7EC062D3013FA6065E6A015984795D01BC26953DD2B4C15A1FDA59AAEB080CE4CFF233EF376AFC26C51B0A6243794602804795D60CB37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//727E9C732B0CD944FB705156A8CE66E8FD455712F1D580E15CE2F39E0B8C824793BC1475EC46937EE451EFE3565A81D88B2B1679C803A536DDC6FCDBDCD984C7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):709
                                                                                                                                                                                                                                        Entropy (8bit):5.54596132666323
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRTo/aSb8+viScjC3GxL:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRGW
                                                                                                                                                                                                                                        MD5:F16C62EC1EBC7863FCAAD41304A250FE
                                                                                                                                                                                                                                        SHA1:4A15712ACE684882C40E47DC8827A12768A56FA7
                                                                                                                                                                                                                                        SHA-256:8A4D1AC4E1A0272C147173CFF86711028FB8D0CD944D98DAD8CC013C462C8EBF
                                                                                                                                                                                                                                        SHA-512:9B50630AED63B9A7F274626AAA6169293E80B5BD2675F3C573307DFE3B2F4ED44CF26FC940D8E887F0DD5704186434A567590E6137D210988778D6322063C7DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0D7B3AB56D641A87696C4D7861802CB559C2F1BE08BFF6F2E435DEFBE8F7ECFC73135DDD88EAAE9F2CB34E783D1FAD68739D4EC473D6CB2CF389DA4B49EC967F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.5527621729689685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRToVoHGqQhWngT:7e9SlNLiafBv9KO40HWIOHo8K9ZRpmqE
                                                                                                                                                                                                                                        MD5:28785D55CAEB93DC4DAB0E948BB295B8
                                                                                                                                                                                                                                        SHA1:B05E40516159DE35EE28E69E9027C7EEB217F53D
                                                                                                                                                                                                                                        SHA-256:299E921BF57E002F61B4831B666DDC3B67A4BDC53ED42EA28DD3F6221D44DEE9
                                                                                                                                                                                                                                        SHA-512:BE3E4BA37FEE694D8F1F535822E557A325891B0FEF100F37C907D9CE09C6E53C3959BCEF5EE7A31266DB4EFD92B910888C93F44B47A978E1F69F96434F8314B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6384AD8AD4D850A59D39F3DF8D3E6FFC05FBFC8FFB3AFE45226E4F6BE153C05D14FD4108A00C5732762890D6B5A991E32590D693E6BE198229630DC131620C87++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):700
                                                                                                                                                                                                                                        Entropy (8bit):5.561157492608534
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmuybkLwT5zxjmkf9wuRToSQwCeO:7e9SlNLiafBv9KO40nWIoK9ZR7O
                                                                                                                                                                                                                                        MD5:6E9EBAC171792EF5C6F675889922D4E3
                                                                                                                                                                                                                                        SHA1:7EC4E4E9A6C05FEAD73A3CF0C0B30D599AC7DF94
                                                                                                                                                                                                                                        SHA-256:6C5A8D69D2FD38010862BE52AE391308663CE074F6B0E044F67C60A873F02812
                                                                                                                                                                                                                                        SHA-512:5341A9DC69DB49FEA4E7B82C02D57DBF51C549DC02B23E0FCEC7AF077552534249F8502044776D9BB0987EF12E1321A3A22EC0BC2A171FCFAAEF5380A188623A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//58A82BDC7983BE1E70FE02354721ED75ADD01428ED2050CA7791180C6104C112BB5DB8E540169E5C91C0073A6773072B0F6BC2A1396F9FB25F73547F67070B8A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):751
                                                                                                                                                                                                                                        Entropy (8bit):5.737759761884001
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kf96v9LuO4biq0epiXbkLwT5zxjhKgE9wuRTo3xP0XPUXR1wvE7nn:7e9SlNLiafUv9KO4zrWWISt9ZR6xP0KD
                                                                                                                                                                                                                                        MD5:E5366F92DC09135D4640ABB48E3D98D5
                                                                                                                                                                                                                                        SHA1:9924C9AA3F6A5B53E0682F2C9047D9DCD3825D12
                                                                                                                                                                                                                                        SHA-256:2D800754132F08AC208F3295F5EB6A3ECA08732CAB0DF5C146FFBC4B3864CC28
                                                                                                                                                                                                                                        SHA-512:094A4A7A669CC338B33867470A0D0ACC3A79959DEDAB1054557F2CC262287A5844481D0154DCAAE713D82F3C3F2CB999474AF848A53A54CDE2F9FEF51130CEA3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//DBACDB75FBA39FBC15B351D433142ED25DB2AC0B412CECD79AF5708967C1C7BCA3374D5C31A7810DE779A2376DF88FC613485DE7403C105FEFCAAE13F10E164D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):719
                                                                                                                                                                                                                                        Entropy (8bit):5.625409797709229
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRToFyChIAZqXh:7e9SlNLiafNv9KO4uWIOHo8+9ZRCyhAC
                                                                                                                                                                                                                                        MD5:4230B155E5353C646812C4B20A90A814
                                                                                                                                                                                                                                        SHA1:9C2A64A9AD57DAE5FC6D236E1A68FDB84F98F1BD
                                                                                                                                                                                                                                        SHA-256:068D918BE3BF86CB7DF6DF57E46437AC3444D8EA517F9198F80D454A5FB16D5C
                                                                                                                                                                                                                                        SHA-512:A63B3886C005C976A2FEB66103D1B5B0747D378E03F3591D98FB0458C50825B971D8CE4932AA0088EB28374AB9646B3F791BDF997C9B835EF81807D01D28EB64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1698D976D7AC87F831659B59C60859AD6FBC935CCC12576FB6028F661C7F8E9DDCEE146AF5511923D30C7B2C5D2C545F1D4EDBE57ED8FF9EB69DF309F3F67480++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):706
                                                                                                                                                                                                                                        Entropy (8bit):5.560681855604894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToeS+5biFKh:7e9SlNLiaflv9KO4cjWIVT9ZR8+51h
                                                                                                                                                                                                                                        MD5:379010E8E69CD46B7ED701D46C0274E8
                                                                                                                                                                                                                                        SHA1:26385C67C579AABA0126B71F0DE2CF7A4CE42139
                                                                                                                                                                                                                                        SHA-256:C73D7384F7D7468922ADE76DF21C28BD82AAC84E3183A5ADD983A635B5B0599B
                                                                                                                                                                                                                                        SHA-512:32686912626F89BBAB1739B18DA936DA20F70245D7524346C10C1F80E8C6463D291F2C0D04C9FBE79A37FE7158A8C673A51E142215C7BC9C23E3777ABF9D3459
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//81BC8CD8174ABC72C657AA1ACCD80081D790AABC38287E28008535C781AE076513523744D7D80A922489EC406F62A5F8430F7B5DBD6D02646433F82C562FA6F2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):690
                                                                                                                                                                                                                                        Entropy (8bit):5.551835977982428
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRToCBdA1urQhJI+wJ:7e9SlNLiafLYFv9KO4JGWIof9ZRpKG/
                                                                                                                                                                                                                                        MD5:3BBBA0177E49E07313D7AFA2D56FEB5B
                                                                                                                                                                                                                                        SHA1:B8A9ABA78CF68595606290E647D63EA61266DD1F
                                                                                                                                                                                                                                        SHA-256:FA7E940E883699DDA4C7F68408C33824574039570B0F238BEC73ADF54DF7A8F0
                                                                                                                                                                                                                                        SHA-512:4B6F2AD8C339877CB6CA20A3178007752E4AF7DBFABE58D00A234FDAB6A9888A310A93159A06576CA8D323FE37C650C5C7B77D4B7C6877628DFB1DEB2ADDDAE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0B8440823AF6C68D538110EDF9B1057AB7F8C1344531F24CBC5959C7227B25E29BA23672DABAAF461F65B9F65E0E1368C143B4C026F21027AC9EE578336A7147++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):696
                                                                                                                                                                                                                                        Entropy (8bit):5.55794047416744
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRTo8n0YPgWMkBhADQPh:7e9SlNLiafGv9KO48QWIuv9ZRvn0RK28
                                                                                                                                                                                                                                        MD5:824BCE38448D0B743D4476B8370F2C3E
                                                                                                                                                                                                                                        SHA1:E838BEBD1F9DC325B9E45627049D12C482095D0B
                                                                                                                                                                                                                                        SHA-256:5055352E2F168228580BB4A56319D9B6598FE1C100D324E10F7648376ADFD126
                                                                                                                                                                                                                                        SHA-512:B0D3C64B42845A0F0AF4FBFA3E48652236B1E2B971B4F92C11A998854BF3D7EDF619FAD422CFB8A9B1A9129151895580E6D6B5D15A4936C32BD4F2DC0A7E9AE6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BA08A3B8359F502901E7D31E0480037E54351C96475E3E93E59079DA9A82A2DC78686CBD1579E3ACE9B26C82C069D2AFBBF896D32619BF9378E06BFCDBD2C09B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):713
                                                                                                                                                                                                                                        Entropy (8bit):5.910535895650701
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSuKxi7s6kfF6v9bgbiE4ebkLwT5zxjtDYv9wuRTo+sCfxRVc:7e9uui7s/fsv9bg/HWIv49ZRxZfxQ
                                                                                                                                                                                                                                        MD5:88A78221CC6E88E6DB37C449A1D1AEB5
                                                                                                                                                                                                                                        SHA1:9017C3F33738B08F6A99D567D57BE297E2E02F7C
                                                                                                                                                                                                                                        SHA-256:501566824AAC07EE52296D3410F9CBEF3834CE71624510E51228C25C6D26E084
                                                                                                                                                                                                                                        SHA-512:F77DB85E5F805EB1EC5BF4019F13091551B52794CFEAB3C878781E0142F6DCA951DD091BA013D19F03DED6A86CDDDBD5223D33143029919980D10A8DB63A571C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3FD962EDECC3B234D81E83329F4821B544341288A1BCDFBBFD54E680F6B982CC48E6C1257714B94C9335E839FF08DD1CE27166E81DDCE3CC0F2B71563A6EF948++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):694
                                                                                                                                                                                                                                        Entropy (8bit):5.710761896835509
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRToflpU1PM0Rhn:7e9SlNLiafsv9KO4d1WIG49ZR9n
                                                                                                                                                                                                                                        MD5:2657FD5592A96D8AECB301F21F28887D
                                                                                                                                                                                                                                        SHA1:4D890B88E4C6FEEE10A2DA20C8616E4E35C8BCB2
                                                                                                                                                                                                                                        SHA-256:E43BEE2A6045B1703EBA1101350E3205FE3E7F734E7EF69B37303F72684CA9FB
                                                                                                                                                                                                                                        SHA-512:1218C8EE669D316DD247830058B4DE225870377AA5362E3DDE8A52E756210BE19C428F8A22875DC5D66A6C7E3C5ED9F12FD237CBC4DE42EBA2881A2424BD2F6D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//779C74F28EF2D51F12A816128E5A3064780E7FA615050C896D51C037DB0E19D7BA8AC249CF54879EF4983799B68C53F507E053D3B9FF1911A15D49784F8475F4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3828
                                                                                                                                                                                                                                        Entropy (8bit):5.647077032874223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:ElmtVPut9muF9guJVDWtfDUEWP4gU4zTA46AOif7:ELt9mG9gMVDMfD7VgUeb6ZC
                                                                                                                                                                                                                                        MD5:40CBABC4984A2C48E4A301EBB435C4D0
                                                                                                                                                                                                                                        SHA1:FB862BFA6BB713658FCFC491003FD045ED4F1262
                                                                                                                                                                                                                                        SHA-256:A41D469879E99FFB4E054C555A01070E4C4536601E2D872D6DB53D9297DE8A1B
                                                                                                                                                                                                                                        SHA-512:BD007492945C57AAF4228EEB33D6579E0FB3DA16F4C67741BB6EE698561231DDC33FA9F3467A7782F48CF727797D89A72F5A265772E29F54FE21BE49F3387728
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.te z.jem o je.t. lep.. zabezpe.en. vyhled.v.n.?",.. TOAST_VARIANT_CHECKLIST: "Ano, chci po restartov.n. zapnout slu.bu Bezpe.n. hled.n..",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Hledat se zabezpe.en.m . ZDARMA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hledat bez ochrany",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechci bezplatnou ochranu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.e webov. ochrana nen. zcela nastavena . aktivujte ji zdarma",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ete nastaven. bezplatn.ho proch.zen. internetu McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chra.te sv. osobn. .daje",.. TOAST_VARIANT_1_INFO: "Proch.zejte web a vyhled.vejte s v.dom.m, .e va.e osobn. .daje jsou chr.n.ny. .ekneme v.m, kter. str.nky jsou bezpe.n. . a kter. mohou b.t nebezpe.n..",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3597
                                                                                                                                                                                                                                        Entropy (8bit):5.386810788526084
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:w/A9Lqnt+lLcLvjcU7s1KWfENcDh22BqOQiirtt:etCLovj5AIWfENkBqB5t
                                                                                                                                                                                                                                        MD5:7638AB2DEC58D2047CEED0EFAD6FC894
                                                                                                                                                                                                                                        SHA1:0045D989131FFA22A3DF515E7D193F9337151F30
                                                                                                                                                                                                                                        SHA-256:7813126937421407099F92585CBEB929DE6685BC16496EE54AF9163E4420F6E5
                                                                                                                                                                                                                                        SHA-512:EA33F00DDB18F2EB477BB1033B53105242782A1DC5243C40D1BC266174C4B8CF9F9D45679C8135FCF7CDD311BE83DAC212352AE00BBF5C30AB8B878CF7175305
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du tilf.je ekstra s.gebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren.",.. TOAST_VARIANT_BUTTON: "F.rdig",.. TOAST_VARIANT_BUTTON_FREE: "S.g p. sikker vis . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.g uden sikkerhed",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke have gratis beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Din webbeskyttelse er ikke fuldt konfigureret . aktiver den gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "G.r konfigurationen af din gratis McAfee-webbeskyttelse f.rdig",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskyt dine personlige oplysninger",.. TOAST_VARIANT_1_INFO: "Gennemse og s.g, vel vidende at dine personlige oplysninger er beskyttet. Vi fort.ller dig, hvilke websteder der er sikre og hvilke der kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Fjern bekymringen fra

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3722
                                                                                                                                                                                                                                        Entropy (8bit):5.357301392436372
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:MO3e8qGlKtiKL/7vdAmPegpo1fkJFfVQz4bLECx8OoMUxy:xdqGYtj/7vdAjgpSfkJBVQ8bI6BoY
                                                                                                                                                                                                                                        MD5:E9ED399FF8A144F71D5A65BD8BF631CF
                                                                                                                                                                                                                                        SHA1:C5D8030B627FDE7505710A937D70BAE42C97B642
                                                                                                                                                                                                                                        SHA-256:5410BFE496327E0FD88D554AECAA131A8922DB5E318DC5957170BE83E5116D64
                                                                                                                                                                                                                                        SHA-512:2FE6B451F1C3FE0E79C487950E9BDCCD17004EAFBCC9103BC817D04477A17393EAE36FF91D1E66D13DDACAD49AC00B24450FFB127C605A7D5CD5B7EE76E56E20
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.chten Sie zus.tzlichen Schutz bei Online-Suchen?",.. TOAST_VARIANT_CHECKLIST: "Ja, die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. TOAST_VARIANT_BUTTON: "Fertig",.. TOAST_VARIANT_BUTTON_FREE: "Sicher suchen . KOSTENLOS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ungesch.tzt suchen",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ich m.chte keinen kostenlosen Schutz",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Ihr Web-Schutz ist nicht vollst.ndig eingerichtet . jetzt kostenlos aktivieren",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Schlie.en Sie die Einrichtung des kostenlosen McAfee-Web-Schutzes ab",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Sch.tzen Sie Ihre pers.nlichen Daten",.. TOAST_VARIANT_1_INFO: "Surfen und suchen Sie mit der beruhigenden Gewissheit, dass Ihre Daten sicher sind. Wir zeigen Ihnen, welche Websites sicher sind . und welche nicht.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6107
                                                                                                                                                                                                                                        Entropy (8bit):5.028541869977441
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:3/3ftrYEERsgXRx/+P5BLE27ww5X4e0TSS8bW0u21Uq88:33trhEfXT+P5lrMSS8bEIF
                                                                                                                                                                                                                                        MD5:006345BA10D9E3B45A7F720FA9148FD7
                                                                                                                                                                                                                                        SHA1:801A716960714D69021205833845F3C4DE0CB556
                                                                                                                                                                                                                                        SHA-256:3507BB03C08F0E326AB7EF7645F5662E6F4A3D86934C4CFF4A462F69D9040E2C
                                                                                                                                                                                                                                        SHA-512:6E63D200A31CD5D1A2BC22F8E0CB8B24A184ECB7E46220B6B2608F174C4F847D8496219A3341C65CD9ABCD94940BE5A22126F71477FE57E54BB4A1492988EFEE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... .. .......... ........ ......... ..........;",.. TOAST_VARIANT_CHECKLIST: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. TOAST_VARIANT_BUTTON: ".....",.. TOAST_VARIANT_BUTTON_FREE: "....... ......... . ......",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. ....... .........",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .... ...... .........",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". ........... ... ......... ... ..... ...... ........................ ... .......",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........... .. ....... ... ...... .......... Web ... .. McAfee",.. // Toast varia

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3367
                                                                                                                                                                                                                                        Entropy (8bit):5.337347888881663
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KDGTsDGspn5vrfL5mwfPUpGRtBRTyCM0RL+K8KfEKxKxUT4TyALYrkyL0LEtTC6j:XIisJlwrmtBJZM4d9AY4GbJpMlDQ
                                                                                                                                                                                                                                        MD5:522592EC49F38054136F90B337388E45
                                                                                                                                                                                                                                        SHA1:5BC6C83EB12F699CB02AC68BEAD737A1ECE03F40
                                                                                                                                                                                                                                        SHA-256:267D5189D91B918B4E154BD538643B6254E291D43D0D053F3CF1028984538652
                                                                                                                                                                                                                                        SHA-512:8DC15C93856C08F754084FB30D7A7BCC5AE0BB95CE9B0AE031EDCCE8A396FF4C665BED2B724C9BA7F806E6D73E03E70CC0124C644BA76E2984D58AA1F7654364
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Would you like to add extra search protection?",.. TOAST_VARIANT_CHECKLIST: "Yes, turn on Secure Search after I restart my browser.",.. TOAST_VARIANT_BUTTON: "Done",.. TOAST_VARIANT_BUTTON_FREE: "Search securely . FREE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Search unprotected",.. TOAST_VARIANT_BUTTON_NOT_WANT: "I don.t want free protection",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Your web protection isn.t fully setup.enable it for free",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Finish setting up your free McAfee web protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Safeguard your personal info",.. TOAST_VARIANT_1_INFO: "Browse and search with confidence knowing your personal info is protected. We.ll tell you which sites are safe &mdash; and which could be dangerous.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Take the worry out of the web",.. TOAST_VARIANT_2_INFO: "Browse worry-free k

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3632
                                                                                                                                                                                                                                        Entropy (8bit):5.365263001922846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Ks358rLYfTJnrXJm8Up0RtjRoZgeCYSL+VKDKNuKA5K7oUlYZxBOGsdUXc+Kno3t:vRg0tjy4BONb9GEjiGWPc+BIS
                                                                                                                                                                                                                                        MD5:BA3FA5E5B4E129856321EEE5AFEA7C2A
                                                                                                                                                                                                                                        SHA1:CC869883C897B85C9E74248FE56E84AFE514FF09
                                                                                                                                                                                                                                        SHA-256:04A8B7DAD811A670C26175E8D77FDD3AEBB6E445D69D488D4B9DF5E8178C9C9E
                                                                                                                                                                                                                                        SHA-512:F4D1F7BB85A9DD3F8ED9637A692AFE1D67F144D729B7C3C9F2B54EA4EEE8FB05286A2BB3702F7C5C22913A39C4F12AF837A3309FB26BDF2B98177E53D882DD39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Quieres a.adir protecci.n extra en tus b.squedas?",.. TOAST_VARIANT_CHECKLIST: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Buscar de forma segura GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A.n no has terminado de configurar tu protecci.n web: es gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web de McAfee gratis",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te indicaremos qu. sitios web son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Olv.date de los pe

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3652
                                                                                                                                                                                                                                        Entropy (8bit):5.36862951096208
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KHJS5wrLYl0ImbIrXJmfUp0RtjvZgPChBxZSLWKJKDuKlZKIUldZxecemv+G0pPl:QskmV0tjvHhHs4Db+XVpIWYcXBM/j/
                                                                                                                                                                                                                                        MD5:AAB72366E7BD9D0CCCED2D36E36E778C
                                                                                                                                                                                                                                        SHA1:A9B9CE1100DB77F9D5A83B1E2A767EB687C50EC7
                                                                                                                                                                                                                                        SHA-256:9E4D9110A241A1FB04FEC6A3AF120C77F5FE05F0C21E73F5B554D90E1CCBD05E
                                                                                                                                                                                                                                        SHA-512:182615DF5C80CE66D88E36F7D8F14377D565D3AFD26A21BEA3FA0860B2EFC743A123AA0A04AF44DDFE302FF96B7E8CDD2BBA778CE6A42747B665F997BB0F7C43
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Te gustar.a agregar protecci.n de b.squeda adicional?",.. TOAST_VARIANT_CHECKLIST: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Busca de forma segura, GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Tu protecci.n web no est. completamente configurada: habil.tala gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web gratuita de McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te diremos qu. sitios son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Navega por la

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3556
                                                                                                                                                                                                                                        Entropy (8bit):5.347283549492298
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:dWem9nFXHGetHHST0of6hMJHL5Y+jMp1t3NQh8lp:shXmetHyYof6hMJHLm+jEt3NSGp
                                                                                                                                                                                                                                        MD5:731D0EA3BAB93E021C951A9ACAB6E223
                                                                                                                                                                                                                                        SHA1:3DE61E0896A0553E7D0AF835DE667F1453D93A72
                                                                                                                                                                                                                                        SHA-256:9389D68EACF47C85E5ABBBDB78695F6BD9012212F9C21EC634275C970C9790EC
                                                                                                                                                                                                                                        SHA-512:5C7CEBAB822020ADC472AEB6785D57A3AE917D3F4617C46D9C51BC06B4CC6876F0F4EDED69FA565B56E5151F69A26F3A2C3F27D14788F67F3BA3003A981FEFA3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Haluatko lis.suojausta hauille?",.. TOAST_VARIANT_CHECKLIST: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. TOAST_VARIANT_BUTTON: "Valmis",.. TOAST_VARIANT_BUTTON_FREE: "Hae suojatusti . MAKSUTTA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hae ilman suojausta",.. TOAST_VARIANT_BUTTON_NOT_WANT: "En halua ilmaista suojausta",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Verkkosuojausta ei ole otettu t.ysin k.ytt..n . ota se k.ytt..n maksutta",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Viimeistele McAfeen maksuttoman verkkosuojauksen k.ytt..notto",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Turvaa henkil.kohtaiset tiedot",.. TOAST_VARIANT_1_INFO: "Selaa ja hae huoletta . henkil.kohtaiset tietosi suojataan. Kerromme, mitk. sivustot ovat turvallisia ja miss. voi piill. vaaroja.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Ei huolen h.iv.. verkossa",.. TOAST_VA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3937
                                                                                                                                                                                                                                        Entropy (8bit):5.325857152978712
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:a/ScFsBmXt/CuFCNSCAQ9BYYmWJmn9AvwuHAnp/SsQWgXcm:aKOEAt/tFqSpQ9BhrmKYEApKsQym
                                                                                                                                                                                                                                        MD5:4AE521A2ADBF616AC09649A6136099BF
                                                                                                                                                                                                                                        SHA1:A9EDA7D3F9C14A73C6D23E670FD37BEA1F525FC8
                                                                                                                                                                                                                                        SHA-256:A3AEBA9909E01C09FE4EA4EBCE8E4D5A297A5802C0D931FD11BC5781D9EB2F28
                                                                                                                                                                                                                                        SHA-512:FE7AD12887BCCAD25F8D42F6DFB73378EF17C07BA17C32C9485124BEF5E286193C7D660FFA2F775D2859D4823E20D7B04355C8C0A099B7FF662E9BA24F36E355
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Aimeriez-vous ajouter une protection suppl.mentaire . vos recherches?",.. TOAST_VARIANT_CHECKLIST: "Oui, activez la recherche s.curis.e au red.marrage de mon navigateur.",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Recherche s.curis.e - GRATUIT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Recherche non prot.g.e",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne veux pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas enti.rement configur.e. Activez-la gratuitement.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Compl.tez la configuration de votre protection Web McAfee gratuite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos donn.es personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez avec confiance en sachant que vos donn.es personnelles sont . l'abri. Nous vous indiquerons quels sites sont s.rs et ceux qui pr.sentent un danger."

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4024
                                                                                                                                                                                                                                        Entropy (8bit):5.32197544571694
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:b34FUJtSNXfN0SPAuWXhC00ZmnfQR9SujAnV3JyMAh:bQMtkWS4umSmoCgAVgh
                                                                                                                                                                                                                                        MD5:C04956B6946712B30F6DF0FBBF9F7C40
                                                                                                                                                                                                                                        SHA1:EF3E5E3A2D9A8FCB474733614E7D1DD1E8549B15
                                                                                                                                                                                                                                        SHA-256:7BACC85701838E0302A8FAFD95789E48F2DE00F7371FE53DD222B7D15AC40AFF
                                                                                                                                                                                                                                        SHA-512:878A74B7D551EA27AA13492FF33E518A66D05EEB0759E41CCE19D0B29DB1AFCC787B82463E70F3068CAAC7AC8E1F99F89EC830F43B33F3F158DA3AE2B9642901
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Souhaitez-vous ajouter une protection de recherche suppl.mentaire.?",.. TOAST_VARIANT_CHECKLIST: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Rechercher de fa.on s.curis.e . GRATUITEMENT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Rechercher sans protection",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne souhaite pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas totalement configur.e. Activez-la gratuitement",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Terminez la configuration de votre protection Web gratuite McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos informations personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez en toute confiance en sachant que vos informations personnelles sont prot.g.es. Nous vous indiquerons quels sont les sites s.c

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3635
                                                                                                                                                                                                                                        Entropy (8bit):5.44810511568993
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:ajcHGot9qU8FSKd49nVVtx5B9Psk+20fmlq:zBt9z8Fjd493txz/L0fmlq
                                                                                                                                                                                                                                        MD5:6EA35A6A7E77D8D9E87A631FA8F3DC37
                                                                                                                                                                                                                                        SHA1:CADD782257293C5DC46A9A4AD4D3BDAD08696D5B
                                                                                                                                                                                                                                        SHA-256:8C24E8B65269E1D1048D1DBDA6A2913C391C31F20871B59E490EF4E7298E654D
                                                                                                                                                                                                                                        SHA-512:65B831F291A5DF8246B7056C3FA0372D2A85DF580A931F831F33ED355967380768B7B158454CBCAB14D296508A669DFD5E8555C31CD70133091734B5E4FE6477
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodati dodatnu za.titu pri pretra.ivanju?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.ite Safe Search nakon .to ponovno pokrenem preglednik.",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Tra.ite sigurno - BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretra.ivanje neza.ti.eno",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a web za.tita nije u potpunosti postavljena - omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavljanje besplatne McAfee web za.tite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Za.titite osobne podatke",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte s povjerenjem znaju.i da su va.i osobni podaci za.ti.eni. Re.i .emo vam koje su web lokacije sigurne & mdash; a koje bi mogle biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3828
                                                                                                                                                                                                                                        Entropy (8bit):5.517745405979984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KQpmKkwbL+sDfLlUpxKRtIC0vCGNAgc+LP+K5LK3TRKwJKV54QUQQ99P1s+l2cSP:6QtdTBPqw3Tg/UgbCx+lN4xM
                                                                                                                                                                                                                                        MD5:5CEAB1D74EC64DAE0215EECD06BE91A4
                                                                                                                                                                                                                                        SHA1:1C1B360F1A35EDEFC5213C3F5CA9FD930F8F3C6C
                                                                                                                                                                                                                                        SHA-256:C476BAAF44D7F1FE03235B9E19EBD5D23D4C1B900E2FE0689E78B2EFEA59A603
                                                                                                                                                                                                                                        SHA-512:30176163D5AA03FE28D2C5C32E6CEC504217B9F4BB6FA313ADC12DCD24816197805FFB748FDB6AB31A6A934B6DDAC77DCE2B00286EFD4C12F30025C0470F532E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Extra keres.si v.delemre is sz.ks.ge van?",.. TOAST_VARIANT_CHECKLIST: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tom a b.ng.sz.t.",.. TOAST_VARIANT_BUTTON: "K.sz",.. TOAST_VARIANT_BUTTON_FREE: "Keressen biztons.gosan . INGYEN",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Nem v.dett keres.s",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nem szeretn.k ingyenes v.delmet",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webes v.delme nincs teljesen be.ll.tva . kapcsolja be ingyenesen",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Befejezte az ingyenes McAfee webes v.delem be.ll.t.s.t",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Szem.lyes adatok v.delme",.. TOAST_VARIANT_1_INFO: "Magabiztosan b.ng.szhet, hiszen szem.lyes adatai biztons.gban vannak. Megmondjuk, hogy mely oldalak biztons.gosak, .s melyek lehetnek vesz.lyesek.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3548
                                                                                                                                                                                                                                        Entropy (8bit):5.233302989528303
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:9xj3zLp7tpe0ddA4Pxt9Qmcnq1qYENfDI/0DES:T17tpe0sQxt9QZ+qHY05
                                                                                                                                                                                                                                        MD5:832D1E4B0B47693401F27F2CA25B16CF
                                                                                                                                                                                                                                        SHA1:C1BD7541EF4B46EBB7F39713B82782B508ABD7FD
                                                                                                                                                                                                                                        SHA-256:B18E0E30CC569F8F8530FBE3E0E8A7B9CD183C14F5C385F2AD2C3FF8CDD6F90A
                                                                                                                                                                                                                                        SHA-512:C6592C552ADB467FDE1D4CB16AE96AF96F9873B364806230EFCF1C7C4EE02314AD1999BCD7E79A022E431F6317B6851589F5E0B308E3378C38C36E7A87148ED7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vuoi aumentare la protezione delle ricerche?",.. TOAST_VARIANT_CHECKLIST: "S., attiva la ricerca sicura dopo il riavvio del browser.",.. TOAST_VARIANT_BUTTON: "Fine",.. TOAST_VARIANT_BUTTON_FREE: "Ricerca sicura . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ricerca senza protezione",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Non desidero la protezione gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "La protezione Web non . configurata completamente. Attivala gratis.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Completa la configurazione di McAfee Web Protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Tutela le tue informazioni personali",.. TOAST_VARIANT_1_INFO: "Naviga e cerca senza timore sapendo che le tue informazioni personali sono protette. Ti segnaleremo i siti sicuri e quelli che potrebbero essere pericolosi.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Naviga sul Web in tutta tranquillit.",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3960
                                                                                                                                                                                                                                        Entropy (8bit):6.014091106818228
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:6hHMKEaeQVt4/aWso3rOx4mc2JYtwhnoIZH7Ssx:YB5ztO57Ox4mJ8Eogmsx
                                                                                                                                                                                                                                        MD5:91284D12C2F6BE7F3265B34FECF57462
                                                                                                                                                                                                                                        SHA1:34F08B1CB6F70EF9BEB4A772E862755DE6FAA3E8
                                                                                                                                                                                                                                        SHA-256:10066143A6D4183D07C1EE20DC6B72A6493CA83042FA63B18EB82E8557D356CE
                                                                                                                                                                                                                                        SHA-512:F6A4E507E4A5DD82B7EF3171CAF7C755DAD8532DF0DD3828D26F11441968FDA2F5E3B566FFA34581DC68A787FFA31E3C21DAE77B79B276C512E1FD3C1A37ED27
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: ".................. ...........",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "..... - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..........",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web ...................................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........ Web ...................",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "............",.. TOAST_VARIANT_1_INFO: "..................................................",.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3783
                                                                                                                                                                                                                                        Entropy (8bit):5.930936945865895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KwNX9/6gkTR6wtUp7RtlvCI/Lg7KoR/+KNM2KHK4Uq0RxIZr1ZNpiL8s/cCM7R+e:P26Ft8+W/rNIqxmQlbe6qFlj7n
                                                                                                                                                                                                                                        MD5:6D2FC5D5309788421889E48C6E541E9C
                                                                                                                                                                                                                                        SHA1:59A6E9AB53F84E0D274C3FD22D0428AF7EBB36B0
                                                                                                                                                                                                                                        SHA-256:23D6454C0A9493574C2FF5AC70F99D398424C02B0146574F0249C88DFDA8CCCC
                                                                                                                                                                                                                                        SHA-512:1742303F0542B2A4A8F2CDB086DA03D809F4E6EBFA6959CDBC850CA4FC71886B3C33524A580CEBBBEF6AEFA76ED81CBE518BBC005AAA8B8B7125BAF302D5DAB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".. .. ... ........?",.. TOAST_VARIANT_CHECKLIST: "., . ..... .. ... . .. ... .......",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "... .. - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. .. ..",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".. ... .... ....",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". .. ... .... ...... ... ........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".. McAfee . .. ... ......",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".. ... ......",.. TOAST_VARIANT_1_INFO: ".. ... .... .... .... ....... ... .... ... . .. .... .......",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3599
                                                                                                                                                                                                                                        Entropy (8bit):5.361970253589453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:wMQx7teYFyZ8K3XdIcJK10kNeso2bMUaMZiBdOG:8teYFyZ8K3N9E10kNtoYMUaMc
                                                                                                                                                                                                                                        MD5:63C3662BD8AC02782A14854B5349F15B
                                                                                                                                                                                                                                        SHA1:8BD0A29EDA4EB3E84F7113B02DCBF47BC36A7537
                                                                                                                                                                                                                                        SHA-256:03C55E7C83D578FBA0D7778111F5212F1CFBBFBDEFD2C15A67A646ED68C5B8FD
                                                                                                                                                                                                                                        SHA-512:79CEB7FAF83C3225AB0DD0318D45255579911A0F939A3B019ADAF60855C985C0DB9EA897A05108097FD4F727FE0A0170162DB8E60CD0431017ACF05492419F9A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du ha ekstra s.kebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. TOAST_VARIANT_BUTTON: "Ferdig",.. TOAST_VARIANT_BUTTON_FREE: "S.k sikkert . KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.k uten beskyttelse",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke ha kostnadsfri beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Nettbeskyttelsen din er ikke ferdig konfigurert . aktiver den kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Konfigurer resten av nettbeskyttelsen din fra McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskytt personopplysningene dine",.. TOAST_VARIANT_1_INFO: "Du kan surfe og s.ke uten bekymringer i visshet om at personopplysningene dine er beskyttet. Vi forteller deg hvilke omr.der som er sikre og hvilke som kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Slipp . beky

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3539
                                                                                                                                                                                                                                        Entropy (8bit):5.328628433196016
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:WupCvikhC0tR356VrLrVHgKFteK5/AhK/pxFoD4QkHdJJ:WupCvikbt9AVrLrVHhuk/AhK/pxOD4Q8
                                                                                                                                                                                                                                        MD5:046B6A4DF006AB11B72614C073B8B8C5
                                                                                                                                                                                                                                        SHA1:5CE3EEFBCE9306BFEB751944056AD37506E3062C
                                                                                                                                                                                                                                        SHA-256:91BC3869286327CF7AA4048AF48A7EA878A7E8C94F38489E8788BA234A5431E1
                                                                                                                                                                                                                                        SHA-512:C3A5D5C9B053DBCCC820508B02FF9BC0D961CFD93FA6C6582685200C886E3B871D60932B066DF8B1D50C41003048B5B035834AD018F56F929FFFEC62E1BF0B3D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Wilt u aanvullende zoekbescherming toevoegen?",.. TOAST_VARIANT_CHECKLIST: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. TOAST_VARIANT_BUTTON: "Gereed",.. TOAST_VARIANT_BUTTON_FREE: "Veilig zoeken . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Onbeschermd zoeken",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ik wil geen gratis bescherming",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Uw webbescherming is nog niet volledig geconfigureerd. Schakel uw bescherming gratis in.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uw gratis McAfee-webbescherming instellen",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Bescherm uw persoonlijke gegevens",.. TOAST_VARIANT_1_INFO: "Browse en zoek vol vertrouwen in de wetenschap dat uw persoonlijke gegevens worden beschermd. We laten u weten welke websites veilig zijn, en welke mogelijk niet.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Zorgeloos browsen",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3618
                                                                                                                                                                                                                                        Entropy (8bit):5.593265357282572
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:QrIqKLAst649Gs63IcBPevJwh8i8iiQlacMrIMXkIL:QcHtn9/pcBPevJwh8i8iiQlacMcMVL
                                                                                                                                                                                                                                        MD5:5A61B80845AB4A488387780EF70AD8FC
                                                                                                                                                                                                                                        SHA1:95B54859477D0025D46C66E0C9B9D16DFDFA2781
                                                                                                                                                                                                                                        SHA-256:E4E96D7650B556E76D40F05691CC00B5F8F95422DCACF4C0EE3D1B0AE0ACA5DB
                                                                                                                                                                                                                                        SHA-512:73A1C59265CE0F1328AC887469FC023F2E4B6E477E8008A4204E0B9F87816475F68DB0D989F8B8724EFF1B869A7232F77118856505112170EB7A4817096439C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcesz zwi.kszy. bezpiecze.stwo wyszukiwania?",.. TOAST_VARIANT_CHECKLIST: "Tak, w..cz Bezpieczne wyszukiwanie po ponownym uruchomieniu przegl.darki.",.. TOAST_VARIANT_BUTTON: "Gotowe",.. TOAST_VARIANT_BUTTON_FREE: "Wyszukuj bezpiecznie . BEZP.ATNIE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Wyszukuj bez ochrony",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nie chc. bezp.atnej ochrony",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Twoja ochrona w sieci Web nie jest do ko.ca skonfigurowana . w..cz j. bezp.atnie",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uko.cz konfiguracj. bezp.atnej ochrony sieciowej McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chro. swoje dane osobowe",.. TOAST_VARIANT_1_INFO: "Spokojnie wyszukuj i przegl.daj, wiedz.c, .e Twoje dane osobowe s. chronione. Powiemy Ci, kt.re witryny s. bezpieczne, a kt.re nie.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Spokojnie korzyst

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3738
                                                                                                                                                                                                                                        Entropy (8bit):5.344905240542473
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KpaRlEpnKqfJuUuRwyUptRtbVaKjJOhCf+L7UKkKwKfK6TU0kPVdq54420uUFLto:w3HtvJxfqFZC/tdHLwjLWz
                                                                                                                                                                                                                                        MD5:B484DBCD0BC5BDEAFC95B4E320570B41
                                                                                                                                                                                                                                        SHA1:92C6D2846A941DCC37E6A8FB06BAE8E5B3459625
                                                                                                                                                                                                                                        SHA-256:F8BB150E1D66F7B317481EEA0301F36D41753F633504EBC4BE070E698B10655D
                                                                                                                                                                                                                                        SHA-512:7D3FBE9299A336FF3FD08B757A6C135928FCC280E1E5826A6A13E119AB0198029DB758945983D3B0A45B172EA82DCD1589D64BD51B58A9E89FD553F751D9B3F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Voc. gostaria de adicionar prote..o de pesquisa extra?",.. TOAST_VARIANT_CHECKLIST: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquise com seguran.a GRATUITAMENTE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisa n.o protegida",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Eu n.o quero prote..o gr.tis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Sua prote..o na Web n.o est. totalmente configurada. Ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Conclua a configura..o da prote..o gratuita da Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com confian.a, sabendo que suas informa..es pessoais est.o protegidas. Informaremos quais sites s.o seguros . e quais podem ser perigosos.",.. // Toast variant 2 specific.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3683
                                                                                                                                                                                                                                        Entropy (8bit):5.338046016472384
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KVFTplRl0d61FB0yUpDRtbVaK6HOd0TZeC5p30BL7UKkKHKMKFTUBk30aB5qyQOA:GE3ttmud03zEPFqtvEezHWNdLb
                                                                                                                                                                                                                                        MD5:24BCE503317956051C2DAF5A2FEE1D82
                                                                                                                                                                                                                                        SHA1:59B497AE2A5968198F9A7A70978C61569ED1E6C3
                                                                                                                                                                                                                                        SHA-256:3D6FDC58D15C7F43DF1DF2C30DEC345A67FA77523E90220C1516E7206A32A60D
                                                                                                                                                                                                                                        SHA-512:872CD509215408AD9B73CF6EBD7BF234BA1753608E1CF1621E86C52F0B7045CDDEA46FB1241B0E37C4409CE306D10C6B415234FD5EFDD11799AAA11FE5D53974
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Pretende adicionar prote..o de pesquisa suplementar?",.. TOAST_VARIANT_CHECKLIST: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquisar em seguran.a . GR.TIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisar sem prote..o",.. TOAST_VARIANT_BUTTON_NOT_WANT: "N.o quero prote..o gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A sua prote..o Web n.o est. conclu.da: ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termine a configura..o da sua prote..o Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja as suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com a confian.a de que as suas informa..es pessoais est.o protegidas. Vamos indicar-lhe que sites s.o seguros e os que podem ser perigosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Deixe

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5374
                                                                                                                                                                                                                                        Entropy (8bit):5.130785974433442
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:/Li+T0t5WKRmY8vzQedwpNv473IdQ/NtRgn:f0t5Dl8vzQex7DNPgn
                                                                                                                                                                                                                                        MD5:DC2D53618078BF5EE98AD3789D55AA6C
                                                                                                                                                                                                                                        SHA1:A89E591AEDF6C12F06BF867554A75D1091EFFD65
                                                                                                                                                                                                                                        SHA-256:EC5AAEF069F36C78A4485A1C3745A482320F18D5A15B43A28F640A0DC5D7A0D0
                                                                                                                                                                                                                                        SHA-512:155EAA09EAF03822BB294F5BFABD132B192A1591C9F37541D219C65A53BECB0054F39F4F47F96DE15C69A23F0FA9D6C47CD6C4557C0C9A64B7A0FE3562519ACF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... ........ .............. ...... ......?",.. TOAST_VARIANT_CHECKLIST: ".., ........ .......... ..... ..... ........... .........",.. TOAST_VARIANT_BUTTON: "......",.. TOAST_VARIANT_BUTTON_FREE: ".......... ..... . .........",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..... .. .......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .. ..... .......... ......",.. TOAST_VARIANT_TITLE_NOT_SETUP: ".... ...-...... ......... .. ......... . ........ .. .........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "......... ......... .......... ...-...... McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........ .... ...... ..........",.. TOAST_VARIANT_1_INFO:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3752
                                                                                                                                                                                                                                        Entropy (8bit):5.647213774791545
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:G/v3lJ6qJt9g29MgiL+tBjYE7+R8LB0HDDx+U16j:G3l4At9g29MnL+tpYE7o8LB0Xx+v
                                                                                                                                                                                                                                        MD5:84A2B59A200F1C9AED6C165233379784
                                                                                                                                                                                                                                        SHA1:19E69C82C91F0DA54FB9F53E3DB1FE27DF0D5B7B
                                                                                                                                                                                                                                        SHA-256:72F3649A7BF4E3A238BC4B5F3B0BD8A06EC5DE9A55D2783C32F87A1E5738FCD2
                                                                                                                                                                                                                                        SHA-512:41FD22971F99909656B03BD6B3EBC13FDB5802AAAC0BBE8E097B0029933A16266B7EB0A4F6D86ED854238FFAA77BB0593947E4B7DD5F2D424AA20DAA198852F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcete zv..i. zabezpe.enie vyh.ad.vania na internete?",.. TOAST_VARIANT_CHECKLIST: ".no, zapn.. zabezpe.en. vyh.ad.vanie po re.tarte prehliada.a.",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Vyh.ad.va. so zabezpe.en.m . ZADARMO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Vyh.ad.vanie nie je chr.nen.",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechcem ochranu zadarmo",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webov. ochrana nie je .plne nastaven. . aktivujte ju zadarmo",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ite nastavenie webovej ochrany od McAfee zadarmo",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chr..te svoje osobn. .daje",.. TOAST_VARIANT_1_INFO: "Preh.ad.vajte web a.vyh.ad.vajte inform.cie bez ob.v v.aka ochrane osobn.ch .dajov. Uk..eme v.m, ktor. lokality s. bezpe.n. a.na ktor.ch hroz. nebezpe.enstvo.",.. // Toast variant 2 specific.. TO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.447837939845179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:5541sqXt9UFE+s49f8cQq5gAWFLrf9UQba:5Yt9UFq49LQqyfFvOQba
                                                                                                                                                                                                                                        MD5:75848ADF876428BCAF9B46E099D510A7
                                                                                                                                                                                                                                        SHA1:234A763C89226315A521C75F274891DAC8C731A2
                                                                                                                                                                                                                                        SHA-256:748C2D6BAD10907674CF129F23618DAD646BB105FC1275036A238FD3D56C7E35
                                                                                                                                                                                                                                        SHA-512:0EF16538CFBD4093FB4565A6D1ED1993DE4240F333C716F76BF908568B9C60688411031FB17A30FA6DC1DF911A85AE385DB1945653DE79E50E53A69A2E539937
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodatnu za.titu pretrage?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.i Secure Search nakon .to ponovo pokrenem pregleda..",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Pretra.ujte bezbedno . BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretraga nije za.ti.ena",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a za.tita na internetu nije u potpunosti postavljena.omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavku va.e McAfee za.tite na internetu",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".titite li.ne informacije",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte bez brige znaju.i da su vam li.ne informacije za.ti.ene. Re.i .emo vam koje lokacije su bezbedne . a koje mogu biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite brigu sa veba"

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3492
                                                                                                                                                                                                                                        Entropy (8bit):5.43263730809154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KaGqWQzrHqWU7B10Up8LRtXbY8ACXGiLuKcUCLK6LKVKo9U31Ta920FLlpx/TV5y:B6CtsQ2klVdM5+9npxU2oBZvOF8Ke/
                                                                                                                                                                                                                                        MD5:A7CA64B3B9C74251F5C38A623ECDB1C3
                                                                                                                                                                                                                                        SHA1:296D1BE93423158A2011325C2A7D69CB70F21DE2
                                                                                                                                                                                                                                        SHA-256:A0F9813680A31316475FC5C3D63A2C67B609BDEAC15A1798FC204C9A3C3BA3FB
                                                                                                                                                                                                                                        SHA-512:4D41579633C8BD81C3ED0D76743904C95FA94B653AA9C159A683715CF630B5D900E8E2892FA051A23A7263A6A64509F21E15580921D30619B0C7329976220286
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vill du l.gga till extra s.kskydd?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. TOAST_VARIANT_BUTTON: "Klart",.. TOAST_VARIANT_BUTTON_FREE: "S.k s.kert - KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Oskyddad s.kning",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jag vill inte ha kostnadsfritt skydd",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Inst.llningen av ditt webbskydd .r inte fullbordat - aktivera det kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Fullborda inst.llningen av ditt McAfee-webbskydd",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Skydda din personliga information",.. TOAST_VARIANT_1_INFO: "Surfa och s.k tryggt i vetskap om att din personliga information .r skyddad. Vi ber.ttar vilka webbplatser som .r s.kra . och vilka som kan vara farliga.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Surfa p. n.tet utan oro",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3702
                                                                                                                                                                                                                                        Entropy (8bit):5.514258187564101
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CCIbtSgyGyouKx+bG/dDeFfQ3t16h87oCe:8t1yGydKx+SlN916hqG
                                                                                                                                                                                                                                        MD5:5068C75E130E256EEDF9E56583BB29E8
                                                                                                                                                                                                                                        SHA1:7D819A8F60DB44C5877C25DF19AB855B79C46778
                                                                                                                                                                                                                                        SHA-256:A2AE2F6609582487247DA41940DA876E0AAA89DF1E70AB46E2513F557CD30EA1
                                                                                                                                                                                                                                        SHA-512:31489C0665EF9A8311D70566DA0315F4E908891A988090E9619DDD1E3538A562B864DBD1AA78352A279BD5C01542A1A428FC5D3D4BEED0FAA8FE6B08BF5A934C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Ekstra arama korumas. eklemek ister misiniz?",.. TOAST_VARIANT_CHECKLIST: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. TOAST_VARIANT_BUTTON: "Bitti",.. TOAST_VARIANT_BUTTON_FREE: "G.venli arama yap.n - .CRETS.Z",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Korunmadan arama yap.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".cretsiz koruma istemiyorum",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web koruman.z tam kurulmam.., .cretsiz etkinle.tirin",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".cretsiz McAfee web koruma kurulumunuzu tamamlay.n",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Ki.isel bilgilerinizi koruyun",.. TOAST_VARIANT_1_INFO: "Ki.isel bilgilerinizin korundu.unu bilerek g.venle gezinin ve arama yap.n. Hangi sitelerin g.venli, hangilerinin tehlikeli olabilece.ini size s.yleyece.iz.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Endi.eleri webten uzak tutun",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3220
                                                                                                                                                                                                                                        Entropy (8bit):6.321706518970158
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KpV0YrIr3BkaxUpYNRtt5K2dCaLQzKeKGBKHlKCQUDlFJ5g68a1MzflHS/+xKAYO:aS9KotKvaLJ8CJFPl8aSwXNtl43b
                                                                                                                                                                                                                                        MD5:A7860BA1FB405475626241C20FBB529B
                                                                                                                                                                                                                                        SHA1:4FE3C20BF37E7CF1509572EC21999EBF435E02AE
                                                                                                                                                                                                                                        SHA-256:D31DD76FDAEEC40547850219A82631E7DBA9CE5BE425478E1E2C541B7860BDDF
                                                                                                                                                                                                                                        SHA-512:8DAFD236BFFDDAEA3CDA5859FBDE3470C9FCE956C86640D4838297E3B82400913498B8FE0C84B5F2DA6B2B7471BD3044FB8A603018F901F8CE544D153C2D18EE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...........",.. TOAST_VARIANT_CHECKLIST: "................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "...................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".............",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: ".................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "......",.. TOAST_VARIANT_2_INFO: ".........................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3309
                                                                                                                                                                                                                                        Entropy (8bit):6.332643698930827
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:LjGwO6t6wKA44s2xr92kwcK8jtUuhSSmcV:tt6wc4s2xrskwc3U6SSBV
                                                                                                                                                                                                                                        MD5:6C3CC72C225E42092B15CA63DF5F5EA3
                                                                                                                                                                                                                                        SHA1:2C71ED5D8CE7F11B285475647F6C046AFAC0087D
                                                                                                                                                                                                                                        SHA-256:01A0C3041939871A8DE9046216E39BF752A79EEC312B6F83F2612DA0BAF34A30
                                                                                                                                                                                                                                        SHA-512:07091EF3065684F6764BB6961F362FBA8898C0C0EC3EB6F879D2D03C2C3B18FF8F144C6E32901DD133C44DB409576AB9ADE2919FBE660446636CEB07C59CB8DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: "...................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ....",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".............",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "..... Web ...........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "..... McAfee Web .....",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: "................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: ".......",.. TOAST_VARIANT_2_INFO: "..........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2317
                                                                                                                                                                                                                                        Entropy (8bit):5.715868911757881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvSUqYRSK+R28Y2zgJsQqpq/83qkj6B9nw4RJtlzysE:C6UnSKOY2zegB6Dnw
                                                                                                                                                                                                                                        MD5:B04C05E4A04B010DA5A2FB6F06F0EA1B
                                                                                                                                                                                                                                        SHA1:4C507189448B3CAEDC7426FC00FBB8AB9FBC237E
                                                                                                                                                                                                                                        SHA-256:12B6F9AEA00E4BCA3744DB290AF5B0A3CC0BD5388100CDC58128587FB72E9AF6
                                                                                                                                                                                                                                        SHA-512:72A54C1D3EDF4C81E156518F4375324EB2647F9F7DC7E077C07F184B8F6F0935F5926D75E13A33AEEEBCA77755D39ED66885AAD6AA11F89FDFF78D6D46D0DB43
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.te k dispozici dal.. mo.nosti ochrany",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Vy... ochrana je p.ipravena",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Vy... ochrana je vypnuta",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Tyto funkce vy... ochrany v.m zajist. v.t.. bezpe.. online. Zapn.te je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.e je nastaveno! Kdy. p...t. znovu spust.te prohl..e., budete moci s jistotou vyhled.vat pomoc. funkce Bezpe.n. hled.n. McAfee, kter. v.m uk..e, kter. str.nky lze bezpe.n. nav.t.vit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Je vypnut., proto.e bylo zak.z.no nebo odebr.no roz...en. pro hled.n., kter. je sou..st. vy... ochrany. Z.skejte tyto funkce zp.t.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2319
                                                                                                                                                                                                                                        Entropy (8bit):5.420745904460456
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdgRfy2uhvydFxcosFBzr628e3kC8osd8vbCsUcJheOqmv0p/c7THyFfG/IKH:CvJjkjVsFprf0Ksd4Ajfm0p4TS4Zudaf
                                                                                                                                                                                                                                        MD5:A4ACA5BF37470F7431FF19EFF2C41649
                                                                                                                                                                                                                                        SHA1:B453CBCB66E62A4D10427EC87E72EAA397802059
                                                                                                                                                                                                                                        SHA-256:ED6288BD2FA49E2351DB7CABF4CC74854B857395D722FE78BA968100A7F159F0
                                                                                                                                                                                                                                        SHA-512:21B131978CD5B7984C94DA0BA95F5F5F9EADB8F2724E6DA7F74A2C8D62CA451464EEE8B255CC41350B4F864558695D70A31D71B72B59369632B01F8EF8CC0955
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har flere beskyttelsesmuligheder",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er aktiveret",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er deaktiveret",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse ekstra beskyttelsesfunktioner forbedrer din onlinesikkerhed. Sl. dem til.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt er parat. N.ste gang, du starter browseren, kan du surfe p. internettet i sikkerhed, fordi McAfee sikker s.gning viser dig, hvilke websteder det er sikkert at bes.ge.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funktionen er deaktiveret, fordi s.geudvidelsen, der er en del af den ekstra sikkerhedspakke, er sl.et fra eller er blevet fjernet. F. disse funktioner tilbage nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sikker s.gning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser dig, hvilke websteder d

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2382
                                                                                                                                                                                                                                        Entropy (8bit):5.446052546996521
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvzhxfTyDKyA7h3CFycAOFsxEclSgH084:C1xfeDS3CT2I/N
                                                                                                                                                                                                                                        MD5:D9A68CF5FA53A9BF503FDF88374E6AA8
                                                                                                                                                                                                                                        SHA1:11CA637ECBDB7BB5DCBC3DA877925EBAC9D957BA
                                                                                                                                                                                                                                        SHA-256:819CC710C8A193D9A1ED5F11B77B19800C383DA6B3B8BF537E1270A7EDBDBD5C
                                                                                                                                                                                                                                        SHA-512:D07EB93ACDFABC09A70923F5BE4BE91E51F77E000FD56CE7DBC00B39CF03DA40EAF613CE63C55DC4E495D241F2FFD9C3AB3B9D9D516583FA0E67F5DDA569A6F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Es sind weitere Schutzfunktionen verf.gbar",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zus.tzlicher Schutz wartet auf Sie",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zus.tzlicher Schutz ist deaktiviert",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Mit diesen Funktionen des zus.tzlichen Schutzes sind Sie online besser gesch.tzt. Aktivieren Sie sie.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alle eingerichtet! Wenn Sie das n.chste Mal Ihren Browser .ffnen, sollten Sie die sichere Suche von McAfee nutzen, um in Ihren Suchergebnissen zu sehen, welche Websites sicher sind.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Sie ist derzeit nicht verf.gbar, da die Sucherweiterung, die eine Komponente des zus.tzlichen Schutzes ist, deaktiviert oder entfernt wurde. Aktivieren Sie diese Funktionen jetzt wieder.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sichere Suche", .. SEARC

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3630
                                                                                                                                                                                                                                        Entropy (8bit):5.082348269919875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CNwyIyaSMAwsC38BDAeuDFKed0uHpUKtf:CNuzDAAmtuJlDpUKtf
                                                                                                                                                                                                                                        MD5:2E0533650D501C20272F529FE1CC2E3F
                                                                                                                                                                                                                                        SHA1:B3BC796035476A42CA318DA376DB386E7EFCB1B3
                                                                                                                                                                                                                                        SHA-256:9B5275A63E7259170D741430CAD8C44BF8114630C810F06A7047B88282FBCE53
                                                                                                                                                                                                                                        SHA-512:8455DECCC874DECA5A6F2E3F5AA89BFC9BAB6257BAA041F12A2D7435686446D1F9A3BAED372E723774769854E148166DC7A864A4ACC2B4ECB12213D85B0C8776
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "..... ........... ......... .........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ". ........ ......... ..... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ". ........ ......... ..... ................",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "..... .. ........... ......... .......... ... ....... ... ........ online. ............. ... ............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .......! ... ....... .... ... .. .............. .. ......... .......... ..., ......... ........... .. ..... .. ... ...... ......... McAfee ... ... ....... ..... .....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2039
                                                                                                                                                                                                                                        Entropy (8bit):5.453076477780133
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Cv45dlzloc0Zvdr05DJMtWXS7bJ3sLEISkz68:CKHzloLZ25DJMtiUW4Nkt
                                                                                                                                                                                                                                        MD5:93C630D9AD8363E260AE92AB7044CF48
                                                                                                                                                                                                                                        SHA1:973E7377DB457D7FD624F55FE5B8BB9C97C7399B
                                                                                                                                                                                                                                        SHA-256:64A7FFB454A0FD3254532879EBEF4DEBD133EF394FF33EC661C13FBB77278F05
                                                                                                                                                                                                                                        SHA-512:4683FB5263D05A0DACB307D54CA52EDE4F53864A979A1D033020375437075B84EF0E0EB9154AB5DDFA124974C9411712926F895B649E6FC8C0B338A01E49257B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "You have more protection available",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Added Protection is ready",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Added Protection is off",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "These Added Protection features keep you safer online. Turn them on.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "All set! The next time you restart your browser, search confidently with McAfee Secure Search showing you which sites are safe to visit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "It's off because the search extension that's part of Added Protection was disabled or removed. Get these features back now.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} shows you which sites are safe before you visit them.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Ad Blocker", .. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2325
                                                                                                                                                                                                                                        Entropy (8bit):5.439646708329903
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdgk9mBAPBQdBFXyUzwXFoI1mfCzZA8hmUA1ov8KJMfePnEW4dpaPVFk4/3Ph:Cv7MkYFXTzGFoIEWPyovzQArVZGLIwMD
                                                                                                                                                                                                                                        MD5:C91ADF3E2C643F7F73B9201D70A5CFE3
                                                                                                                                                                                                                                        SHA1:4E479E5231A79422A2EFAF57444AB5664C6D1AB9
                                                                                                                                                                                                                                        SHA-256:287DD80EB4B35AD8CE30E35A565A1D893E261377FAD153CAB57B0ABD5D1C2DDD
                                                                                                                                                                                                                                        SHA-512:2F5B0C71A6EBE23BAFB72FA69900DB41D17040F4A27945CFDB232AC554F57B9773A26E94C145292076C2E585DA4A8967AFF8319445F6BFCF3D722D53043229D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puede disfrutar de m.s protecci.n",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protecci.n a.adida est. activada",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protecci.n a.adida est. desactivada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funciones de Protecci.n a.adida le mantienen a salvo en Internet. Act.velas.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Ya est. todo configurado. La pr.xima vez que reinicie su navegador, tendr. la tranquilidad de saber qu. sitios web son seguros gracias a la B.squeda segura de McAfee.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda incluida en la Protecci.n activa est. desactivada o se ha eliminado. Vuelva a activar estas funciones ahora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} le muestra q

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2241
                                                                                                                                                                                                                                        Entropy (8bit):5.453264218703966
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdgWQIvN6tKQtqWmwUV5mOZzZCB4vhmUwRKJhZfeT5gAdFqdVtBcwKHvcJi9/:CvlQIjWZKTZ8Kp6c0jqrtqvEIJ/OC
                                                                                                                                                                                                                                        MD5:D1D9F8BFAF1235DF5A5327519004A64D
                                                                                                                                                                                                                                        SHA1:5A290136DC97273D4246FF04299C65D77591007C
                                                                                                                                                                                                                                        SHA-256:84FA07E9B67A0A7315D602E4915E13294CC9683561E8080514B5072F3009A3C6
                                                                                                                                                                                                                                        SHA-512:D818DC0643DDDAAC972C71E5F81B4D58BF0E2E6F6D70126604F1D417776679555488BF7CE2DAD4ACB37F954D1F0CB477B87FCEBEA49BE84DBB47FA8572D8E9B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tiene m.s protecci.n disponible",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Protecci.n adicional est. listo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Protecci.n adicional est. desactivado",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas caracter.sticas de Protecci.n adicional lo mantienen seguro en l.nea Act.velas",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".Todo listo! La pr.xima vez que reinicie su navegador busque con confianza ya que B.squeda segura de McAfee le mostrar. cu.les sitios son seguros para visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda que es parte de Protecci.n adicional fue inhabilitada o eliminada. Recupere esas funciones ya mismo",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} muestra qu. sitios son seguros ant

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2246
                                                                                                                                                                                                                                        Entropy (8bit):5.423207109718243
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdgGvLPUQPmMdzpP5x4bICHA4fEOGVGd1Pwsx7LmNhI+a6soNxawi9dySBx7z:CvXlmMd9m6mdFwWrZ6kxuFrCQeLR
                                                                                                                                                                                                                                        MD5:8D689C3A3BDE4BBFC8D185D80C80A329
                                                                                                                                                                                                                                        SHA1:78127A7D66F55A2AD030FD5DB9B58D0EAF650A10
                                                                                                                                                                                                                                        SHA-256:EBDCDAE74ACA7451181C70F80AD7E429D5751799149374F101BF5D44A89DB17B
                                                                                                                                                                                                                                        SHA-512:6BDF2E91661D1549F1D8D0FAD27C3D277110AD4216816BABE07CACAEB22FCDB8E9C16B05D81FA5C41283DE9A8B7B5FE5A9082132A85BC5C9ADC4852A99EB04C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Lis.. suojausta saatavana",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Lis.suojaus on valmis",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Lis.suojaus on poissa k.yt.st.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "N.ill. lis.suojausominaisuuksilla pysyt paremmin turvassa verkossa. Ota ne k.ytt..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Kaikki on valmista. Kun ensi kerralla k.ynnist.t selaimen uudelleen, voit tehd. hakuja turvallisin mielin McAfeen suojatulla haulla, joka n.ytt.. vaarattomat sivustot.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Se on poissa k.yt.st. siksi, ett. lis.suojaukseen kuuluva hakulaajennus oli poissa k.yt.st. tai se poistettiin. Hanki ominaisuudet heti takaisin.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfeen suojattu haku", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} n.ytt.., mitk. sivustot ovat vaarattomia ennen

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2413
                                                                                                                                                                                                                                        Entropy (8bit):5.4423051651797465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvmQM4M92AhLMdlzu5ZHl0l1nD2qqhs4ecME:C+W42AhLmlzu5BkJyqK
                                                                                                                                                                                                                                        MD5:3BA64CA1293B95CF0582F69BCFE37D74
                                                                                                                                                                                                                                        SHA1:E70081892925A683C40809B85707180D4AB0A82B
                                                                                                                                                                                                                                        SHA-256:8F520190C4139B7DB330723376C66AD5C5EAA16EE4037920E1BADF7B75A26323
                                                                                                                                                                                                                                        SHA-512:40A8712784AC266AC0D0D3C3D94855D4541D4E711E320C9478CBC37AD3DC5ADBC4CA359DFB4F1339C04417FFEA5A3B6F4663F77A4481BED3EB2617B9E5B2D6CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Plus de protection disponible pour vous",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protection accrue est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protection accrue est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctions de protection accrue vous apportent plus de s.curit. en ligne. Les activer.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Pr.t! La prochaine fois que vous lancez votre navigateur, parcourez le Web en toute qui.tude pendant que la fonction de recherche s.curis.e McAfee vous indique les sites dignes de confiance.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Cette fonction n'est pas activ.e car l'extension de recherche qui fait partie de la protection accrue a .t. d.sactiv.e ou supprim.e. R.tablir ces fonctions maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_ADBLOC

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2494
                                                                                                                                                                                                                                        Entropy (8bit):5.444487240093578
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvqwGuHF9o9/EuB8u5J5AxHaaydCPjPXB0+1n:CSwGeY/EuB8u5olydCPr6+1n
                                                                                                                                                                                                                                        MD5:01B8313727CF5509A75D74342F1A733C
                                                                                                                                                                                                                                        SHA1:1CA2C1B526D976B557DE5ED96B4D87BDC40B6EBB
                                                                                                                                                                                                                                        SHA-256:E17459EBFF5C73EB8085CDC9603FDA8EC86460BCBA70E6408FAE5EDE79802325
                                                                                                                                                                                                                                        SHA-512:0599D8B235DCC24CA0694F47EB9A09E7029524B27578A480C3ECE830F603379B7E05099C4A0FA42C6B6C7E94B5002C6725ADE458AD7E64A8F07D2B7117D6E226
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Vous avez d'autres protections disponibles",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protection renforc.e est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protection renforc.e est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctionnalit.s de Protection avanc.e assurent votre s.curit. en ligne. Activez-les.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Vous .tes pr.t.! La prochaine fois que vous red.marrez votre navigateur, vous pourrez effectuer des recherches en toute confiance . l'aide de la Recherche s.curis.e McAfee, qui indique les sites que vous pouvez consulter en toute s.curit..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Elle est d.sactiv.e car l'extension de recherche qui fait partie de la Protection renforc.e a .t. d.sactiv.e ou supprim.e. R.cup.rez ces fonctionnalit.s maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2273
                                                                                                                                                                                                                                        Entropy (8bit):5.521198892269799
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvIoaSjp60i4X476LRiouHFshwFZcBmYt:CAejbVA8RcHFsh0ymYt
                                                                                                                                                                                                                                        MD5:21EA284E74CA6DD9DB183F074AF1D454
                                                                                                                                                                                                                                        SHA1:3175298788025034AC3D55D738B2294B4675DF04
                                                                                                                                                                                                                                        SHA-256:448136F169159EC3A9288E4EF8E48A81461F4D2D9490155083090D9D0985D532
                                                                                                                                                                                                                                        SHA-512:E34C405BA9CAD0CAC63B94A751D999A7D49030C6A2828D3B64C23202E294209709E6B7DCED396C2C23CB690EC21281BE60A82A3DE48A99754E4A4341927B1979
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dostupna vam je ve.a za.tita",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcionalnosti dodatne za.tite .ine vas sigurnijim online. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Sljede.i put kada ponovo pokrenete svoj preglednik, samouvjereno pretra.ujte uz McAfee Secure Search koji .e vam pokazati koje je stranice sigurno posjetiti.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.eno je jer je pro.irenje pretra.ivanja koje je dio Dodane za.tite onemogu.eno ili uklonjeno. Vratite ove zna.ajke sada.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} vam pokazuje koje stranice su sigurne prije nego ih posjetite.",.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2388
                                                                                                                                                                                                                                        Entropy (8bit):5.62799581098861
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvtCmH9aqAIDT5WSSWp7IpKwYnZmT+FLepwiV3lm4Cp7:CFCmHMVIqtYY+BWO
                                                                                                                                                                                                                                        MD5:480CF567C496E21DD5F104FF56F32E72
                                                                                                                                                                                                                                        SHA1:6D49C0661843C311CB8B52808724D70C410116FF
                                                                                                                                                                                                                                        SHA-256:2B99135BB6548A2749258CF28BB0DA786C50D1E7EBB969847C4761A3024F267D
                                                                                                                                                                                                                                        SHA-512:7438A6D6607BB3C1B72F4D3F19757559AB98D1118A8B0C512C6B0D60C869DE6A57D7C29BFFED015DE38DD9FA8DA47059BCCEDE94D235A388014FBE67B2B8F7D1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.g hat.konyabb v.delem .rhet. el",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A tov.bbi v.delem k.szen .ll",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A tov.bbi v.delem ki van kapcsolva",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "A tov.bbi v.delmi funkci.k m.g nagyobb biztons.got ny.jtanak online. Kapcsolja be .ket.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Minden k.szen .ll. A b.ng.sz. k.vetkez. elind.t.sakor magabiztosan kereshet a biztons.gos keres.s funkci. r.v.n, amely megmutatja, hogy mely webhelyeket keresheti fel biztons.gosan.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ki van kapcsolva, mert a tov.bbi v.delem r.sz.t k.pez. keres.s b.v.tm.ny le lett tiltva vagy el lett t.vol.tva. Vegye ig.nybe .jb.l ezeket a funkci.kat.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_ADBLOCK_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2180
                                                                                                                                                                                                                                        Entropy (8bit):5.433305293693542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvlUzrFEVioJofWr5HsJcxnyhXpwfJwTRraFQ:CpVioJoerVsJWylSm4G
                                                                                                                                                                                                                                        MD5:CDA97511FEDE6BC971D99F2C5237635B
                                                                                                                                                                                                                                        SHA1:DD9A361A0CC70A919B0F5C7A745392E71EE5B7EB
                                                                                                                                                                                                                                        SHA-256:54C57FAA6C4F22F9BBA3732A520A2CA45D28881F902920614BFDFFAAE3F0F073
                                                                                                                                                                                                                                        SHA-512:29C243A17A6F834AA8E544150D6931FDC0C1A75A3A5C9B472ECDF17749614AF5F3D57E145B5CD62F8AB996A91D8D1EAE0A2C2C358574326CF1CC29E6863C66C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puoi aumentare la protezione",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protezione aggiuntiva . pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protezione aggiuntiva . disattivata",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Queste funzionalit. di protezione aggiuntiva aumentano la tua sicurezza online. Attivale.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tutto pronto. La prossima volta che avvierai il browser, la ricerca sicura McAfee ti mostrer. i siti sicuri da visitare.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ". disattivata perch. l'estensione per la ricerca che fa parte della sicurezza aggiuntiva . disattivata o . stata rimossa. Riattiva subito queste funzionalit..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Ricerca sicura McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ti mostra i siti sicuri prima di visitarli.",.. SEARCH_TOAST_ADBLOCK_BULL

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2689
                                                                                                                                                                                                                                        Entropy (8bit):5.7891485894746575
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CDihdOhGELq02HhMyCYaYPuMLmeStoN5PcvhvD8veRz:CDihdsjz2BMRNkmTgg5wWRz
                                                                                                                                                                                                                                        MD5:2528A5B5506080917860D1FEDFD0CA57
                                                                                                                                                                                                                                        SHA1:62E52ED437876AF8BEB66490393C0EB7FD42A33D
                                                                                                                                                                                                                                        SHA-256:5EEFB7009916BE225B099F027BE2801C14DD5B8063DFDA80E950315C2DCD5098
                                                                                                                                                                                                                                        SHA-512:F84BD96CDAB51A1642E2EAE7C6613782F2EF7DF3965F06467F6A2AB1E640032D08C2748AA2422AB9FD7BF2CC2DFE92B5CCA9ECD9F173C36D0ECB1A51DCD1F190
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_ADBLOCK_HEADING: "..............",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "............",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "...............",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................... .............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".......... ....................... .... ....................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................. ...........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2396
                                                                                                                                                                                                                                        Entropy (8bit):5.8990881351370295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOVLgXlf/klv04CjUXktjHaQLKOudpQVg/xFSQXmYQgpyyqK4wQNqDhOnwIjuNE:C8FJUXy6XlbSvYi3wiQ/6
                                                                                                                                                                                                                                        MD5:B15F6015FB5EE5EA083BE3D516A1B2AF
                                                                                                                                                                                                                                        SHA1:DC17A791D7BDD1B1E2ED1006F450FB2C27542111
                                                                                                                                                                                                                                        SHA-256:435AF7FBE0B43529AB3256B499EAB445BB4582413F5F4D93D941C2134DA3A7B9
                                                                                                                                                                                                                                        SHA-512:C624D8AEB134466D47BF168CF176AC0BB165042304FE2EACCE764D800CFEC5BB945AAE6CC1BEAFBEF06DCE2E4B60625A177EA0DDC4942F5C564B2736A78DD116
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_ADBLOCK_HEADING: "... ... . ....",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".. ... ... . ....",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".. ... .. ....",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .. .. .... ... ... ... ..... ... ....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".. ........ ... ..... .. .... McAfee .. ... .... ... .... ..... .... ... . .....",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".. ... ... .. ... .... .. .... .. ... ... . ..... ... ... .. ......",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee .. ..", .. SEARCH_TOAST

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2170
                                                                                                                                                                                                                                        Entropy (8bit):5.445951597755009
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvJIksPYZC/uu6YZJN5QsKYmOArOhR/QExYG2h:ChI1Y0/u3YYsGKrYS0
                                                                                                                                                                                                                                        MD5:165FD91071155739FC589AF893CC035A
                                                                                                                                                                                                                                        SHA1:B9EFC1C40898E1130C67E5CB04DA2CAC10C1322B
                                                                                                                                                                                                                                        SHA-256:4141526C0A9B18C695DDAF63D9A63D2CE5537FE2CFE10F6C59E9F0D9D4473AA8
                                                                                                                                                                                                                                        SHA-512:BDA05192209B0214486F1B40504F053BACF980A242D0E7DC18E8D349E574B6D4BDC178553147C0AA3C08B25D28991F928ED963DB3295DB0E48787259CD9CCFC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Flere beskyttelsesfunksjoner tilgjengelig",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er klart",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse funksjonene i Ekstra beskyttelse holder deg sikrere p. nettet. Sl. dem p..",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt klart! Neste gang du starter nettleseren, kan du trygt s.ke med McAfee Sikkert s.k. Funksjonen viser deg hvilke omr.der som er sikre.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Den er av fordi s.keutvidelsen som er en del av Ekstra beskyttelse, er deaktivert eller fjernet. F. tilbake disse funksjonene n..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sikkert s.k", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser deg hvilke omr.der som er sikre, f.r du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2216
                                                                                                                                                                                                                                        Entropy (8bit):5.44182410906775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvKJpceq6RTcyrCBuH1ibZ/Pp93MK64kFUq5EpvnS41MA:CQSN6Roy8uHwZHpi34Tqmpqo
                                                                                                                                                                                                                                        MD5:EE5E188838F859C7741567EBD7292F64
                                                                                                                                                                                                                                        SHA1:57012928729B1BC5343C3413843A45BFA767DC77
                                                                                                                                                                                                                                        SHA-256:2A3EEFB558D8C12DEB53D92D309921136F211714B38035EB451B4F9407306FFB
                                                                                                                                                                                                                                        SHA-512:038C356DE36A85AD899618E6BED9955E8D6D2B51D31488BC5170556DA672FD6D2ADB12E8238599715336DD26BA2AD26F7F484EE02A6A79F2BFDF19F785B33012
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "U kunt over meer bescherming beschikken",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Extra bescherming is gereed",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Extra bescherming is uitgeschakeld",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "De functies voor Extra bescherming verbeteren uw online veiligheid. Schakel ze in.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klaar! Wanneer u uw browser opnieuw start, kunt u zorgeloos zoeken met Beveiligd zoeken van McAfee dat u precies laat zien welke sites u veilig kunt openen.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Het is uitgeschakeld omdat de zoekextensie die deel uitmaakt van Extra bescherming, is uitgeschakeld of verwijderd. Schakel deze functies nu opnieuw in.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} laat u zien welke sites veilig zijn voordat u ze bezo

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2289
                                                                                                                                                                                                                                        Entropy (8bit):5.687357670351731
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Cv4058MjlxcXI9qWiXgwsIvE8QK0tKWhEZ0JILHVI16sSIIRXp/:CQ01jCI9qXXLsIvE8Q5K+EOgVIEsSFXh
                                                                                                                                                                                                                                        MD5:58387DF1A6CABE9D1398527678141740
                                                                                                                                                                                                                                        SHA1:F4DE01049C95CAB9BD3BA4E65EA2337BE5055ACE
                                                                                                                                                                                                                                        SHA-256:A14AD32D01B47D8767ADF429C993A1316BBB54109BCEA8063FEB00C9D9FF52D7
                                                                                                                                                                                                                                        SHA-512:CC04B280E2969B5C9F20CE97184B2E05A4A8D19A20F05B8F0665A2F53C2F87546E5BD8D4F128653B349F094B7F01FD8C418527E6E478FC9A721582537BA004ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dost.pne jest wi.cej ochrony",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatkowa ochrona jest gotowa",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatkowa ochrona jest wy..czona",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Funkcje Dodatkowej ochrony pomagaj. chroni. Ci. w Internecie. W..cz je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Konfiguracja zako.czona! Po nast.pnym ponownym uruchomieniu przegl.darki, Bezpieczne wyszukiwanie McAfee pomo.e spokojnie wyszukiwa., informuj.c o bezpiecznych witrynach.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Jest wy..czone, poniewa. rozszerzenie wyszukiwania b.d.ce cz..ci. Dodatkowej ochrony zosta.o wy..czone lub usuni.te. Odzyskaj teraz te funkcje.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje, kt.re witryny s. bezpieczne,

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2225
                                                                                                                                                                                                                                        Entropy (8bit):5.47387320968386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvVVlKrZ/ez2L3dpZszSJEufUo7G+D3GDgkg:CNq62LizsUoCK+Hg
                                                                                                                                                                                                                                        MD5:90B914040F94107BA41FCB1772D09FA0
                                                                                                                                                                                                                                        SHA1:5ED45788C1396823D9C438156DF3A03A11178660
                                                                                                                                                                                                                                        SHA-256:7EAB510320494F6F4A7B2DA2946543FCEC2241A2B60D9D7086DD7D582BEADCDA
                                                                                                                                                                                                                                        SHA-512:3AC5135B3FD0B2C10F1634C25B2B8419FD0648BE4C5B2FA92A9351807B5019F67E8FF4047A43AD4AA08E6595B45496BA06A434F0B0109DFEB88F85C68D75D37C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Voc. tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Esses recursos de Prote..o adicional o mant.m em seguran.a online. Ative-os.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tudo pronto! Na pr.xima vez que reiniciar seu navegador, pesquise com a Pesquisa segura da McAfee que exibe os sites seguros de visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Desativado porque a extens.o de pesquisa que . parte da Prote..o adicional foi desativada ou removida. Traga esses recursos de volta imediatamente.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra quais sites s.o seguros antes de voc. visit.-los.",.. SEARC

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2324
                                                                                                                                                                                                                                        Entropy (8bit):5.466189875954599
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvOb9fKjnZdVrzzHUUFZeEi351TgV4/QbG9Okr7KJ:CWJmZTLUUFZgLQiLmJ
                                                                                                                                                                                                                                        MD5:EC48908B5800098F0DCA2673714EC557
                                                                                                                                                                                                                                        SHA1:82C398FCDD8D9C6F456BFF588214A2035B300E3C
                                                                                                                                                                                                                                        SHA-256:9F3A67D4AE54F253B91DDA8FCC8E70E3B90E4F9E4E0AA97DA86C5F5A46A490CA
                                                                                                                                                                                                                                        SHA-512:8DC3AE313E68937DB4DA497299A2830A7BAD06317AAD563B5E7405516F05150E8A1FC6CDF33F8082A875A18149F352D054B5CCC3E1BCDCE7467AF31FBB8BAF51
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funcionalidades de prote..o adicionais mant.m-no seguro online. Ative-as.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Est. pronto! A pr.xima vez que reiniciar o seu browser, pesquise com confian.a com a Pesquisa segura da McAfee a mostrar-lhe que sites pode visitar em seguran.a.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desativada porque a extens.o de pesquisa que faz parte da prote..o adicional foi desativada ou removida. Obter estas funcionalidades novamente agora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra-lhe os sites que s.o seguro

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3288
                                                                                                                                                                                                                                        Entropy (8bit):5.129607467704588
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:COrsBqgVZBkBuYVCdpLVREi4c1rTZPNiNbdK:CCsBqgVZiuYV8pLV16hK
                                                                                                                                                                                                                                        MD5:0D9400D81449A3F73B73150518D20C62
                                                                                                                                                                                                                                        SHA1:666ED7A2857AA21FCDA0348FD5445FD2DF1DEE9A
                                                                                                                                                                                                                                        SHA-256:E24967E0C1434CA28E0907FF6976156364A6B002E34BDCDB48C975D174FF5633
                                                                                                                                                                                                                                        SHA-512:1D3D38482B23BB6D02F325494E64BD7BD0463449B3415C87919E9DD7322033FC0CD7839C5C27CDD251AF9CE2433A25397FEF57C11819EF462962F87257F9869F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ". ... .... ...... ............ ... ......",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".............. ...... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".............. ...... .........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .............. ....... ...... ............ ............ . .......... ........ ...",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "... ......! . ......... ... ..... ............ ........ ......... ..... . ....... ....... ........... ...... McAfee, ....... ........., ..... ...-..... ......... ... ..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADIN

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2276
                                                                                                                                                                                                                                        Entropy (8bit):5.766692122839274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdg0FQ8YIcT3JOzrgffdIxL8EHbgnDHKXldVV/aVcFUC7wQi0o0ekfSanwINw:CvW8zM6pE2VDVGc377SI/tNOkhlSv
                                                                                                                                                                                                                                        MD5:7EBE57F97A47B89066289AF9E6D8B262
                                                                                                                                                                                                                                        SHA1:F01BC5CD1804745D99FEB4FD99A264220BD825CE
                                                                                                                                                                                                                                        SHA-256:B0859CAAA849FCE1C0F0BB3E9BAAAD33DAF28441F94F0A8640F883B6E292FBAE
                                                                                                                                                                                                                                        SHA-512:F0753DA42E2D3A2014CA3E66739BB71FD756D31617C3C365DB22EF02865EF370F18941D3B0915594C5CC169E3708361D42D26A9C92AE7457E5F9E1D9657FB9E1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Pon.kame v.m viac funkci. na ochranu",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zv..en. ochrana je k.dispoz.cii",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zv..en. ochrana je vypnut.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Uveden. funkcie zv..enej ochrany v.s ochra.uj. online. Zapnite ich.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.etko je nastaven.. Po re.tartovan. prehliada.a v.s zabezpe.en. vyh.ad.vanie McAfee ochr.ni pri prehliadan. a.zobraz. str.nky, ktor. je bezpe.n. nav.t.vi..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funkcia je vypnut., lebo roz..renie vyh.ad.vania, ktor. je s..as.ou zv..enej ochrany, bolo vypnut. alebo odstr.nen.. Z.skajte tieto funkcie sp...",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} v.m porad., ktor

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2217
                                                                                                                                                                                                                                        Entropy (8bit):5.545261700793753
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CvzaSNcoHl5A0Pt0opbUbFpGbQg55EfVLQ:C5NH5AatiFpNMck
                                                                                                                                                                                                                                        MD5:983B892D97B0E2661F3C624E1CA8ECEA
                                                                                                                                                                                                                                        SHA1:85AAC7EAE11D798D3F3C1F487047F25A0A35BAA6
                                                                                                                                                                                                                                        SHA-256:E3FDA9BE3F8B02D5A0102BBBF7F5426037D560C3E62471F71954DDAC441A246F
                                                                                                                                                                                                                                        SHA-512:041170122EA8F1A5C0291D29D0917BD5ED305615AF8066A6594CB19694C21C5EB1C32B65435E32CDB2953563605A990904E84620E70C0616AB9B366485729739
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Imate na raspolaganju vi.e za.tite",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcije Dodatne za.tite .ine vas bezbednijim na mre.i. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Slede.i put kad budete ponovo pokrenuli svoj pregleda., pretra.ujte sa samopouzdanjem uz McAfee Bezbednom pretragom koja vam pokazuje koje lokacije su bezbedne za pose.ivanje.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.ena je jer je ekstenzija pretrage koja je deo Dodatne za.tite onemogu.ena ili uklonjena. Vratite odmah ove funkcije.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje vam koje lokacije su bezbedne pre nego .to i

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2111
                                                                                                                                                                                                                                        Entropy (8bit):5.5422752457528475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdggWQRZC50gO/GNxNteo7XH8QU/OC8Q5zuVJAlbGF5ON1y8mJbc3NU7nfv1B:Cvg5Lf7jC1iVJkbJ1YJbYChTRfDkHW
                                                                                                                                                                                                                                        MD5:BEA3761455779A151F64A8177E9D5FE3
                                                                                                                                                                                                                                        SHA1:F042A8EE4B47B33AAA7588FA5C45EFCF0F9ABDB1
                                                                                                                                                                                                                                        SHA-256:9F69F705A5A821F0903CED1C294E2A23AE2CB15639A41C2FF96DB15C07132FB4
                                                                                                                                                                                                                                        SHA-512:197C1737C2DE634FF14C0397E428F20F620400AED751412CE07E2001C3F0E8344FF0E7C517DB41A1496BAA6928C66DE54E4DFA798408D1A3339D7CCDAB655B98
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har mer skydd tillg.ngligt",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ut.kat skydd .r redo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ut.kat skydd .r av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ut.kat skydd-funktionerna h.ller dig s.krare online. Aktivera dem.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klart! N.sta g.ng du startar om webbl.saren kan du s.ka tryggt d. McAfee s.ker s.kning visar dig vilka webbsidor som .r s.kra att bes.ka.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Det .r av eftersom s.ktill.gget som .r del av Ut.kat skydd inaktiverades eller togs bort. F. tillbaka funktionerna nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee s.ker s.kning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} visar dig vilka webbsidor som .r s.kra innan du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Annonsblockering", .. SEARC

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2206
                                                                                                                                                                                                                                        Entropy (8bit):5.583104208287412
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdg/UOH95vCfoXiRvLa/sGcdDSqi+2O1ebxZQ25BMblR/B2sK3SZ/Z9vKlmCV:CvSG/GoSqi+Z7bQspvKG68ddlifn
                                                                                                                                                                                                                                        MD5:49D4D264D3AE80CA4D83492E2429D0DD
                                                                                                                                                                                                                                        SHA1:FC97262DA75DE2A23EAEA17F022932561D9BD5D3
                                                                                                                                                                                                                                        SHA-256:B30E605CCB94693EACAB3DAFCE0A29F8D6E583173423C8264F8D394B618C03D2
                                                                                                                                                                                                                                        SHA-512:3AA58DDCC7D47CA338EE94B6F6112DF7EF66D84BBB15A9A56ADA59C2C19020DB8988F209891D3C5D8CDD49E7F7F34ABB7624DC812DB9D180E4941FA9406E2A31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Daha fazla koruma se.ene.ine sahipsiniz",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ek Koruma haz.r",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ek Koruma kapal.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ek Koruma .zellikleri sizi .evrimi.i korur. Hepsini a..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Her .ey haz.r! Taray.c.n.z. bir sonraki ba.lat...n.zda, hangi sitelerin ziyaret edilebilece.ini g.steren McAfee Secure Search ile g.venle arama yap.n.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ek Koruma'n.n bir par.as. olan arama uzant.s. devre d... b.rak.ld... veya kald.r.ld... i.in kapal.. Bu .zellikleri hemen geri al.n.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ziyaret etmeden .nce hangi sitelerin g.venli oldu.unu g.sterir.",.. SEARCH_TOAST_ADBLOCK_BU

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2043
                                                                                                                                                                                                                                        Entropy (8bit):6.265368522179317
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOZgVstn8dWjt8EWNjtM7LLyllJtjEcjt/dcz58qNAMdstxjl7BnwIj8gEdOeo:CjBt/wppKWMGzRl9VPj
                                                                                                                                                                                                                                        MD5:15BF07EE452C164270EA78F45B63FB8A
                                                                                                                                                                                                                                        SHA1:B0B31E64863E08F316516985CCBBB86D062FC742
                                                                                                                                                                                                                                        SHA-256:A4E99C27606352C85F305218DE0DF1A4C44D6BEF90712E0489E4876FB35E881D
                                                                                                                                                                                                                                        SHA-512:223E909509C34D3139B85C7B346F236D63F93CC148E31E21AD74D26C81FB0C381890E723C08CB95B492A8481BF03F543AC19A8AE46A82C541EAA657BF15EC5DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_ADBLOCK_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "...................... .....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "........................ ...........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: ".......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: ".......{0} ..........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_2

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2123
                                                                                                                                                                                                                                        Entropy (8bit):6.285210627854244
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdgQyNha9y+lmmhIlHCbMKEW2+Z8d/9t6Hj4mQjKKgcjSlMXmIyuiSlGlSBYy:CvaX+Mm6t8MZoD+KKtSr5FlITWiyOP
                                                                                                                                                                                                                                        MD5:73520C7B5D0FB138F2766E7ADBDEA185
                                                                                                                                                                                                                                        SHA1:9D95DEFF362252658B07AA9E3B4CB98A527BE375
                                                                                                                                                                                                                                        SHA-256:ECA080FB01441134D686040E8B317059DF6EFC464EC72173DE548E3E0B1E1EC3
                                                                                                                                                                                                                                        SHA-512:DAEC81A5937B37E8735551E33A07EE7CCCEDFBE554176CE4EAF313EFE81CFA688A244F1B5582ECE57529C53D304FD3D2B857D4229F4C3E2A13FDBBB08C1D0FD8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".......",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "................McAfee ..............................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee ....", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0}.......................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):908
                                                                                                                                                                                                                                        Entropy (8bit):5.699090953568685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HUDAS6FXOqZG1g4zBFU+K6IPHf7q4qtox+Lmjz8kSUve:7HbzFOKGy16IPTq4W4zxSge
                                                                                                                                                                                                                                        MD5:8BF1E103445939CF0C1A2FB4A41CEF24
                                                                                                                                                                                                                                        SHA1:00FAC03EB66F78F7D9202E3E05943E317F4022B4
                                                                                                                                                                                                                                        SHA-256:22BB4D8693C1073228601E8EB2AAD9B0EE23B74E0B31553B540C2629366C3198
                                                                                                                                                                                                                                        SHA-512:DC80D8AB753AF2A663201049063ED9B2B0E19ACAEAE429BF5B784F60586913F45E47844925B6BA064EC784DBBAF47515B49BC47B8DEC27B6F269F10848F63C5F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. prov.d.n.ho pomoc. vyhled.va.e Bing upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete vyhled.va. Bing doplnit o slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_SUB_FOOTER: "Po restartov.n. prohl..e.e zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz..",.. SEARCH_TOAST_YES: "Ano",.. SEARCH_TOAST_NO: "Ne, d.kuji",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz.."..}..//80C94CB54204974D7742D8B3DCDDBDE8F044A0C62F376BAA92452B15AD24711F169D5DD4AA691B37E3718A101593818F5247F555875E8CC0D18D44EC75B293C7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):807
                                                                                                                                                                                                                                        Entropy (8bit):5.452980451718285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H4FhR8kq0Qs8pyzAJi7nF+yUd8R2Vd7S8ehQhF2FAqtEFJy8ehxrSmQdgt:7HaufsEtijFTUd42Vd+PQhF2FAZePx1
                                                                                                                                                                                                                                        MD5:8A151EE801198C872536DA815E7BA059
                                                                                                                                                                                                                                        SHA1:A483445DFF95D0C93B956A236EBE6D59296C0F4E
                                                                                                                                                                                                                                        SHA-256:E26D13CB2EEF0B29CE5A5E44F01B87D25B580D2C81A9D2B8D14B95723BC4DA44
                                                                                                                                                                                                                                        SHA-512:E5D8A6D5E5D316F9DA630AA44A54282866511A8E4F649FBB79C6DD681037D58D48C2CE557F14D0EF108F1532CBAE23464E1BC9FEDB68DAE1CF0E8CC702428712
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i Bing-s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du f.je Sikker s.gning til Bing, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r Sikker s.gning til og .ndrer standards.gemaskinen til Bing, n.r du genstarter browseren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tak",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r sikker s.gning til og .ndrer standards.gemaskinen til Bing."..}..//E7E208D06E2126E6B7EFD7D6770EECD7533E6B86EC6E146748224C1AFFECE85C3236DDCFCDE2FBCF85008ABDE631977A1245707D4BFEE2A099B87AC24DB74F66++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):863
                                                                                                                                                                                                                                        Entropy (8bit):5.354248886089501
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HGgFJZ+X0qvX66Q+3F2wlPQ+CL7lYaPRg:SAJZcVQ+VjVQ+m1g
                                                                                                                                                                                                                                        MD5:B7CBC2A085FBDDA3948E23E1063A543D
                                                                                                                                                                                                                                        SHA1:09C1ADCB429D646DC1B2A4348E88CD45D0832097
                                                                                                                                                                                                                                        SHA-256:23133D3EA99DD308FE1DE07EAED088A5882CF928438D01A8423835CE8633E249
                                                                                                                                                                                                                                        SHA-512:D84A20E95543A34CE65A00E3FD9F25E8F2619AAC1830B45FA4DBD5591874EEF8D28D7224F0D77252D70759D46144144C0D25EBD54ED1C48E06E76DF840C5F01C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Bing-Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "M.chten Sie die sichere Suche zu Bing hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_SUB_FOOTER: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing, wenn Sie den Browser neu starten.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nein danke",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing."..}..//A058C32FF779D627F3406F29927475248BB1C0B5C48330271679DAB4780793A338C1722AFA5B55B0D749E3DB9500C7E1076564F5A64102E7699290195EAB0EA8++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1522
                                                                                                                                                                                                                                        Entropy (8bit):4.9601298443225925
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HB3IsMXLr2bnATla3ybWG2hbiLy+wgjxUbiP7zC6:W2UTlaLvbiVGbiT9
                                                                                                                                                                                                                                        MD5:6415E2886A25A0B3CC1232E8B6BE539A
                                                                                                                                                                                                                                        SHA1:13E38D7D747261A08D3C011C67B13566623621D0
                                                                                                                                                                                                                                        SHA-256:D0674E1C7B157AB9254EFA3136F05B699EB4A8B859B8BF649F19837924951571
                                                                                                                                                                                                                                        SHA-512:C18891D32AA513C16BBB3D6746284563C2BB1AAC255EA885E85C4A04C6866467AD707481A8B753D31103C4CAD8E857EBF11741941D20CDC613DF40E53EDCD36F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "... ......... ... ...... ........., .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ .......... ... ... ........... ... ......... .. .. ......... Bing.",.. SEARCH_TOAST_BODY_TEXT: "...... .. .......... ... ...... ......... ... ......... Bing ........... .. ..... ..... ... .... ....... ... .... ............. ...........;",.. SEARCH_TOAST_SUB_FOOTER: ".. ............... ... ...... ......... ... .. ........ .. Bing .. ............. ......... .......... .... ... .....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):780
                                                                                                                                                                                                                                        Entropy (8bit):5.357219060385291
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HdW9H3npSuVNTzLo4uiJH7IyOtS9eDqt1IyOKoAzuL:7H8XpSuVNTzxcCeD7HhAzw
                                                                                                                                                                                                                                        MD5:A7F4F1E8189F960D94D6264B823FEAC1
                                                                                                                                                                                                                                        SHA1:FFB5F9E4A7AB6D406885D006E89D1C94BDEA6969
                                                                                                                                                                                                                                        SHA-256:6874C7763A403D7F127E89CFE95DD85B78A8EF2676C1AC10D654852760CF0EF5
                                                                                                                                                                                                                                        SHA-512:1B3399B5D3313CEE2C781FBA374C8BA2965DF4AC3C6B06E9C74129A0F621B2B54242C46FC7A8339B57B44F4B59D069860E9BF88039FF10BDF0A4D24A92ADB1F6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your Bing search results.",.. SEARCH_TOAST_BODY_TEXT: "Would you like to add Secure Search to Bing and stay ahead of the bad guys?",.. SEARCH_TOAST_SUB_FOOTER: "We'll turn Secure Search on and change your default search engine to Bing after you restart your browser.",.. SEARCH_TOAST_YES: "Yes",.. SEARCH_TOAST_NO: "No thanks",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "We'll turn Secure Search on and change your default search engine to Bing."..}..//3AD1409A0AF6FFE6FB8B7652D60575037BA20E0348678C371531D32B1DF06E1C9F6553E743E11A5871E166E28B8A1B869CD26B858E956A6126977C54BF765A43++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):834
                                                                                                                                                                                                                                        Entropy (8bit):5.402478049767432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HTOW06YIJHM8MEIoyLLQZSUJHHrSXXY0Vqt15ZSUJm2iCWhsnQ+rO:7HqpQJHM8MnoyEpmHYGm5QhMO
                                                                                                                                                                                                                                        MD5:C4C6DE50051F2EC5DAD7F6434134831E
                                                                                                                                                                                                                                        SHA1:A98E22883DEEBE2A9764A8B75008AE5A6AB2666A
                                                                                                                                                                                                                                        SHA-256:13E30481F131F633CA32147B65F2FAAE2E4CD58276A0F6A08B0C72582E3F3BA4
                                                                                                                                                                                                                                        SHA-512:C02C821FDABCA127CC866F8E3A5061678F280F0388D4E480920F1336BEF6B0DFAB67B9A82DCB55D0B8AE6697A174A79A0355C65662D76E0DA4E3C85363140D7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No dispone de B.squeda segura, tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios web peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a a.adir B.squeda segura a Bing y olvidarse de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing."..}..//DA3C42FE1CCB3AC324C7522FF7510B3C8E7A2212FFD7F9EBED9206CB6F4BC2D45643F5549EFD033ED52375AC57F4B6311849E92A96DD823E9A54B47810718287++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                                                        Entropy (8bit):5.369526343417038
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HT9+6YzsinKM8MEIe4LyO3KVoqZSUJHHrSXXY0Vqt1BbSUJRTsJ8V7VAbRROn:7HCsiKM8Mne4X3QpmHYGmbw8eo
                                                                                                                                                                                                                                        MD5:76E2E5BDB1D16CF872CFAFE9B58E17A8
                                                                                                                                                                                                                                        SHA1:F01CB6F8157E664008AE9C3D2B865647C4B52334
                                                                                                                                                                                                                                        SHA-256:EE4AB2BA7FEE85AECB9A5DE96D8F01913A5FC9F2F8C183D4FDC5B74DA41F6A0C
                                                                                                                                                                                                                                        SHA-512:BBD18598FB658A895C464849CED8067AF1BBC9ABC5347DC132945821BD5111D843EC1155DA1C3584373448ED41A8FEB93E504F515781ACE79DFF99B593A312EB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No tiene b.squeda segura: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de los sitios peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a agregar B.squeda segura a Bing y mantenerse por delante de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos la B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos la B.squeda segura y cambiaremos tu motor de b.squeda predeterminado a Bing."..}..//4D050A01E720C5D71156A0972A6DA09C3DC046CB7A1DD0E4B42CB7DFBF28AC51C15195C4A4B0684FDBA1A907A28B199C953B26E7CD0F5EC1C4C97B8772233784++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):837
                                                                                                                                                                                                                                        Entropy (8bit):5.402473787369444
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HMljiYYtHMjpJNnR9k9flAgPMfoRGpWfUfqt7foRMrRRjOLCj2z:7HQ2htHsNn+dWfoRVfeEfoRMrRRjehz
                                                                                                                                                                                                                                        MD5:70E961BFC8A981458D837A748B13F089
                                                                                                                                                                                                                                        SHA1:8A9AA2BC86866D0131337209EB049DBE5BAFDE55
                                                                                                                                                                                                                                        SHA-256:EBC4FC7CF1E29AD5DC1F777B0B1543679096B3020FC64DADB063BF8CEC8AFFC7
                                                                                                                                                                                                                                        SHA-512:9F8F1706C8A9251F26095082966DD8283D4DDECFC6AD67970A3FFB95448A6495E223B84C6EC9F7DB7DD7508ACCD84CB6B0D924EDE185C8B51AF3A01EF86370B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat Bing-hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.t. suojatun haun Bing-hakukoneeseen, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_SUB_FOOTER: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing, kun k.ynnist.t selaimen uudelleen.",.. SEARCH_TOAST_YES: "Kyll.",.. SEARCH_TOAST_NO: "Ei kiitos",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing."..}..//96CE9AF3FC4B64C8CD5357880CEF5B82795B767A1AF6264665BC347BE351C97E2122F18E190D3F270F1F1EFA75D7D6C7ABEC19279137FD1D189D32C1EB35FA77++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):927
                                                                                                                                                                                                                                        Entropy (8bit):5.362182215848356
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HW5WFTGeg5rqskm8wwbY6xQam8wwbYnf/iTu+:uWFTGeg5Wwv6Bwvno
                                                                                                                                                                                                                                        MD5:9F1C0BCFF5CAB6BEC40C78AB6CF5ED74
                                                                                                                                                                                                                                        SHA1:D9F3619950DB03AAFD687425D1EBBBD2BDB581E6
                                                                                                                                                                                                                                        SHA-256:36424576D4154C23CDB10645C792C2FDB7208BE69CBF25BEEA5A86924B80F8F2
                                                                                                                                                                                                                                        SHA-512:B862878E1C172472360E2CD3BE9F17EEFBF92E7C8F5ECD9DAE349FC02626A6D84BA253D7C545B798C83773506C79A87E52C4E72DBDAA60D685C695C145636651
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e n'est pas install.e dans votre navigateur.",.. SEARCH_TOAST_SUB_HEADING: "Recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Souhaitez-vous ajouter Recherche s.curis.e au moteur de recherche Bing et d.jouer les escrocs?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut."..}..//2FF5364948D6B31D78A453FB28416684FE6C5022DC09D0D6CD94ABD16BB36DF80A3D7247E48C42DA7DC809861DBFB3C75A6F24EB7654C2BB4E83C164E0A2D664++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):940
                                                                                                                                                                                                                                        Entropy (8bit):5.358631799720568
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HNL7EemtP5RTOpwemfw8uWY6xxAamfw8uWYCw3j:R7EemtPaiwX6CwXCwj
                                                                                                                                                                                                                                        MD5:51C0C0DC12DB3E0779959C9B823211E7
                                                                                                                                                                                                                                        SHA1:0B7CB3478884C74F6F278836EEFB8F75A314A10E
                                                                                                                                                                                                                                        SHA-256:99979B3C9A91666E9EDA5F8CACA562E094E0E17717347B6B5DF336B69A8ADABD
                                                                                                                                                                                                                                        SHA-512:BDBD0A33025F9E548907A258D360AE2DC8138C99BF7B268857ECCE4D072E992DACDDDBE00C989521639455FBFB3C9B888127F5B0966264DBFCDFF380B74D31BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche Bing.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous ajouter la recherche s.curis.e . Bing et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non, merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut."..}..//B0189751C1D6DBA9C74502709511CB1E1ADA6C69F07D6E483B11F90EA3E55F32635A52151A96195329996B918C66304635EDFBDD7ED7AA565641865EC2ADFC4C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):798
                                                                                                                                                                                                                                        Entropy (8bit):5.437037048426234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HM+9DuIg9sCZwzJl//L9hd9MuGvPJHCqtL9MuGRCMpScrymb892O:7HMogol25vxHCD5RfYUymw9p
                                                                                                                                                                                                                                        MD5:AACB0CDB77141F470E5F5BC7D51DFA8F
                                                                                                                                                                                                                                        SHA1:46C53F71D44C8682F168B3BABAF302BBEA2C7418
                                                                                                                                                                                                                                        SHA-256:CAEE9A5850A1787F26DC209F6A145278DAF84C9CF5C0829B5F8938FC53EB2250
                                                                                                                                                                                                                                        SHA-512:DDDC71A0FEEC88DB1EC080A4C3015BD3F4A962AA47D992B6655E83BBF44B45D0FECB54532AE5FF091FF00015812258A15CA6F48E2508B15F54355ED1CBD2BF63
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata Bing pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati sigurno pretra.ivanje na Bing i ostati ispred?",.. SEARCH_TOAST_SUB_FOOTER: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing nakon ponovnog pokretanja preglednika.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing."..}..//6F1BF4F6020DB998AD3906E103BAA97804A053E6BF030E04D66C681E693A0707879C56A86B7CF757FB2FF3B54843642FEECF35F6EB81D1313F75EDD7C69BCD00++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):922
                                                                                                                                                                                                                                        Entropy (8bit):5.586709359581212
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HL8d6oBd5US6Xdd7qQpuYeBdyEpFnY45EgpuYeBddpFtJNAoQg:q6ojijX/+QpuJjTYH+uJjj7
                                                                                                                                                                                                                                        MD5:FE8D6CC30C9932B007640A2BE160A528
                                                                                                                                                                                                                                        SHA1:323A412365564671FABEDF561B954001DFCA72D5
                                                                                                                                                                                                                                        SHA-256:0CFAEA02338563D5F02B3D08459B198F4E6D781004D6C7296F9E2D7479E0DE75
                                                                                                                                                                                                                                        SHA-512:971EA9E93206330B7EAC0C526BA165CA9057CA95CE8D029CBAA0ED40DDFA540A04D9A89E293E6444DE8F5497E56EF949479C65342CD42076C113B9944B35CE79
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a Bing keres.si eredm.nyei k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretn. hozz.adni a biztons.gos keres.st a Binghez, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_SUB_FOOTER: "Bekapcsoljuk a biztons.gos keres.st, .s a b.ng.sz. .jraind.t.sa ut.n az alap.rtelmezett keres.motor a Bing lesz.",.. SEARCH_TOAST_YES: "Igen",.. SEARCH_TOAST_NO: "K.sz.n.m, nem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Bekapcsoljuk a biztons.gos keres.st, .s az alap.rtelmezett keres.motor a Bing lesz."..}..//66CAC5931CFCEE505C00391080F15EA1560D6022B980DC63CE66DF68894E0ABCCAE2B4E2676A079DC1B523E3D168838CB5B0044C537EFAE14410DA714124E21B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):819
                                                                                                                                                                                                                                        Entropy (8bit):5.271202876132089
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H1J1Z2psz/XEKapHoCv815HFl+pqtKHoCv8195iZISeTy:7HB8OXEhpICvoFlIhICvizkISWy
                                                                                                                                                                                                                                        MD5:0FC5AB330CFDB73BBF675494F2B6C22A
                                                                                                                                                                                                                                        SHA1:5FB6D66F0560490B74A6907C0EBF03C381B8056F
                                                                                                                                                                                                                                        SHA-256:FA0A2AF9A597F30E75C5C3C937000D2855CA98E4390F836E7F8832D52E683A9B
                                                                                                                                                                                                                                        SHA-512:AAD3AA3A5179EA5E841043496F79A6B5FC0B73437D8D41BD89B0933A39BE87B7B9C5ABDB7E742897731FC7879CD53E4D74402A2F45478F965D6A2FB5E6FBC479
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche con Bing.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi aggiungere la ricerca sicura a Bing e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_SUB_FOOTER: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito dopo il riavvio del browser.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, grazie",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito."..}..//09BC74CC30388A2A8BB1F6D6B85AAD4A59BF83B5031D315A1766A6A687109B5A8C52994645602632AA1F7A4E7B7688F8220069C18AB72F08C074CFF6082F475B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):943
                                                                                                                                                                                                                                        Entropy (8bit):5.724388216204465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7H8PQbHaQ4gy2XLCreYv6RlqkYv2mKMS+X+bIh:4PQzanP2XLInvKc1v7S2+i
                                                                                                                                                                                                                                        MD5:660E1D578C97A248E538815C640FE04D
                                                                                                                                                                                                                                        SHA1:0677A773BC2D46199C6C30AF2F333C556AF46D4F
                                                                                                                                                                                                                                        SHA-256:2C2C938D4279857A003B5F1534B4514B8A5A289A773D4ECE75A35853655A7017
                                                                                                                                                                                                                                        SHA-512:6EFE699E12BF2D1CC73F1AD3CCD0B25DD18BFDE8982FEF0D29EB91291D3D95EAB6E3EA7B3D41DE958DEF4B1A7E2675215BED202CEB621582CD61251FEF80BFE1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING: ".... .....Bing ....................",.. SEARCH_TOAST_BODY_TEXT: ".................. .... Bing ........",.. SEARCH_TOAST_SUB_FOOTER: "................ ...................... Bing .......",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".... ....................... Bing ......."..}..//92B355078ADDA8897AE68B6B6618188656A5B6F22F697542AE618F8DA77F58C00580A12C2E828C0E29F6CE8F8D2791A8B7BDE6E1F1D4BEC660A66FAE195D72B1++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):823
                                                                                                                                                                                                                                        Entropy (8bit):5.911256675781558
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HN1I68EVZFj2F/40kOv8k16xQl07Cqtk16xQlrv5N9VT0tG8x:7Hx9E7ka8kg7CtPv79T8x
                                                                                                                                                                                                                                        MD5:33529508417C14C943E60A151812942F
                                                                                                                                                                                                                                        SHA1:A422F3A863A37CDBC8D677029A8B5AC53E1B078A
                                                                                                                                                                                                                                        SHA-256:CEF0A9BCCE4D7D7CC3D2E55AC3D66EB95403F99192B8EA12E2A23DA6D7A9C0C7
                                                                                                                                                                                                                                        SHA-512:C41C142345D4C0D4B5A025BDD8630256851EAB5395695347BB3370C2CF26C65BF3A0A77E3F3AC920DB5591B379879EE74B8D682F5BF7929A6AB7ACE283804AE3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... Bing .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: "Bing. .. ... .... ... .. ........?",.. SEARCH_TOAST_SUB_FOOTER: "..... .. ... . .. ... ..... .. .. ... Bing.. ......",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ... ..... .. .. ... Bing.. ......"..}..//C85E7AD449B7A6A3FD1FDA68A7D1F01406FD48ADFD78C3258ADBA4A5D452CA3BFCF862C679053C8842FB76F9E9D948232D0E43192905470FA53241C4B342F3DD++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):759
                                                                                                                                                                                                                                        Entropy (8bit):5.428769083942061
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H4jM/QjBU4dkyU/6FkbS7CWJCYfUfGKF2cFqtEFJCWJCYfUqu4Mj3HcZhI:7H0MojXdUCFHtrfyGKF2yZtrfbu4Mj3P
                                                                                                                                                                                                                                        MD5:F12FFF036663E45B075537C2CCA423AA
                                                                                                                                                                                                                                        SHA1:BA9171FB748597F463532D81A3AE53DF123A31EE
                                                                                                                                                                                                                                        SHA-256:562269AF94C7A90B422673FC78F21CDD809503BAAF945EC4A9DB947CA410B921
                                                                                                                                                                                                                                        SHA-512:2BC8CC36C9FCB22AF55A6E5D4D3D718AEFD8BE4FE1EE2127C1DB8CC5EDF6A785548B2CE95E007AEFB80690AD74990D1ADDA20017CE7AB5631700C4E8DFE270F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke Sikkert s.k - v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i Bing-s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du legge til Sikkert s.k i Bing for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing n.r du starter nettleseren p. nytt.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nei takk",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing."..}..//179565C3BA0190D7E109A1FC723C84B592BF3530E1254C1E715FD889944F5B04FBF5593F5475B0378FAA6E884717995934AE628E8E7E976F0DAC38C0A93512BD++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):807
                                                                                                                                                                                                                                        Entropy (8bit):5.394699392796352
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HrtakxOEfqPZq7oYde5XPCF2sbde5XX2lTVdVS:vkk8jPtYwRoDwGTFS
                                                                                                                                                                                                                                        MD5:83CFF7CF5EE5F5A77EE97F721BCB502E
                                                                                                                                                                                                                                        SHA1:9AF8BA73E5B68A0394A909F8B758D880218984F6
                                                                                                                                                                                                                                        SHA-256:F2939175D59E1A2E23AA287A4208EB760FC2EAB5EE6D098CF75FDC63F1114ED5
                                                                                                                                                                                                                                        SHA-512:8764B8E31A2FE3C8C6DFCCDCD6233119DC1D81A9039B06019E6261AAB8EEF14D9B840EC9CA4FFC7D9CEFFF9DAA016DEDE3CA77B76F0464DCC4ECBBAC051A90AD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten op Bing vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u Beveiligd zoeken aan Bing toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_SUB_FOOTER: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine nadat u uw browser opnieuw hebt gestart.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nee, bedankt",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine."..}..//F7B14C511761424258FCA1253AD2F968CB08E6BF631BC9894D665C2363FD8883D602664F671747C6073E9211E6486D2BDDF5EC8648F6857E98129AF6BFB07BEF++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):840
                                                                                                                                                                                                                                        Entropy (8bit):5.576160192007848
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOnXZoB12oBsflpBcPMfaBpgXJveZsBpgXJlS8jMvn:qXZI12IAdcMGaX7aXiMUn
                                                                                                                                                                                                                                        MD5:C3606BFCDE8444674ED95F6A9222313A
                                                                                                                                                                                                                                        SHA1:70EBD480A0302F572FA951EE79B718F0D02EE849
                                                                                                                                                                                                                                        SHA-256:66806B9DBA4747E33116BA38EFB4F7182C3E07951FB7AC60A694690087122915
                                                                                                                                                                                                                                        SHA-512:2B7B499FEDB524B34BB53FE4D821DD6BB3F7863F153A6E69925A4D4D9F8D8E921A17285CFDE77F7DE2A66E624068DC3E29808B8524CF5B0D0B12196015C65DFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwa.aj, nie masz wyszukiwarki Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING: "Bezpieczne wyszukiwanie eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Chcesz doda. bezpieczne wyszukiwanie do przegl.darki Bing i uprzedzi. zagro.enia?",.. SEARCH_TOAST_SUB_FOOTER: "Po ponownym uruchomieniu przegl.darki w..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing.",.. SEARCH_TOAST_YES: "Tak",.. SEARCH_TOAST_NO: "Nie, dzi.kuj.",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "W..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing."..}..//889AB70E5A8AF245C51F39470B54E831E8B079596D53FD8CFD6F0B3F3E7AFF8CBC03C132E4FF66640397E2F43271FD2ADE9BB0A2EF0500C82B604890803C7ADB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):836
                                                                                                                                                                                                                                        Entropy (8bit):5.285923408550998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HEJVEPlVLVGGWF/7Qy7XTLYG7MJgZ6GuISWM8jgqtNpG7MJgZ6GuJzPiBgBgWw3:7HouiF/rDTLdtZy6MTZtZyliqBTSh
                                                                                                                                                                                                                                        MD5:0522A580B9D231BCAE249B715BB2F26E
                                                                                                                                                                                                                                        SHA1:F81183AFD4324459D7364E80CA686C5F0B40BE27
                                                                                                                                                                                                                                        SHA-256:CE75B70514339CDBCBC6CF7CEFCFA9931B4D3589F07E5022414CD29DB33926B9
                                                                                                                                                                                                                                        SHA-512:5014BE0B9E1F0C60D0F640CE56F167E28D5AD92A097BF476EB8490191B0C5619BBD96DD31A039E24F5B498A524C9C6FB80992F07F197E0AB4712A672BFFCA52E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Gostaria de adicionar a Pesquisa segura ao Bing e se antecipar aos criminosos?",.. SEARCH_TOAST_SUB_FOOTER: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing depois de o navegador ser reiniciado.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing."..}..//9537AF5255608485ABF128E1A089E604B94550A09F39BE39BD91045A3C082F823F69E0BCBB9BB8DD31DF737A56F946BE07E646346E581E594FF74B880DA0843B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):823
                                                                                                                                                                                                                                        Entropy (8bit):5.3279147767815145
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HR7EVLOEcQWFnQgj7366Jb7yg4HjSa8jgqtMJb7yg4HjmuuWNEsBrEGpXO:7HRrnFjjhJbOg4uaTRJbOg4tuGEsFE8e
                                                                                                                                                                                                                                        MD5:04B24D196BB3BDBF754C602F814B860B
                                                                                                                                                                                                                                        SHA1:535B495FE4C5778A04CBEFB89A67AA642EDCF4D7
                                                                                                                                                                                                                                        SHA-256:5DE1B3637CC3747351A4AC82E7AD55F8AA27563F5A53675165C2DA1B3F16C582
                                                                                                                                                                                                                                        SHA-512:30F1EC22B48C4F849298C1223F14F5933BDF8043F2B5BF33C114E09D12AA9FB4128D2630BD186EF290ED7F78F18359705EB2F0994E89048F3E0F71968C81CEAB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "N.o tem a Pesquisa Segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa Segura ajuda-o a evitar os sites perigosos nos resultados de pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Pretende adicionar a Pesquisa Segura ao Bing e antecipar-se aos malfeitores?",.. SEARCH_TOAST_SUB_FOOTER: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido ap.s reiniciar o browser.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido."..}..//259BDC1FA9ADE95FF9745921D545D1CB5B53CA9DA48A3DA835ECC5F598D38A50033E1EA034D73E665626943E361F9EDFF8D2B15388BD94AD982195F83F6A9BF1++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1189
                                                                                                                                                                                                                                        Entropy (8bit):5.12745413764515
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7H0i5Cke6gyt20qJNs2OSVptfnZMtXye4qfjFsX58cMtXye4qf86KqW:IMCke6gyJqjbOSfNnS9yHiT9yH0tW
                                                                                                                                                                                                                                        MD5:4E7D54D0675DFE8289701D81B8A75E2B
                                                                                                                                                                                                                                        SHA1:462FAD7DB0110BF8F427CE850DBB5706E873BEBE
                                                                                                                                                                                                                                        SHA-256:4D905E8F5E1DF15CD7C8CB57A76DA5530E98F0CA063F84BAD0D8B387C69E4D93
                                                                                                                                                                                                                                        SHA-512:74B5C5B3C21FFAD25FA0E3C11EB46C1D1DC80B862C71C0DE32FCF6F01CA800722EA6B49F2AFF5A7B2083637287B8B91F808926B1D5E26BAC81F17439503543B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ...... Bing.",.. SEARCH_TOAST_BODY_TEXT: "........ .......... ..... . Bing ... ...... .. ...............?",.. SEARCH_TOAST_SUB_FOOTER: ".. ....... .......... ..... . ....... .... ......... ....... .. ......... .. Bing ..... ........... ...... .........",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "..., .......",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ....... .......... ..... . ....... .... .........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                                                        Entropy (8bit):5.692928595284706
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HUMukzWX/lJxvkgn45U1bORyg+yqto3bZcidg+wh:7HmVXDxTbOsg+yU6gRh
                                                                                                                                                                                                                                        MD5:AA71AD61D0E3E7136783127620033A36
                                                                                                                                                                                                                                        SHA1:C559F3D4FC96524BBD4071015AAAB57962A1F90A
                                                                                                                                                                                                                                        SHA-256:8DA91614CC9B889306D2B06E508CF8DFD589AD9A332DB34BC7F396521473AF05
                                                                                                                                                                                                                                        SHA-512:A5BE4544681E2D074562D861E6667748C1C653F21FF7A9721470206A53EC920A286502AA5BAF839A1803D02590BEC66D70F7F06431274791F4B729F4FA2F446D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te zabezpe.en. vyh.ad.vanie . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s vo vyh.ad.vacom n.stroji Bing chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete prida. zabezpe.en. vyh.ad.vanie do vyh.ad.vacieho n.stroja Bing a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_SUB_FOOTER: "Po re.tartovan. prehliada.a, povol.me zabezpe.en. vyh.ad.vanie a.zmen.me predvolen. vyh.ad.vac. n.stroj na Bing.",.. SEARCH_TOAST_YES: ".no",.. SEARCH_TOAST_NO: "Nie, .akujem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme zabezpe.en. vyh.ad.vanie a.nastav.me vyh.ad.vac. n.stroj Bing ako predvolen.."..}..//682C232E2ACFE160DE2A1D89DFAB65197DE5AA4E5482CD3D8C6CE66BF018A934430A0CD580BA2197634CF9C867D322C79A9D118FAE2BDF05A677996D3AF24BF9++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):791
                                                                                                                                                                                                                                        Entropy (8bit):5.493568545352214
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HM3Rzi2T//nHkpIUaSB1kd1BgqDHCqtMB1kd1BgqbDoPUl91:7HM3B0T3kd/DDHC53kd/DbDoU91
                                                                                                                                                                                                                                        MD5:9E4A59C6E8814C21B9ABC03B46E92C13
                                                                                                                                                                                                                                        SHA1:A91F5483A7F0F0D200850A0E4F0843E967FE2777
                                                                                                                                                                                                                                        SHA-256:7D94D0436926A1CF555592B6C19C5A8A5E32550888E848EC3AD5C6F964FFAE98
                                                                                                                                                                                                                                        SHA-512:0EBC8D5A3093C41836D4D2F96D964B611FA5A0C35A3174BD5D69C33C6A5B9232814C8AB4A4C84A3C8FF216E6251C7153C0E4848090AFCBA74FA113EDAC8F203D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u Bing rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati bezbedna pretraga u Bing i ostanite napred?",.. SEARCH_TOAST_SUB_FOOTER: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing nakon ponovnog pokretanja pretra.iva.a.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing."..}..//58DCE3ECF6D720CD26EFDC80C330239AD7594D92714C97488258A8E552FBE77839D583D27526F8F137CBEBA610B065BEBC0771B0C32C639AAB67013B6A3E3A7B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):847
                                                                                                                                                                                                                                        Entropy (8bit):5.479322790254831
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HBZa8gL2eN/Ttn2gW6DTXMoOF2FTnZ2gW6DTa2SkmDpTO:CuY/ZrT70GZrTa2eTO
                                                                                                                                                                                                                                        MD5:D7C5862AE6600309433FF282531D5B55
                                                                                                                                                                                                                                        SHA1:5DB3E230B3FBFDFDAB2BDCACBBCBCB6C8D42A284
                                                                                                                                                                                                                                        SHA-256:ED45A60D81A96BC182752A96A7E50092633355DAA8993689BEB7D7D3064939EB
                                                                                                                                                                                                                                        SHA-512:96AA5A735D42E24DA463673A3B95F8F3A5ADE23A50F1606FD1857AF24BC7F5707F71CEDDD822EE696BE9B4C54F5D769895E7CB24AC24653C8A0D4882F571322F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i Bing-s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du l.gga till s.ker s.kning till Bing f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_SUB_FOOTER: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing efter att du startar om webbl.saren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tack",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing."..}..//C1576214923D1F7138F31E042A618F7A4ADDCF526C7242E52C04C068F85CE9C73F9EE2A484C1CF9F6BECAF7C8C2DEB8F6CF6EC074583560693911A7561E6539E++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):857
                                                                                                                                                                                                                                        Entropy (8bit):5.536686502677647
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HMhMT4PwAf00hBLUF8Tt7zYE3MKUR59HQmeonSqt9UxQme7oefddBBj/iX:7H8O44Yh88x/YE8PJfTnStf0VdBoX
                                                                                                                                                                                                                                        MD5:A2BD6BCEBF5F57D9ED68DFF588BA8122
                                                                                                                                                                                                                                        SHA1:54519CD20B50FB60E6F40FE283A39A1FA22DA467
                                                                                                                                                                                                                                        SHA-256:A97D130976105416C510DE2F15364D391173026C2D2EFA807A55F186D4924CF3
                                                                                                                                                                                                                                        SHA-512:EDC737BA59FC22975DEA48A99E286F56DC06A811A57CD0A92DA2E7FB423675669090F27B7F40511FCF27819E893A6D6A8E024AC7B5306B1AD071F03CC12135CF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi Bing arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "G.venli Arama'y. Bing'e eklemek ve k.t. ama.l. ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_SUB_FOOTER: "G.venli Arama'y. a.ar ve taray.c.n.z. yeniden ba.latt.ktan sonra varsay.lan arama motorunuzu Bing olarak de.i.tiririz.",.. SEARCH_TOAST_YES: "Evet",.. SEARCH_TOAST_NO: "Hay.r, te.ekk.rler",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "G.venli Arama'y. a.ar ve varsay.lan arama motorunuzu Bing olarak de.i.tiririz."..}..//D684C2353E737B7ED09C8E6F136C2D343A3B98484E4CBFD2C345CE33B21105DB29239EF98FFC4C18F4CEFFE7848BB86ACCFF2470ADB3FC4133B8E27CA5952D64++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):777
                                                                                                                                                                                                                                        Entropy (8bit):6.210660451495342
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HZeVjrLdwETCJeYNVLkfD9nktuLMSleNyunyHS8K+9qtBuKeNyunyHc4CCgSFRB:7HujCHVLkr96S4fnyHd99zfnyHjCo
                                                                                                                                                                                                                                        MD5:2CDB562215413FF625A3E356CA217FD2
                                                                                                                                                                                                                                        SHA1:0E820278AEB0C2CD715A82ABB686C117DCEE4657
                                                                                                                                                                                                                                        SHA-256:53DFADCA0E93CA6D896309B0E62FC927EB500AEE8AFC38CF3F4AF884BF12C667
                                                                                                                                                                                                                                        SHA-512:99FF01A6D7FD5385F970FAEC77F753E15F683B5B9B6C5FD6D72D08D38DEA89E4886EE93C849A5A7FE067B72DAE35A27A7918E78CE063C63193CE4F1BA0019102
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "......... . .....",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......................... Bing?",.. SEARCH_TOAST_SUB_FOOTER: ".............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "..................... Bing."..}..//CBC01CF39F5C771ACA721004F9514B5A5A1B48B5E249B312D98B3519F13DC1A7A249A4A16B245B917338090DAE48916ABFFBF5F96E838291831FB2FAACA6B7DA++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):747
                                                                                                                                                                                                                                        Entropy (8bit):6.174517491073846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HdRjeD31S5BdlevclAZKdKX0S19HS8KFy9qtNSNv7l2HcVymD7T6hlfe/S:7H76D31Sy8AZKIz19Hd79qU7l2H6v7yJ
                                                                                                                                                                                                                                        MD5:A35F8ED7C78439B4D397041DADA1C6F5
                                                                                                                                                                                                                                        SHA1:C3886E73F57189CD432EFC6A2914B9DB9DC6D377
                                                                                                                                                                                                                                        SHA-256:732EFC7EC82F832D385B9F38BE264A20F5545525CBB2FF3D48755BB126E262E8
                                                                                                                                                                                                                                        SHA-512:68BB1AF4EC3DE60D4D65EEF654990A16C91E2E64D19C76B5329648C441940D7E73802BAF658DF80C890C4BAB900A348BDA598AB315E0CAD0E823A4A85129604A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...........",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......... Bing...........",.. SEARCH_TOAST_SUB_FOOTER: "............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "...................... Bing."..}..//19D99A1E6BCC22AA59513DF80F32C1CD231CF93F896F0D5E5AC9ECEDFF8F067F2714A86FF98B492B950F47BF3ACC079A52C1CBF33F35161B67C0A88A9FAEDA0F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7420
                                                                                                                                                                                                                                        Entropy (8bit):5.698357857658691
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CXLFSeinF0GY2zegRdgmgV+2bt9kuB9Ouy9kuv9FoEGopoMgLmVvuumqY:CXLF5WF0SHMt9kg9O39kIOEGQZVdq
                                                                                                                                                                                                                                        MD5:BBAC48551D0F25C5D11E1820503EDA1A
                                                                                                                                                                                                                                        SHA1:7C2F780DE0B2EAC168D26BFACD6FF27FA8888365
                                                                                                                                                                                                                                        SHA-256:D830A121D06FE973A5BE0D2E1DB3A4A86EEB0DBCF6BD141D7BBB5A9D17555F90
                                                                                                                                                                                                                                        SHA-512:EE35BEC08352B47BCF0DCBF21F5AC11108C65A8C2510617FFE791DCCA6CDAE9AC135DDC6193A697317F710B72071665F33EB699D392222931B74F4498BB750A4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n..",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete p.idat slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ano, p.idejte slu.bu Bezpe.n. hled.n.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6899
                                                                                                                                                                                                                                        Entropy (8bit):5.420190232642894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CjNwgL2CS6ddGw2jKK3A/BZ6mQNeTNlspRmbM1BM0t+lWcoLa8XcZ+lWch9FF/34:CWToK3A/Bj32ttCWy8XgCWSj/o03Wwy
                                                                                                                                                                                                                                        MD5:73C7531F74DC0C5905AAAFD45E62BE3B
                                                                                                                                                                                                                                        SHA1:90AFC73ED69E8F43512224E4EFD8D31FA53C66BC
                                                                                                                                                                                                                                        SHA-256:994772D22B0FBB17DA88E686A5028D59C4DF8E1C5E661A7F76229349DEAC8854
                                                                                                                                                                                                                                        SHA-512:B869BCB087A8411FF0082E9FB22230B4F1DA125A7E2A91A6D128E2CAA653FCFD607658FFBE41FA494972EB19AC0D1457F3DF1459C3B8A28EAE08D5B1BEF9C82C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du v.re et skridt foran forbryderne og have ekstra sikkerhed, n.r du s.ger p. nettet?",.. SEARCH_TOAST_OPTION: "Ja, sl. Sikker s.gning til, n.r jeg genstarter browseren.",.. SEARCH_TOAST_DONE: "F.rdig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du tilf.je Sikker s.gning, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, tilf.j Sikker s.gning til min browser, og s.g som standard ved hj.lp af {0}.", // {0} SEARCH_TOAST_*.. SEAR

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7159
                                                                                                                                                                                                                                        Entropy (8bit):5.347712937175425
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:C9EB5FeK92iZaU3vFJMGNMmXdtUGj/7vFyDGkHEXcFtDD:C+5/btltJ/7vFOEML
                                                                                                                                                                                                                                        MD5:7F74CC1B45891F462506A23BF36FFA0B
                                                                                                                                                                                                                                        SHA1:A856079FF3DBAEBB01065F37F4ED3517B4164E47
                                                                                                                                                                                                                                        SHA-256:86C08DF557680985A4AA74DD473E4B45B41062E2368E1E130C5C40863460C120
                                                                                                                                                                                                                                        SHA-512:A127B7B95BDEE6839085D5FA6ACA5AF991B6B9BBB5F22D9DEF01ACF90FAD3C51FB9E7C1B1BDF5236EFFDDDADC9EA22AA905E95B0D39141740AEEDD1DDABBE1EB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "Wollen Sie Internetkriminellen mit zus.tzlichem Suchschutz immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "M.chten Sie die sichere Suche hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, die sichere Suche in meinem Browser hinzuf.gen und Suchen

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):991
                                                                                                                                                                                                                                        Entropy (8bit):5.76521979020505
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOM3oeWURG11jdHDUUOSj6TrY3jdHjdVtiSTj6cUnjdMA8Y9pcObANRGXUkAt:7HOvMrWh1WTMBgF5RjbgsXCd/
                                                                                                                                                                                                                                        MD5:17945F04E84D4FB4CE698914258C9A76
                                                                                                                                                                                                                                        SHA1:DE37A08477338A9F02D09E26A89931506E491E7D
                                                                                                                                                                                                                                        SHA-256:8186488F7090F47A0A50D860021B51BFE508115A5407DB4F577FC9E7BD6566E6
                                                                                                                                                                                                                                        SHA-512:D7BD1E18F6520D3DD3ED115D000296AE2D817BC6418023C6CFBE043178AF63C98B12DB10E907A569B047D0DE88E2931294BE3A68BB4CFEA04A6B65CE752D1F76
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "D.l.te si starosti s t.m, .e budete sledov.ni online?",.. SEARCH_TOAST_SUB_HEADING: "Pou.ijte prohl..e. DuckDuckGo s ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Soukrom. hled.n. s prohl..e.em DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zaji..uje, .e historie hled.n. z.stane v soukrom..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy ve v.sledc.ch hled.n..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude pou.it jako v.. v.choz. vyhled.va..",.. SEARCH_TOAST_YES: "Vyzkou.et soukrom. a bezpe.n. hled.n.",.. SEARCH_TOAST_NO:"Ne, d.kuji"..}..//29A07B12017F7C45E1AE186DFE0C7E9C05E4A35FD33E48E0D41A85A60396D75981CE17A26E68181B7558E948CEFB17E1B40D0E90BE19D7CDF058F6217310B198++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):900
                                                                                                                                                                                                                                        Entropy (8bit):5.589383052671258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyODmFK9r7NWME1jdHvyjC8C9JYBjdHjda88SjNwojdbnEl48twdn0wwDVKMRK:7HOvCQ9NWMEcCrYFnwinQ4Kwxwvg
                                                                                                                                                                                                                                        MD5:ED262FA6590F02FCEF4B3A6DE4CB978A
                                                                                                                                                                                                                                        SHA1:7D8B2EF5C9A50D43BA416313BB5EDA9D539A0DAB
                                                                                                                                                                                                                                        SHA-256:14E847A0DC869E1403A6B8E49BE3C1889AC07639F666C4E66FBE94254877DC6B
                                                                                                                                                                                                                                        SHA-512:3489A1A95C1868E491E6BD164D9186489632F5E6D487D5D893A1A11C42F5EA9476810F01DE3F415CFF79123D7C964D09084937DA8C26882220831F6C054E57C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du bekymret for, at der bliver holdt .je med dig online?",.. SEARCH_TOAST_SUB_HEADING: "Brug DuckDuckGo sammen med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonym s.gning med DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} s.rger for, at din s.gehistorik forbliver anonym.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikker s.gning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokerer skadelige links i s.geresultater.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bliver din standards.gemaskine.",.. SEARCH_TOAST_YES: "Pr.v anonym og sikker s.gning",.. SEARCH_TOAST_NO:"Nej tak"..}..//A4D875843194BE8F86F8DB5361398B4A7B9219DDA006D4B8CD9F2768D71E1EC3E43A43B13DEAE94378E89833287BF926401A1AA7357C111D5BACED105663F65F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                        Entropy (8bit):5.57240291397162
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOIV8tfCIjdHkjPqqbjdHjdar9jICnqjkjdAhalRVnzQYjLWl+R8nYZmD+WXC:7HOvc8yqrLLBQbwRi+j
                                                                                                                                                                                                                                        MD5:BB9762D7607F15FCBA02304DDF94994D
                                                                                                                                                                                                                                        SHA1:69D8FDDC5F0EED15006D91F37B54F9137FB5E70D
                                                                                                                                                                                                                                        SHA-256:004BC3F34676FB666BB43244D2A7BE252F7BC916AF06DA40317E10AFE6DA4CE7
                                                                                                                                                                                                                                        SHA-512:4916BA50650CE019B850FE812E86AE897502EC61D1318F994E55BCFA782AB4EF6D2DCBC365325CFCD39C6D105A31ED6491CE79C7BEF7C77792591C98E520079B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sie wollen keine Online-Tracker?",.. SEARCH_TOAST_SUB_HEADING: "Verwenden Sie die McAfee-Erweiterung in DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "Privater Suchmodus in DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} . damit ist Ihr Suchverlauf f.r andere nicht sichtbar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sichere Suche", .. SEARCH_TOAST_BULLET_NORMAL_2: "Die Erweiterung \"{0}\" blockiert b.sartige Links in Suchergebnissen.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wird als Ihre Standardsuchmaschine festgelegt.",.. SEARCH_TOAST_YES: "Private und sichere Suche testen",.. SEARCH_TOAST_NO:"Nein danke"..}..//D5733356DF6A1DB99842CD54D971C480217831DC3AC2E93D764692E966E06468555952F4D757BFBBE62DD2FD7C13E72EBC76FA94A43AF827CFA567FE1647A58A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1278
                                                                                                                                                                                                                                        Entropy (8bit):5.509401045070423
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvdVOfNkrI8gvMi3QonM4diUPg4HDTWFTm:CvdAVktgfQoMmiUDv7
                                                                                                                                                                                                                                        MD5:1F6235A605EF58A330D6ACFC6EB451C9
                                                                                                                                                                                                                                        SHA1:BB011382D5D40246E1175A2E3FB27C1AC215E17B
                                                                                                                                                                                                                                        SHA-256:8B261F3738CD0EDFDBF9785175A51EE3D98F721376C57FBF8118AE986B49F818
                                                                                                                                                                                                                                        SHA-512:419DA940A737871B2CDFF9D3684CAED4F1928AE0C091B2250B7A3DE21703FB139BCAE05201883E5471790F7FD151DF4599A89EE67A2A3FD805E0F56067FFD8C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "... ........ .. ........... . ............. ... online;",.. SEARCH_TOAST_SUB_HEADING: ".............. .. DuckDuckGo .. .. McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "........ ......... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: ".. {0} ..... .. ........ ... ........... ... .........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "....... ......... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: ".. {0} ......... .... ........... .......... ...... ... ............. ...........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: ".. DuckDuckGo .. ..... .. ............. ......... .......... ....",.. SEARCH_TO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                        Entropy (8bit):5.524743584334964
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyO8zqqNPR4t1jdHMLBjaPCuYh8jdHjdatBjPvkTzgjdA8xvsHxExFgOu9M3:7HOv8moyALKFYhl5kTzqsHx6p3
                                                                                                                                                                                                                                        MD5:B08E603CC1B91D69814CA7F2F1EE849F
                                                                                                                                                                                                                                        SHA1:8C4426D5CCA135B31367945D6F895AC8D57E447B
                                                                                                                                                                                                                                        SHA-256:D75B4EB9D2254824B9D95559AC156F13BB97F538A6B748BD8042DEB209A18D27
                                                                                                                                                                                                                                        SHA-512:717A17661568EB5E9D00C29E82C19FB7F52BA5BC9D6BBA6B02779682593B414A92178EE495A835BB51EEDAFA3D92DEF34125E6CFAFF451F5CA38B3FB82FF3DF0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Worried about being tracked online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo with McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} keeps your search history private.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocks malicious links within search results.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo will become your default search engine.",.. SEARCH_TOAST_YES: "Try Private & Secure Search",.. SEARCH_TOAST_NO:"No thanks"..}..//A0D8F2C048B46A4FD7AC0D07FD283E6005DAD693F00EFBD1B05738E4656BA94A47373F62FC39ED59E81B6BB967FB030CE7672E9E3A6FDEE893FA9F6EFB39CD71++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):945
                                                                                                                                                                                                                                        Entropy (8bit):5.574679504461569
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyO9ocZRs11jdHCajW7SuTQQQjdHjd0Fmzjq0KdQjdEiSZSUjETASKsPpD+0k:7HOvy71A7JPmS0gR54TYUDu
                                                                                                                                                                                                                                        MD5:0C85FFE70BEA4662722D7DDC7BAF6655
                                                                                                                                                                                                                                        SHA1:7C80B90675F6FF6142AEA534DFD834F10636C6CE
                                                                                                                                                                                                                                        SHA-256:21CC3A7B36DAFE6E2213BC2DEF1C613320F8134A7142582E7E9FED5E4C27E2D2
                                                                                                                                                                                                                                        SHA-512:FB1CB294908F664D55159F76472D2EB26115BD70EE861BC8B1143BBEFB64EF58E8BC744BA6475E1A78C8D95D5535BE8AE5D67D9A343C86C9EEAD037AA492552D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que rastreen sus actividades en Internet?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} garantiza la privacidad de su historial de b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea los v.nculos maliciosos en los resultados de sus b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ser. su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe las b.squedas seguras y privadas",.. SEARCH_TOAST_NO:"No, gracias"..}..//2F98FB8F703BDBAD5895565B1894F74BA272938EB135B9C739591F4802AA123DC8580F7BB8A27484F56C3C8BDA5C6C720AA48E5F5ED296DEAD84190C43E47B7E++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):925
                                                                                                                                                                                                                                        Entropy (8bit):5.583856013603583
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyO9ZHhHmdks11jdHCajZyFK2jdHjd0Fmzjqrpo3FK2jdEDE/ZSUwIesaRM8cf:7HOvdHmdN1nnzmSiA74HcFRPc2Kr
                                                                                                                                                                                                                                        MD5:6F2C728DC1AD4951F425E3F5A6B6C103
                                                                                                                                                                                                                                        SHA1:598BF2464111B79468D1B89ABB3CC720D9D869FC
                                                                                                                                                                                                                                        SHA-256:BDF902D263DDA61181881DFECA440C5747A40FCF32D0EFAC8BD525A2EA9EEBB9
                                                                                                                                                                                                                                        SHA-512:A1FFFE93CB7B6D1E098F1AA3C11542EA4967B72D3D869C391705C4477A15A19E25D43F40BB1503DA6711206729891685B27EAC4DE998D8E9F78459FE3267A763
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que lo rastreen en l.nea?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene confidencial su historial de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea v.nculos maliciosos dentro de los resultados de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se convertir. en su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe B.squeda segura y privada",.. SEARCH_TOAST_NO:"No, gracias"..}..//20CB364129A65D16B871889450A57ADE3AF3F7D4BB21A7B97A3AED459081FE634FF398C691A65D3B87DA5922B0E2307B63B3DC3584D8A1720F6DB68D1C911459++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):870
                                                                                                                                                                                                                                        Entropy (8bit):5.547827997187383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOmciWozjdHJmavj+rUEpjdHjdXpvjm0QCojd6U9hSnl2dUQaI0Yn:7HOv7iWoCUEBJOhy2xZ0o
                                                                                                                                                                                                                                        MD5:A378EE0DE62DC81E33AC99782F01A16D
                                                                                                                                                                                                                                        SHA1:46CF150FB1E201D7D7672BF46391093DDF9AD881
                                                                                                                                                                                                                                        SHA-256:DDDE4176DA25CAE2B619848AA712B5D17249C7411335F0D36B90DDC7B960A66A
                                                                                                                                                                                                                                        SHA-512:AD824B9D5B72C5323D48EE5998C1F0C6154119D2D2870E1FDF75A97F4B3F8A4121F7D8C117E23E2995AED5E616791AC2525801336CB93B525679F877A0DC0B44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Huolestuttaako seuranta verkossa?",.. SEARCH_TOAST_SUB_HEADING: "K.yt. DuckDuckGota yhdess. McAfeen kanssa.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGon yksityinen haku", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} takaa hakuhistoriasi yksityisyyden.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfeen suojattu haku", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} est.. haitalliset linkit hakutuloksista.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo valitaan oletushakukoneeksesi.",.. SEARCH_TOAST_YES: "Kokeile yksityist. ja suojattua hakua",.. SEARCH_TOAST_NO:"Ei kiitos"..}..//D7A6F318B4BB1E59F7FF4BCC5008B965458186FEEFD7F0B1140ACC2F5F4A3D8536C8CF155DF886C2A60A249B88EB3FDFC663825B02A48A87F86D467222D32182++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                        Entropy (8bit):5.532793462010508
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOZKM/Jvf1jdH+9kRjBjdHjd55wjq39M5vjdShWvw/jFe5/qnJHjq3LNO7A6O:7HOvBRMkbb7Wvw/jFe5iJoLN2O
                                                                                                                                                                                                                                        MD5:5758AA0E07AB191E9A0D369793BEAF7A
                                                                                                                                                                                                                                        SHA1:0CE9978D6C6C5FF0C6B7B7DBCE7851691966C9F5
                                                                                                                                                                                                                                        SHA-256:95ACE104142539D785528924A37CA353F4056910653616AFA4F2DE5A08B75A16
                                                                                                                                                                                                                                        SHA-512:04E39DAE9B5DBA58BC0135151C0F97BD25CC275428E4BD21131626AF661D9C9C68EE270195F2BC83FA21CCAED875475065BDAB961012F60F7CA839D20DB7F48A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Inquiet d'.tre surveill. en ligne?",.. SEARCH_TOAST_SUB_HEADING: "Utiliser DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche confidentielle DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} pr.serve la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloque les liens malveillants parmi les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo deviendra votre moteur de recherche . d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et confidentielle",.. SEARCH_TOAST_NO:"Non merci"..}..//AB673037DB157C0CF847E5A84C22BCCA1275C3B21541F73DD4FADF0E584E28E74BF08703EC67672EA1B01EEAD9128C47ADA0575E3FECFFB63AF9ECA050FD688D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):949
                                                                                                                                                                                                                                        Entropy (8bit):5.55602244762339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOR04/yohvf1jdHUzhCSjm+MjdHjd55wjDDJ3tp5vjdG4kWYXF9owhBbOVQmI:7HOvVyoRAzhNwKTkWYcwh5OVOW8
                                                                                                                                                                                                                                        MD5:65C49E7A9CAD8E965D2003857646FF93
                                                                                                                                                                                                                                        SHA1:4E4E6F87BE5A399F724131AE52A412E125FF0164
                                                                                                                                                                                                                                        SHA-256:33D7478269555FC9FECBB2A3D1A233310C7FDB9C432E9196F2CBE8EA7173D18D
                                                                                                                                                                                                                                        SHA-512:FAE7D20584BCA6B76BBEFA391F025B87DE317241F06696FBDE71B40A06C58556863E81021CF882602199CC1E863CB002DC42087AA6FB44B9CC2F10270DBC2EAD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Vous avez peur d'.tre suivi en ligne.?",.. SEARCH_TOAST_SUB_HEADING: "Utilisez DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche priv.e DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "La {0} assure la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "La {0} bloque les liens malveillants dans les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo va devenir votre moteur de recherche par d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et priv.e",.. SEARCH_TOAST_NO:"Non, merci"..}..//DDF45239DC70A4A38C09DF3C1DDBEDE9B36F695BEAB9D0BCE84B2AA9D09749C88BC9573B78CCC04564C76381C4225FB24650FAB96D6CB2633A68023C0B6D8926++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):931
                                                                                                                                                                                                                                        Entropy (8bit):5.607629011471915
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOXmRUFqyW+1jdHOhjsgv2jdHjd6D39hjpfzJujdXoBcBw1S9IezucRIUyjqz:7HOv2iYT+0vBZflUZViez
                                                                                                                                                                                                                                        MD5:D366E8D473A0D339187A8FF6CF6C7C91
                                                                                                                                                                                                                                        SHA1:7DC57717C9650B402927F1AB09118DFC6FC0BB8F
                                                                                                                                                                                                                                        SHA-256:E6E3ED8B320C57AA685EA4D1C387F884B608AE594EAD166A5FAB23940029018F
                                                                                                                                                                                                                                        SHA-512:D251060B0F9665E3277ED6D7F71A13BE22924C36D8DB42C2E0F04EDBE7628E0E0181AD103B3A2B5A18DAB83078BFBC107B43DCAD3CC77C9E4CABA1997F653109
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabrinuti ste oko pra.enja na internetu",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo s McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo privatno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} dr.i va.u povijest pretra.ivanja privatnom.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamjerne poveznice unutar rezultata pretra.ivanja.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. zadani alat za pretra.ivanje.",.. SEARCH_TOAST_YES: "Isprobajte privatno i sigurno pretra.ivanje",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//44D8F1855E9BF7AB2DCE460F5826B7F9FC46A329A2575E51EEBD06954C2897339414BFB6AFE18366A96B249D58D2DF9EA5E0F7C55F177EC431FB8A5F0022415A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):989
                                                                                                                                                                                                                                        Entropy (8bit):5.704938741584662
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOaC24TjrjdHGSHBjXllzFrYjdHjd8dHBjzEfCsbV0kjdUcjaSC65dGE76Muz:7HOvaH6ESZzFddFE8dTadv6BKtv5W
                                                                                                                                                                                                                                        MD5:6AEFA0BF3ADC76CEE6414AF61FB23F79
                                                                                                                                                                                                                                        SHA1:AA3235BC0FA708AABFE14B9CC489654A59F368C8
                                                                                                                                                                                                                                        SHA-256:452B89D35B2F668A121A412402CB03F60B52821B0C9CC1632BA98614F749BF6C
                                                                                                                                                                                                                                        SHA-512:A3FB089A47139708EED3CB9A41E616949CE3CC5DAB9B2D04355FAAFCFDFE12DAE74FCE887C30A8502A06209DAD1A822BACB6BF195B3A7A72918671A21160D63C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Agg.dik, hogy k.vetik online?",.. SEARCH_TOAST_SUB_HEADING: "Haszn.lja a DuckDuckGo szolg.ltat.st a McAfee-vel.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo priv.t keres.s", .. SEARCH_TOAST_BULLET_NORMAL_1: "A {0} gondoskodik arr.l, hogy keres.si el.zm.nyei szem.lyesek maradjanak.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_BULLET_NORMAL_2: "A {0} blokkolja a keres.si tal.latok k.zt a rosszindulat. hivatkoz.sokat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "A DuckDuckGo lesz az .n alap.rtelmezett keres.motorja.",.. SEARCH_TOAST_YES: "A priv.t .s biztons.gos keres.s kipr.b.l.sa",.. SEARCH_TOAST_NO:"K.sz.n.m, nem"..}..//3A1A0FB600593CAC234826AD8FC593A9C49D4ABA6E0434674ACA541B0EC57E4815E5D8516E821B61FD3B0BE51347D99951E3651B441392D503F92AD76F068CF3++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):886
                                                                                                                                                                                                                                        Entropy (8bit):5.476573198162924
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOfOMUUAR11jdHbFLjichFDojdHjd1TzjX+BbtAfpPjdEira8KF6wGezGg+Ss:7HOvfa1fhFwTv+MfQiraewlGxugfeEe6
                                                                                                                                                                                                                                        MD5:79A46EC0D8FC403FAE34C3BED0EC248F
                                                                                                                                                                                                                                        SHA1:0FE7404A5995EFC5BB2C790E33F031E3579CC2D0
                                                                                                                                                                                                                                        SHA-256:FD2F9B03A68CC05B6A795C7B5F32C4291E9E9CE32228A79B5CF615787AAD8EED
                                                                                                                                                                                                                                        SHA-512:2C119C89431937E5FB7026E6E23D30A7E104CFFB17336B1F386C04002A17E6F62AEBEB55BFBDC01EFC5739BB30C0C0E365DF9C89CF7ED6A0622751EF22FDCA40
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Temi che le tue ricerche online vengano tracciate?",.. SEARCH_TOAST_SUB_HEADING: "Usa DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Ricerca privata DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene private le tue ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Ricerca sicura McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocca i link pericolosi nei risultati delle ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo sar. il tuo motore di ricerca predefinito.",.. SEARCH_TOAST_YES: "Prova la ricerca privata e sicura",.. SEARCH_TOAST_NO:"No, grazie"..}..//B72F8F379C9A80DD082F897AC2336C6A45F01B7909477E5AC51E6DF7A8548ABC03D39DCFFF9E126653C08D9168E339BC10427DA61FD764A954C1667FCCCD8E5E++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1089
                                                                                                                                                                                                                                        Entropy (8bit):5.913422907949394
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HO+ok2PLDnWzuynP6aG3/jD9vEU0nWzAAH9riGwf:CZPQiaG3/v9v39iGO
                                                                                                                                                                                                                                        MD5:5DC8A6A5F2EB9EB6DDBECDC7B18488A4
                                                                                                                                                                                                                                        SHA1:F005D82BF5427447C09C42B66F895EA72FE70B69
                                                                                                                                                                                                                                        SHA-256:E7B207E03BEA57BD5FBF26F9F5C5E233F50337CA867098E97DA344FF3A275EDE
                                                                                                                                                                                                                                        SHA-512:3B021F1C15F3CC47B90BEE0E9B506C016E1DB81BFBC1CE9487942455A3235E9D2A3DBC3D404B616988EFEE40964219085C2141D473108222283A68CE8793EBFA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".......................",.. SEARCH_TOAST_SUB_HEADING: "......... DuckDuckGo .........",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ...............", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "..... .... ...", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}............................", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...................",.. SEARCH_TOAST_YES: "....................",.. SEARCH_TOAST_NO:"..."..}..//46640E5CF05B1F8D2357ECE1164EE0CF936AC8D2B

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                                                        Entropy (8bit):5.983907782778655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOVlzFX8YwOhLRjdH2Zvj0qSwjzjdHjdipvjZF3jlESzjdQecDhLpjVwOnTth:7HOVsYwO9mpSP3REz59pyOTf
                                                                                                                                                                                                                                        MD5:1E6DE95E346D0161A1554D603606EB05
                                                                                                                                                                                                                                        SHA1:3ED335A8C360865623F3237767213CD360EB65F0
                                                                                                                                                                                                                                        SHA-256:89D03B277A5E303C57334B80F58B28A9ACC4E1BC5591DB72F1D34F37A9CD5171
                                                                                                                                                                                                                                        SHA-512:07E309BB793743F5C552998ABB952C16DFB3AE066BE65B9E9851D32FA8CF6A8D6A269DA786991873BDC3CEC50AC97E1113C447B9ED153A9D005D1B6371AC5B85
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: "... ... ......?",.. SEARCH_TOAST_SUB_HEADING: "McAfee. .. DuckDuckGo. ... ....",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo .. .. .. ..", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}.(.) .. ... .... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee .. ..", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}.(.) .. .... .. ... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo. .. .. .... ......",.. SEARCH_TOAST_YES: ".... .... ... ...",.. SEARCH_TOAST_NO:"..."..}..//81AACFC0791430DE29237790AC2A954BE2FD6A6DC1D3258D1E751ED67CA9C24E54E4D1DB85E160B0412E6CA0088E64A3829BB1094DC94188B660625725AE572A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):845
                                                                                                                                                                                                                                        Entropy (8bit):5.5275256652088745
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyORW/G1jdHMLBj+WjdHjda+jns4jdHnfUMX4M1QWM8QCSZKXWtBy:7HOvmGAL4mnfoMTM5KyBy
                                                                                                                                                                                                                                        MD5:AF0120871BAF2161BB8A6E4CF8846D8F
                                                                                                                                                                                                                                        SHA1:A7D85EC6885F76A6100483F138721897D5FEA56F
                                                                                                                                                                                                                                        SHA-256:25F3BFD13C32744612CDF54EB0787F023AB7F646FD5B73854775EA88B25ABBA8
                                                                                                                                                                                                                                        SHA-512:F4C7504E964645AF4A11EB6A1FA3F3FC6BBC5C240CD7DAB33BF9C9A7382365ED02D04AA4A55165F54DF0D8B1D35CC3E3748CC2AABC229E1359B4B72DB0B7059C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du redd for at du blir sporet p. nettet?",.. SEARCH_TOAST_SUB_HEADING: "Bruk DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} holder s.keloggen din privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikkert s.k", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkerer skadelige koblinger i s.keresultatene.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo blir standard s.kemotor.",.. SEARCH_TOAST_YES: "Pr.v Privat og sikkert s.k",.. SEARCH_TOAST_NO:"Nei takk"..}..//EC2E46B243B5824729E59FFB065A580C5EF86C2B344D8E88DF2A38CAB0FBE9C2CC8E59180EA4B820E15FECB7D3CA2BFCDCFF8AB4B35753E27FBDCAB1FF8CFFB1++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):872
                                                                                                                                                                                                                                        Entropy (8bit):5.594216202996838
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOEKAQ1jdHcxRVjWw5KAjdHjdJMyVXjjvc6jdAYy0IYywQsHBgxNNCj10dIdE:7HOvEPQCRsFCZ6dwQgBOKj1fdhih
                                                                                                                                                                                                                                        MD5:D54BC25240B6A38EFF15A56FA2181DF8
                                                                                                                                                                                                                                        SHA1:CC394321EFE2F42C76578331D82870CA57AA3A45
                                                                                                                                                                                                                                        SHA-256:9282375094704104EA66B5E201C1A2E37C571AA2D21DDD9501C71F38687B8796
                                                                                                                                                                                                                                        SHA-512:662FEDAEBB741F1C08D9F6EA9F701FF841BE8F4D008CA09D99698B6978106627E6E5D657B0432D16E35E0FBC84BEF338DE7B334403B48D3ED294753B8D05EA43
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Wilt u niet online worden gevolgd?",.. SEARCH_TOAST_SUB_HEADING: "Gebruik DuckDuckGo met McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Priv. zoeken met DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} houdt uw zoekgeschiedenis priv..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkeert schadelijke links in zoekresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wordt uw standaard zoekmachine.",.. SEARCH_TOAST_YES: "Probeer Priv. zoeken en Beveiligd zoeken",.. SEARCH_TOAST_NO:"Nee, bedankt"..}..//494316BE737C3411583AA4228A3996234BD4E59D0EF640886F8B3D1110FBA7496D87C8C050168BE1739AF601D9C646842512034B1812A75D130938F94CA2B814++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                        Entropy (8bit):5.752345232520265
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOv7riOxBHc8doB0k/fX2eB1WRuEAArJ:Cv7riOxB88dI0knXNLArJ
                                                                                                                                                                                                                                        MD5:8E40C0D1357D742FBACAF071DCC5E303
                                                                                                                                                                                                                                        SHA1:2526F9559FB07CC075E8E1378B56EA373D228815
                                                                                                                                                                                                                                        SHA-256:B9D99952A239002F9279EE7CD67521DB9DFEA77DFB1AD4080B96793A8E25BF36
                                                                                                                                                                                                                                        SHA-512:D5ECCB0A8A2BC523D28C8BF005160ABFAD99B7F50685C6BC50E4423B8C803284972EBC7D0AE4F4A926B3234E18E5111B83D4E55BDACBB0512CE3E163EFB2077A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Obawiasz si. .ledzenia online?",.. SEARCH_TOAST_SUB_HEADING: "U.yj przegl.darki DuckDuckGo z produktem McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Prywatne wyszukiwanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "Przegl.darka {0} zachowuje prywatno.. historii wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "Przegl.darka {0} blokuje z.o.liwe ..cza w wynikach wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo stanie si. domy.ln. wyszukiwark..",.. SEARCH_TOAST_YES: "Wypr.buj prywatne i bezpieczne wyszukiwanie",.. SEARCH_TOAST_NO:"Nie, dzi.kuj."..}..//99C89E820433C195871F4A96C191820DA4BEDE93EF62CB8B4571A026D247E73D11949927CF39BADBC3F773469777C5B3A6082B88D3B0B9F8E6D237C484A806DB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):905
                                                                                                                                                                                                                                        Entropy (8bit):5.573826123867286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOamduRsK1jdHMLBjSHajdHjd2OtFcjq/C9yd+WFujdEiXGunNwDFPGtjtThl:7HOvam9KALhB60FDYnNsPG7QNksLA
                                                                                                                                                                                                                                        MD5:DEF9FEBCF706528D4A4D2A532B094F78
                                                                                                                                                                                                                                        SHA1:7CBF0AA14E90AA15481DBDACC2E8F7096FC0546F
                                                                                                                                                                                                                                        SHA-256:5D07FE3AD9B001DD366F42A252EF818006F874D409173E710A3D17D57DF7250A
                                                                                                                                                                                                                                        SHA-512:51D978666C9D96318559149D3A0086FB51A59F00B9A47471AC5AB41FB29A8298E2BC7A7BB2306F80ACCBA00FCCC80CABCA37C4049DEF82A1D035AC77D768DE35
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Preocupado com ser rastreado online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m seu hist.rico de pesquisa em privacidade.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia links maliciosos nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se tornar. seu mecanismo de pesquisa padr.o.",.. SEARCH_TOAST_YES: "Experimente pesquisas privadas e seguras",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//5380834EB49FC74F2191E28F491F1BC2CDF6354848A5686D2C1D0E581C85CBB281CB850039F67FA9DDD421227F0DD935DA79FA1B02939D4A07CEA24219B273BA++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):949
                                                                                                                                                                                                                                        Entropy (8bit):5.579048356995121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOwON2GFfK1jdHcwOFoSjPH5jdHjd2OtFcjq/CGMoujdvIjmg57IIePGtjJZD:7HOvwONFFfKEG+B6Ur5wPGN6v7oEM
                                                                                                                                                                                                                                        MD5:CDA6270CBD9FA8FC78E235C4CEE1DD0E
                                                                                                                                                                                                                                        SHA1:9DC44A4C862712E13A395D997A2EF5F572BDD13E
                                                                                                                                                                                                                                        SHA-256:1E0F67722A18060067EF298071FE0290FCCFC67E5FC99090F46C806B2AFC4F0F
                                                                                                                                                                                                                                        SHA-512:9179B680A93B4A4B136E940A3817DEBA4D90682D845A16291A88EBFD13AB18692EB7DE643F5B9AD2C87A05396ADA30E62CFD637399D1701BAD39C557E9830DAE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Est. preocupado com a possibilidade de ser monitorizado online?",.. SEARCH_TOAST_SUB_HEADING: "Utilize o DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Pesquisa privada do DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m o seu hist.rico de pesquisa privado.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia liga..es maliciosas nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "O DuckDuckGo vai tornar-se o seu motor de pesquisa predefinido.",.. SEARCH_TOAST_YES: "Experimente a Pesquisa segura e privada",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//2E4666D7F920C5B0C8E5A3BC27798AE7915D5ABD183AE3B471E93B04785795CDE6A84476874243B377FB1EE60B419A0651FA2F7CFD40DF64CB8F888CD04EAEC4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1248
                                                                                                                                                                                                                                        Entropy (8bit):5.469519648385535
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HOvEzOMHAIonuRIovfPFt5rNlvytaiSAF+RQX/XJfzl:CvEK6AuLfPFPfvyciSAFffJx
                                                                                                                                                                                                                                        MD5:C220E25B3C9A7677CDE272C61730079B
                                                                                                                                                                                                                                        SHA1:39093FB66572B8530AE293545D09000544D3C288
                                                                                                                                                                                                                                        SHA-256:32A7A9DF84A049853BAC0E559D5F58472870759EAC11EF6063F65EB6A47A0550
                                                                                                                                                                                                                                        SHA-512:B199592FA9D19719A01034C86B04DDAF3EC43E770648150505639672767F03A909814566C92E267DB34C598C61216ACB157077AF5C4163E55AE4D846A5C73FF0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "............ .. ...... ............ ...... . .........?",.. SEARCH_TOAST_SUB_HEADING: "........... DuckDuckGo ... ......... McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "................ ..... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ......... .................. ...... ..... ....... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......... ..... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} ......... ........... ...... . ........... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...... ..... ......... ........ .. ..........",.. SEARCH_TOAST_YES: ".......... .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                                                        Entropy (8bit):5.809433846677453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOuKOG811jdHvXjy9RDujdHjdVlj6cKj/ujdDEmy9g72LSokwXPjk8Ab:7HOvuKp81rOOI7jRN9Y2vkb
                                                                                                                                                                                                                                        MD5:CB14E54FE4E4E4BFD9E6381387CDF22E
                                                                                                                                                                                                                                        SHA1:98CA287535F27DAA71102CC3D5EBF092D6A599E1
                                                                                                                                                                                                                                        SHA-256:6CAAC2C18DBC1E00F7026B620F6F2FC112C33754081421724A15F0A0CEF6A86B
                                                                                                                                                                                                                                        SHA-512:FBC294661C57BDA0A19E54D6F777A7C05A0DE5E95B575D8305C18F4DFD69077094F3F94903A6AEB26DE7FC0EFC2F7542D120C86C550C4906E5101C9B1ED0FB01
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Ob.vate sa, .e v.s niekto sleduje?",.. SEARCH_TOAST_SUB_HEADING: "Prehliadajte pomocou DuckDuckGo s.ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonymn. prehliadanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zabezpe.uje va.u hist.riu vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy vo v.sledkoch vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude predvolen.m vyh.ad.vac.m n.strojom.",.. SEARCH_TOAST_YES: "Vysk..ajte s.kromn. a.zabezpe.en. vyh.ad.vanie",.. SEARCH_TOAST_NO:"Nie, .akujem"..}..//71AA65F1DC5872056C55D5E55A90C3268B9852B528AE65DB30991543FAAFB352805C9FED427B4963040A01CF9CF963C767190595628114C128ACDA0FFB558C03++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):899
                                                                                                                                                                                                                                        Entropy (8bit):5.6038422969759765
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyO5bp57xqyeE1jdHqj81jXjdHjdSjqQf7jdXoBSLgOYk/ryGTkcnTdfWb4Lh:7HOv5rcsh1jlQfddLj/r1TkWRDt
                                                                                                                                                                                                                                        MD5:278676BF91D770DC118F29BF18C1702B
                                                                                                                                                                                                                                        SHA1:7553E2E22654505FEA525BF7D0F9F3FEEECF39AB
                                                                                                                                                                                                                                        SHA-256:1A9B10CD6C7F0BA54DBB9D08A3112B76083D6E7C2BF1B1BA16ADB9EE1041662F
                                                                                                                                                                                                                                        SHA-512:0B3491D25CB2766C25F06E7F224358E73A76698F2B8CCC1453182B859D0A6EA1767D7FB9DFF75578E1520364A892C5BC6B3394C8B61CB5974BD28AAEF6FE5161
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Brinete da ste pra.eni na mre.i?",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo uz McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo pretraga uz privatnost", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .uva privatnost va.e istorije pretrage", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamerne veze u rezultatima pretrage.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. podrazumevani pretra.iva..",.. SEARCH_TOAST_YES: "Isprobajte pretragu uz privatnost i bezbednost",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//4EE3A431FAE39873DE972705A85402F1FAFF98FCB2417AFD1293FE6F9B68F0070435B93A8E7F7D9AD55B921B796D253A4BCAFD111D63F9D2C7DAE12E727592A4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):855
                                                                                                                                                                                                                                        Entropy (8bit):5.609499495634988
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOP10P/1jdHgjNejdHjd6HjSEqNjdc+yJLzwd7VvxXbqH0:7HOvt0XKYEV+yJ/wTvxXbqU
                                                                                                                                                                                                                                        MD5:5DB7E685FE9867DFCA1163DB463E4F59
                                                                                                                                                                                                                                        SHA1:5757D5B7E56501118CCA9028A9A5B32021FCFC2B
                                                                                                                                                                                                                                        SHA-256:6A349142B06F01B2808B5155A16CCCD0060D33306F6421CE487A00449D34A13D
                                                                                                                                                                                                                                        SHA-512:F3F20F1CC7A95DCB12A7DF5554B000B3551F1CF605E5B78F3467C8A7AAF940AC6D7F4B5F1192B5E8E962E82CAF47FD248A94AD36165A46B4D83146F586BF6B35
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".r du orolig .ver att bli sp.rad online?",.. SEARCH_TOAST_SUB_HEADING: "Anv.nd DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Privat s.kning", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} h.ller s.khistoriken privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee s.ker s.kning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blockerar skadliga l.nkar i s.kresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo kommer bli standards.kmotorn.",.. SEARCH_TOAST_YES: "Testa privat och s.ker s.kning",.. SEARCH_TOAST_NO:"Nej tack"..}..//BB9AE0BA2930DA20E383A897C4A50696C9D6B768528D496EF1EA95F7C88058E61ECE06939667BE8D391FF1D3E50D94C9D2DDB9ACF5C40A2D5CCBC37226A3658B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):907
                                                                                                                                                                                                                                        Entropy (8bit):5.684192341197801
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOb0kPX0jdHCZjHvLWjdHjdatBjQ8JI3chAjdKlaUAcYQHcIwCc43nd2+x:7HOvb023vLrubY/YQ9wC320
                                                                                                                                                                                                                                        MD5:9D00AE03C25DFB0B32774B3AA8BB90CE
                                                                                                                                                                                                                                        SHA1:EB05A3AD9A0BAE456640959AD12A242094F58B88
                                                                                                                                                                                                                                        SHA-256:C34D861A62DFCF95FBF2840D69DC238F69022DA53D9D81FDDDE257F0E1120E68
                                                                                                                                                                                                                                        SHA-512:B9133DF9B42EA6DB0284840E1AF1D135486AC0E25CDA005B956B581E7DDA0E9CD4A7C21D6DC5A53A1DD3AE329682C539911F2B2349D5F753F101EC2D3C62622D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".evrimi.iyken izlendi.inizi mi d...n.yorsunuz?",.. SEARCH_TOAST_SUB_HEADING: "McAfee ile DuckDuckGo kullan.n.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Gizli Arama", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} arama ge.mi.inizi gizli tutar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} arama sonu.lar.ndaki k.t. niyetli ba.lant.lar. engeller.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo varsay.lan arama motorunuz olacakt.r.",.. SEARCH_TOAST_YES: "Gizli ve G.venli Arama'y. Deneyin",.. SEARCH_TOAST_NO:"Hay.r, te.ekk.rler"..}..//C7047C8F67448C0CB8489F2FD439076397E8F3EBAA2DBDD3BCF2F885C3E7D90362DCAB25B4BBBA579678E2D824D9905749505C37B4776DC6ECBA144D4688E8A9++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                                                        Entropy (8bit):6.098392659863907
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HO+9p0jdH4Ly0jJwCjdHjdOZLy0j2u1AjdKeNygHChLjSXHGEbyw10vvGh:7HO2Lyyw5LyHf8gHmSXIw103Gh
                                                                                                                                                                                                                                        MD5:BA39CB0C119068E2F630FC575379109B
                                                                                                                                                                                                                                        SHA1:9F902CE460E73F785045D0FD5E9A1F5B63F82A45
                                                                                                                                                                                                                                        SHA-256:E7C2BC598123882A01546D5EE0BBF1FAE5B309AED1B1CE1FA1DC4DB7FFE6A3A8
                                                                                                                                                                                                                                        SHA-512:5863D3BC084A7FA3876F7837B7C776C5F018A30ADFDAE773E9A43E5E274BB09BA363070BE53D67122DB880FEA3B50E29471548CDE3A23BD05D771E90CD9AF5E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "........",.. SEARCH_TOAST_SUB_HEADING: "....... DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ....", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//866E027ADED7D5B7F0C36FBF565CC9CF78FBE11002A554DF4C0AD518FBD2468BF84ABDCB6F821A189B1342E17851AE931593A946E6B87387AA9D6C481E1CE110++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):863
                                                                                                                                                                                                                                        Entropy (8bit):6.114438032208445
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HOyOOcMZGjdHMLBj8SC5jdHjdtjkYjd/eBAM+bCvZUIy5X0a9tXUK:7HOvupLyFeF0Yyl0a9tXUK
                                                                                                                                                                                                                                        MD5:419BCEDAC4FB2A6FF5709318C56BDF2E
                                                                                                                                                                                                                                        SHA1:3E6AB879AD3281ABFC7184E7BADC2B9434A80C49
                                                                                                                                                                                                                                        SHA-256:07C72589EA8CBC69771D2A3E480579C9354B473393998AC6DD377C763A51AE62
                                                                                                                                                                                                                                        SHA-512:704C0FA5C7D7B3AFC16936511C2E29A543C7F5087A588AE8AB71CF823B5E9F63D5CE9DDF06647BCE2B36A8B768E78BCFB16E7B0EFAE5116512A1A6E1570466B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".........",.. SEARCH_TOAST_SUB_HEADING: ".... DuckDuckGo . McAfee ..",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee ....", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}..............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//293E181DAC21161671A568D6590EE58002001828FC287C0D726FE50D118CDCA3ED663A081577996A8989B5CF11976C34568A68D0DC526A99F55643781F03A05C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (307), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11879
                                                                                                                                                                                                                                        Entropy (8bit):5.005043787837462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CBketuJEUrvtH9Ai5trhElBXXrhEN1QtfT6GpD:CBksuJEUrvNyi5tKBnkQVOGJ
                                                                                                                                                                                                                                        MD5:5F9B32DD56D8EA845C3B7DAE2404ACC3
                                                                                                                                                                                                                                        SHA1:1B5CDF356D0DA241DB4F6C1DAF80C97B25E1E5B6
                                                                                                                                                                                                                                        SHA-256:BDAE1BDA30D72C00D20A54325BCFB0A910423813E3EA83682306B3EF75A39A27
                                                                                                                                                                                                                                        SHA-512:8D86D291F4DC816ADCD1905E00EB6B45ACA762BE4080A5E7B1039656A106C5646FFC4B6D9AD60CA6CCA758B7DFAFB0386B2431680286FE9646ABC9404EAD22E3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ...........",.. SEARCH_TOAST_BODY_TEXT: "...... .. ......... ..... ... .... ....... ... .... ............. ........... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. SEARCH_TOAST_DONE: ".....",.. SEARCH_TOAST_HEADING_COMPLIANT: "... ......... ... ...... .........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6293
                                                                                                                                                                                                                                        Entropy (8bit):5.371200704117131
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Ckl7LklkKuaz45DJMtR4fAgK0vQ8jwsClwJcv+ztBDABrBN9FC1WgjsRBva54ApN:CkWF+Uturjjj42tBABrFoUgOBixN
                                                                                                                                                                                                                                        MD5:6C306FAA1E445268C8982C9BD470E831
                                                                                                                                                                                                                                        SHA1:F8DD22113F54DB8445842393D621FDFE48DB7C26
                                                                                                                                                                                                                                        SHA-256:7385277B4E0F0E3D9A0D44750E7A04C7F62B6F82EF9F2FF22D0AD4FA00D8042D
                                                                                                                                                                                                                                        SHA-512:FA6BB3037F4B4492299ABE80E117390E0800F1267E1C247CC252E50BDA404BB87604E67A946D4694435C025B3EDA3CB23A098478EC4DB7266BBA65BBAF8E2ECE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT: "Want to stay ahead of the bad guys with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn Secure Search on after I restart my browser.",.. SEARCH_TOAST_DONE: "Done",.. SEARCH_TOAST_HEADING_COMPLIANT: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Would you like to add Secure Search and stay ahead of the bad guys?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Yes, add Secure Search to my browser and change my default search to {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",.. SEARCH_ENGINE_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7166
                                                                                                                                                                                                                                        Entropy (8bit):5.361271692904923
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CikaW+DI24sA0etjy/gsjyw9FsBR52/MGSrZcUyxITK3mwq:CNL+DI23ktjy4sjyGeR5jKnOKWV
                                                                                                                                                                                                                                        MD5:A27281454C30899678F3FBD223D64F47
                                                                                                                                                                                                                                        SHA1:BA2B07D7728CFAEA2DE69FCC1346CCBDECB7F822
                                                                                                                                                                                                                                        SHA-256:DEBC021B4105E12DDDBAAC449B0783A512AA82C4324F8CDF8F48A109F72219B6
                                                                                                                                                                                                                                        SHA-512:38BB9C0DCE14D0DD93B9C8C9B21198D345788448A1EF70871764FC26E186F70B43FD0F867A3E9FC17A9FA232252296E039E1D10DD3EC31C93114037F3E75D9B8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La b.squeda segura est. desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No dispones de la b.squeda segura, ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Quieres a.adir la b.squeda segura e ir un paso por delante de las amenazas?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., a.adir la b.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}.", // {

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6972
                                                                                                                                                                                                                                        Entropy (8bit):5.376232051601562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:C7nHt6A2Av8eK1mD8OOtjvQxj4jJ5QXGfTB9gn:C7nN6dABK4wOOtjvQxj4lomTB9gn
                                                                                                                                                                                                                                        MD5:B1F44A6576E7EFAA2B274B4E7882E3C6
                                                                                                                                                                                                                                        SHA1:433ACF70FA32C49855EDF99311F15233A580E514
                                                                                                                                                                                                                                        SHA-256:00559D0234C57E5EC34C028A8569A13ACB477BD5135076DE0FD8EA43846771BA
                                                                                                                                                                                                                                        SHA-512:8F0A17E0C3039851E64CBF610AD3FE76059D02AABFE1963702DE1545BA299ECC9D73B5811D0F38E87A33026E17088FE73665EEA0D9B53B6B14F57D40768DC4EE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No tienes B.squeda segura: ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Te gustar.a agregar B.squeda segura y adelantarte a los malos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., agregar B.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6713
                                                                                                                                                                                                                                        Entropy (8bit):5.396839920360876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Cf5VcSzQubYOrlY0XRMYSJd1VtHyYZN66mHyY4XubJMt:CfWJXecJtlf6vl8ubJQ
                                                                                                                                                                                                                                        MD5:22A4491D425049A6DB1854ACFF9B394D
                                                                                                                                                                                                                                        SHA1:2C686EECA2F0A4F845BAFB41FFE80B3EDEDADC5F
                                                                                                                                                                                                                                        SHA-256:7B7835DCC403359DE3966B8F970E904FF00BD44F15EC73BD6E1456A0E8E17494
                                                                                                                                                                                                                                        SHA-512:54F6FA1620C33C6DC3907B61B292A6801933C133DB91516775AAA6624D215EA5CCE46D344127AA2B9535D98228B5C2CD7D31B011238A6CF6B6CFB45818F49E77
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis",.. SEARCH_TOAST_HEADING_COMPLIANT: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Haluatko lis.t. suojatun haun, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Kyll., haluan lis.t. suojatun haun selaimeeni ja muuttaa oletushakukoneeksi {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7707
                                                                                                                                                                                                                                        Entropy (8bit):5.340016424850186
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CNztZLR3dPCgbg0LUaJbQA1A/6yb2qz2KAnt/rF43U/HqBosOCA2FSij:CB/CqQaKA1i64z27t/rF43U/KBosOCAM
                                                                                                                                                                                                                                        MD5:7FE1C1D9114B26389A823CB43BC6A088
                                                                                                                                                                                                                                        SHA1:0C386C110C4D2C54D4014B0B201BE82A07C668CE
                                                                                                                                                                                                                                        SHA-256:F11AC143D9E22A6829DD126EC36AC9BC48ED28CC2A7C251F5F5F28149B7D598E
                                                                                                                                                                                                                                        SHA-512:82169468A2BFD73369A1411E74232B62B75FA81314859E6248805176CD7685E724207F36F9188096B73A34915AD488D0D5F83DCF958F87581629E6F4920BDA3D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attention! La recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous d.jouer les escrocs en vous dotant d'un moyen de protection suppl.mentaire?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e une fois que j'aurai red.marr. mon navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attention! La recherche s.curis.e n'est pas install.e.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Souhaitez-vous installer la recherche s.curis.e afin de garder une longueur d'avance sur les escrocs du Web?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la recherche s.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7690
                                                                                                                                                                                                                                        Entropy (8bit):5.333235855616893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CsERzSimDtBPs31a2/DMEopt+3eOpPZA2XYGAy:CXFABPq1x8t+3HZA2IGAy
                                                                                                                                                                                                                                        MD5:73A28FCD9D09E6845C84568A67784C2A
                                                                                                                                                                                                                                        SHA1:B0B7D95416388610492E2B39B6E9CB1623FC28D1
                                                                                                                                                                                                                                        SHA-256:C040F7D2D08FBCE33F2CE076F4F9BF8C7EB5696229F8D3E60C53E3BFD5F99207
                                                                                                                                                                                                                                        SHA-512:85907760D42FC156BE41B4C294C7703823BFD2EEEF4F60AC9B0749B25543B3FCAAE48C74AC83FF6EAA68D90033E08F36FAFF8C800B2D40D8B989F898F3C73D19
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Vous souhaitez une protection de recherche .volu.e qui vous mette . l'abri des utilisateurs malveillants.?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Voulez-vous ajouter la recherche s.curis.e et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la rech

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7046
                                                                                                                                                                                                                                        Entropy (8bit):5.490921343909714
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:C1/oREn0Rscvuy66DERG9MCt9qU8FCjN9JPh9qU8F/9FYeP5en2uRpPpQA9:CxnifBE6t9z8FAN9H9z8FFeQm5DPyA9
                                                                                                                                                                                                                                        MD5:5DA23CDDB7BC8A0395ED207520E211F8
                                                                                                                                                                                                                                        SHA1:81F38492CBF181D0B29516405674F475ECB71C59
                                                                                                                                                                                                                                        SHA-256:83B8AA811C323A5B0D8C3906B1B603E64F9786F4B704D50131F87B29F97C131B
                                                                                                                                                                                                                                        SHA-512:A31CB709F956C7D0AA5A696812BCE7FAD39FCA17C59274D1FC9934E3E8BB12A36C2A4AB545C095F151522A165AD12475B54AFC76E346DF4EE0D2F0F96F430C6A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite ostati nekoliko koraka ispred negativaca s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik.",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati sigurno pretra.ivanje i ostati ispred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodaj sigurno pretra.ivanje mojem pregledniku i promijeniti svoju zadanu pretragu na {0}.", // {0} SE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7496
                                                                                                                                                                                                                                        Entropy (8bit):5.557339709578155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CyQ0mXVpV8YYxZXThD71WnkWYtezBPwe49Fnmsv31B94+CgB:CxFXV8YabLtaB4jXH4gB
                                                                                                                                                                                                                                        MD5:E3D9416AE1CAF895358C69FA3C4783FE
                                                                                                                                                                                                                                        SHA1:15D4C237FF6F261F0311B63C0DA6AD506793AE9B
                                                                                                                                                                                                                                        SHA-256:05B76F6B77C79AA7284E141A9EA86B9E07236AA8B22749DF5185B808BF999F0B
                                                                                                                                                                                                                                        SHA-512:CCE2AA0171D177F7B8B19B00A91B1FEDC5FFBDF3A5A412F608822D3AEA517C7B9ED122B27B0F4ACCC36EB3A5097F739DA2D1AF0FFD09AA2D0FCDD2B2702BA19A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretne a rosszfi.k el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t.",.. SEARCH_TOAST_DONE: "K.sz",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Szeretn. hozz.adni a biztons.gos keres.st, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6908
                                                                                                                                                                                                                                        Entropy (8bit):5.245498610099517
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CNcefx5VArSHAmTy+rr0l2BJ07tpelslpeWy++WVHJKG:CL5OpmOU0lCJ07tpiWp4st
                                                                                                                                                                                                                                        MD5:B35C9DF7CCF1DFAB39B8D150BDBAD0EC
                                                                                                                                                                                                                                        SHA1:87A1399F15722BF19093F9E0986D243E3FFF2F55
                                                                                                                                                                                                                                        SHA-256:830EB5467933E0C98FE12B4B0416C78D08588069115A8684E0F1470832BACD0A
                                                                                                                                                                                                                                        SHA-512:82755EA3703807A50320C88365BAE530E82F6257B8FFE765447BAFC12942447C69F47360E7D9CDE19E572FFCF20988608D0B0837CD0674D164E0EB2CF5974BB5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi essere sempre un passo avanti rispetto ai malintenzionati, grazie a una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser.",.. SEARCH_TOAST_DONE: "Fine",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vuoi aggiungere la ricerca sicura e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., aggiungi la ricerca sicura al browser e imposta il motore di ricerca predefinito su {0}.", // {0} SEA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8147
                                                                                                                                                                                                                                        Entropy (8bit):5.851856695337375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CPLfnSHyVfZ2H6EisoqNkij09yT4eKVX0fe66UqPJGNBcpIEdt4/L22XPJn4/799:CumbTi9Itk2s1EuSU8sJ7nJQ
                                                                                                                                                                                                                                        MD5:93F4B53055095A2822875E255EC9A1A7
                                                                                                                                                                                                                                        SHA1:880C7C6F38DE0969A51B2DA44ACE4DE08E587999
                                                                                                                                                                                                                                        SHA-256:73366047A17E6F52F3F95FFEE1344AB1D709F560884726275C82BA174A436FA5
                                                                                                                                                                                                                                        SHA-512:FF390DD8042ADF87F61448F30BE85C64A3D8882533448E48981A9B5D3E233552C386902172BCE253E92345348F38E8FC5DF605C0C6F03D33B8EAF921096575A8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................",.. SEARCH_TOAST_BODY_TEXT: ".........................",.. SEARCH_TOAST_OPTION: ".................. ...........",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".... ........................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".................. ...........",.. SEARCH_TOAST_OPTION_COMPLIANT: "........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7384
                                                                                                                                                                                                                                        Entropy (8bit):5.939360540567115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CIfSwAbRpdRzltRSN79FIt4khpJAk/Nzf88:CIawKtRSNp1k+YD88
                                                                                                                                                                                                                                        MD5:48709A430A962C8F9D9FCC45B7749629
                                                                                                                                                                                                                                        SHA1:8C16BEF24717A8988B4E57E0E58C4F779317B5F5
                                                                                                                                                                                                                                        SHA-256:0130AA731ED15D0499D3E08778F473D8F4B09D58E722F3C755D29E41A8EA03E9
                                                                                                                                                                                                                                        SHA-512:6A7A9B80D77C13ECF8361DC583572A8EA0319DC5A80A46C41B72E86C150F84BC48B51ECDF91B6BA34FA2C226FCEE56FCF6C0AF3A2D67E743400A42AF01CCF5AE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: ".. .. ..... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: ".. .. ... .. .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".. ... .... ... .. ........?",.. SEARCH_TOAST_OPTION_COMPLIANT: "., .. ... . ..... .... .. ... {0}(.). ......", // {0} SEARCH_TOAST_*.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6835
                                                                                                                                                                                                                                        Entropy (8bit):5.392466327888846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CKrYAXY8c4VteYFB8K3ueYFYRbyLXKFK4M/:CNGY8VVt7FB8K3u7F6yLXKFK7/
                                                                                                                                                                                                                                        MD5:88C1B238521E9CBEFEBCEC854F39084B
                                                                                                                                                                                                                                        SHA1:2C22F51DA35177AF95472FA0510E2D3A68622539
                                                                                                                                                                                                                                        SHA-256:13F45F8D40B89D09AFBE2D69BC4DF16B5C0850A189DD736632A1A557363F833E
                                                                                                                                                                                                                                        SHA-512:D31F06A194F2B0D7B2EE115AE0B343D4A3A5D8A0D44FD12ED7431E236A6E7E4A14A5FC3D01F7F5F90935503D1A219004CAFAED15305CABDDC16D644972B5DC07
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du ha et forsprang p. skurkene med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. SEARCH_TOAST_DONE: "Fullf.rt",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke Sikkert s.k . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du legge til Sikkert s.k for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, legg til Sikkert s.k i nettleseren min og endre standard s.kemotor til {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Y

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6746
                                                                                                                                                                                                                                        Entropy (8bit):5.350454241399734
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CHSyoqPxfaPVFJ1bshox+a3uz27w8iLt9ls3cLt3CPiMWbW3pDLrFoz:C2J4jtjbSLBu
                                                                                                                                                                                                                                        MD5:81258082BB27A266AE5CC94C59295DA6
                                                                                                                                                                                                                                        SHA1:3A49F9BB69CBD9C96615E760602BC622AF0AF686
                                                                                                                                                                                                                                        SHA-256:2ADB77A7AB4747994695442447B99A266E7E7E8C7F5506135A7541A93F9B23A2
                                                                                                                                                                                                                                        SHA-512:E23A851EE97D23C8781B142C45C6A1299C738B0C596B584A82244E2FF0E7D8F34829C90892C72DCA3200FED855576D8BE4FEA1B69BC014764F69E123CDD2F5E6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u de criminelen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed",.. SEARCH_TOAST_HEADING_COMPLIANT: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Wilt u Beveiligd zoeken toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, voeg Beveiligd zoeken toe aan mijn browser en verander mijn standaardzoekmachine in {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7048
                                                                                                                                                                                                                                        Entropy (8bit):5.612686248999138
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Cp4EhuYbEvbH2jQWjlykLbLJLA1keuRgR1kv6z+tU9k8ir+IQB1y0g8CmYrvBjyS:Cp4EhuYbEvbH4QWjlykbpA1keuRk1kvh
                                                                                                                                                                                                                                        MD5:B1A40A7AE497B0265460FB4E98A2FE12
                                                                                                                                                                                                                                        SHA1:F7290F61D39DC7E7F739104B34B22405F75A594E
                                                                                                                                                                                                                                        SHA-256:398771FE8E033E6FAF7B30EE9058620C059DFB9DF17B05A0413789C801446473
                                                                                                                                                                                                                                        SHA-512:D7BD9DF9046F069336C06A34D76CE06774D225760663C81C596B603F691EDAF984EE5AD0B16190DFD9CF4FF1F5E19739C48039968231DBD137FEA8CA694F7632
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki.",.. SEARCH_TOAST_DONE: "Gotowe",.. SEARCH_TOAST_HEADING_COMPLIANT: "Uwaga, nie masz funkcji Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcesz doda. funkcj. bezpieczne wyszukiwanie do przegl.darki i uprzedzi. zagro.enia?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Tak, dodaj funkcj. bezpieczne wyszukiwanie do przegl.dark

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):662
                                                                                                                                                                                                                                        Entropy (8bit):5.759734064648731
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7Ha6F06FXOAdhcUbz4wpHyHK6IPHCkgeSV6YcQkpkT:7HrLFOAdiIppSq6IPL/kT
                                                                                                                                                                                                                                        MD5:96C10F5583829A447BB3E96EA07D968F
                                                                                                                                                                                                                                        SHA1:E39F4E6DC976E1A3F0DEC7F745631D86FBD41CBF
                                                                                                                                                                                                                                        SHA-256:C727D79117AD4A83AA17ED7CE0D0FB098A2A5039173EAC01C92B12AF6E7AC340
                                                                                                                                                                                                                                        SHA-512:4732230730BA4C992BF78A89DE394805F689E2BD3C6D9008B54C6C5A1663B0640064E89D3F8508CB9B0D1EAF9C607247571232D442B38440A508B26D407EA3BA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed hrozbami?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//A67B35F2B26DB4024368C8CD7B01BAD188FAE65FD7A969FB79A1C1FD21D5D413202AED7D7792C32B727349316530A3F0EF55FEA81741C1C7161369650F0C3FCC++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):591
                                                                                                                                                                                                                                        Entropy (8bit):5.528553109151588
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H0Qs8HQMHQs8f2aw5VL0bdhPLjWR8exneWDdrSFR:7Hfs49wsC2aw5t0bdhWR5xevb
                                                                                                                                                                                                                                        MD5:F45B2A9337A91045416B05E5D6350B46
                                                                                                                                                                                                                                        SHA1:FCAB82D965DB57E3DC4EE19367A2CF074E1F0BE1
                                                                                                                                                                                                                                        SHA-256:BB39146E680FCCA635E224B60FEAE67683F40D57381192F251CF6C47B4FFEE5B
                                                                                                                                                                                                                                        SHA-512:223A9B01A62862366250210B7A717BD193A5236D1A090BF305FDB3C7B3809182399087B8FB693371AC789FFB13E3423EEC463EEE4924B3834827DB72ED5D68F7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning markerer de potentielt farlige websteder i s.geresultaterne. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du have ekstra beskyttelse ved at g.re dine s.gninger mere sikre?",.. SEARCH_TOAST_OPTION: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren",.. SEARCH_TOAST_DONE: "F.rdig"..}..//79C0E46E58CC66C13CEDB46A55B6984D90A6506EDE7815BD0C8137324A442CCEBC3DACD5137ECCA8B0EDDE57F528B433FD0D77ADEFE1EDDB09BEC3362BBDD6AB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):626
                                                                                                                                                                                                                                        Entropy (8bit):5.464009302258339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HV5hKfCvXCQtROXlU1dhIQvQA3yDYBGNJXJWWqEQT5dssUi:7HfhKf+X08dbCYgOfQsb
                                                                                                                                                                                                                                        MD5:D6345C882D149C61851B0CC9254A0C6D
                                                                                                                                                                                                                                        SHA1:8C583127AEECB8E692AC251081D41B9FD894EC69
                                                                                                                                                                                                                                        SHA-256:ACB10C7741E32D3134F744D46BA646F886C0331AC8CD45573A263806A4BC4D58
                                                                                                                                                                                                                                        SHA-512:03715C9B20AB01C9DAFF6002A9A6CDA4D941A59E3A161609C166E82E6853EC9B384C27335D800BBF32F6E42346A5FC2471D37F018724A29FF351E779C0ED5296
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wollen Sie mit zus.tzlichem Suchschutz Bedrohungen immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig"..}..//8F491A7EBD019BE34C090ECCA665EF6637FC1BAE3C2DC77277E79D884E31B6AD1839A15289E751EE418A25E25151F18369DD26C833102E40612FB2F984529173++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):966
                                                                                                                                                                                                                                        Entropy (8bit):5.127334372170101
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HzMnpI0MXLr28dNWGmr3/TaMTyNu6XXnFsm:SS268drbn6nD
                                                                                                                                                                                                                                        MD5:0ED321CDB0CEC8856AEC74AA5E1FEC91
                                                                                                                                                                                                                                        SHA1:2EF8C72A3436F8EAE3F80E27806B56CE4ABE8A54
                                                                                                                                                                                                                                        SHA-256:36745001E81B54F25719152AC893A2B17A03479091841BCEE076EAF1C50FE280
                                                                                                                                                                                                                                        SHA-512:97BFE892DFD61CAF20AAAB9A35FD2568B7FB162D5DFE1BFAC6223C5B0E524EBEEF52442B63A7F286408DB2F4FD0E503985CE338DD27F147D7FB6E91E8C99CE2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ........... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .. ......... ..... ... .... ....... ... ... ....... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ..........",.. SEARCH_TOAST_DONE: "....."..}..//CF32436F098F55C62807230BE7A1CBC65710B9B13A956B097B02239E8093F5538A7452B670D42201A706EAE060131AAB1C5166B8E39FDE25E0D701C4380B4A5A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):546
                                                                                                                                                                                                                                        Entropy (8bit):5.458332413295379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H4HIWFH3npSuVJTsdhIEfRXK9m/NaU/Jn3LQUn/cB:7H4NXpSuVJTsdjfRXKIVaa3LBnkB
                                                                                                                                                                                                                                        MD5:C2D05034862C9871517F84152A7F5330
                                                                                                                                                                                                                                        SHA1:E0F8A21A16C75AA553A73584DCDCA1F81E588693
                                                                                                                                                                                                                                        SHA-256:321B867FC2A7F6A00AC40CAD169F9A7F94FD406D96AC831A37F9C06F169FD03D
                                                                                                                                                                                                                                        SHA-512:B674C4B05B5B25A791D2BFF73D03319F31FBFC3A07FADEDCFB92E3185928272A0B556E8AE68412E244D9B228F1F2D28CC298C4BB1B98F2B590A521F54F46B86E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Want to stay ahead of threats with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn on Secure Search after I restart my browser",.. SEARCH_TOAST_DONE: "Done"..}..//C9328EE2150B67F88305A6862B55E026CB65AC4BEA332C60A1B617A13E1FAFA298938190D194768073FA72300DD97E8A74E59F41FC5EB1CF448ABBA9770A4955++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):621
                                                                                                                                                                                                                                        Entropy (8bit):5.528783007466517
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H1b6YjvHDkYdhDOnKjHZ/QC5MHYRTh49KjGrdymOn:7HRHDkYdQneZ/7kYRTcd0
                                                                                                                                                                                                                                        MD5:48E70D7A83790773C63E80264EF31E3D
                                                                                                                                                                                                                                        SHA1:8FAD710F8BE20796166724E85FB96B8AD32CF77C
                                                                                                                                                                                                                                        SHA-256:9FE36B7274ABD6EBA1B6AEC5D9F60364DDE0D0844A552ED9C80540CA91369DB4
                                                                                                                                                                                                                                        SHA-512:84955E334A9C5FF7437F0BEB646C1DFEB8E8401230922185691620A674F5E4249BF889279F29CF5794FF1CF621FD70ED5867143A09D60EDDADD6F15F75A35DBD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura est. desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura filtra los sitios web peligrosos en los resultados de sus b.squedas. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quiere ir un paso por delante de las amenazas con una protecci.n extra en sus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//03A642FC7B59D633E9BE3DDB8BDF938E4BB503D4481D7268F4832973EAF95DE60A6FB301D0EBB4EB78952AE76E0C8693DF8E9FE50FBC5873D31CEC34E9D29082++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):590
                                                                                                                                                                                                                                        Entropy (8bit):5.535321065860119
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7Heaf6Yrsi5KD/DdhDybH62P5MHrS2Rp7+QtEgrQ:7HdLsiUDLd0rXPkm2Rp715Q
                                                                                                                                                                                                                                        MD5:83B78B5CD297CCF82258541523FE345D
                                                                                                                                                                                                                                        SHA1:1352868394212BF4E80BDFB438D8766C1F40C7E5
                                                                                                                                                                                                                                        SHA-256:8559EA10FA19A22FB43206B904833CB546A5E0DC86F7EE942A4B66A80D75995C
                                                                                                                                                                                                                                        SHA-512:9B9C369EDFC547C446BF9E6572E79D2B3D45930E46F84E07AE303CF386CED6E4F2207C848FE7CA1E53CDF8DF9571CE6F18299BB1556CCB35316E25D844FD06F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de sitios peligrosos en los resultados de b.squeda. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quieres adelantarte a las amenazas con protecci.n de b.squeda extra?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de que reinicie mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//25FF67F05FA5C8A1C28E4354601BB0198A4E5741526A75B1D569FFB12BE728A1DB2E0A2338DDDADA65E59777FE2BEDA67A3DAE82381CBB697B140F4BD29E1DBC++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):594
                                                                                                                                                                                                                                        Entropy (8bit):5.548077592397297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HpBjkIHMjpJNnddhFyXLcE6P8ljSy3FJHzWaZHVKkLo:7HpBBHsNnddeXInP8lmSFcaukU
                                                                                                                                                                                                                                        MD5:B65B794FA9A8E72C03752E8EF327D569
                                                                                                                                                                                                                                        SHA1:EDAB12FA0FE5ED67B3E235FF433900AED00F8386
                                                                                                                                                                                                                                        SHA-256:924AB949B89817C7C1A1647D569D9C3E53FE6AEB694A3B0E2D02AEF94A9CB673
                                                                                                                                                                                                                                        SHA-512:EAA40B46F5770EB91FAE225026B772BE429A4F2C3BF89C735A35B3D500250CFCE77FCEE0249EFE06BD5B48B4075A4E9EED06A1103C4A510D695C5A6B4E73D432
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Haluatko pysy. askeleen edell. ja hankkia lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis"..}..//014B317A1CB6ED982FF08B913CF9AAF3236AE2960D026BEC8711520249A34723B7171A06170D1DD826D45A2C3FF0EE061030B3B905C73F72A1C2B0D9E6541021++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):619
                                                                                                                                                                                                                                        Entropy (8bit):5.431597566455389
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7He5LuGrtBdhLjwQ8SlK3woEEn6RUfxXaLxbdq0Lp6h:7He5LustBd5wwlK3/EaVfx+b3pU
                                                                                                                                                                                                                                        MD5:C90B482F0B4077AC7AF5CB784273FB00
                                                                                                                                                                                                                                        SHA1:FCC744964DC259D95944DD49310697602F3623AB
                                                                                                                                                                                                                                        SHA-256:9A534E3D3F10D734771E5C88356F41162E752138BF4EC451BFC611D8E5ADF969
                                                                                                                                                                                                                                        SHA-512:E47B121803CE6AF73AC7D7FD001684FD7EBA4721530095EF9EA943D2DAA02C2DBB7D66E9E3383D9078A409B81400CF659D8B4613104D85C600B4F51838DD14C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous aimeriez garder les menaces . distance avec une s.curit. de recherche accrue?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e quand je relancerai mon navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//56258EC1905CCC73CA2F61D78B0CF086735236201D9BFA1A106BAA1988121D72F15957244ACF4D53A0EA36A9A7B9B6925C00712CD3849F1770AF2AD8A55C8CE1++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):654
                                                                                                                                                                                                                                        Entropy (8bit):5.4965558895011535
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HQ7vJmt/5Tdh0tTdQzFOQ8S4NKXzpvxdD8CbY/pQQn:7HQ7vJmtJdWtTOpKNKX9Jd4Cb+QQn
                                                                                                                                                                                                                                        MD5:97F083C203123A656540ECF6F9485854
                                                                                                                                                                                                                                        SHA1:408E19C5C0DA671348F7EDABAF0D618C7387EBF7
                                                                                                                                                                                                                                        SHA-256:3DBD4F3C9C0F0FC2F0054AE74E9B96FD859A2B64BAF381F2438795ACC0EC9951
                                                                                                                                                                                                                                        SHA-512:652E65C3C5EFEA0839D35FFBFC70C631D81FEA3CAD3E42EEE04061304CF53654ED353C622AF8E12FEA4E0E7E640B965A8BE931938B17BD68473AB11D2686C2BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous souhaitez garder une longueur d'avance sur les menaces avec une protection de recherche .volu.e.?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e apr.s le red.marage du navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//E1748E5B424EFCA08783DAA99176588B8632DE4892B71C4620347F51435642839948634703857977A42C3D9D64ED909C04BE25897176D28D5B2235F8AC5B31F8++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):642
                                                                                                                                                                                                                                        Entropy (8bit):5.559514823273629
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HA+vZMuIg9s7sdhXNrY+Au1HQu8TPnATP6sgk6dun:7Hb2g2sdrkiQuI8jqun
                                                                                                                                                                                                                                        MD5:D78AE84604173E2A6873EEBB646D8452
                                                                                                                                                                                                                                        SHA1:8EC58AEFFD3485AA04BF0F082CABC559951A838B
                                                                                                                                                                                                                                        SHA-256:2EF2C578081A21C85D52B2EB54186F894FAF412E9DF55F947B7B589F61B09E09
                                                                                                                                                                                                                                        SHA-512:F8E4BE42B499D419B89E52AC72E7E196239B4DE5CCA6439CFB7F90F7B80BADCD74452757C6B0A0B5FFAFF6B1FEA54CDF96EE3D05EAAB4381DFB046E56E3E5BCB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite ostati nekoliko koraka ispred prijetnji s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik",.. SEARCH_TOAST_DONE: "Gotovo"..}..//E4A510DB2139763FD242A28C2B52CDD08F5882F354E8DEDED2DC1BE3EB7F98C6D52E89D242B10112AAE6BE8A9C09DAC2866C2DD2E19D3F835011302B8E81FB9A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):703
                                                                                                                                                                                                                                        Entropy (8bit):5.673203190107354
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HeBdauIvxgWeBdiituB7XcdhM2Frd0XR0WMruMYNSIt5d9XUL126R9zEDeE5m2Z:7HeBdauK0Bd5olXcdyiry1MSFNSEd6Li
                                                                                                                                                                                                                                        MD5:FC1396F48460677D3BFA12F47B9C5B5D
                                                                                                                                                                                                                                        SHA1:A9DAEDC2E00118814AD40C84C5FA5D9003870CAA
                                                                                                                                                                                                                                        SHA-256:094139B3BEB6497A466547798AB77B35E79764B13C86D24B8AA1DBA44BC2D28B
                                                                                                                                                                                                                                        SHA-512:0DDC73F36CC307CAD92419EFE68A2D79855DCF06D7ABCB0FBEB9F0527E1BCCB2BECDF57F505903E758C6907F9CD2761F040ABC45CF4DDC951A00876358DF5040
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Szeretne egy l.p.ssel a fenyeget.sek el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t",.. SEARCH_TOAST_DONE: "K.sz"..}..//540C762B7A42C84A2AB8D07031EEA3C1202769514985094032187AEB16AE002C1258BA57D1E95D8F4CDA663D949D3AB6917C9432049A1CBA03993E8A797584C5++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):591
                                                                                                                                                                                                                                        Entropy (8bit):5.432215594838549
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:qsXHYKsW+x+2uvch4pilrtAfaJMdFEhKDP+ku1xvVyvCxNA+EfHOXORkHQgUprCU:7HtDdilrtAfzdhDK1+aYfHKHQgtrM2ON
                                                                                                                                                                                                                                        MD5:5E716FBF9E4CDEBEE3147A7351E1161F
                                                                                                                                                                                                                                        SHA1:4BDCE44894C785C8AFBD85ED122CBA78B4049B7D
                                                                                                                                                                                                                                        SHA-256:8A42D0B8DFF1F6A2292DC4EB65F5AAA864B891A0F6EACA8F6322002D59C99630
                                                                                                                                                                                                                                        SHA-512:51E06762FDBB0B91A024437BF9DF5DBA1EFB8DEE29D8510F9C3DFAE1CE7774E8D5F965E091EE6B3B696907D29F4BA9D18D59F628010FE3C0713DE2560315CEE7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura ti indica i siti rischiosi nei risultati della ricerca. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vuoi tenere alla larga le minacce con una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser",.. SEARCH_TOAST_DONE: "Fine"..}..//5CF95A5F6424E8ED4D8DE7BF1CB016373EB9B3D19F68BA3409A5CA9C7DC2A19658C256F1A376A0E3794602DD49C570A3A5E437BD2DE48507118012649464A992++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):640
                                                                                                                                                                                                                                        Entropy (8bit):5.9649428270061176
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HUWisRqhWYcXYDkNWdhx8HWER9QilSh5RWmxISFvZ/J+A01J:7HUTOqvngUdcHbLZIrv/J+Nz
                                                                                                                                                                                                                                        MD5:285E55D2C5FF9AD95BB3C751D2256EE5
                                                                                                                                                                                                                                        SHA1:2924217BB1C762CB1CA66BFC8FE9674F8F9E3256
                                                                                                                                                                                                                                        SHA-256:CE3D7A3AE8587E65EC1784A4A1D3B97496736FF8524F910F06F2857834EE7D1E
                                                                                                                                                                                                                                        SHA-512:AB6195975A9E4152C2194EA9CF68C426532CD6471B6CDBD82EEEB6FCF2F0E4FF1B683C2C6F983699D0F6027116F12D3BCC17D4A1252B79F934F1A3B79E3B96B3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................ {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".........................",.. SEARCH_TOAST_OPTION: ".................. ..........",.. SEARCH_TOAST_DONE: ".."..}..//6ED793660C2471A6824D051E83BC460B6FCEFE5185B3C34FBFCD824BA66C43159036E50B1AE04DAEA320D48B24077EFF01B7C38DE2D629112E5C4F85D6DD7079++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):610
                                                                                                                                                                                                                                        Entropy (8bit):5.957248011283335
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HRgq8EDFj2FcdhkbQ2sIm8kAT8ryds4lDxlD/:7HvhEcd2BsIm8kg8+dllH
                                                                                                                                                                                                                                        MD5:54F5AB8BFD7C7BB482E83449537069D9
                                                                                                                                                                                                                                        SHA1:311C294315FCB274C05F12B22C4364CCEFC66D85
                                                                                                                                                                                                                                        SHA-256:F4DC897661F86BE3C7FA579A5F9595953A17E2FBC822178CD41BD36060BFC041
                                                                                                                                                                                                                                        SHA-512:BA60E63D0B2096C8B1B7CA63CE96C647A0561706FCDF3989AD77A639821EC169024FEB2944FA9F0FB65057B71CFD2651E606DDF74526F0056F08D1652E5285FF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ...... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".. .. .. ... .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: ".."..}..//DC2C9A2DA98ACBE2776458332A8F303ECD2AD85277D1FB4AB38521861D7A3B846A332E3E7ACE14673CB022FBCE6D009ECC95545D8E44D1298B8D3DECB60C3028++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):571
                                                                                                                                                                                                                                        Entropy (8bit):5.566707916928538
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H0QhMHQjBUW4J9wdhPtkwxWsNWvIdraAMwnBJ:7HfhMwjIwdhywQsIvDdIBJ
                                                                                                                                                                                                                                        MD5:6D0E869A4BF80C04C6EBB6570CAE7ABB
                                                                                                                                                                                                                                        SHA1:670F5552F2E4DB417BA771A73B68CC4D27436FA7
                                                                                                                                                                                                                                        SHA-256:199E10AA7480DF07CD059A624069BF7A5CB09BC6621D77187B33B4E86FEEC675
                                                                                                                                                                                                                                        SHA-512:4CDB125946A64F5B1EAD0960A0A0116757DA938DBC4165FC6A98ED168DFF1DDC8526EC6EEBD8AA623C46546FA6F97D994D511F37CC4A3032B367B5FF86851311
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna risikable omr.der i s.keresultatene. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du ha et forsprang p. trusler med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt",.. SEARCH_TOAST_DONE: "Fullf.rt"..}..//E087744E80A27E07D6D069B118EACF249AB713EB86E6C00859CC8C4C698B476A31FA587D9142055CFD9B37416B1D4D000D60E04C6090A489964409F3C69BBEDC++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):602
                                                                                                                                                                                                                                        Entropy (8bit):5.5176277924834345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H7AySxXeOzOqodhIMLfcPkQkfM7HmrZzpR4z:7HzSxOBqodrLfccQk8eoz
                                                                                                                                                                                                                                        MD5:EA196FF8327924C3FC9DA8D32558F489
                                                                                                                                                                                                                                        SHA1:31809CE5AAF94FE5BB7917DDCFFBFD7F5A4122EA
                                                                                                                                                                                                                                        SHA-256:14B0DA7941BE511010F14B64E149367462C7720182E28B3EB5949925042303D7
                                                                                                                                                                                                                                        SHA-512:41BBB6E5C86258843095F8116479511B3FFEED893DB75B60F0FDF9CA874F8B34C947572F7C5B134C9995BEF6CE5752AC73CD97B7912A10E85E36862236E4065C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wilt u bedreigingen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed"..}..//97E9CC6D89E07DAD4C6A7AC4E5A09E944212FA7BCB511C8D4D8B04D4033A0577CB9406699991DFA1A8953DE99049C7FDC6656137BFBCA12DC88B764DE6F3C5A5++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):650
                                                                                                                                                                                                                                        Entropy (8bit):5.697089942945035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HRmi53Lw8i53LE6PU3LOdhc1FKb3LCoPY3LcBbdsmQxfhcYKI:7HRZFuFIfSdi+jeoPMibdHQxpcY
                                                                                                                                                                                                                                        MD5:8BEB2821942FC802A30210EDA5821635
                                                                                                                                                                                                                                        SHA1:01624440F3D1B5D09EB24ADC10C41642C1D61F50
                                                                                                                                                                                                                                        SHA-256:44F1E2D8F8D8E23E5F05DA229C10A4CBFCEA3CEEB5D4EE88AC080DCD99D32671
                                                                                                                                                                                                                                        SHA-512:EFC74C81D3D0886EE031F4818F13D5539A5AB3DECCD81750136B41F4495036638E2A452717A8F63ACD20BD10B3B3DE682209B1D0B19517244BAF39606F977968
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki",.. SEARCH_TOAST_DONE: "Gotowe"..}..//2998610CC867995E520DB76E34E2634C9F8302D3F5CD4E0039ED1756247B24757B93804388576ABDE0EB5BCAD77C8A2EE48AB99EB2A9F161D4DCDD4089A56201++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):572
                                                                                                                                                                                                                                        Entropy (8bit):5.528682758278599
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HcwalVTVGGWF/CdhEVMBoPcw7pVl9jR+aRVnO4ShvhyWgjn:7Hu6F/CdGVMBoPcwXlrmhIL
                                                                                                                                                                                                                                        MD5:F67A261A4C267C9C8DD6974FEBA623A1
                                                                                                                                                                                                                                        SHA1:3DB6C7620F8D553D7D5968895A486D3F1FAF8E6A
                                                                                                                                                                                                                                        SHA-256:B4D7BA7191BDBA4CCEC8018022BE8981846A12E752A3734B5C60B56B2B1D3599
                                                                                                                                                                                                                                        SHA-512:6E9BFCCEA10EC2457149023E504CD09A2B16D7C289B4EBC579DA02046370F75D56C1034198B57B38F5234C376993F3D1CE75748BE544B65C23BD86511D2CF59B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Quer ficar longe das amea.as com prote..o extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a Pesquisa segura depois que o navegador for reiniciado",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//2F43E1F35708238590D85D196224DF0671DB3EA33BEB7F05EA60862CC4B1A3172C7DD9C0DC9808F7173F0733AED9082582691385C83E43483D196E94CF126F7B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):597
                                                                                                                                                                                                                                        Entropy (8bit):5.524548049127313
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HcQyVTuEcc3WhZ2dhvGUO9N7tOsKVDVJU5nUbq0R:7HNlhZ2dRGUcNgsOpC6bJ
                                                                                                                                                                                                                                        MD5:F82E4B1FF2966B79141CEE9808F59DE9
                                                                                                                                                                                                                                        SHA1:181358EA659AA6CF391E251093E66F99EE1B5ECC
                                                                                                                                                                                                                                        SHA-256:F06BD0396F48DCB09E4A57D3537A130C6EB767DC41CD5259967E3475DA38355F
                                                                                                                                                                                                                                        SHA-512:7BE6B9180D9D7DE5F1760263024F86E1F249F2876825A63E278ECD791D551926D83297BF22C81CB33237DF601BE227AFA557F7EEBC29D5623B6BF7317A59B84B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa Segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura ajuda-o a evitar sites perigosos nos seus resultados de pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Pretende evitar as amea.as com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a Pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//A047EAEC180DCF812292589C152C019AD8FDE870DB3FFD4D1F00F0EC91D5BFC24C761A087333BB9EF54B5B8B841A68A33876E7BF3BD2072722773C37E60351E5++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):837
                                                                                                                                                                                                                                        Entropy (8bit):5.2617125055461385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7HYytHN6yt20qJNs2OSo7dL2IlIX2tCFe82W3oYUF7O:8yNN6yJqjbOS6LiX2A+Lp6
                                                                                                                                                                                                                                        MD5:3BF03E64BD9B64C5579E087FF97A538B
                                                                                                                                                                                                                                        SHA1:DCB3A05D2C25F195CF771DA10E354B97CBD59E76
                                                                                                                                                                                                                                        SHA-256:D1A37B62C37A001069DD4EE53FF772EDA0EC8EF483A1C9CB832B3BC75870370F
                                                                                                                                                                                                                                        SHA-512:0D6D6914203AB184510D9984ADE7B52E1EF836430519F66E5A8A3552897CE8F3A9B3BB7E1250C8CD95CD2E28D38F9F2E9AD1E3102E04B6E6489CD27712D6ECE0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ....... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .......... .. ..... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......"..}..//C6560BE9D78F96E058E6E05B89C845EC789D6212FC8DD4CB48E75145513D5C172626AF3EF7EA9661CBB807DA8D0EA7F2131EFB95AAF07B54E49940B82BDB182A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):649
                                                                                                                                                                                                                                        Entropy (8bit):5.779174545626526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HLxCHLIOdhcUdOVzpG4Br0r2afSMN7lJh:7H9C0OdiSOVzpG4BAr1qMfJh
                                                                                                                                                                                                                                        MD5:4F566D17AB183F3DB6C497DA8CDD7CC1
                                                                                                                                                                                                                                        SHA1:4C73D4A57FA4F5A8FB490527196A0E0C290DF401
                                                                                                                                                                                                                                        SHA-256:095AD3C3F146248F1E943E724FCDC6A4030C615EE0F45208548D12E8DEE4F2DF
                                                                                                                                                                                                                                        SHA-512:906AF77DD38F0C7E779D1AB52B33DC10878ECB46E17FC99841D4592651DB2EE996C86CFE17E89403B5A448599B3929D28E183F28711DD70D280265C7673BC99F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete ma. n.skok pred .to.n.kmi v.aka zv..enej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, zabezpe.en. vyh.ad.vanie zapn.. po re.tarte prehliada.a.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//EF66BEE059BDC1DB7A3CAB583FE3B4C3A0271C9605448C773D9B7DC79A7DA1CE2950604E783548DA7E2C9BFAC30C895B97D528E28F6F66BFB6130DA0CB2A7671++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):605
                                                                                                                                                                                                                                        Entropy (8bit):5.612429548791973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H3ORkfi2TAdhX3UbQytlQuhUHF/K65J7h:7H38kfwdqvQuhUHFX5
                                                                                                                                                                                                                                        MD5:F8303893A9813AF0365CEAA62AAF84D6
                                                                                                                                                                                                                                        SHA1:92DB10274E7173E4340D79AE49203E4DA15457E0
                                                                                                                                                                                                                                        SHA-256:83F2A7D1FF466EA1C15CDECB9AC5DA1C4F78BC4DD7A147BFFB4E35772802AAAD
                                                                                                                                                                                                                                        SHA-512:33A7B675592604FF2F81A39291296D13B22F72021FD39145CFFE440D9B95C6736E2D5220318749A84A84C9DF99C71566442932D7551627658A7A9718EC8C43B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite da budete u prednosti u odnosu na pretnje uz dodatnu za.titu pretrage?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda.",.. SEARCH_TOAST_DONE: "Gotovo"..}..//9C767C13579F4E41DCD8AAD10354163256025D4A9965F9ECFCDEED03A4D2AC4181956EB0BB80BA222F2CEB79AF6E932DF013092F5B7506D72940937EBB264C50++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):574
                                                                                                                                                                                                                                        Entropy (8bit):5.656193529966936
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7Hmg2AbjgZyDzL0HD4WkdhPN4McUQ4N94ij8rcaiMaR4k:7H7DbEgLLdVWMHN94i1zMaGk
                                                                                                                                                                                                                                        MD5:ABB3570408090273D58C16C7F0C37D04
                                                                                                                                                                                                                                        SHA1:393ED1E745BF4E7CBFD43FA441942C35BF88C784
                                                                                                                                                                                                                                        SHA-256:851ED7CEC35E54546D2E7DCB2C1C1BA280DFBB574169413200B3D8DC34515F1D
                                                                                                                                                                                                                                        SHA-512:CC8EBA97042FF47A27D64030799446DBBEBF21F673B4194A8F1860AE6DFE67A0C36B8355DC7E8FB712B7FACF4F1714195F97D864F3CF87165717C8E83C68F7F5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vill du vara steget f.re hoten med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart"..}..//BFBBBD136797651813E4C430C2217150E46D175F8975DFB1B4F535C5D7DF17C6A4A23A5AFB071CAE81F61657A5BFEA79B9906888B0218E3EE59042D7D281685F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):589
                                                                                                                                                                                                                                        Entropy (8bit):5.606762960214377
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7H0i4Hb00hCdh29T1pGQMlwrX96UOZ+kqTR9Tcb4RGCkg3:7Hl4phCdA6VlwLM+kaFG9g
                                                                                                                                                                                                                                        MD5:A65E712C257DEE8A4DD5C0EF6864D31D
                                                                                                                                                                                                                                        SHA1:F9D138FBFCD39A8355C5A60DD50079CF76F39DE0
                                                                                                                                                                                                                                        SHA-256:04EF1F102ED7974F4A2EF0247CF88EAD521DFDF3F3BB689E407595D0C702D738
                                                                                                                                                                                                                                        SHA-512:0498E715C337DA177B9DF4AC6906BD778F0F275BB312C34F9E1A890E8E56D4E1FD753A2FCADB2C9EBD438F783D4EA32ACD865241955D8CD7A30838168FFB7DC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Ek arama korumas. ile tehditlerin bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti"..}..//D589DDEEB55F9559E239A9ED134F9096E8FEEC57684ECFDA784F957625B2480CF5E0C9BFB82A81BE7239A848E89EA690EC4B7C98943C1C3290FB0848E01E15F0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):547
                                                                                                                                                                                                                                        Entropy (8bit):6.228975522871746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HshRETCqdh2fDviKYE4aCeynRbWOSmKUd33g:7HshVqd8rviKYEzP0lp33w
                                                                                                                                                                                                                                        MD5:CBCED1858B943CD6B0EA3B816BCD2AC2
                                                                                                                                                                                                                                        SHA1:DEC0F008AA5B588FB35FB41BC2D7C2220BF27D4C
                                                                                                                                                                                                                                        SHA-256:B503A1BDB90D6255FF7A89939DE37D84397DADF7B52A5E9D40E249268C8E0F67
                                                                                                                                                                                                                                        SHA-512:9BE508CAAC1078552882F4221774BA0F39D331FB34B359128B0D321077B19348CA0DF9D22E358AE45E6EBE48A7E1E076E2BF7AC6220C2AEA8A2926C4EA5A7C9A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: "...................... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".....................?",.. SEARCH_TOAST_OPTION: "...............",.. SEARCH_TOAST_DONE: ".."..}..//316AE60E0488780F042FC4309E60B287030A1A0209F6585F0348E0031AEED4AA31F0F3BB33262333921F6E22929BF3EF4DDC6B1BD0867593AFFC1F8D988FAFB7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):555
                                                                                                                                                                                                                                        Entropy (8bit):6.210202655573197
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7HamgrADLhZINcBjdhVfDaCBasqeDIYeONqgU46GbVgh2Ks:7Ha/cDtZINSdfrtarphWqgUPGx3Ks
                                                                                                                                                                                                                                        MD5:69BA8E176C989CF63F5868EFC6D60583
                                                                                                                                                                                                                                        SHA1:760A2B2A1AFB9A787EA594963EFBB6EF463015BB
                                                                                                                                                                                                                                        SHA-256:7BC8902B73397E412E6B48157E452F2FE9359FB9ED3CD75988DE7450E9A6D262
                                                                                                                                                                                                                                        SHA-512:A2E6B4C3581E72649E9D85202907BB02A618B32D0FB5CEA1DE95BA635B4B6D3101E9297BB715D8903656C48165737B48851E9A78CA917F4827F11FA31ED0A4B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... - ...",.. SEARCH_TOAST_SUB_HEADING: "........................{0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "......................",.. SEARCH_TOAST_OPTION: "..................",.. SEARCH_TOAST_DONE: ".."..}..//F2BE7A879948665A8E01EAF50BDE423B2C9C0C2155BE544D3E12B8E54845406A4383CFA4D27EFA8FE29C840AB190939228DAD1D6D1307F7234B103B3F4482F97++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6977
                                                                                                                                                                                                                                        Entropy (8bit):5.347951072814867
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CGsKDNR4J7qXQBLHEtvJd89CuvJd29Fx7sXYld4+e:CoDNR4x+tvJd89CuvJdMDwXcd4+e
                                                                                                                                                                                                                                        MD5:33C136FEDB051E72CC1E0F341E20C83A
                                                                                                                                                                                                                                        SHA1:4048CC5C378E1BD19BCC70F3FB3FDD3A72BF16D4
                                                                                                                                                                                                                                        SHA-256:B50F2AE22798F6A2FCFBA0C663DAEFB1000C42E0E9DA3BB103A0DC24316381CF
                                                                                                                                                                                                                                        SHA-512:4B512436C4E1B07E45B8B31A238D397E47A2A0C17F68E4803898AB008D5AC58AD0A12D1EBCC3FD0743FAF69D3D05022B5D80C0D369647F7F47B592810EBE5B3E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Quer ficar longe de pessoas mal-intencionadas com prote..o de pesquisa extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "A pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Gostaria de adicionar a pesquisa segura e se antecipar aos criminosos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu navegador e alterar minha pesquisa padr.o para {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7070
                                                                                                                                                                                                                                        Entropy (8bit):5.355743915783795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Chka9ILBeycgfmtmud0l9zEYmud0lkVHed0g57c2:ChknLBeycgmtm5PmqHypc2
                                                                                                                                                                                                                                        MD5:0AE21E93E4644B94CB8DBFCE43CFE098
                                                                                                                                                                                                                                        SHA1:70C1125A119ACF2FE8DD547D1101E2AED81DF488
                                                                                                                                                                                                                                        SHA-256:255AB312FBA977F99D15C206B957429911382FE0649B5EEA7AD8B8C6201385B6
                                                                                                                                                                                                                                        SHA-512:9346A3D53DF0B9AE370C1F481EF833AED8BF9C36E5C862695A492E1001D23624E5CC330AE151E2FE78E6E8F12E87865FED9686209DD95AD06BA5A2340DD17031
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Pretende evitar os utilizadores mal intencionados com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "N.o tem a pesquisa segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Pretende adicionar a pesquisa segura e antecipar-se aos malfeitores?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu browser e alterar a minha pesquisa predefinida para {0}.", // {0} SEARCH_TOAST_*.. SEARC

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (309), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10279
                                                                                                                                                                                                                                        Entropy (8bit):5.118506357193327
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CDxFR6OsBNVZPV/y/Vm1R1ut52Gu5U0DLTDGga:CDxFR9I1yI1R1utQGuV5a
                                                                                                                                                                                                                                        MD5:6CD0D44F69035CBB670938380BF2605B
                                                                                                                                                                                                                                        SHA1:31DEC9449977978233851AE1BDB0B1C4E46EFACE
                                                                                                                                                                                                                                        SHA-256:F0EE32305174CF76CA70D872EA7D37D8E629A22DBB8D76331141D3ED33C4E1E8
                                                                                                                                                                                                                                        SHA-512:C578E204BFCBED9E12959612FFB4AEC6966A09B8DA371331722929EFF5A2261396160F76C393BD670037BF797AE8DDB7CBA2715FAA0737E81E93ED1BE5FF2566
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... .......",.. SEARCH_TOAST_BODY_TEXT: "...... .......... .. ............... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......",.. SEARCH_TOAST_HEADING_COMPLIANT: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......... ..... .. ........ ... ..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7406
                                                                                                                                                                                                                                        Entropy (8bit):5.695401371316783
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CgGE6x3pVIczmqoU5t9gga9BC9ge4rShI+:CgGE6vH6XU5t9gga9BC9grSO+
                                                                                                                                                                                                                                        MD5:41BAE1971FAA8CD5A9EF1905BC67EEF1
                                                                                                                                                                                                                                        SHA1:9038C11A30AD4B4A188BF2CC5E73AECD6B237340
                                                                                                                                                                                                                                        SHA-256:AED1ECCA31434ACEB8155D48AD0563AB42ABDBDBC687226CA4381F85D125E7AF
                                                                                                                                                                                                                                        SHA-512:A619F88F233ACE020373E3568FDA6FF37F19647344850CC7FEFE0FF0ABC84A03B3A1E9D8DA68437EC4391C85705503A40FE10AB7CA9CA5AEB0002BFEA9465EFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete ma. n.skok pred .to.n.kmi v.aka dodato.nej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, po re.tartovan. prehliada.a zapn.. slu.bu Zabezpe.en. vyh.ad.vanie.",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te zabezpe.en. vyh.ad.vanie . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete prida. zabezpe.en. vyh.ad.vanie a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".no, prida. zabezpe.en.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6881
                                                                                                                                                                                                                                        Entropy (8bit):5.510938385141793
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CDvPQbt+oOuDdY9XXHci4ERt9UFE+fa9f+i9UFED9FV77GewuWZv9zl:Cj8at9UF89/9UF+TWZv9h
                                                                                                                                                                                                                                        MD5:E1846247A5FA71788D1C7F2B2ADD5381
                                                                                                                                                                                                                                        SHA1:A95E77CC002BDF89646B160EA87E9C9E7863D201
                                                                                                                                                                                                                                        SHA-256:A14932E1CFDDB7188F31F7567521B6EBE388F8E09DC8362875AA66A7038DDB1E
                                                                                                                                                                                                                                        SHA-512:D3076D6B6444B2B4FBD3EDC363EECE09AAD0A898DCB6742DC656409653D2F558ED188414021A03CB36013D37E454DC1D4E8BD2CFFD2EED88EEBB48124C446175
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite da budete u prednosti u odnosu na .lo.e momke. uz dodatnu za.titu za pretragu?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda..",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati bezbedna pretraga i ostanite napred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodajte bezbedna pretraga u moj pregleda. i promenite podrazumevanu pretragu na {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENG

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6625
                                                                                                                                                                                                                                        Entropy (8bit):5.492009405699846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CPWmMbkZdHSzoz9jp2rqntY25Sfs99FGlTuBLz704oH30wBSt:CwbkOEtJ5SfsTzpEkw0t
                                                                                                                                                                                                                                        MD5:B1DF6BA791BCF053C1E0AD87F92D6429
                                                                                                                                                                                                                                        SHA1:44EC6FA81A573B48E8FBD250D3C58B0A2BFE13B9
                                                                                                                                                                                                                                        SHA-256:C688A7798F7DC757CE014FCB424FB1AEF331151C47A1FA76415E6E773006E7D6
                                                                                                                                                                                                                                        SHA-512:BEA76AA5016602D3415F31E6D0EC092355BCD94BDC86F95D033D4B51173D63D78F95835AC260F017C4959C114A035A5E62A1479BB8D6F80CAD27FBAD94CB2969
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du vara steget f.re skurkarna med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vill du l.gga till s.ker s.kning f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, l.gg till s.ker s.kning till webbl.saren och .ndra standards.kningen till {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHO

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6975
                                                                                                                                                                                                                                        Entropy (8bit):5.543613821188072
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CcHgbQsEEkAWex0JFMRhtSgyLyowlSgB9FerI7ur22yp98fx:Ci6hMJF6t1yLyt13wrnr9yp9gx
                                                                                                                                                                                                                                        MD5:2237C3E41136D6667C86DF571EE6C3A2
                                                                                                                                                                                                                                        SHA1:1150F1647DF304C112B5E890AA461D183835A0B9
                                                                                                                                                                                                                                        SHA-256:E4B50C4D2B1DB7ECB550B60D60A6F76E483BA2BB198BF0F89819F88A6A1E1479
                                                                                                                                                                                                                                        SHA-512:394D59F662146F8EAA5EE927F1F198EA1589E04F4B3923F57C3AF698ADE0D4B769B57C3C13C20E0B65B8D956FDF5A348ED113C2D5DD310F2800A0A8F8EEE4A95
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "Ek arama korumas. ile k.t. adamlar.n bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti",.. SEARCH_TOAST_HEADING_COMPLIANT: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "G.venli Arama'y. ekleyerek k.t. niyetli ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Evet, G.venli Arama'y. taray.c.ma ekle ve varsay.lan aramam. {0} olarak de.i.tir.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing"

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6330
                                                                                                                                                                                                                                        Entropy (8bit):6.34518050109868
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CUk5RhhRDj8mxeX+lE8D9VkbXtK6XKS9FgXap7B0CR:Ch/LxeXqEsGtBX/Dp9LR
                                                                                                                                                                                                                                        MD5:419C578A530B1B4966EF11B32DF36B11
                                                                                                                                                                                                                                        SHA1:048089BD7CB1B31C9B242BFA389A31C99EF70902
                                                                                                                                                                                                                                        SHA-256:B91612028487C1933A0B801B0356C53413668B76BE4C7B73A3062FA863E12BCB
                                                                                                                                                                                                                                        SHA-512:722896D3724529FC9FB088CD4F84422593156C37B65E5B977DCED409410A5FFD4842018416A2C663E6CD8274164043477DE22C79DB29FE7F3A80D26EDD2388E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: ".....................",.. SEARCH_TOAST_BODY_TEXT: ".......................?",.. SEARCH_TOAST_OPTION: "................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "......... . .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".......................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6347
                                                                                                                                                                                                                                        Entropy (8bit):6.328128090918464
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:CGhla0tPlgm6w6KdmnPZ1cSDGFtMDjNOWMDjB9FEKrYimnKF:Ci7dgtOfSStMPNOWMP3wimnKF
                                                                                                                                                                                                                                        MD5:743BF2EB32E6F51BD5749DB7D268277B
                                                                                                                                                                                                                                        SHA1:74C1AF92AED7076AFC0970A3AC635F870BDFA10D
                                                                                                                                                                                                                                        SHA-256:BAB19E8216CD37737812299E8AC4F1EA3B4C58A73EA58E5156F88B8C0E8E15F1
                                                                                                                                                                                                                                        SHA-512:AB9660436E41ADEEF4685F8C0D04CE47872E9447361910B887A97A3F7C8A80D5C111A9675D5AD7DF68CE75A054727DC00F7BB2D4B968B6546ECD55DABF3F1E11
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "....... . ...",.. SEARCH_TOAST_SUB_HEADING: ".......................",.. SEARCH_TOAST_BODY_TEXT: "........................",.. SEARCH_TOAST_OPTION: "...................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "....... . ...",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................",.. SEARCH_TOAST_OPTION_COMPLIANT: "........................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2562
                                                                                                                                                                                                                                        Entropy (8bit):5.693216924518234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UjbcgNu0dSJUGlJ6qfveziXpAlJ2bRQmC3ptQfMmIm42wudadOlOfm92Nokz2nzz:UjbcgNurGGlJRemXalKRQmgpt4MmImi8
                                                                                                                                                                                                                                        MD5:C7F4A6357698ECE30D8826CF600D9F57
                                                                                                                                                                                                                                        SHA1:33D9ED01A3ACBCA4DEFEB8A20EAE84D534E13094
                                                                                                                                                                                                                                        SHA-256:2CFB13FA4C5768005F332140DA8BC866BF5FC26F475B8BB9911C3EA416DA8E99
                                                                                                                                                                                                                                        SHA-512:EB174047C1CD7BD62618FA30E7612CB5E852402CCED7159E5D79B5C0A2A83492450AF778A6EAD1B9A7F3FBD7BA6A0B220F71D3372EFE953AAEFB514A182A30DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odinstalaci nelze pokra.ovat, dokud nebudou zav.ena v.echna okna prohl..e.e.<br/>Kliknut.m na tla..tko OK automaticky zav.ete v.echna okna prohl..e.e. Kliknut.m na tla..tko Zru.it tuto akci zru..te.",.. ADMIN_WARNING: "Aplikaci {0} nebylo mo.n. odinstalovat, proto.e jste k po..ta.i p.ihl..eni jako u.ivatel s omezen.mi opr.vn.n.mi. P.ihlaste se jako spr.vce syst.mu Windows a zkuste to znovu.",.. KEEP_FREE_PROTECTION: "Ponechat funkci Ochrana p.i proch.zen. internetu",.. NO_THANKS_UNINSTALL: "Ne, d.kuji. Chci ji odinstalovat",.. CANCEL: "Zru.it",.. NO_THANKS: "Ne, d.kuji",.. SURE: "Samoz.ejm.",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Odinstalace aplikace {0} prob.hla .sp..n..",.. SURVEY_OFFER: "R.di bychom znali v.. n.zor. Pora.te n.m, jak m..eme tento produkt je.t. vylep.it.",.. SORRY_TO_GO: "Je n.m l.to, .e jste si aplikaci nenechali.",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2321
                                                                                                                                                                                                                                        Entropy (8bit):5.413111714037938
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:U9XpCmXa0Roqce7Coh4C3zOur+BYHexiAWFY502OUhMYI5Lp6+ZaKJq4U3xi:U9XpbXaUz3x+BYWivW0uinhEaq4U3xi
                                                                                                                                                                                                                                        MD5:FA058A79432385F0F1CA487015C4ABD5
                                                                                                                                                                                                                                        SHA1:159CB0A4261B72B87C09E93063E62400B19D85A3
                                                                                                                                                                                                                                        SHA-256:C1FBDD582112E398D63E4475798B67FB576EEFC1B8E86151C8480991BE26B6AE
                                                                                                                                                                                                                                        SHA-512:EC8B5A8EE8A2A237BC3ADD0BE13D86FF9B89B75586EE9F3CDA0BD4F100DCBB8FEBD5046E2BAAC2C392886F165DCB0CCC7EE8244B00844AF0203DC85669EE4907
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Lukke alle browservinduer for at forts.tte med at afinstallere softwaren.<br/>Tryk p. OK for at lukke alle browservinduer automatisk eller p. Annuller for at afbryde.",.. ADMIN_WARNING: "Du kan ikke afinstallere {0}, da du er logget p. computeren som begr.nset bruger. Log p. som Windows-administrator, og pr.v igen.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelsen",.. NO_THANKS_UNINSTALL: "Nej tak, afinstaller den bare",.. CANCEL: "Annuller",.. NO_THANKS: "Nej tak",.. SURE: "Selvf.lgelig",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Afinstallationen af {0} er f.rdig.",.. SURVEY_OFFER: "Vi vil gerne h.re din mening. Hvordan kan vi efter din mening g.re dette produkt endnu bedre?",.. SORRY_TO_GO: "Vi er kede af, at du forlader os.",.. UNINSTALLING: "Softwaren afinstalleres ...",.. START_HEADER: "Vent! Vil vil savne dig, hvis du afinstallerer",.. START_SUB_HEADER: "Og du vil ogs. savne all

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2527
                                                                                                                                                                                                                                        Entropy (8bit):5.382106839424675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UYDdXJ6UXJbcC87UQT9zw/eCJlgf0IyYuYL16OhrHAoKKmJvDkoKT:UydXTXOs6fIYXLhgokkoC
                                                                                                                                                                                                                                        MD5:D218F3EA4FB5552D213BC3FBB974A789
                                                                                                                                                                                                                                        SHA1:FF4236337E7C8D978F609D8861491DD225A91880
                                                                                                                                                                                                                                        SHA-256:9D91E00909533ED832E1DDF31191B837DBD6CDAC5B6F5D42A639A81D2BB7F861
                                                                                                                                                                                                                                        SHA-512:EC62DCF7C4BEE2612114B36897EB03A530584738A229F2463A9862E54287F9B730548F5241DC247BE7F28E3799CD008E4D40E1AC66F037E393913FCFD20F8429
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Die Deinstallation kann erst fortgesetzt werden, nachdem alle Browser-Fenster geschlossen wurden.<br/>Klicken Sie auf 'OK', um alle Browser-Fenster automatisch zu schlie.en, oder klicken Sie zum Beenden auf 'Abbrechen'.",.. ADMIN_WARNING: "Sie k.nnen {0} nicht deinstallieren, da Sie bei Ihrem Computer als Benutzer mit eingeschr.nkten Rechten angemeldet sind. Melden Sie sich als Windows-Administrator an, und versuchen Sie es erneut.",.. KEEP_FREE_PROTECTION: "Web-Schutz behalten",.. NO_THANKS_UNINSTALL: "Nein danke, bitte deinstallieren",.. CANCEL: "Abbrechen",.. NO_THANKS: "Nein danke",.. SURE: "Sicher",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Die Deinstallation von {0} wurde erfolgreich beendet.",.. SURVEY_OFFER: "Wir freuen uns, von Ihnen zu h.ren. K.nnen Sie uns mitteilen, wie wir dieses Produkt noch verbessern k.nnen?",.. SORRY_TO_GO: "Schade, dass Sie unser Produkt nicht mehr verwenden m.cht

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4045
                                                                                                                                                                                                                                        Entropy (8bit):5.016975341785504
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:U4iYsFeBkg78VLgPHKM6V6WaLq/tit7lO7Tx:U4iiam8hgPj6V6W0q/titcB
                                                                                                                                                                                                                                        MD5:C5CA5DD123E53490FAE55F29C415E06C
                                                                                                                                                                                                                                        SHA1:C628E959210BFB0943C62E06E5E744B898F3B23A
                                                                                                                                                                                                                                        SHA-256:0DCED8524AAA1ECA4321C7DDA73110D817959C1CA5A48F01CC4A8224898725CF
                                                                                                                                                                                                                                        SHA-512:0907D60D3C56EB98564DF48D5B57363546BCDB5E6F41BD9C61BF469279CAA7725628840790615A662D25E683814727201F18CBB43FFE45E3D4E86680C4E33245
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ". ......... ............ ... ...... .. .......... .. ... ........ ... .. ........ ... ............ ...........<br/>....... OK ... .. ........ ........ ... .. ........ ... ............ .......... . ....... ....... ... .........",.. ADMIN_WARNING: "... ........ .. ........... ... ........... ... {0} ..... ..... ........ .... .......... ... .. ....... .. ............ ........... .......... .. ............ ... Windows ... ......... .....",.. KEEP_FREE_PROTECTION: "......... ... .......... Web",.. NO_THANKS_UNINSTALL: "... ........., ..... ..........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2170
                                                                                                                                                                                                                                        Entropy (8bit):5.395289459153673
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UawX1F1LVSHccWK2aFe3ymc9oqTLvmLtwbvORLxe/p:UxXfhQpe3ymco0uLtRLxex
                                                                                                                                                                                                                                        MD5:0B828BE10AFEA9960874C99F12DC7418
                                                                                                                                                                                                                                        SHA1:584DB88DB13FC7E2B82AB9A91878C1FA89DD8499
                                                                                                                                                                                                                                        SHA-256:CA2D94433B4DDFD80F3FFB26FCD687D1ACD1ACA5ECB75436347A436449B3AB17
                                                                                                                                                                                                                                        SHA-512:CF77610682A284C18B38BA7FDE6C975B7195434D72D0F66990B516EEF28C9A7BF4E936E0D5D3BAA93062EF52BF2730B56E56D39E98CE71625C3232B20469C8DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Uninstallation cannot continue unless all browser windows are closed.<br/>Press Ok to automatically close all browser windows, or Cancel to abort.",.. ADMIN_WARNING: "You can't uninstall {0} because you're logged in to your computer as a Limited User. Please log in as a Windows Administrator, and try again.",.. KEEP_FREE_PROTECTION: "Keep web protection",.. NO_THANKS_UNINSTALL: "No thanks, just uninstall it",.. CANCEL: "Cancel",.. NO_THANKS: "No thanks",.. SURE: "Sure",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "You've successfully uninstalled {0}.",.. SURVEY_OFFER: "We want to hear from you. Can you share your thoughts on how to make this product even better?",.. SORRY_TO_GO: "We're sorry to see you go.",.. UNINSTALLING: "Uninstalling your software now...",.. START_HEADER: "Wait! If you uninstall, we'll miss you",.. START_SUB_HEADER: "And you'll miss all the good we do, like:",.. WE_SCANNED: "

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2342
                                                                                                                                                                                                                                        Entropy (8bit):5.366404605432002
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Uop2w+XfxK626IEkLmHVR9zgD/1jBv2a82Vj6Aux9M8KBkgnQ:UzwqfxnjVgjvv24KxS7nQ
                                                                                                                                                                                                                                        MD5:A68E1E45B723049A0B4BC7C0C6C6C2DA
                                                                                                                                                                                                                                        SHA1:416BA68C2E68E4D321AFF6659256065325D2F1F6
                                                                                                                                                                                                                                        SHA-256:45169328CAD7C4045D2FD034A08C403E3F17084F35DFF17C8B9C001C82FC5846
                                                                                                                                                                                                                                        SHA-512:5AA8A7BAEBC9C2D651441F0FBBFA29C115F1BE7B0335DDA53400E1FC12A86D634C78A3B4A0A9252B7388204DB230D9FA73FEC7E064D7385F063724EC3F9F8595
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Pulse Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para anular el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Mantener protecci.n web",.. NO_THANKS_UNINSTALL: "No, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de utilizar el producto.",.. UNINSTALLING: "Desinstalando el software...",.. START_HEADER: "Espere. Si desinstala, le echaremos de menos",.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2389
                                                                                                                                                                                                                                        Entropy (8bit):5.391934460146082
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Uo72wwXfxjn6v6IEkLX/wrN9gZ0o/0BjBfjTz2VhSZ6c9VTC0Cj40P:U/wUfxnIwancfjTpVTC0S
                                                                                                                                                                                                                                        MD5:C4828195B4501DD2009B690C5D0F2966
                                                                                                                                                                                                                                        SHA1:8E75769E86C59B31227A30FE1CEC9D69C3D55AA4
                                                                                                                                                                                                                                        SHA-256:1854299318ED7487C8CB6B822A63FE5A6F0C7A2802ECF26F6AE531E1E6719936
                                                                                                                                                                                                                                        SHA-512:CDA774F18C5442B082A76715B5DA4DB48753CA04FBEEC82F402453718F3ADE20C79BF81D689515BE89548352B01E19E1BEE9C6079EDD38EE8E7238B5C5BD2400
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Presione Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para interrumpir el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Conservar protecci.n web",.. NO_THANKS_UNINSTALL: "No, gracias, desinstalarlo",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de usar el producto.",.. UNINSTALLING: "Desinstalando el software.",.. START_HEADER: ".Espere! Si desinstala, lo ext

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2389
                                                                                                                                                                                                                                        Entropy (8bit):5.353871204604032
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UrCot/9DbtMfbzwx1kF08hjltMEwTZVyY+vRVZY2f3gvaid5:UrHmMx2BJt8TDmRVzu
                                                                                                                                                                                                                                        MD5:3DD9FC5259E4177AE74BA92E12FED761
                                                                                                                                                                                                                                        SHA1:9C65A8F5DDB3964E644D08F7571ED7C2F63F1938
                                                                                                                                                                                                                                        SHA-256:5972A2ECC6A05EF4E0D563B29C53729B6EFDC50C99D7F01258D9EA5F1DE12867
                                                                                                                                                                                                                                        SHA-512:B7C6BD53C813D2D2F6D22D7D1D67B4E62C4BED952ACC6F80F3EDF7D3A950F62408C1715A1E9FC9D4293B5AC9FC311B025117AD9081F76DE4707BD12E0100206E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Asennuksen poistamista ei voi jatkaa, jos kaikkia selainikkunoita ei suljeta.<br/>Sulje kaikki selainikkunat automaattisesti valitsemalla OK tai keskeyt. valitsemalla Peruuta.",.. ADMIN_WARNING: "Et pysty poistamaan sovelluksen {0} asennusta, sill. olet kirjautunut tietokoneeseen k.ytt.j.n., jolla on rajoitetut oikeudet. Kirjaudu Windowsin j.rjestelm.nvalvojana ja yrit. uudelleen.",.. KEEP_FREE_PROTECTION: "Jatka verkkosuojauksen k.ytt...",.. NO_THANKS_UNINSTALL: "Ei, kiitos. Poista asennus.",.. CANCEL: "Peruuta",.. NO_THANKS: "Ei kiitos",.. SURE: "OK",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} on poistettu.",.. SURVEY_OFFER: "Kuulisimme mielell.mme sinulta palautetta. Haluatko kertoa meille, miten voisimme tehd. tuotteesta viel. paremman?",.. SORRY_TO_GO: "Ik.v.., ett. et halua jatkaa tuotteen k.ytt...",.. UNINSTALLING: "Poistetaan ohjelmiston asennusta.",.. START_HEADER

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2674
                                                                                                                                                                                                                                        Entropy (8bit):5.363360543638875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UZbbplCgKbHGou9Uz0NHKVfNV7jUtmjV0fkJmTMOo8MXIHe5QXZhrgKHqeTnWpR:URbpEhDvVF5jUqckJXBIHe5scqqeTna
                                                                                                                                                                                                                                        MD5:1CB299051AEA27C2A9B2F6492055FD0D
                                                                                                                                                                                                                                        SHA1:6D5B3B30602B5B02C3DEBA7889BF6DDC511A04D4
                                                                                                                                                                                                                                        SHA-256:F99E310309FAE8E74982590FDCFDFAAE936C8260508BB9197E91B9C43557687C
                                                                                                                                                                                                                                        SHA-512:8EBA1F9B0E5E9839B753B1BE9EF19D97AB934C25150214DF0A34CD2CC1D56F7C0CE14ED8FA4560F80D5B8BBD593C075111A9CD4F1336FA726EC61714C99F593E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La d.sinstallation ne peut pas se poursuivre sans avoir ferm. toutes les fen.tres du navigateur.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur, ou sur Annuler pour abandonner.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur disposant d'un acc.s restreint. Veuillez vous connecter en tant qu'administrateur Windows, puis essayez de nouveau.",.. KEEP_FREE_PROTECTION: "Garder la protection Web",.. NO_THANKS_UNINSTALL: "Non merci, d.sinstallez-la",.. CANCEL: "Annuler",.. NO_THANKS: "Non merci",.. SURE: "Bien s.r!",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez correctement d.sinstall. {0}.",.. SURVEY_OFFER: "Nous souhaitons conna.tre votre opinion. Seriez-vous dispos. . nous dire comment nous pourrions am.liorer ce produit?",.. SORRY_TO_GO: "Nous sommes d.sol.s que vous nous quittiez.",.. UNINSTA

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2626
                                                                                                                                                                                                                                        Entropy (8bit):5.400500768428987
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UT3FlNKBwOdm79zoIuKntX3OPwnIeruBTCtnSo8sprasnmNN3bqI5b:UTVfsEtX+iIeq8XUsmNluI5b
                                                                                                                                                                                                                                        MD5:961921C236E3369D24D9811DF15CE373
                                                                                                                                                                                                                                        SHA1:C5E80EC059CB03193896DB2446666C3EE2991DD8
                                                                                                                                                                                                                                        SHA-256:36639960A6C69FB5B87065B1975B70E61B2D8D09669732968EA17F5428DA6F40
                                                                                                                                                                                                                                        SHA-512:86495F724D8BC4ACCE61A81B18104200CDAEC5388B3C35072C0C37CF002B44ECDCCA7C9F7337DC7CF9607A79140A10B80B28B2027219A0C5A79B00CA4E9F6ACA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Impossible de poursuivre la d.sinstallation tant que toutes les fen.tres du navigateur ne sont pas ferm.es.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur ou sur Annuler pour interrompre l'op.ration.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur limit. sur votre ordinateur. Connectez-vous en tant qu'administrateur Windows et recommencez.",.. KEEP_FREE_PROTECTION: "Conserver la protection web",.. NO_THANKS_UNINSTALL: "Non merci, proc.der . la d.sinstallation",.. CANCEL: "Annuler",.. NO_THANKS: "Non, merci",.. SURE: "Bien s.r",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez d.sinstall. {0}.",.. SURVEY_OFFER: "Nous serions ravis de conna.tre votre opinion. Si vous avez des id.es pour am.liorer ce produit, n'h.sitez pas . nous en faire part.",.. SORRY_TO_GO: "Nous sommes d.sol.s de vous voir p

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2390
                                                                                                                                                                                                                                        Entropy (8bit):5.439917459212257
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:U4qRJGbmxWQuD28CEnxSP+vuR4S0OaysKXXFrQR:UxiRNC83kPEu30uRWR
                                                                                                                                                                                                                                        MD5:40A746A016B07C69C965FA8DD655FE50
                                                                                                                                                                                                                                        SHA1:4545DC09B17F2FB507C32B0BB1A8E5CF8CA8AE82
                                                                                                                                                                                                                                        SHA-256:082674595DD7027E86634B6B2D7AD7A66C74C97763CCA46BE637214569FB3D9F
                                                                                                                                                                                                                                        SHA-512:1658DC236F57840BCE736C1C6BF3BF75C7E21F89620BCBE98842B6BF5009DAE2FB4004A4FB46595D0EF15FA6E907ACB2CDF9D866407211BEF0D1811F613D675D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Deinstalaciju nije mogu.e nastaviti ako svi prozori preglednika nisu zatvoreni.<br/>Kliknite na U redu da biste automatski zatvorili sve prozore preglednika ili Odustani da biste prekinuli proces.",.. ADMIN_WARNING: "Ne mo.ete deinstalirati {0} jer ste na ra.unalo prijavljeni kao korisnik s ograni.enim ovlastima. Prijavite se kao administrator sustava Windows i poku.ajte ponovno.",.. KEEP_FREE_PROTECTION: "Zadr.i za.titu na webu",.. NO_THANKS_UNINSTALL: "Ne, hvala, samo je deinstaliraj",.. CANCEL: "Odustani",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspje.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo .uti va.e mi.ljenje. .elite li podijeliti s nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to vi.e ne.ete biti na. korisnik.",.. UNINSTALLING: "Deinstaliramo va. softver sada...",.. START_HEADER: "

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2561
                                                                                                                                                                                                                                        Entropy (8bit):5.59463320361829
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Ud/4sBMK+ZvbkFzo5lQiw9Azz8eFRHJev0Dq4aVvBQtju:Ud/PBMKN6lu9aVFR4e2lBqju
                                                                                                                                                                                                                                        MD5:2E8C48320AB0BB595B042664838DF29B
                                                                                                                                                                                                                                        SHA1:C6E964E35FA28694521912021058C2EC0E822FB7
                                                                                                                                                                                                                                        SHA-256:D2B8CF28CB3AC71428087C5AB9A050F1481654AC2AC26271681834F7EB730B74
                                                                                                                                                                                                                                        SHA-512:BC22C295D38DAC53B416B63DD897D7C706E0C391917AC03848F20A08B6E4C367E729D1301423FC491F0EC869242340A5CD07711DA317BA3B2A8425390B6C7962
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Az elt.vol.t.s csak az .sszes b.ng.sz.ablak bez.r.sa ut.n folytathat..<br/>Az OK gombot megnyomva automatikusan bez.rhatja az ablakokat, a M.gse gombbal pedig megszak.thatja a m.veletet.",.. ADMIN_WARNING: "A(z) {0} szoftver elt.vol.t.sa nem lehets.ges, mivel a sz.m.t.g.pre korl.tozott hozz.f.r.s. felhaszn.l.k.nt jelentkezett be. L.pjen be Windows-rendszergazdak.nt, majd pr.b.lja .jra.",.. KEEP_FREE_PROTECTION: "Webes v.delem meg.rz.se",.. NO_THANKS_UNINSTALL: "Nem, egyszer.en t.vol.tsa el",.. CANCEL: "M.gse",.. NO_THANKS: "K.sz.n.m, nem",.. SURE: "Rendben",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Megt.rt.nt a(z) {0} elt.vol.t.sa.",.. SURVEY_OFFER: "Sokra .rt.keln.nk a v.lem.ny.t. Megosztan. vel.nk, hogy v.lem.nye szerint hogyan tehetn.nk m.g jobb. ezt a term.ket?",.. SORRY_TO_GO: "Sajn.ljuk, hogy nem tart ig.nyt a szolg.ltat.sra.",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2426
                                                                                                                                                                                                                                        Entropy (8bit):5.322252249699027
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UUKu3r7X85X6/5Ouzl676xLqVDSdEfCXqYQ0d0ddfbOfXT:UDE/M5puk68VDcEK7vSdS/T
                                                                                                                                                                                                                                        MD5:2799E7A413493577AF9715740260F2DB
                                                                                                                                                                                                                                        SHA1:CE35828643BA3A43113E0CB704726D18110898A3
                                                                                                                                                                                                                                        SHA-256:927400B29E63585A67F8CE003945BB916E042BA43E6C0228325C5B8014F2A100
                                                                                                                                                                                                                                        SHA-512:8DEBA9EAF7EC9C54D46A08AE62E8E11859D3EB59B52C996432DD85E7085EFD62FFA76CF1DC731ED38AEEE0D894ECC8677EF01D327B91B2E42B888727346D6C64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Per procedere con la disinstallazione . necessario chiudere tutte le finestre del browser.<br/>Premi OK per chiudere automaticamente tutte le finestre del browser oppure Annulla per interrompere l'installazione.",.. ADMIN_WARNING: "Impossibile disinstallare {0} in quanto l'accesso al computer . stato effettuato come utente con restrizioni. Accedi come amministratore di Windows e riprova.",.. KEEP_FREE_PROTECTION: "Mantieni la protezione Web",.. NO_THANKS_UNINSTALL: "No grazie, disinstallala",.. CANCEL: "Annulla",.. NO_THANKS: "No, grazie",.. SURE: "Certo",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Disinstallazione di {0} riuscita.",.. SURVEY_OFFER: "Vogliamo sapere la tua opinione. Vuoi condividere la tua opinione per migliorare ancora di pi. questo prodotto?",.. SORRY_TO_GO: "Ci dispiace che tu abbia deciso di lasciarci.",.. UNINSTALLING: "Stiamo disinstallando il software...",.. START_HEADER: "

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2813
                                                                                                                                                                                                                                        Entropy (8bit):5.729912252976952
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UmgtjeIgCS7v06vDxzezcu5dbwaIVvOaaI9nCiGSGfKi4Z0YX+NrVqf:UmgtjP6r3dzevdUnkbf4ANrVqf
                                                                                                                                                                                                                                        MD5:22FCF64D1740E2D77B075D9E4E3DB489
                                                                                                                                                                                                                                        SHA1:071EDB28AD439E60012D13BDBD68D83054BE12CF
                                                                                                                                                                                                                                        SHA-256:9BDC40DB43A1DE21DEF5F12C4B69B87F9C9A51BF9D5CD93D0312E62DCDDDCDAB
                                                                                                                                                                                                                                        SHA-512:518CD3EAC38B18AE96C896E938C42994995AFF1577AD1E41BEF673BF11725F948F94C0FDC7FA09F4E424BD885A95F7254BE170D22875A129A82396FD55FEE8FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".......................................<br/>[OK] .............. ...............................[.....] .........",.. ADMIN_WARNING: "{0} .........................................Windows ............................",.. KEEP_FREE_PROTECTION: "..........",.. NO_THANKS_UNINSTALL: "....",.. CANCEL: ".....",.. NO_THANKS: "...",.. SURE: "..",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} ..................",.. SURVEY_OFFER: "...........................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2648
                                                                                                                                                                                                                                        Entropy (8bit):5.959647743731553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UJfHnXcKfYWPiQrinx8fhU5aN0jFnSBra8ABYWajyqYOAl5us3aTu:Upv2n0C5aejF4raNYdXAis+u
                                                                                                                                                                                                                                        MD5:3969E821F52E3CF3947DCCF035F8CCA1
                                                                                                                                                                                                                                        SHA1:61CE2023832D3F72E203029D4ED2960DB4CDD8E7
                                                                                                                                                                                                                                        SHA-256:C9D78042F878842821CB79E3DEA8DAF26D60BE27D753C507185AA423153B21F1
                                                                                                                                                                                                                                        SHA-512:145E95EB097E2442CEDA42ADDE7C8E878A47D9AF647DBDBB587AF946F965CB423434FA6D8BD3C7F75B6B8DEBB492C546E1CFCCF7CC4D667097B9E9ED5A2859DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".. .... .. .. ... ... ... . .....<br/>... .. .... .. .... .. ... ... .. ... .......",.. ADMIN_WARNING: "... .... .... ..... .... {0}. ... . ..... Windows .... .... . .. .......",.. KEEP_FREE_PROTECTION: ". .. ..",.. NO_THANKS_UNINSTALL: "..., .....",.. CANCEL: "..",.. NO_THANKS: "...",.. SURE: ".",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "{0}. ..... ........",.. SURVEY_OFFER: "... .... .. ..... . ... .. ... .. ... .........?",.. SORRY_TO_GO: "... ..... .... . .. .... ......",.. UNINSTALLING: "...... .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2338
                                                                                                                                                                                                                                        Entropy (8bit):5.392661368033981
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:U2AUYbOdeMb72i5iur+vrJBFJZG5biH7kFJqSCLUhS0TGpCaiSV5BXU:ULkX2G+vNBFSbiHIFCAc6SFXU
                                                                                                                                                                                                                                        MD5:ECCD14D9476AD9568A462C44AC560D38
                                                                                                                                                                                                                                        SHA1:EF4C414FC373E7503CCA2694E08210775D278898
                                                                                                                                                                                                                                        SHA-256:762C5DB534FCD652A8BE16258AEEC9A6059EFD5B73F1E22E13B3D4556DEC559F
                                                                                                                                                                                                                                        SHA-512:12FA0FDC23F3748AC6C64902C4FE6BFD62F2EAF4A3F3399A0710C4648E92EE0787303ED21E4E45F95D97B27F67B8688AC18750189948C8B04319B7948DFA3A98
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallasjonen kan ikke fortsette f.r du har lukket alle nettleservinduer.<br/>Trykk p. OK for . lukke alle vinduene automatisk eller p. Avbryt for . avbryte.",.. ADMIN_WARNING: "Du kan ikke avinstallere {0} fordi du er logget p. datamaskinen som en Begrenset bruker. Logg p. som Windows-administrator og pr.v p. nytt.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelse",.. NO_THANKS_UNINSTALL: "Nei takk, bare avinstaller det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nei takk",.. SURE: "Ja visst",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Du har avinstallert {0}.",.. SURVEY_OFFER: "Vi vil gjerne h.re fra deg. Kan du dele dine ideer om hvordan vi kan gj.re dette produktet enda bedre?",.. SORRY_TO_GO: "Det er synd at du ikke vil fortsette . bruke oss.",.. UNINSTALLING: "Vi avinstallerer programvaren n...",.. START_HEADER: "Vent! Vi vil savne deg hvis du velger . avinstallere",.. START_SUB_H

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2363
                                                                                                                                                                                                                                        Entropy (8bit):5.340284316944054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:URHXIzXIV2xo3lID6XgocC7h7kBzyNkIK+2L0LgSPGxetBt/XktFOFVQ9k:UhXOXgYGi6XgAgtIKtLeOw3Fm2
                                                                                                                                                                                                                                        MD5:6A66EE6ABAE69D09704C8465C2BE63C1
                                                                                                                                                                                                                                        SHA1:95211444BDFDE8FAFEC2DB52D78C359A3B8B3572
                                                                                                                                                                                                                                        SHA-256:67A1EAAAF6CE4CA61FC9AC9FA5B1D90C35339F423B16B1E0ADAC862722CCE264
                                                                                                                                                                                                                                        SHA-512:BC3E71D37FBDCAFC3AD5417A56E770197B9A2A44B168E0266BBB8235D7C8D576132B19616CD87A6C0DA6902DCFC7DE37EDF7F41F161E44A8274412875E60F039
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Verwijdering kan pas worden voortgezet wanneer alle browservensters zijn gesloten.<br/>Klik op OK om alle browservensters automatisch te sluiten of op Annuleren om af te breken.",.. ADMIN_WARNING: "U kunt {0} niet verwijderen, omdat u bij de computer bent aangemeld als Gebruiker met beperkte rechten. Meld u aan als Windows-beheerder en probeer het opnieuw.",.. KEEP_FREE_PROTECTION: "Webbeveiliging houden",.. NO_THANKS_UNINSTALL: "Nee, installatie verwijderen",.. CANCEL: "Annuleren",.. NO_THANKS: "Nee, bedankt",.. SURE: "Goed",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "U hebt {0} verwijderd.",.. SURVEY_OFFER: "We horen graag van u. Kunt u ons laten weten hoe dit product nog verder kan worden verbeterd?",.. SORRY_TO_GO: "Wat jammer dat u ons gaat verlaten.",.. UNINSTALLING: "Uw software wordt nu verwijderd...",.. START_HEADER: "Wacht! We zullen u missen als u de software verwijdert",.. START_SUB_HE

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2456
                                                                                                                                                                                                                                        Entropy (8bit):5.641110154707962
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Ux6l/L182ZR1tM7T4K95K19ehLvfZhKXdWjpLTLkR:U4lBXZjKWCfEeXy
                                                                                                                                                                                                                                        MD5:5B393AF12CF56BDE33BB41D5FB89ABC9
                                                                                                                                                                                                                                        SHA1:D0F13653ADADF4EBE40E951E9EA8995B818536D6
                                                                                                                                                                                                                                        SHA-256:79A9FF723429F727237AF34300009E6E98873BD2B246BE0340A3EF1278375F77
                                                                                                                                                                                                                                        SHA-512:9DA06F15BBF26B37E0A33FDDDC298B0441C50618EAEE3797F485D2DC5E025897C5DAD46D99F818E795A9663E6B157FFC8AB4E481E38C2E30C5179250D509593A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nie mo.na odinstalowa., dop.ki wszystkie okna przegl.darki nie zostan. zamkni.te.<br/>Kliknij przycisk OK, aby automatycznie zamkn.. wszystkie okna, lub przycisk Anuluj, aby przerwa. proces.",.. ADMIN_WARNING: "Nie mo.na zainstalowa. programu {0} z powodu zalogowania na komputer jako u.ytkownik z ograniczonymi uprawnieniami. Zaloguj si. jako administrator systemu Windows i spr.buj ponownie.",.. KEEP_FREE_PROTECTION: "Zachowaj ochron. w sieci Web",.. NO_THANKS_UNINSTALL: "Nie, dzi.kuj.. Odinstaluj.",.. CANCEL: "Anuluj",.. NO_THANKS: "Nie, dzi.kuj.",.. SURE: "Pewnie",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Program {0} zosta. pomy.lnie odinstalowany.",.. SURVEY_OFFER: "Chcemy pozna. Twoj. opini.. Jak mogliby.my ulepszy. nasz produkt?",.. SORRY_TO_GO: "Przykro nam, .e musimy si. rozsta..",.. UNINSTALLING: "Odinstalowujemy Twoje oprogramowanie...",.. START_HEADER: "Czekaj!

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2373
                                                                                                                                                                                                                                        Entropy (8bit):5.3991318171346725
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UHC6Unw+8DeoRMzBDzXGZ077FG/BjS7kjd6AGBhofQ1Tl:UfUdkM1zk8Bw47kjZchofQJl
                                                                                                                                                                                                                                        MD5:4F01279B1B5E8C6B27C3D7B4F82CABCC
                                                                                                                                                                                                                                        SHA1:3FB820542A717DE1600A981084C4134299816AE3
                                                                                                                                                                                                                                        SHA-256:EE4CA6BE700D57B0B591F84C6962DD5796238980EB08B990DF0109DBE85D7A2D
                                                                                                                                                                                                                                        SHA-512:DB0082517C282B99A18ECF873A6D114BEC0AA8B6A7A52A093779206A6EA47333B2BE16F7009EAE15268C3DC8B225528D0507C741FD8C72C7CE2134BAF86AFF09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "A desinstala..o poder. continuar somente se todas as janelas do navegador forem fechadas.<br/>Clique em OK para fechar todas as janelas do navegador automaticamente ou clique em Cancelar para interromper a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque voc. est. conectado ao computador como um Usu.rio Limitado. Entre como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o na Web",.. NO_THANKS_UNINSTALL: "N.o, obrigado. Desinstale o programa",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} foi desinstalado com .xito.",.. SURVEY_OFFER: "Queremos saber a sua opini.o. Deseja compartilhar suas ideias para tornar esse produto ainda melhor?",.. SORRY_TO_GO: "Lamentamos pela sua sa.da.",.. UNINSTALLING: "O seu software est. sendo desinstalado...",.. START_HEADER

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2369
                                                                                                                                                                                                                                        Entropy (8bit):5.417925556594748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UDlURTq+8ZxNHRSMMy7EVW14P9SZPkDPIjQ7AV2iEc5KQx4S:UxUOitVQsDf7FQx4S
                                                                                                                                                                                                                                        MD5:5D6C808BA667190CAD83363B2FED2E4F
                                                                                                                                                                                                                                        SHA1:774CF559EB2D70977E9EB1E4A584A9E9752FB9AC
                                                                                                                                                                                                                                        SHA-256:2D8E8EF39E746DE9D0AD7680144D600AC5F94FD0EA08467A5016BC4A1209FD50
                                                                                                                                                                                                                                        SHA-512:2E989F57B6E6DE9AAFB9111ECFBA2B7D1F12E7C361A11CCD944D8D042DAAE890742AB3109A0658A6B0C764FF39BC4D140D5B49E8F0B9240A2F39238F75C3FA90
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "N.o . poss.vel continuar com a desinstala..o sem fechar todas as janelas do browser.<br/>Prima Ok para fechar automaticamente todas as janelas do browser ou Cancelar para cancelar a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque tem sess.o iniciada no seu computador como Utilizador Limitado. Inicie sess.o como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o Web gratuita",.. NO_THANKS_UNINSTALL: "N.o, obrigado, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Desinstalou o {0} com .xito.",.. SURVEY_OFFER: "Queremos ouvir a sua opini.o. Pode enviar os seus coment.rios para tornar este produto ainda melhor?",.. SORRY_TO_GO: "Temos pena que nos deixe.",.. UNINSTALLING: "Estamos a desinstalar o software...",.. START_HEADER: "Aguarde! Se desinstalar

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3465
                                                                                                                                                                                                                                        Entropy (8bit):5.092558984060542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UxdXe3T+ZqUelORd3BZjNfGqhHmLgw0ZIsgUKacbkgmhVXAT1Wh9vr:Uxt3xPfGqhHmkwKIyK+hx1
                                                                                                                                                                                                                                        MD5:3894769DC28D30208855F94DCCFD4168
                                                                                                                                                                                                                                        SHA1:52B61C781D05EE9F318FED0832BB4D979D88D451
                                                                                                                                                                                                                                        SHA-256:B95F32AE4352B29AB360832875AC0CF56A10F399AD89A339107A07D93B48F7A3
                                                                                                                                                                                                                                        SHA-512:058679DEA3F3253F66B17D35C652A4F3C01748BFFB88E2FB58A4A67E28A4D85F63CE16A6269CC2AA7FF09B9216A962AC1EED069E57839BF070F357F0AE69B427
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "..... .......... ........, .......... ....... ... .... .........<br/>....... ...... .., ..... ............. ....... ... .... ........, .... ...... ......, ..... .......... .. .......... .........",.. ADMIN_WARNING: ".......... ....... {0}, ... ... .. ..... . ....... ... ............ . ............. ........ ....... . ....... ... ............. Windows . ......... ........",.. KEEP_FREE_PROTECTION: "......... ...-......",.. NO_THANKS_UNINSTALL: "..., ........ ....... ...-......",.. CANCEL: "......",.. NO_THANKS: "..., .......",.. SURE: "......",.. OK: "..",.. SUCCESSF

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2602
                                                                                                                                                                                                                                        Entropy (8bit):5.6764474895696155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Ujo34jWoRebkIk8Am7/fz8x9kJghJhuaO+PUi53yqUA29nsYvrOs3VkDf:UjP1Ik8AajJMaavUi5RVgsSisiDf
                                                                                                                                                                                                                                        MD5:87679CCADC27AC2AB544A58A5C65A363
                                                                                                                                                                                                                                        SHA1:45815B384616819971F803E728C16CF1952741AC
                                                                                                                                                                                                                                        SHA-256:1C56F07EFB91156997ADF137087A74F3679AFF64A9B533F31226E98599B2926B
                                                                                                                                                                                                                                        SHA-512:96C37F5B35AE6029DAB9CC0E93AE64B0E17869BD1F89A49B9DF71B3A75AF4CB596867A628F3DD4C038137A467B823321887567CA1DC4D79532DF54BB7A54956C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odin.talovan. bude mo.n. pokra.ova. a. po zavret. v.etk.ch okien prehliada.a.<br/>Ak chcete automaticky zavrie. v.etky okn. prehliada.a, kliknite na tla.idlo OK. Ak chcete odin.talovanie zru.i., kliknite na tla.idlo Zru.i..",.. ADMIN_WARNING: "Aplik.ciu {0} nem..ete odin.talova., preto.e ste sa do po..ta.a prihl.sili ako pou..vate. s obmedzen.m. Prihl.ste sa ako spr.vca syst.mu Windows a sk.ste to znova.",.. KEEP_FREE_PROTECTION: "Ponecha. ochranu pred webom",.. NO_THANKS_UNINSTALL: "Nie, .akujem, odin.talova. ju",.. CANCEL: "Zru.i.",.. NO_THANKS: "Nie, .akujem",.. SURE: "Iste",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Aplik.ciu {0} ste .spe.ne odin.talovali.",.. SURVEY_OFFER: "Radi by sme poznali v.. n.zor. M..ete sa s nami podeli. o svoje n.vrhy na zlep.enie tohto produktu?",.. SORRY_TO_GO: "Je n.m ..to, .e sa l..ime.",.. UNINSTALLIN

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2387
                                                                                                                                                                                                                                        Entropy (8bit):5.479304308903774
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Ub2RwcC6S2hGDlCEVFS/+uhRpTSQOa/YmAXXRTuALG:UiKRE8ha/HhiQ70l2
                                                                                                                                                                                                                                        MD5:8BC994D650D947D14B8661E50B8AC578
                                                                                                                                                                                                                                        SHA1:FD682BC4D14FAE29FAC6FC7DCCCA53CB0975E48D
                                                                                                                                                                                                                                        SHA-256:E4B3F8A32778F00E6D201FB6AE21845864D4A4F8940CD594FA3F7C3EC7290366
                                                                                                                                                                                                                                        SHA-512:F85224E31CA0813F50102FA1A12DA0E5784623481F119A8735925470C5F926EA80458D5348BEF02E0FC92831B78FA626639C5117ED3DCDBFEEAE29B3BC43DD6B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nije mogu.e nastaviti deinstalaciju dok se ne zatvore svi prozori pregleda.a.<br/>Kliknite na dugme .U redu. da biste automatski zatvorili sve prozore pregleda.a ili kliknite na dugme .Otka.i. da biste odustali.",.. ADMIN_WARNING: "Ne mo.ete da deinstalirate {0} zato .to ste prijavljeni na ra.unar kao ograni.eni korisnik. Prijavite se kao Windows administrator i poku.ajte ponovo.",.. KEEP_FREE_PROTECTION: "Zadr.ite Veb za.titu",.. NO_THANKS_UNINSTALL: "Ne, hvala, deinstaliraj je",.. CANCEL: "Otka.i",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspe.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo da .ujemo va.e mi.ljenje. Mo.ete li da podelite sa nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to odlazite.",.. UNINSTALLING: "Sada deinstaliramo va. softver...",.. START_HEADER: "Sa.ekajte! Ak

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2300
                                                                                                                                                                                                                                        Entropy (8bit):5.462902927462967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:U2OwbAtfP5E+Ht3zni7IL8wPt2i6W7GvCZCjXAPPeMHi2iwsuwmwO8+:ULwq7t38IfFN7JCaPeMCH45
                                                                                                                                                                                                                                        MD5:8C557CA6088724AF8E03C406F640659F
                                                                                                                                                                                                                                        SHA1:B438C82499BFE6D9221C0D66F87CC788804DC79F
                                                                                                                                                                                                                                        SHA-256:74C33F504F75C36B013A9A072DB6E9C78587F0E98713A6C5EF71F0E3008D34F2
                                                                                                                                                                                                                                        SHA-512:C1F75FAECBE4D2085281BB09558AA8FDB0CD105FA742C3CF589472908123C39703B76B2CC5709C911C74CB98D0960C265787365D167E155F24D4E17A49D27F7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallationen kan inte forts.tta f.rr.n samtliga webbl.sarf.nster .r st.ngda.<br/>Tryck p. OK f.r att st.nga alla webbl.sarf.nster automatiskt, eller p. Avbryt f.r att avbryta.",.. ADMIN_WARNING: "Du kan inte avinstallera {0} eftersom du .r inloggad p. datorn som begr.nsad anv.ndare. Logga in som Windows-administrat.r och f.rs.k igen.",.. KEEP_FREE_PROTECTION: "Beh.ll ditt webbskydd",.. NO_THANKS_UNINSTALL: "Nej tack, avinstallera det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nej tack",.. SURE: "Ja tack",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} har avinstallerats.",.. SURVEY_OFFER: "Kontakta oss g.rna. Vill du dela dina id.er om hur vi kan g.ra produkten .nnu b.ttre?",.. SORRY_TO_GO: "Vi beklagar att du l.mnar oss.",.. UNINSTALLING: "Avinstallerar programvaran nu ...",.. START_HEADER: "V.nta! Om du avinstallerar kommer vi sakna dig",.. START_SUB_HEADER: "Och v.rre

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2590
                                                                                                                                                                                                                                        Entropy (8bit):5.536665147078364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UrK+A3WqDVZRmSXdypNsXHp8QbTBtW+R+jNvSvp2DAw0kxnfcOKef3gtkSp:UW3WQyQXHpHHBw+R+x680GfF3gtvp
                                                                                                                                                                                                                                        MD5:205BAE1D8BA8E42C28F298C98E9D2EF5
                                                                                                                                                                                                                                        SHA1:C8F67089665AAFFE01025DD74628F1173053046F
                                                                                                                                                                                                                                        SHA-256:BC3844A2F492B19C46EE00BAE901D336B5B345988669C7E431B5286F945319EF
                                                                                                                                                                                                                                        SHA-512:AAFFA894122AE8CCE3C0E36E055609B171FE01470A76939CD6149BF82B9F589BF183C217AE502184E68BBFAFF285A64F96C4DFFC05A1DA8AF7647C177794A4C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "T.m taray.c. pencereleri kapat.lmadan kald.rma i.lemine devam edilemez.<br/>T.m taray.c. pencerelerini otomatik olarak kapatmak i.in Tamam'a, i.lemi iptal etmek i.in ise .ptal'e bas.n.",.. ADMIN_WARNING: "Bilgisayar.n.zda S.n.rl. Kullan.c. olarak oturum a.t...n.z i.in {0} uygulamas.n. kald.ramazs.n.z. L.tfen Windows Y.neticisi olarak oturum a..n ve yeniden deneyin.",.. KEEP_FREE_PROTECTION: "Web korumas.n. tut",.. NO_THANKS_UNINSTALL: "Hay.r, te.ekk.rler, kald.rmak istiyorum",.. CANCEL: ".ptal",.. NO_THANKS: "Hay.r, te.ekk.rler",.. SURE: "Tabii ki",.. OK: "Tamam",.. SUCCESSFULLY_UNINSTALLED: "{0} uygulamas.n. ba.ar.yla kald.rd.n.z.",.. SURVEY_OFFER: "D...ncelerinizi ..renmek isteriz. Bu .r.n. daha iyi hale getirmek i.in neler yap.labilece.ine ili.kin d...ncelerinizi bizimle payla.abilir misiniz?",.. SORRY_TO_GO: "Gitti.iniz i.in .zg.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2207
                                                                                                                                                                                                                                        Entropy (8bit):6.357021965471494
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UtM+PzEwQSBjFt9CNLX15qklwzATPXtrVV/:UPftMtFzwzUtrH/
                                                                                                                                                                                                                                        MD5:8DE85FB37CE8242DA375736AAB1AB0F4
                                                                                                                                                                                                                                        SHA1:CC768287178B9803DDB970D20A107AEE9B3B07C9
                                                                                                                                                                                                                                        SHA-256:F120A3640A56FF0CBE6F7F065C79B8D033E86218C87674CDB0AB0E17B7865FFE
                                                                                                                                                                                                                                        SHA-512:A0C2198C9EFC4F934BD7E8EE9A31EBAF3BA1F69E9161BC70B69E6F5E47B450B43FE9F3D7861115086A00F6521B12C723879A49BD0974D1D5F5064AD89E43F12A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "........................<br/>...............................",.. ADMIN_WARNING: "..... {0}.................. .. Windows .............",.. KEEP_FREE_PROTECTION: "......",.. NO_THANKS_UNINSTALL: "........",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "...... {0}.",.. SURVEY_OFFER: "........... .....................?",.. SORRY_TO_GO: "............",.. UNINSTALLING: ".........",.. START_HEADER: "...! ................",.. START_SUB_HEADER: "............

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2271
                                                                                                                                                                                                                                        Entropy (8bit):6.361740709430026
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:UtQEPQWGitIGg3V4BxFrtYqbu1bRqAO5qgggF3pA5BX5r:UCEjAqxHsG5eEpAr5
                                                                                                                                                                                                                                        MD5:6516115D820CFC9B41A2444A81452155
                                                                                                                                                                                                                                        SHA1:5771C7A798F9459E8565864978C39D52372ABA08
                                                                                                                                                                                                                                        SHA-256:91C9C1F63FA1BE2784514444C4CE06A35DCF062E6687070D9FC39C04711F32BF
                                                                                                                                                                                                                                        SHA-512:7FF2789D3568A08071CF3E9AA3A9BE515842E11ECF8066A3E82B95D7BC36A60FA5096A25128B0D55F0D74FC7C88D4BAEB4FEF448A01EAE51B36BEC346D41B95C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".........................<br/>. [..] ............... [..] ...",.. ADMIN_WARNING: "....... {0}..... [......] ....... .. Windows ..................",.. KEEP_FREE_PROTECTION: ".. Web ..",.. NO_THANKS_UNINSTALL: ".............",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "....... {0}.",.. SURVEY_OFFER: ".......... .......................",.. SORRY_TO_GO: ".................",.. UNINSTALLING: ".............",.. START_HEADER: "................",.. START_S

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.407231782531542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPHE1:Yo6KUtjVLk4t94iU3KNoT8u8akE1
                                                                                                                                                                                                                                        MD5:7AEE5069D680D8432A1FFEB2FF25A7D7
                                                                                                                                                                                                                                        SHA1:4F7C3B8661FF0AB80063101D4868A19550D16066
                                                                                                                                                                                                                                        SHA-256:642D60617D95B66A27486449EB3BDEE93E89F8F3EC53C08D06C627E1BF8524A1
                                                                                                                                                                                                                                        SHA-512:76CC5F75DC630A3F4E7F8BC0D3D913290B0DA4B77146B4B9F837E0D629C5A4D81298ABFCEB849ED0CCA98410BB8C2BB1D3442938FD0D2ED21FCD871ACED2F32C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.407348293160654
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPJHm:Yo6KUtjVLk4t94iU3KNoT8u8ayG
                                                                                                                                                                                                                                        MD5:7C8A1D2EE8136C3D9BBBA17AB4CBE4B0
                                                                                                                                                                                                                                        SHA1:07C49E34452B258C33E305364D4FC875007D0904
                                                                                                                                                                                                                                        SHA-256:A241878C56A23EB10D367E03D4BFC098FF381FBD4219554C0768D95353DE9CB7
                                                                                                                                                                                                                                        SHA-512:A403FC2B49FB473BD7928627C31E7CCF45F5403323AE40349685EEE22558079B7A327C4D71653E288AD3BB11C339643EC47859B8DB7918F652DC6F2BACAA499B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.408589049376687
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPS:Yo6KUtjVLk4t94iU3KNoT8u8af
                                                                                                                                                                                                                                        MD5:A7DE1CE03DDE1CB71EEACD9ABAEDD0A0
                                                                                                                                                                                                                                        SHA1:BE8250E96D1F230F03BCA058996C157A5AAA2A2D
                                                                                                                                                                                                                                        SHA-256:C43331052E1194608F90FD00B13C2FFF010B3FA3B0158FB96385C09D0BD91CCA
                                                                                                                                                                                                                                        SHA-512:DEAE7D7085335CEF237271053D067019E7CEA5CC3F6AD0B678291626373AAE180F025F263CD992B9E4FE5074635EEC58C174E546B268938CE583C58B1EE05BCF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.4147881915717555
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPkIM:Yo6KUtjVLk4t94iU3KNoT8u8aV
                                                                                                                                                                                                                                        MD5:3FC1B3C3340315E7B89C3566EE801024
                                                                                                                                                                                                                                        SHA1:AEA7B30655B42B595058169ABE97FD8EC065C0B0
                                                                                                                                                                                                                                        SHA-256:7141E345C5C9997A83DC8951E63C5382616DBA764A171645586BEAF7F38CBA7C
                                                                                                                                                                                                                                        SHA-512:5BB5ACCB7EAF034E72D1B2F265E6096101E187D7E37AB63F30DAEB85560DC96D6376E30FC4D3CA3E5F544EE9F454994F89DD0A99102F3DEED0E235D6124D3B35
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.415118153351878
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPiv:Yo6KUtjVLk4t94iU3KNoT8u8aNv
                                                                                                                                                                                                                                        MD5:159702A972EA4C703C297EADFB66CB68
                                                                                                                                                                                                                                        SHA1:6B5C807883783C4ED801F55FF6E0153178723DD1
                                                                                                                                                                                                                                        SHA-256:0551A3FD29DC910423B5C8F905765254FAE1ADEA29FAD3958ECC4A82962CE960
                                                                                                                                                                                                                                        SHA-512:E5B7F5A12B2927E6E3FD69CAD5759C6A09392F358826C22CE632FBC6615BEEF84F11344C93C86F804C424AC42D2997507EE2491045FD7FBA139CD73A593990F7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.412387704998021
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPM0:Yo6KUtjVLk4t94iU3KNoT8u8a90
                                                                                                                                                                                                                                        MD5:C78AC78FE88882384D4D21DB81D110E4
                                                                                                                                                                                                                                        SHA1:0F2DE11B9881900038982581547CEB71DEBC39F9
                                                                                                                                                                                                                                        SHA-256:55CF56C82691F11B23E6D6FC4CDEA1A42CB1D93FF580C2C8C0FF2EE00C989BB5
                                                                                                                                                                                                                                        SHA-512:21795B9A0D5D0E219ABF3FC2E47D05B54DFF5515759133013F49849C9B34374483140B33A7A0CFBBE9EB78DB400A78095DA0E359C638A358418DF9B643A2A116
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.415608749152867
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPftr:Yo6KUtjVLk4t94iU3KNoT8u8aQt
                                                                                                                                                                                                                                        MD5:EF1694161C568F2F62E7CDBB539F6395
                                                                                                                                                                                                                                        SHA1:CA300859DB96EC06A935EFEF0E6DF281DC506A7E
                                                                                                                                                                                                                                        SHA-256:CB59625098DDB734EF60A80934913D0CF0577FC3D2217D1EE3AF6647C5FEADC3
                                                                                                                                                                                                                                        SHA-512:63C68ACBC392DF96567DC6B3F05A01F8B3B25A8BB2E78124DE83B6E4E6D6A568B671D975405CACFE5B0A36C017348F5B24530DA770709B018D244EB857B98E47
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.410331038502083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPS2Sy:Yo6KUtjVLk4t94iU3KNoT8u8aiSy
                                                                                                                                                                                                                                        MD5:15008569E32057851EFB67F6CBCF300A
                                                                                                                                                                                                                                        SHA1:5DDA0F325901B790EF3D2ED4941F08666D77ABF6
                                                                                                                                                                                                                                        SHA-256:87B96CC95068AE4CE13F6999C4ED6E519DF5F9A29FA09D5779AEC6BE9AF9C252
                                                                                                                                                                                                                                        SHA-512:DA2C90C255F52D243F046EB756CB1709D4255B5AB87FAA765D6088DE966DEB308E326AA8D0CC724D4F32FDCEDFED1BF9DB6F423B9694221941FC458E6CEAE743
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.411184002158305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPDBw:Yo6KUtjVLk4t94iU3KNoT8u8av
                                                                                                                                                                                                                                        MD5:9DBC572429CB488C496FF6CB7271826D
                                                                                                                                                                                                                                        SHA1:E4AF7FE05DF12AB466C409FE64B7B4296FBAEBAE
                                                                                                                                                                                                                                        SHA-256:9B4A39176DB960824618B6E2BBE5BFC11ED3BDB0CA291F7099BFDD154E61DC68
                                                                                                                                                                                                                                        SHA-512:FDF8C695B7D6DFAD6385797675AD5AC07A2B9654AF88D5EAE9603640E35276E4E661E72FD242E096B51D14C57082DCA81D366E4312596ACBB23BBE1F11F34D28
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.4213991293123085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPs:Yo6KUtjVLk4t94iU3KNoT8u8ap
                                                                                                                                                                                                                                        MD5:AA0C7F3B0B8D5F6ABE0749F441637021
                                                                                                                                                                                                                                        SHA1:FB59F32EE34D092F0DD0355DB2BDD51435DD6FB2
                                                                                                                                                                                                                                        SHA-256:E8F83A9413000874A24D5B3B1FF3CC6722CADE31F5FC9D97B131F4037359C2A1
                                                                                                                                                                                                                                        SHA-512:590ADC3384B5A18E11E4AD153D65778708694F44EC74B2624D6AD831D4EB5A8ABD03BAB7E125E2330FCE6649BD40DB3FE174A80758C9F8A90ABDE1A4B71E18A1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.423847089549462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPy:Yo6KUtjVLk4t94iU3KNoT8u8az
                                                                                                                                                                                                                                        MD5:15F8785EBA56E434ADAA6BA1ADC92017
                                                                                                                                                                                                                                        SHA1:ADF2640895645019129DB5038C197C98BC1800CF
                                                                                                                                                                                                                                        SHA-256:46B7CB93032BE78DBE895D245D2061BAE61080C6C28421122D75BF2C47ACE594
                                                                                                                                                                                                                                        SHA-512:5AA7A2CECD4F66E6AA22C28E965BC2D6C889EB6ABF63805CA64F9270CB24EA781E9EB3E7C926648511D63B5B897AC2F38FAA1E22D4756729FF5BC623E5169A31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.409632553855686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPI:Yo6KUtjVLk4t94iU3KNoT8u8al
                                                                                                                                                                                                                                        MD5:6D2E586858BBDA0F2B692F6444E2747E
                                                                                                                                                                                                                                        SHA1:B61DEC9C1478C6ADBEE9F952603DA57489B8D09E
                                                                                                                                                                                                                                        SHA-256:43CEE2943DC589187D2BDDA1B0DFEE5BECD4F403F083C8543C9135DE4038F1CB
                                                                                                                                                                                                                                        SHA-512:6951332F4CD4A25E706304F4C530C071DF1ED3E4D7135D77A2B4D1009C7630F0183807B776FCEC0AD5627CDB3453D55809FAE88DF5EE1762CDE5A077C092DFB7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.416549640198606
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPhmi:Yo6KUtjVLk4t94iU3KNoT8u8aM
                                                                                                                                                                                                                                        MD5:EB0A60CEFE50F7B83DCA90F96B0B1AAD
                                                                                                                                                                                                                                        SHA1:058973EDA84144F099DA08FD62E4FD4E1B851E56
                                                                                                                                                                                                                                        SHA-256:534F45B0BEB4B9C7A8B9335E065EA69FA1612AD5BC4B6ED4CB0C2E8985D9C9CD
                                                                                                                                                                                                                                        SHA-512:BADEDCA1C8AC64A3AA96963C4E04CC6871167E19F5B99F3A558BCAD1C7B82F6892B34E9A5349499109E363080DA380667AE133EF3E0943FE833B04A6911631ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.405448779596633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP4p:Yo6KUtjVLk4t94iU3KNoT8u8aB
                                                                                                                                                                                                                                        MD5:36EA4EEAE172F5098266317B1465E4F7
                                                                                                                                                                                                                                        SHA1:46163C9C9C6F6E3F5A8BE4D0119717745EB7AB9A
                                                                                                                                                                                                                                        SHA-256:F6AD5FC9D958113DA82C9FAF84B5FBB867FCC8A319252DB65871BB0B70846863
                                                                                                                                                                                                                                        SHA-512:0039DCC13714EB142204468E21F947FCEA1E1C13C66A6E7F447FD9661DCE5F67BE2A2C0BB55EFC21318B07CA6AD3216309AD69E01F1DFEE10BC30ABBF41ECFDB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2008
                                                                                                                                                                                                                                        Entropy (8bit):5.900750435435238
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:7vzEJoY7j197RD0AQUSRrNyEimWAwHM3+i3PZOHsciY/oY7BL+svTa6vRjj:/ZYt9iAQhRwEimWQ+i3YBLztvTLRn
                                                                                                                                                                                                                                        MD5:4CB2AF03F45490709EAD4C899988D5B5
                                                                                                                                                                                                                                        SHA1:E16D5D92891852E5A045FC82AC1BF14DC7A68FC0
                                                                                                                                                                                                                                        SHA-256:2A9A030AF477D61BC9C0717501BAE9A7CA7EC181B722ABDF673DD44D285CD4AC
                                                                                                                                                                                                                                        SHA-512:180E6A5EF56F269BBD17EA2A64836419D885FB0B9425ABB1751F1A6E1FFDB4034E346995F848B1BD822F59C26E903B06821B75F8237C852ADAB8B55977E3477A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: ".. ... ... ... .... ... .. .... ....",.. UT_WSS_TOAST_TITLE_COHORT_2: "McAfee. .. .... .. ",.. UT_WSS_TOAST_TITLE_2: "... .... ... {0}.(.) .. .. ..",.. UT_WSS_TOAST_TITLE_2_STRONG: "... ..",.. UT_WSS_TOAST_DESC_1_VAR_1: "McAfee. .. ..... .... VPN, .. .. .., Premium ...... ... .. . ... ......",.. UT_WSS_TOAST_DESC_1_VAR_2: ".. . ... ... ... .. ... . .. .... ......",.. UT_WSS_TOAST_DESC_2_VAR_2: ".. McAfee. .. ...... ......",.. UT_WSS_TOAST_DESC_COHORT_2: ".. .... ... ......, .. .. .., VPN, .. .. ... ... .... ......",.. UT_WSS_BUTTON_ACCEPT: ".. ....",.. UT_WSS_BU

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.417085046687419
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP97:Yo6KUtjVLk4t94iU3KNoT8u8aw
                                                                                                                                                                                                                                        MD5:20CE71B55F517285B14EDC34ED00132D
                                                                                                                                                                                                                                        SHA1:C44ECC5DAF92ADAE35B70C61A4E7E282168217E3
                                                                                                                                                                                                                                        SHA-256:E9C90824498E1E94C46A9BDC7929F90FE8C6EDA0BA5534A4C78CE40B56A7DFB8
                                                                                                                                                                                                                                        SHA-512:58B528693146F64EDDA3F5D835B89E368D62C061023022B7E6E3175A72482B5B2A5F276F305CBFF87B43122DCDC4F9B9BC0E6F377B5BE803B5270C3E55799CC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.413316531557305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPOe97N:Yo6KUtjVLk4t94iU3KNoT8u8aps7N
                                                                                                                                                                                                                                        MD5:FE2775CA801BDDDAE9AE44C80BCD1E71
                                                                                                                                                                                                                                        SHA1:D7A2485AD2BBCA725D49E0B6D66E888A37FFD096
                                                                                                                                                                                                                                        SHA-256:B1DD4EF17C7021590C35B86502008450B3CD3B74A37528F4C83433EE0311E884
                                                                                                                                                                                                                                        SHA-512:2B415B75A7F083BAF7370B61470C61C2087126596EFD4C44C74700CB0AA9AFE7553CF57644C5D744088CB0A3BCFCA89E05C28E5FE7DF00A1E5C1B4198528057A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.415716249022304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPDPN:Yo6KUtjVLk4t94iU3KNoT8u8aYN
                                                                                                                                                                                                                                        MD5:860829C034680E0EE7A4E75626E4CAB3
                                                                                                                                                                                                                                        SHA1:0E0FF1D7243EF8EFBE9FDDE706C256A83C2BB35E
                                                                                                                                                                                                                                        SHA-256:005908710C5BDBBAD28C27D896396BF80E4367D6452C5339833BC5E4D950B071
                                                                                                                                                                                                                                        SHA-512:CB3177379973B226C77DF04AEF008751962431784E16127AD6231C4D33574C5931480E69ABB78D3AC34A288B0255F47ACE8F3331112FCF3DAD41824DC103CE16
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.415174310910745
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPKmA:Yo6KUtjVLk4t94iU3KNoT8u8anmA
                                                                                                                                                                                                                                        MD5:72C947E0C73A92D2BC88974655309D6E
                                                                                                                                                                                                                                        SHA1:0F2808CB9D2B3E24F44A368CE7B3A3FD360CB6C6
                                                                                                                                                                                                                                        SHA-256:7D073562BBAF438971344A679B6307392E76D65F5AEEACA009A5509FC866361F
                                                                                                                                                                                                                                        SHA-512:295E52FEC87D391E48535810C7FF21962729A20C8A016E3F54896105F2C201A702F4BA8DF71A28DF88643CC39D46D3D9C410BA8FA4CD99850A21D40ED989D8E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.420624429806909
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPNvwd:Yo6KUtjVLk4t94iU3KNoT8u8acQ
                                                                                                                                                                                                                                        MD5:F9C6C6CEBCCB2F131CB17C165A132489
                                                                                                                                                                                                                                        SHA1:5F63BAC92395B1FAF3D2D1CB0A9286713CE0D892
                                                                                                                                                                                                                                        SHA-256:279EDEB2587121DFB5A18D12602AD6B1E310548BF4842F04C711615FE788E597
                                                                                                                                                                                                                                        SHA-512:1DC981131B60CF532661BBA6797F99E7544CC7C1DEA582E61D8D83B6938A0A7A06979312FE47AC2C3BB4EF857ABD98550982189785CF0409C5FA3414F9527571
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.409534624525337
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPMGQ:Yo6KUtjVLk4t94iU3KNoT8u8aZGQ
                                                                                                                                                                                                                                        MD5:2261A38689D802D7D473BA0F8EAC33CC
                                                                                                                                                                                                                                        SHA1:8290929C28A215907184D85FED4F7021595FB82A
                                                                                                                                                                                                                                        SHA-256:8DBC3E995DD10F54C6AAD574794628AF5512CD6220670598DAF4EF858DB1EBA3
                                                                                                                                                                                                                                        SHA-512:0DE469E7590555475A9F15238445CA28C822478B143690F9D9C60F458478FAC939749E0803A70AC5B62FD9C371A0D1528B3F0165D817DBC4FFC1853549017AEF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.418749167344785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPvO:Yo6KUtjVLk4t94iU3KNoT8u8a/
                                                                                                                                                                                                                                        MD5:DD2AE774322D179F8647B5554EF01D07
                                                                                                                                                                                                                                        SHA1:416F325884BB7606D58CB4A2E7DE70CEEEC9AA53
                                                                                                                                                                                                                                        SHA-256:9BFCF4518B759895FD805F15172135572161D4B666BEF04F9D1C3F0434C0098F
                                                                                                                                                                                                                                        SHA-512:5BFBDFE52AD4DCE0F082D13CB9C1E52A4FF43AC7B32A844C174743BB688233F503915A551C3DE45C88647A677910530834736F1B3BEE855AC7D0506860F86AF0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.413962058959067
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPh:Yo6KUtjVLk4t94iU3KNoT8u8aY
                                                                                                                                                                                                                                        MD5:602209ECA45FDA657E8C1BEE2757E908
                                                                                                                                                                                                                                        SHA1:475F9F59F8F4463F4E1DABD65BFA20212559ED99
                                                                                                                                                                                                                                        SHA-256:8675C5C5325D6DA861C968AA3A930DD4F14CB13AD64CB998E59EF9997163BB0F
                                                                                                                                                                                                                                        SHA-512:80A17466B5B40FF00EF7E8BD2A5722522813710018D63F722518FC780652EB490B64DAEC9E2014CC6DC249B5C011EA3E7899986164602A4C6EDD525B273425B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.4168213566205035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPLb:Yo6KUtjVLk4t94iU3KNoT8u8am
                                                                                                                                                                                                                                        MD5:DAC028F697B041905405B7A55CF9B3D8
                                                                                                                                                                                                                                        SHA1:12CB2C73A13B477A4C9EF97693C981CEF70A0495
                                                                                                                                                                                                                                        SHA-256:B9B0ABF7400B5E8DA39CB3342227663EB5A1A8BA94DFBFC32743F704AD4D3165
                                                                                                                                                                                                                                        SHA-512:939B4475A827129BDA9EF2AFA9645C57E225F856EAA524ED64190B2C89AF41045A6531A8CE01F8C48163C608127A6647CCA9C266BCCEE3CF8BAF17262F17B618
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.420724091177496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPX:Yo6KUtjVLk4t94iU3KNoT8u8ae
                                                                                                                                                                                                                                        MD5:B6C3FF864D7FA9C1392D05E35C8965F2
                                                                                                                                                                                                                                        SHA1:79E32880F755537FE6D243B8AB087690695409C8
                                                                                                                                                                                                                                        SHA-256:74F5671397517563CADD82661FEB43DD7019D639DCD617E38A38C95C5E53CC2C
                                                                                                                                                                                                                                        SHA-512:5A065D1FEE2C92742FD54F686E26C1930535A797173CD8B59428DBAADB43B72EA8DC7E5AF0381217F259B89E571B2E565232528515F36B47B89478C784E450B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.413720478136642
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPwHzE:Yo6KUtjVLk4t94iU3KNoT8u8apTE
                                                                                                                                                                                                                                        MD5:A11EA2CFF5ED13CE23C922D928E501FE
                                                                                                                                                                                                                                        SHA1:C788C8D8B3F4B51CF789BFF4FE21B8FE42B64B4A
                                                                                                                                                                                                                                        SHA-256:82D40D35B004CE215E8A62432D0366815888F8DDB3AEA7D8BE64C5737ACCCF37
                                                                                                                                                                                                                                        SHA-512:88F3C3F75C4BD45591161D1B43362D2100584C9408538EBEDE48570793DDC2E169CB40498D2B44F1169BDA0B9A429218023A8B9A114AFE6E8C8E1D867FBFAF3E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3601
                                                                                                                                                                                                                                        Entropy (8bit):5.416615657180649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPeU:Yo6KUtjVLk4t94iU3KNoT8u8aFU
                                                                                                                                                                                                                                        MD5:A92FF8A341F7310AA2D53A6812AB70DD
                                                                                                                                                                                                                                        SHA1:E7B0DAB07ABCC1A033CB642A21729D3ED70CB2B3
                                                                                                                                                                                                                                        SHA-256:9E146246C4CA8CA15AB051492C7BE66EA6D839BBE3FBCBB28E77A73B57579253
                                                                                                                                                                                                                                        SHA-512:A1725D76E0CE45D2E18EDE3067D28EDCC6D7F5268C0B914D80D4EA983E9D9024AA291E68B758FC1AB83A6203BAB192A3A35EDDDB2641C7166C9424F58C001141
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1260
                                                                                                                                                                                                                                        Entropy (8bit):5.76394653464386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPy7dadSybOjRlnkggpHlnEAKETUy6fQXKb6fMocWjq1ic9I5RND:PyRaSgCLyZgfQaCMocWjeBSD
                                                                                                                                                                                                                                        MD5:F54102459770DF7B184D3F94E30BE47E
                                                                                                                                                                                                                                        SHA1:B9E5C05D6DEA1423A372AF7F6F636D25E78F2F71
                                                                                                                                                                                                                                        SHA-256:4CBF621E9656C2D933038D44F8DF11B778705CB58B44B672A3276790816C8CB7
                                                                                                                                                                                                                                        SHA-512:F045F21FA457A013126902DB74763747C9C92CE190CA887C3FEC7CC0A166CD94D16F3DBBD7738FF57A9B6DAB819C01AF7A997E9C585DC9DFA4465C3948D5C763
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.skejte aplikaci {0}",.. BANNER_RIGHT_TEXT: "Zrychlete proch.zen. internetu",.. TITLE_FIRST: "Zdr.uje v.s nep..jemn. automatick. p.ehr.v.n. vide. p.i pr.ci?",.. CONTENT_FIRST: "Proch.zejte internet rychleji pomoc. aplikace {0}. Zastav.me automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek.",.. TITLE_SECOND: "Posledn. uji.t.n. . chcete zastavit automatick. p.ehr.v.n. vide.?",.. CONTENT_SECOND: "Aplikace {0} zastav. automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek. Pokud o aplikaci Web Boost nem.te z.jem, nebudeme se znovu pt.t.",.. NO_THANKS: "Ne, d.kuji",.. YES_GET_IT: "Z.skat aplikaci Web Boost",.. LICENSE: "Licen.n. smlouva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1184
                                                                                                                                                                                                                                        Entropy (8bit):5.487491669051489
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPVdSoggneOKTDy3DHZXQTDITDy3DHM1qrjgHMf8WpK8+kd83hnc:P/SojnMDkD5+DWDkD/CMf8W7d83hnc
                                                                                                                                                                                                                                        MD5:13B2434317B0B38EF2792AB705206345
                                                                                                                                                                                                                                        SHA1:C19DC3A0557DDBC22648DB8315327DB04E49D7C4
                                                                                                                                                                                                                                        SHA-256:CBE430AD526C866792FB1879C3BA38950F6D96F0CFE143C0D55959E76CDC830D
                                                                                                                                                                                                                                        SHA-512:A20BAD1268832606FFD782F9269712B74B5B29063702B4409203F97BA48A409088EDCF1E1A5A5AE26B3CF0777548A6B99EF48D84F020179C0CDFFA833B1CE2D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hent {0}",.. BANNER_RIGHT_TEXT: "G.r browseren hurtigere",.. TITLE_FIRST: "Bliver du sinket af irriterende videoer, der afspilles automatisk?",.. CONTENT_FIRST: "Med {0} kan du surfe hurtigere p. nettet. Vi stopper automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet.",.. TITLE_SECOND: "Vi sp.rger lige for sidste gang: Vil du stoppe automatisk afspilning af videoer?",.. CONTENT_SECOND: "{0} forhindrer automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet. Hvis du ikke er interesseret i Web Boost, sp.rger vi dig ikke igen.",.. NO_THANKS: "Nej tak",.. YES_GET_IT: "Hent Web Boost",.. LICENSE: "Licensaftale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du kl

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1153
                                                                                                                                                                                                                                        Entropy (8bit):5.487386177119065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPRPcuFic3c4kEZkxQ0jwkIWDBpfCdEIfkSWFHw1H4lQ:PRkU3c4xZEjw1WLmhfBWFQNOQ
                                                                                                                                                                                                                                        MD5:E6D5A79F8479478591D19C9FD64D95E2
                                                                                                                                                                                                                                        SHA1:D6542CDD4F65FF5D7C5D674E04E97777C2EE956A
                                                                                                                                                                                                                                        SHA-256:B9C3248A92773ABA2F96541805F279991222496FAAC39D309D04062C43690398
                                                                                                                                                                                                                                        SHA-512:FBF2ECF3F1B2731AED498691441EE4BED3125252D49C985245EC8A668D38921C225586B8EC106C879F8853CD3F57A0F24D71E6D69F8C9AA17B54215D202F99B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} herunterladen",.. BANNER_RIGHT_TEXT: "Surfen beschleunigen",.. TITLE_FIRST: "Wird Ihr Browser durch st.rende automatisch wiedergegebene Videos verlangsamt?",.. CONTENT_FIRST: "Surfen Sie schneller mit {0}. Wir stoppen die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen.",.. TITLE_SECOND: "Letzte Nachfrage: M.chten Sie die automatische Wiedergabe von Videos stoppen?",.. CONTENT_SECOND: "{0} stoppt die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen. Falls Sie nicht an Web Boost interessiert sind, fragen wir nicht mehr nach.",.. NO_THANKS: "Nein danke",.. YES_GET_IT: "Web Boost herunterladen",.. LICENSE: "Lizenzvertrag",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Durch Klicken auf {0} stimmen Sie Folgendem z

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1666
                                                                                                                                                                                                                                        Entropy (8bit):5.283036706036633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPcdh0GeuxX+8PFGIPg+c8NS0I5mmiKfQOQryfRXCWkHW3Fx6bDoQ:Pah0G1+8NHc8mv46fIWkHW3FxlQ
                                                                                                                                                                                                                                        MD5:B28F08D9D120296DD7379C5B1FCE322F
                                                                                                                                                                                                                                        SHA1:8C2B2BD8B55A95CA917AB56C321F07413A2705C2
                                                                                                                                                                                                                                        SHA-256:394C322A45C33C8254E953825D51100A72F4E46C89FF9572363FFBAFDF856C07
                                                                                                                                                                                                                                        SHA-512:38EEF39D106F7BC7DF10C0AC319BDD282A6D01B6A6F2974832152777A003684645B7953E614A276B5F2FE080BED92022BE49D3C592433ADE48BF960A19254E34
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "......... .. {0}",.. BANNER_RIGHT_TEXT: ".......... ..........",.. TITLE_FIRST: "........... . .......... ........ ........... ...... ... .............. ...;",.. CONTENT_FIRST: "............ ........... .. .. {0}. .. ........... ... ........ ........... ...... ... ........... ... ......... ....",.. TITLE_SECOND: ".......... .......: ...... .. ......... ... ........ ........... ......;",.. CONTENT_SECOND: ".. {0} ......... ... ........ ........... ...... ... ........... ... ......... .... .. ... ... .......... .. .............

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1000
                                                                                                                                                                                                                                        Entropy (8bit):5.552455583118876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPSdHKCjkAyNRtOzeWaAb5LOze8WRSonGfQX0CWP9AS1Xu96:P0/nyNRtlWhb5Ll8W2fQJWPuii6
                                                                                                                                                                                                                                        MD5:131FE8225F2B28BFE00167EA3608463D
                                                                                                                                                                                                                                        SHA1:5B6B53CC8E5D7676D7D32542FCCF48C69119E7E9
                                                                                                                                                                                                                                        SHA-256:E369F35EE15A52B0E6AA0759C3B0B1785A498373D7ADCACC5025825B92BCF7CE
                                                                                                                                                                                                                                        SHA-512:D03B544505825FA6303F12CC34E8BB5B5E5A7C92B3B56095DF39496A315C66C06540C54B0A6A6E476BEB0ACEC841E011E322283A4C5BE68C9264FFCC405CF61F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Get {0}",.. BANNER_RIGHT_TEXT: "Speed up browsing",.. TITLE_FIRST: "Annoying auto-playing videos slowing you down?",.. CONTENT_FIRST: "Browse faster with {0}. We'll stop videos from auto-playing and slowing down your browsing.",.. TITLE_SECOND: "Checking one last time--want to stop auto-playing videos?",.. CONTENT_SECOND: "{0} stops videos from auto-playing and slowing down your browsing. If you're not interested in Web Boost, we won't ask again.",.. NO_THANKS: "No, thanks",.. YES_GET_IT: "Get Web Boost",.. LICENSE: "License Agreement",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "By clicking {0}, you agree to our {1} and {2}."..}..//9E99FEA1E878016010E39E6DC0DE4B424DC67639A9399F9B0643DCC646F46E2D56D344353AB38A6D83222FBA1AEC13C6B1FECD0B5B79A0290C08B9D71BF420A4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1169
                                                                                                                                                                                                                                        Entropy (8bit):5.508548537767092
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPDV7dKPMce+abJtZ5hZUsMNei5hZGSHGNf9gnW+l5wUIoMMy:PJRCMceXbJrnAeingfGWWwp
                                                                                                                                                                                                                                        MD5:579ED2FBA0194F27E0C1BC969FAC1237
                                                                                                                                                                                                                                        SHA1:4B8257DFB5F63E8F4D4E7E4EB5395ABBCF409AAB
                                                                                                                                                                                                                                        SHA-256:1EE8715394BBD8CDCEEB30BBA8F0DF8CCDCDBB7467FC058DAAC2CCA8BFD6D768
                                                                                                                                                                                                                                        SHA-512:ABA83877080BD9D71ED5685AD11271B26EA378AB22ABAB1BFCD2C7C55ECC23CFABB17810F24FEEB0F584505E0B7BDCD9A7F5B719DDB169101F5BAB9C5496FB08
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtener {0}",.. BANNER_RIGHT_TEXT: "Acelerar navegaci.n",.. TITLE_FIRST: ".Los molestos v.deos de reproducci.n autom.tica entorpecen su trabajo?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Impediremos que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet.",.. TITLE_SECOND: "Se lo preguntamos por .ltima vez: .Desea detener la reproducci.n autom.tica de v.deos?",.. CONTENT_SECOND: "{0} impide que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, ac

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1126
                                                                                                                                                                                                                                        Entropy (8bit):5.5178296478987585
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPydhtceEumJUqeJmyUe8EFXjeseZqSHGNf9gnW+l5wODrsmv/Rxe:PUhtceEumJUqePUeVtjes5fGWWw8rseG
                                                                                                                                                                                                                                        MD5:485CE525D1681CB0335635844CE2D16C
                                                                                                                                                                                                                                        SHA1:6E2AD982F5C160C70DAB9AFC14FC48F6AB3814D9
                                                                                                                                                                                                                                        SHA-256:7A1FE444633AEC47F054F4A7E92A05E09143F9B5C6F6299F78D578EF89CA6DE3
                                                                                                                                                                                                                                        SHA-512:2DB7CCA137FF04EFF48881335F16E34432328AEF38599B6FA0D6D418A92C5D944139EB8D15FFE2AF90547AF163B5C118BF0B73195F824518C83EB9F105BD80F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenga {0}",.. BANNER_RIGHT_TEXT: "Acelere la navegaci.n",.. TITLE_FIRST: ".Los molestos videos de reproducci.n autom.tica lo ralentizan?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Detenga la reproducci.n autom.tica de videos que hacen m.s lenta su navegaci.n por la web.",.. TITLE_SECOND: "Su .ltima oportunidad: .desea detener la reproducci.n autom.tica de videos?",.. CONTENT_SECOND: "{0}detiene la reproducci.n autom.tica de videos que ralentizan su navegaci.n por la web. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, acepta nuestro {1} y {2}."..}..//C2B8

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1104
                                                                                                                                                                                                                                        Entropy (8bit):5.533658820853766
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPNdI11Y5jxKjrdTcv+qjYbKjrdT7vVa6EafIWd+HqniEKa0:Pnc65jxKjJAfEbKjJPgafIWoKiEKa0
                                                                                                                                                                                                                                        MD5:A3A2F699DF89C7FFABACBBAF5E8E91EA
                                                                                                                                                                                                                                        SHA1:C4206710CD670742CBC34361E33DBA7D619A7B98
                                                                                                                                                                                                                                        SHA-256:939E01CD1C3F7F0859032FA561A2863450924D7FD0B97A39A11E19C277247310
                                                                                                                                                                                                                                        SHA-512:8B5875EFB797BBB834F2D6934FCBB5B53A3D2E518E7482D0BC66660AC50FD6A8EC716B08B91111D7429AC82525133C1D01F6F0F2C5C3EAE7B4C2E96B20CE63A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hanki {0}",.. BANNER_RIGHT_TEXT: "Nopeuta selailua",.. TITLE_FIRST: "Hidastavatko .rsytt.v.t automaattisesti k.ynnistyv.t videot menoasi?",.. CONTENT_FIRST: "{0} nopeuttaa selailua. Est. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi.",.. TITLE_SECOND: "Tarkistetaan viel. kerran . haluatko est.. automaattisesti k.ynnistyv.t videot?",.. CONTENT_SECOND: "{0} est.. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi. Jollet ole kiinnostunut Web Boostista, emme kysy asiasta uudelleen.",.. NO_THANKS: "Ei kiitos",.. YES_GET_IT: "Hanki Web Boost",.. LICENSE: "K.ytt.oikeussopimus",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kun napsautat {0}, hyv.ksyt seuraavat: {1} ja {2}."..}..//6BC0EB1C50CF3FFD4B84644E29

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1197
                                                                                                                                                                                                                                        Entropy (8bit):5.4615085428947125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPFd4FWZ8+GS85J9gUPIk6J9gU1qqKGfvW//e5Tqa:Pv4gZ8+GSYJmFJmsfvWO5ea
                                                                                                                                                                                                                                        MD5:69819CE4DC8655E86739F337A5555D75
                                                                                                                                                                                                                                        SHA1:21787FF52D6B715E237B5993DCE8666412C9255E
                                                                                                                                                                                                                                        SHA-256:B2CC919665286EE503930CFEBBB13D9E5516868A26BC3024246EB772B3CE36F9
                                                                                                                                                                                                                                        SHA-512:076D738C5CF42A4AFB8B505D34A6B90A4D560412B51547C2940FE54B8C8B6EE29BFF4D78410B92B6B1DB02538DD87C60525F11339C31C8C0674EC500D363D2E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "Votre navigation est-elle ralentie par la lecture automatique de vid.os?",.. CONTENT_FIRST: "Navigation plus rapide avec {0}. Nous bloquerons la lecture automatique des vid.os pour .viter un ralentissement de la navigation.",.. TITLE_SECOND: "Nous vous le demandons un derni.re fois.: souhaitez-vous bloquer la lecture automatique des vid.os?",.. CONTENT_SECOND: "{0} bloque la lecture automatique des vid.os pour .viter un ralentissement de la navigation. Nous ne vous sugg.rerons plus Web Boost si vous n'est pas int.ress..",.. NO_THANKS: "Non merci",.. YES_GET_IT: "Obtenir Web.Boost",.. LICENSE: "Contrat de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Avis de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "En

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1198
                                                                                                                                                                                                                                        Entropy (8bit):5.521864656488031
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPFd4n2vFhChN8zp42hBWxH+3wjq4CfjdW/kL5CQs3z:Pv4n2vbCN8V5ohCfhWMCv3z
                                                                                                                                                                                                                                        MD5:F526BBC946F3A205AA2580896B6B3EC0
                                                                                                                                                                                                                                        SHA1:EA8645820EAD666BB89DF118B1A3EAAC490B2C9C
                                                                                                                                                                                                                                        SHA-256:7F3D20629C69800A3580FB09BE734C98FCFBC3A1152A71DF8A295EAE963ECA1A
                                                                                                                                                                                                                                        SHA-512:9146CC663F313E292B48D9900296E064D3557222771A091DA4E9211AEEA013EA973175E088512C8A5CC13CCA338EF0D8DC4E3585DD2DC1363478CF21C445227C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "La lecture automatique des vid.os ralentit votre navigation.?",.. CONTENT_FIRST: "Naviguez plus rapidement gr.ce . {0}. Nous emp.cherons la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation.",.. TITLE_SECOND: "Derni.re v.rification.: vous souhaitez bloquer la lecture automatique des vid.os.?",.. CONTENT_SECOND: "{0} emp.che la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation. Si vous n'.tes pas int.ress. par Web Boost, nous ne vous demanderons plus.",.. NO_THANKS: "Non, merci",.. YES_GET_IT: "Obtenir Web Boost",.. LICENSE: "Accord de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG:

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1126
                                                                                                                                                                                                                                        Entropy (8bit):5.571215841594757
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPuddK6oPnF2h0fPnFvydoZSfgBoW7ZFr7QCk:PAoJmyh6fgBoW7ZJ7w
                                                                                                                                                                                                                                        MD5:DA2E7828EFC93D58710B8B04C7DB6B7C
                                                                                                                                                                                                                                        SHA1:E61801A70F111D824D2D37A13BA725841D3A03C9
                                                                                                                                                                                                                                        SHA-256:C9B609BB21FCB96A8CC9B43415DA4A025CF2B252084C354C3AB9492CCABC2C1D
                                                                                                                                                                                                                                        SHA-512:137FAD175ACE386426DB257CD4728A4F35B51ACB1114366D660EB51F6F06F893A2A45F604F1DE189919CFBA63F0096D8CE0D4910F47419D9B38F7C74692ED099
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiruju.e auto-igranje videozapisa koji vas usporavaju?",.. CONTENT_FIRST: "Br.e pretra.ujte pomo.u {0}. Sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Najnovija provjera - .elite zaustaviti reprodukciju videozapisa?",.. CONTENT_SECOND: "{0} sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, ne.emo vi.e pitati.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Licencni ugovor",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na gumb {0} u nastavku prihva.ate sporazum {1} i {2}."..}..//6F7F

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1214
                                                                                                                                                                                                                                        Entropy (8bit):5.6769032253660585
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPUXeUzUbI0mSCkFThSCfHPMDy7n7fn6ocWPjf50na:P6Ub06f6ocWtB
                                                                                                                                                                                                                                        MD5:14D55D48B2DAAB5D23A90A56740DB83D
                                                                                                                                                                                                                                        SHA1:06B83CD384EE32A026E0D9FA6A6DB0EE7ABFAE55
                                                                                                                                                                                                                                        SHA-256:DB9BB39DFCF5D4AC3828B61D048D8576C4EB2AA2CDB06FF31F50F74BB1D4605E
                                                                                                                                                                                                                                        SHA-512:0DD40B480A3C149006BE6180279F2580E20877A0462F57BCB30693BF1B8ADAA72B0921147E9C90CBB9C4B01EB3FC6F36EE5356EEAE1EB0415F38A529EC942D08
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "A {0} let.lt.se",.. BANNER_RIGHT_TEXT: "B.ng.sz.s felgyors.t.sa",.. TITLE_FIRST: "Bosszant., automatikusan elindul. vide.k lass.tj.k munk.j.t?",.. CONTENT_FIRST: "B.ng.sszen gyorsabban a {0} seg.ts.g.vel. Megakad.lyozzuk a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st.",.. TITLE_SECOND: "M.g egyszer megk.rdezz.k: meg szeretn. akad.lyozni a vide.k automatikus lej.tsz.s.t?",.. CONTENT_SECOND: "A {0} megakad.lyozza a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st. Ha nem .rdekli .nt a Web Boost, akkor nem k.rdezz.k meg .jra.",.. NO_THANKS: "K.sz.n.m, nem",.. YES_GET_IT: "A Web Boost let.lt.se",.. LICENSE: "Licencmeg.llapod.s",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1108
                                                                                                                                                                                                                                        Entropy (8bit):5.442339973712701
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPMd7T0JakK38gx/SS11ZuBWMfjkWFt8pMlgsb:PKX0Jah37yWMfjkWFypbsb
                                                                                                                                                                                                                                        MD5:C2D5DF9D8F15A3A2222C8FF4032B3024
                                                                                                                                                                                                                                        SHA1:C0E320D9C38FDEA60A824E7108206F9AC5AB131A
                                                                                                                                                                                                                                        SHA-256:C2B1CD64E33D247C90D81951B1EA6D2E80F691D9853D99ED30A8C79BB877AA5B
                                                                                                                                                                                                                                        SHA-512:FF51D4F261EB2B6EA7CCE2ED48BD598F6B4C1F0BFEB861D4C790F209EAB43242750D0F6D71554B6632A6B94DC7B6DA40FED3B2CA4B14506D9BEA6780341ED356
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Ottieni {0}",.. BANNER_RIGHT_TEXT: "Accelera la navigazione",.. TITLE_FIRST: "I fastidiosi video che si riproducono automaticamente ti rallentano?",.. CONTENT_FIRST: "Naviga pi. velocemente con {0}. Bloccheremo la riproduzione automatica dei video che ti rallentano la navigazione sul Web.",.. TITLE_SECOND: "Ultima verifica: vuoi bloccare la riproduzione automatica dei video?",.. CONTENT_SECOND: "{0} blocca la riproduzione automatica dei video che rallentano la navigazione sul Web. Se Web Boost non ti interessa, non te lo chiederemo pi..",.. NO_THANKS: "No, grazie",.. YES_GET_IT: "Ottieni Web Boost",.. LICENSE: "Contratto di licenza",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Facendo clic su {0}, accetti il {1} e la {2}."..}..//7DA7C0F7B5065EB5A12CA5

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1276
                                                                                                                                                                                                                                        Entropy (8bit):6.007059551298109
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cl/yRv8dFdqOdsgWOep2Ht+LRvcsvifh2AWtu8tgF/r:VyRv4dqqspnDRvbifwAWt+FT
                                                                                                                                                                                                                                        MD5:F47A7A53FD48042F80738E7AEC813386
                                                                                                                                                                                                                                        SHA1:E0DC87C2DF59BEF4EE194380D9085D13181B15A6
                                                                                                                                                                                                                                        SHA-256:6F466413BA056DF0311C2D14FDFBA8553D6E05EC20F4035DFDAA67182EF60129
                                                                                                                                                                                                                                        SHA-512:CCDE4CCDA7B18DD336DFA7FD42A154048FB582E694068C29F446D46B7E635E3463FDBF8492B69435CF003AD35E043061E956351B36692F698DE90CE87E13CE9F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: ".....&reg; .......",.. BANNER_LEFT_TEXT: "{0} .....",.. BANNER_RIGHT_TEXT: ".........",.. TITLE_FIRST: ".......................",.. CONTENT_FIRST: "{0} ......... ...............................",.. TITLE_SECOND: "...........................",.. CONTENT_SECOND: "{0} ................................. ................................",.. NO_THANKS: "...",.. YES_GET_IT: "............",.. LICENSE: "......",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "........",.. PRIVACY_URL: "http

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1251
                                                                                                                                                                                                                                        Entropy (8bit):6.064975827470784
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cxJLqkS5WCtU2htU6iiZTjfbWIYlgv5EliI:rlKi0fbWIYOxXI
                                                                                                                                                                                                                                        MD5:07B988A86B01952414B864A4D8B4C6C9
                                                                                                                                                                                                                                        SHA1:7D6AD541D19A02F9B88A326FE53E70D071FF4F45
                                                                                                                                                                                                                                        SHA-256:DF05FD881E418F72177B6D67A92A55282F401F08799841BAB2C4DB658C265E37
                                                                                                                                                                                                                                        SHA-512:34AC1B3CAA2C3CFE8CDF8B6E35C5D91B4CA1CFEF86B553344DBFE3FA40F676335DEEE1D6459C26E36AC30F44CB11F6E232D432D57D1052BB213FBA70EBCAF3C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; . .. ..",.. BANNER_LEFT_TEXT: "{0} ..",.. BANNER_RIGHT_TEXT: ".. .. ..",.. TITLE_FIRST: "... ... .. .... .. .. ... .....?",.. CONTENT_FIRST: "{0}.(.) ... .. ... ........ .... .. .... .. .. ... .... .....",.. TITLE_SECOND: "..... ........ ... .. ... .......?",.. CONTENT_SECOND: "{0}.(.) .... .... .. .... .. .. ... .... ..... . .. ... ... ..... .. .. ......",.. NO_THANKS: "...",.. YES_GET_IT: ". .. .. ..",.. LICENSE: ".... ..",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1112
                                                                                                                                                                                                                                        Entropy (8bit):5.495580321113206
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPymdI+c1iPRRj+7+yR+2nr4rtR++Moj+wnMfQwsHWpdGCIVo+h:Pyoqg5QJ/etrMojMfQPW3GzoI
                                                                                                                                                                                                                                        MD5:05309DA086E29EB352618269D79BB53C
                                                                                                                                                                                                                                        SHA1:B36EA94398C3919E03BE6FBF46950F31852E5150
                                                                                                                                                                                                                                        SHA-256:87ED48CE753A2F817AC3C973CF505FC4244BE4B8A891AD26208383FDA65AB9D0
                                                                                                                                                                                                                                        SHA-512:E1FAA43BED6FB99FFD45D54725CD8ACB4723D4402CB6E4C438AC1142FDA74C59C15FA6B0B1B8C013DACA187C3BC5CB5D45D684D7591C921DFDB1AF3EC8312A7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "F. tak i {0}",.. BANNER_RIGHT_TEXT: "F. opp farten p. nettsurfingen",.. TITLE_FIRST: "Sinkes du av irriterende automatisk avspilling av videoer?",.. CONTENT_FIRST: "F. raskere nettsurfingen med {0}. Vi stopper videoer som spilles av automatisk, slik at de ikke sinker nettsurfingen din.",.. TITLE_SECOND: "Siste sjanse . vil du stoppe automatisk avspilling av videoer?",.. CONTENT_SECOND: "{0} stopper automatisk avspilling av videoer, slik at de ikke sinker nettsurfingen din. Hvis du ikke er interessert i Web Boost, vil vi ikke sp.rre deg igjen.",.. NO_THANKS: "Nei takk",.. YES_GET_IT: "F. tak i Web Boost",.. LICENSE: "Lisensavtale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du klikker p. {0}, godtar du v.r {1} og {2}."..}..//993D6614A86BD47E19

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1206
                                                                                                                                                                                                                                        Entropy (8bit):5.441186407010889
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPMdeWjkB8UjFpXIMtRBviSqLwz4tRBviV3rEFihdEMtB2pQXbEnWtB221G++VO:PKeWniFpYMtz1qDtzsr7djPuQQWPxGbO
                                                                                                                                                                                                                                        MD5:2A58C2C85DC3440F5C3D2AE340359D00
                                                                                                                                                                                                                                        SHA1:2F9D03FBA2BC5A155511DC32978A50EEF6FB88B5
                                                                                                                                                                                                                                        SHA-256:CDE91C092362572695FEDEEBC09F432F969CAD44AB7760D5357C2A22D4E4234E
                                                                                                                                                                                                                                        SHA-512:EFA948D04DAD757300D5498C41FAE0EC38462C3C9411A438DD8B3183E6F5DA86896AA8F6482C2AAFFC72AE1B0A314CA8C8DC4445B1A6A0ACC2A68C4085DB3F8A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Download {0}",.. BANNER_RIGHT_TEXT: "Internetactiviteiten versnellen",.. TITLE_FIRST: "Trage prestaties door irritante video's die automatisch worden afgespeeld?",.. CONTENT_FIRST: "Sneller internetten met {0}. Wij voorkomen dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen.",.. TITLE_SECOND: "Weet u zeker dat u automatisch afspelen van video's wilt stoppen?",.. CONTENT_SECOND: "{0} voorkomt dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen. Als u geen interesse hebt in Web Boost, vragen we het niet meer.",.. NO_THANKS: "Nee, geen interesse",.. YES_GET_IT: "Web Boost downloaden",.. LICENSE: "Licentieovereenkomst",.. LICENSE_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. PRIVACY: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. AGREEM

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1217
                                                                                                                                                                                                                                        Entropy (8bit):5.674978904956985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPGdrelNj+8d2gQwYsklKGoTE3abMfXMGGnWjM/z9UqEW1m2j:PIrevjvd2gRcljfmWjXMj
                                                                                                                                                                                                                                        MD5:36F9D4618E56B3DF336564E691E630DA
                                                                                                                                                                                                                                        SHA1:2F90F9C1AF4A12138114FABB29A5045F90B0B016
                                                                                                                                                                                                                                        SHA-256:524B6019564E52C289063CB68EF261F7E2B959306F010AB0E0FC6E7017CDBD13
                                                                                                                                                                                                                                        SHA-512:0B8CFF2B6DF92D4E3554E350E9F3C6BF4C1113BC8CFB5C72B44179F631272C6065DC4B4DDC88443DE6786C6C7A59C6780C70B81BA7E5D3D3B790E4D3120D3306
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Pobierz produkt {0}",.. BANNER_RIGHT_TEXT: "Przyspiesz przegl.danie Internetu",.. TITLE_FIRST: "Irytuj.ce automatycznie odtwarzane filmy spowalniaj. Ci prac.?",.. CONTENT_FIRST: "Szybciej przegl.daj Internet dzi.ki programowi {0}. Powstrzymamy automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci.",.. TITLE_SECOND: "Sprawdzamy po raz ostatni . chcesz powstrzyma. filmy przed automatycznym odtwarzaniem?",.. CONTENT_SECOND: "Program {0} powstrzymuje automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci. Je.li nie interesuje Ci. program Web Boost, nie spytamy ponownie.",.. NO_THANKS: "Nie, dzi.kuj..",.. YES_GET_IT: "Pobierz program Web Boost",.. LICENSE: "Umowa licencyjna",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1162
                                                                                                                                                                                                                                        Entropy (8bit):5.519383265039112
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cP4djLetDhf8CL369L3yM03Byf9HWfOBICY2m:PmjLifLq9LCMhfBWGBIC+
                                                                                                                                                                                                                                        MD5:DC8EEF5EE3D9EB8DFDDC3DC7C7ADB5D3
                                                                                                                                                                                                                                        SHA1:91C651D7BE09D4A94AEC2DBBFC7C9A844D76A634
                                                                                                                                                                                                                                        SHA-256:5FB0CD9911D536C89A98E4CB5AB2379A4A95C5D6DF0CB1B7EBA362181A6F4D6B
                                                                                                                                                                                                                                        SHA-512:AB289CDECEB14C1744DCF2AA2427D7BB1E332C973E60009E6BF140DB80A9DDF856E4C76CFE753A757BBC641CADE6C8DEBA10B7C2015A04A9C34AD8AB8F0A2FFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenha o {0}",.. BANNER_RIGHT_TEXT: "Acelere a sua navega..o",.. TITLE_FIRST: "O v.deos irritantes de reprodu..o autom.tica est.o atrapalhando voc.?",.. CONTENT_FIRST: "Navegue mais rapidamente com {0}. Interromperemos v.deos de reprodu..o autom.tica que desaceleram sua navega..o.",.. TITLE_SECOND: "Conferindo uma .ltima vez. Deseja interromper a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "{0} interrompe v.deos de reprodu..o autom.tica que desaceleram sua navega..o. Se n.o estiver interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obtenha o Web Boost",.. LICENSE: "Contrato de Licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, voc. concorda com

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1147
                                                                                                                                                                                                                                        Entropy (8bit):5.505488488198548
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cP3dWF+fYGGxf5SQ03x6Sf9HW3XjQlaTb:Ptq+Arf5SQIbfBW3XUlG
                                                                                                                                                                                                                                        MD5:35BFBCD88C0626BC050539EBC2F1066B
                                                                                                                                                                                                                                        SHA1:31AAB037003C15CDB897B25B76F80E5DA83EB01A
                                                                                                                                                                                                                                        SHA-256:64247E718734C496B0A02FA652EE904EE5D3DDF5F980B68FACA675AC1845D00E
                                                                                                                                                                                                                                        SHA-512:148690BF7B8E5FFF6F1545973B079A37FF11CF33E2582AA82169F64EF5E223AD6D5457F2C9F5F9BE3A983A5DEEB10CBC37127373F55AEC24D58301065D666717
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obter o {0}",.. BANNER_RIGHT_TEXT: "Otimizar navega..o",.. TITLE_FIRST: "A reprodu..o autom.tica de v.deos . inc.moda e atrasa o seu trabalho?",.. CONTENT_FIRST: "Navegue mais rapidamente com o {0}. Impediremos a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o.",.. TITLE_SECOND: "Vamos confirmar mais uma vez, pretende impedir a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "O {0} impede a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o. Se n.o est. interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obter o Web Boost",.. LICENSE: "Contrato de licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, aceita o nosso {1}

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1673
                                                                                                                                                                                                                                        Entropy (8bit):5.252142407380732
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:PKgN6a39f9+sVX0Rws35BONfQrWW5SU4j:Watf9HVE2sJBDgj
                                                                                                                                                                                                                                        MD5:FDA1B470115613F7F1772E5EBCA11933
                                                                                                                                                                                                                                        SHA1:290D5C22924641E57358BDD325A3CAB3BB7B2236
                                                                                                                                                                                                                                        SHA-256:C6F6CAE5F3A6EA8E622E2E84274082AD4B073513B6E01B8D80686C1C687ABB10
                                                                                                                                                                                                                                        SHA-512:D9817406AA129ED013F031A2CF6E6EDFA2EC050ECCA818B82DC3A4EE20105CD1172CD83433F2422474B1297F636A76457DBF0D3ED1C6A96BF3C43287720416FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "........ {0}",.. BANNER_RIGHT_TEXT: "........ ........ ........ ...-......",.. TITLE_FIRST: ".......... .............. ............ ..... ...... ........?",.. CONTENT_FIRST: ".............. ...-........ ....... . ....... {0}. .. ........... .............. ............ ............, ..... ........ ........ ...-.......",.. TITLE_SECOND: "........ ....... .......... ............... ............ .....?",.. CONTENT_SECOND: "{0} ......... .............. ............ ............, ..... ........ ........ ...-....... .... ... .. .

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1171
                                                                                                                                                                                                                                        Entropy (8bit):5.764512673480726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPGd2mcJsq8vMi8zJ0+46fQXwWjel4Be5lXt:PINesPtKFfQAWjw4iXt
                                                                                                                                                                                                                                        MD5:1CC87CA40B12BCE96E8F71C5367BF3A4
                                                                                                                                                                                                                                        SHA1:27079CEC94688B007171912B8093C7B2B6311736
                                                                                                                                                                                                                                        SHA-256:43142BE02A86B7BC0D43F557C8AC52E1237702219B79C43B840E0A2F8A83D092
                                                                                                                                                                                                                                        SHA-512:0FD98CAA5722AE3167043BCA303216FAAF598F4B76A2934EC992A350E5ADE1000711E8B94AA38FC9EB13329BD14B7ADC6DAD6AAF58F99380ECD4031674532BD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.ska. produkt {0}",.. BANNER_RIGHT_TEXT: "Ur.chli. prehliadanie",.. TITLE_FIRST: "Spoma.uje v.s otravn. automatick. prehr.vanie vide.?",.. CONTENT_FIRST: "Surfujte r.chlej.ie s {0}. Zastav.me automatick. prehr.vanie vide., ktor. v.s zbyto.ne spoma.uje.",.. TITLE_SECOND: "Naposledy sa p.tame: Chcete sa zbavi. otravn.ho automatick.ho prehr.vania vide.?",.. CONTENT_SECOND: "{0} zastav. otravn. automatick. prehr.vanie vide., ktor. v.s brzd.. Ak nem.te z.ujem o Web Boost, nebudeme sa op.ta. znova.",.. NO_THANKS: "Nie, .akujem",.. YES_GET_IT: "Z.ska. Web Boost",.. LICENSE: "Licen.n. zmluva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prehl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kliknut.m na tla.idlo {0} ni..ie vyjadrujete s.hlas s

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1112
                                                                                                                                                                                                                                        Entropy (8bit):5.575374492160051
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPud3hBmY2dFwHPhtDmY2dFWoZ1fjjWxK7EXLO:PA3hBmY243mY2HfPWxKoX6
                                                                                                                                                                                                                                        MD5:0708D7C8BA2784874DC2DA7CBE63A39B
                                                                                                                                                                                                                                        SHA1:66C61A1871DC53182F0E54626489DFA5DB8E7DDA
                                                                                                                                                                                                                                        SHA-256:AE3C6A03075595051AE7DFE32FCC92C24106136681EBB6FAAD6235419E83EC10
                                                                                                                                                                                                                                        SHA-512:34D431F29579856A0E57B80A62CDAEE4D6DEF4C35949E6A87498142B3CA1B39EFD8A6E594CA81190A1257FC355E2E8C7F8E20275C8A685F62BDC01EAA945C3CB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiravajuc.e auto-video snimke koje vas usporavaju?",.. CONTENT_FIRST: "Brzo pretra.ite {0}. Spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Proveravate li poslednji put - .elite da zaustavite automatsko reprodukovanje video zapisa?",.. CONTENT_SECOND: "{0} spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, nec.emo ponovo da vas pitamo.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Ugovor o licenciranju",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na {0}, prihvatate {1} i {2}."..}..//84E25EC7A69C02D3A5

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1116
                                                                                                                                                                                                                                        Entropy (8bit):5.591204113246994
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPYodlhp2AtRW5Tm0XECCyK45Tam0XEEHh6qrTojI/HfMXGWNIqYO3EP:PYWXYAbWRmsEkTamsEEBbHYIffRWqqYh
                                                                                                                                                                                                                                        MD5:7BDA5B599B7C01A075E7BEFC7813F8D9
                                                                                                                                                                                                                                        SHA1:EA17D8D828753E4D8C447BFE2815E4C2382FE285
                                                                                                                                                                                                                                        SHA-256:086D16DBC19B63433C58DFC3B1335613F36CF0828E5809953F2514415A4837AF
                                                                                                                                                                                                                                        SHA-512:5A3B63ED3615CD93F24A28651052AE3065D958741A1100CC49EF20264CEE41C47575F02CC152F0CEED97F3E0791F6E68033CB315B0C3CF6069F0EBCCA2DF614D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "H.mta {0}",.. BANNER_RIGHT_TEXT: ".ka hastigheten p. surfandet",.. TITLE_FIRST: ".r datorn l.ngsam p. grund av st.rande automatiska videoklipp?",.. CONTENT_FIRST: "Bl.ddra snabbare med {0}. Vi stoppar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande.",.. TITLE_SECOND: "Vi fr.gar f.r sista g.ngen . vill du stoppa automatisk uppspelning av videoklipp?",.. CONTENT_SECOND: "{0} f.rhindrar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande. Vi fr.gar inte igen om du inte .r intresserad av Web Boost.",.. NO_THANKS: "Nej tack",.. YES_GET_IT: "H.mta Web Boost",.. LICENSE: "Licensavtal",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Genom att klicka p. {0} godk.nner du v.rt {1} och {2}."..}..//0A8D87FBA3E9D5

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1173
                                                                                                                                                                                                                                        Entropy (8bit):5.6776998815564585
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cP/XRGHmeqM6+bBNLefXtexcJYOEvKxUew53ksNefXtexcJ6dp7hVE9tClfs2Q+:P/XRGHmelbBFevBuv7ew53NevBS1nwOv
                                                                                                                                                                                                                                        MD5:4E56193A3297B1E9557ED39BA94AC37D
                                                                                                                                                                                                                                        SHA1:29F70D83EEB12818ABDE4F3CF11B34729DCFC238
                                                                                                                                                                                                                                        SHA-256:29E87C4E0E70CCFAA287DB987DD43C7A1E5EC11ACC9D67811C6AB1352EAEA6F0
                                                                                                                                                                                                                                        SHA-512:529DCFF15C8D845E5D5C02E1C2AE53100DCA4064CC804D53EB676F11EAC0ECC01063C92D0D33C9591E42C26EE272414C5D8CF8197DAD78DACEDA43726DCF0847
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} Uygulamas.n. Edinin",.. BANNER_RIGHT_TEXT: "Web'de gezinmeyi h.zland.r.n",.. TITLE_FIRST: "Otomatik olarak oynayan can s.k.c. videolar sizi yava.lat.yor mu?",.. CONTENT_FIRST: "{0} ile daha h.zl. g.z at.n. Otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdururuz.",.. TITLE_SECOND: "Son kez soruyoruz, videolar.n otomatik olarak oynat.lmas.n. .nlemek ister misiniz?",.. CONTENT_SECOND: "{0} otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdurur. Web Boost'la ilgilenmiyorsan.z tekrar sormayaca..z.",.. NO_THANKS: "Hay.r, te.ekk.rler",.. YES_GET_IT: "Web Boost'u Edinin",.. LICENSE: "Lisans S.zle.mesi",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "{0} d..mesine t.klayarak {1} ve {2} ko.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1062
                                                                                                                                                                                                                                        Entropy (8bit):6.419947674670556
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cyPdC/0RFVLakZxaoK4K1nfmHWMm3YEp35a59:yVC/0VLvLVSf4WMP0pa59
                                                                                                                                                                                                                                        MD5:84E101F05A1D8DFC8203992A3DDC538C
                                                                                                                                                                                                                                        SHA1:F91528105EC2C247FF1219B7C4CB9A49CCCCD08B
                                                                                                                                                                                                                                        SHA-256:A8BB08EA1EF24652E3B46FC4DB556DAF5096AA9E3FE54DDC87DDA2AD8E70525A
                                                                                                                                                                                                                                        SHA-512:AEE1CA900B85B3D1AC0BE63D88F6DE8CE50D92CA64EB2ED688866EDFDF6CB5B33AFC98C9492B1C6561C46031B98ECA4F4B566644166987C96BA3A7427CD06DA7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "...&reg; Web ..",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "......",.. TITLE_FIRST: "....................?",.. CONTENT_FIRST: ".. {0} ........ ........................",.. TITLE_SECOND: "....... - ...........?",.. CONTENT_SECOND: "{0} ...................... .... Web ...............",.. NO_THANKS: "....",.. YES_GET_IT: ".. Web ..",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0}.........{1}...{2}.."..}..//7392544C576623D176BE930552620216E5645406C01C5F6E7A7320D326DBB260F969

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1018
                                                                                                                                                                                                                                        Entropy (8bit):6.391792382062579
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6cPGdRXudZh7df/9cIDlcFesbfOKU6D8Gfg1WJ9nsUW:PIBudv5H9cIDMy9opfg1WJul
                                                                                                                                                                                                                                        MD5:3417F073D100541863A6F190EA76806D
                                                                                                                                                                                                                                        SHA1:10BE0EE88EC22B3FAF87CB33273A09B2D4708F47
                                                                                                                                                                                                                                        SHA-256:C85F6C7A5CC3A3C27834B514D29B12C951463E9A268C4C8E5066E586D9E05CF4
                                                                                                                                                                                                                                        SHA-512:7E59B4D646A5468B4B6EB9E4A72004D57BB1516E1A4D32896361777226DECF33CFD463C6218A5A1DF33A19A387A8BB2C83EA14F9BD4B04367823C894A1B1AA7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "....",.. TITLE_FIRST: "...............",.. CONTENT_FIRST: "..{0}....... .....................",.. TITLE_SECOND: ".....................",.. CONTENT_SECOND: "{0} .................. ... Web Boost ..............",.. NO_THANKS: "......",.. YES_GET_IT: ".. Web Boost",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0} ......... {1} . {2}."..}..//9AFD782E1B1F9B182C57AD02121A13AB2D4F54FD44623F2859ACE68B1E3B481CD5899C087FDDACB0F70D23236BD597B5B35214EA3DFF8B36

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-cs-CZ.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.258396992693107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+WGVEBJ:+sv+K5+CtTFCqsUz0AUoey+W3
                                                                                                                                                                                                                                        MD5:E432BCBFEAEE87385B02C9DAEC7A45E9
                                                                                                                                                                                                                                        SHA1:C9C73D49A369E3D0A4387CC1C8289781D02E26AB
                                                                                                                                                                                                                                        SHA-256:FC89B93845F3C3BDFE7E2C9FF404F609F1142AE0BB5D57CB0117292845DC8952
                                                                                                                                                                                                                                        SHA-512:A9010CD5297C8F69A08DE80FD55FC134999AC4CCF110054F663647D0FB56CE97F316A30206C086FCCB5C2746DE4568082B50B60AB4F0A72B607D1204D6F1AC54
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-da-DK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.259824917218896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+YBd:+sv+K5+CtTFCqsUz0AUoey+Ud
                                                                                                                                                                                                                                        MD5:E6EFCC58CBF3FE188B5EDFC4240FE3D5
                                                                                                                                                                                                                                        SHA1:5652ED16B3912AE1F76597242B7EB1F192CE3669
                                                                                                                                                                                                                                        SHA-256:75EB15463242D7D9B90E466DB77489E015254AD444B9F8E2308DBAC2E5263B22
                                                                                                                                                                                                                                        SHA-512:C7AEFA04D440C571443D79E03CFCA5073EEB7281CCBE63344055A3825A024E5EE5DC7213F55DAF14FB671114961EE1A74686D42C4760D27C65D9D97A8E2CC0DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-de-DE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.262808439303815
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+lahZ/:+sv+K5+CtTFCqsUz0AUoey+yt
                                                                                                                                                                                                                                        MD5:126B2664A339D6FB8760D9BC73D84B55
                                                                                                                                                                                                                                        SHA1:E2556275507C23846D9414DA062CAC4F96053FA3
                                                                                                                                                                                                                                        SHA-256:211FF910A8B682DE88F830EFB649DA450459A5F2720A8C3C257E2AE26B7FB629
                                                                                                                                                                                                                                        SHA-512:02432A45A49E9EEDE719C1080E636C46CC95DE9EBBEB9C0E721B4FE59B65730CC74BDD4C0BC97D107E18A54BBC4A6BCB056E0733002D8A49DB82761583F8B6A2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-el-GR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.250514396470622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+SI2ds:+sv+K5+CtTFCqsUz0AUoey+SIIs
                                                                                                                                                                                                                                        MD5:1BB5007EC821846E7EAAE50BEE29400B
                                                                                                                                                                                                                                        SHA1:BE0989E86A7172189636F05F1F463B3C17A3E34E
                                                                                                                                                                                                                                        SHA-256:4BD58D77C2C4F882CD43C33BC8993EBD59AC3E9AFC880AFCF4F72E33044D1D84
                                                                                                                                                                                                                                        SHA-512:947EE2282D03EA5365B267FCB0699B98592EA7551B5FBA9D889AF3AB804CC69C6E4B73E2DCCDD12FB49598C1CFCCD19B94CBC33C3D9D8903F9337C79A92B79C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-en-US.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.263656257316456
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+I:+sv+K5+CtTFCqsUz0AUoey+I
                                                                                                                                                                                                                                        MD5:1E90B6FB58BB719BF9F5CD844D034BDB
                                                                                                                                                                                                                                        SHA1:8893DB6AB509181BE7B7D2D00C784018A9ECA572
                                                                                                                                                                                                                                        SHA-256:2B1682DC92FD2C2321E4B476BE92B3304CFDADD861E3B13950ED34BB9CDD7D9C
                                                                                                                                                                                                                                        SHA-512:34233711361780DD80F1BB23C4775F579A852C0D1128D5AE70A42E4717370634C2E611BDC766CF79C80C0B8A9357044878C80E4DC390BD355FB3B2A8E99D6994
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-ES.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.2605492733783175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+CZc77:+sv+K5+CtTFCqsUz0AUoey+Cu
                                                                                                                                                                                                                                        MD5:D5422C671A29AA13C14D7592DEC8C162
                                                                                                                                                                                                                                        SHA1:6CBA757577FB01565C2C6912275CB1B8E14CB7EA
                                                                                                                                                                                                                                        SHA-256:E496D07EFDC11A97C68BBAB2C0AEDF6A6F49371386EC77E690783E18A2C43050
                                                                                                                                                                                                                                        SHA-512:7D866BD057830573242702C71F2A445EF0631512C21BBE703177E221EEF753CC20DBCA2A28290BE5CC8DC6D1EF2C8354EA5E034F2E1AB10A1C1D9FF9A59F45A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-MX.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.254703293295225
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm++XXR:+sv+K5+CtTFCqsUz0AUoey++x
                                                                                                                                                                                                                                        MD5:61653455E8DEF7888F9CB0305F75C3D3
                                                                                                                                                                                                                                        SHA1:37A83C001A4FAAF312058312E3B1E3BB5070794E
                                                                                                                                                                                                                                        SHA-256:1B6346FE64AA3AA5B572B2E1DBFF18B202E284CD1014570FFC8ADE585B302E81
                                                                                                                                                                                                                                        SHA-512:1279F29FBC0C54534E44B9AEA8AF306227FBB1F726EA296F9ED51E5D4AAFC4B02638C24614B5CD75FA1DDBC326D7B7B44868AC1365056765036ECAE5D8D7477B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fi-FI.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.254081460877839
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+UcY:+sv+K5+CtTFCqsUz0AUoey+UcY
                                                                                                                                                                                                                                        MD5:D6D659D7E29C11B9E71BA9751526CB50
                                                                                                                                                                                                                                        SHA1:EC814A32A55FC4F13B8519A970F689D7908CC019
                                                                                                                                                                                                                                        SHA-256:C3DA01FC85ABB3B8CB4F4B8DEFC76843733DEE8466326BDEDA33CBE9A86FCEB0
                                                                                                                                                                                                                                        SHA-512:18CCA3171271C7AB4226DC320B187DFD9C6F0A4F0D847EC26F1A567746100F00EA12D554EF2E14D661BB0970C0969BFEB921335F435604A5951FFE7D12F9A1DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-CA.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.2638417304080045
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+0Ot3R:+sv+K5+CtTFCqsUz0AUoey+X
                                                                                                                                                                                                                                        MD5:61AB3CB0B261855CB17B76E3D7F27D26
                                                                                                                                                                                                                                        SHA1:4349E21E6E15CD0D61F85BC1CFE9BDE70317D3DD
                                                                                                                                                                                                                                        SHA-256:633C448DD139ACA42DC3509FCBE527A4153866202333F2C0C88515A43BE1E605
                                                                                                                                                                                                                                        SHA-512:2AB8C9A917568590CDD6BBE40EF8DF6C55B353B9B3729B269371C0092DC44DF90DD40BDC066318F1F69A2288E7AA32BF7FA216ABF56F54D62E09909E61032280
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-FR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.251513708787733
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+XiH:+sv+K5+CtTFCqsUz0AUoey+XiH
                                                                                                                                                                                                                                        MD5:840D2073938FD66D7A56E02448B9A230
                                                                                                                                                                                                                                        SHA1:95764ADB48EE7225E1F0D371C7DDF6EBF210C637
                                                                                                                                                                                                                                        SHA-256:AE1CE41872A33CC4B4F1273864CF4BC808074217241ED0D493D182957B2A6112
                                                                                                                                                                                                                                        SHA-512:7531B35137835AEC7082DF2BA510E3955BC9F13FE841258EF6E78ABE5808951E69031F057CF7D83FDAAEB056C11643772A17908007B8D23B26FB4CC4F349A9D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hr-HR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.25353170947426
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+HC0H:+sv+K5+CtTFCqsUz0AUoey+N
                                                                                                                                                                                                                                        MD5:B3A70D45CC18F358A88E113AC75A7D3D
                                                                                                                                                                                                                                        SHA1:AF7BD5421F57D25DDFAFB96C546390037BBF6E65
                                                                                                                                                                                                                                        SHA-256:D1CD05409FC1AE19B3CC6C1EC49CCFA0E95B003ECC571A0FCA2061AFBA40A84F
                                                                                                                                                                                                                                        SHA-512:3115C373D5BE4D37AE386F2C1E4FA3041C93C135CD18E763720EBE4252AD8F17553A92B1B93D8AB9DB01A40A712DDE73476B289AB3C4B4C5DCC6588E72E680D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hu-HU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.255949296478074
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Ifu:+sv+K5+CtTFCqsUz0AUoey+IG
                                                                                                                                                                                                                                        MD5:98067AE43967A82251E84B12DF85A8DD
                                                                                                                                                                                                                                        SHA1:BA03DE00AD8AC8D72B096A22B508532326412A75
                                                                                                                                                                                                                                        SHA-256:F4E6129E4FFE64D3225555F8961BAC90504C569E5303C3F456CD294DC72C38A2
                                                                                                                                                                                                                                        SHA-512:C87F36EC6BEF278DA19225CC2205FEE7D554CF9D3F4D54F631D3753055EBF1C0C9279E74BF5BCBC0DD3649B67AC03F41B3B7857BFEE766B6AC9264903CA613E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-it-IT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.258223944351212
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+ODp:+sv+K5+CtTFCqsUz0AUoey+ODp
                                                                                                                                                                                                                                        MD5:DD1186C6BB7182CDF944230B1B84F203
                                                                                                                                                                                                                                        SHA1:E58384D55EFB0A8152B5E7FB0D284D207A6DAB45
                                                                                                                                                                                                                                        SHA-256:FC2573AE44024F026E9A9AE007CA594FE54A28676F239ECED87685BB30AC44AE
                                                                                                                                                                                                                                        SHA-512:4A4B10C87BD0E669367E53BAFAC245886AD01D121F22A6C1AB10123B3C2F6568615384A5151351BA2EF9FE3FBBF8E53F87E030122CD60264D196300153909C2F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ja-JP.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.259613989507533
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+AgF:+sv+K5+CtTFCqsUz0AUoey+AgF
                                                                                                                                                                                                                                        MD5:8C853F6B7169EF767B1F017C94A9C4E1
                                                                                                                                                                                                                                        SHA1:9F2F9C85FDEA7ED4845B7081F431910DAE26CD2D
                                                                                                                                                                                                                                        SHA-256:CF47F23BD610847A655C8A47E6F60B69B98D45AAFEC698FD1653558C852D043B
                                                                                                                                                                                                                                        SHA-512:ED87256EB48D800DF9E45974FF25416C6AD77C4B3B7EF86033431C492D3CB1B3E5D3CA5F2D02C980B68EAF3F39FC30DAAA1FFC777B8CFA592178945244296669
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ko-KR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.2600583102008995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+m/L:+sv+K5+CtTFCqsUz0AUoey+4
                                                                                                                                                                                                                                        MD5:656A807AC0F85B10B4DB8B216B2DC980
                                                                                                                                                                                                                                        SHA1:8558EDAFA608F45EB3E9E17DC0134B62CB897E78
                                                                                                                                                                                                                                        SHA-256:C08314FD308DFDA2F14DED5349365265F52CC1E1320408361E7054EDEBB55C53
                                                                                                                                                                                                                                        SHA-512:62FD7E8223ADBA7D3EAEA0B6B82F974BAE1EB14D44E8D5A0EED81E4EDDB98A0B215C8D9CC8376227D50C8156337FD175AAFB9FA30557EDF9E828A936BDE90BD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nb-NO.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.248998140820009
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+cjsq:+sv+K5+CtTFCqsUz0AUoey+isq
                                                                                                                                                                                                                                        MD5:6514A95AE330C5D2683459597D58C37B
                                                                                                                                                                                                                                        SHA1:430CC77A327D419D4533F83798E26BEE083CAE2A
                                                                                                                                                                                                                                        SHA-256:001C4FCC89B67489E2411234F073DB503A7933A9E1F1A59A7FF0C4A4939A665A
                                                                                                                                                                                                                                        SHA-512:4B83C152090D821645747337FB5CB1969EA6005CB904305FAC604852A4D4A2FAD07D605801A7ABEB9A996DD8D10B8D76F8BC57AC2371B0A7596C9186D9E7B162
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.260620329900719
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+W2dAE:+sv+K5+CtTFCqsUz0AUoey+zaE
                                                                                                                                                                                                                                        MD5:C65EFFBACA197A8D9CA072224878B643
                                                                                                                                                                                                                                        SHA1:AFD7A47E7F80D643D25758EFD17D5D21D9C358E5
                                                                                                                                                                                                                                        SHA-256:AA2B28702812F9409C3AEE27DA276C033ECA263A844C2A7FCEFD3E512602107B
                                                                                                                                                                                                                                        SHA-512:050C6C7D996AD9DFD172A80037FE9DEF4FA76A39C0FB66F788A49AF6BDA8210ABBC578C8C7EB0AA6C5E18E74C46220270C66CDBB3870B41F6C5560291C2F22E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pl-PL.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.251543116510892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+o6CE:+sv+K5+CtTFCqsUz0AUoey+p9
                                                                                                                                                                                                                                        MD5:805BE65BE7B1D7AD11E3F863C0150BF7
                                                                                                                                                                                                                                        SHA1:6BEDA8787C4DC77F6E2786AD6FD14065F86C4D7E
                                                                                                                                                                                                                                        SHA-256:C6B46F920C88EA3A5A7868210777F1D5E2A7973DA67F55D7CF99640F6CD2E94E
                                                                                                                                                                                                                                        SHA-512:553F8A437A2386004841502E7BE0C9907AA9932E8380B68BA8896C25C359AB6C95A38DE8C9F0E6AC6BF79364751435427A685F87C0227A877536B936A0BAC3AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-BR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.261405399661556
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+hRb:+sv+K5+CtTFCqsUz0AUoey+h5
                                                                                                                                                                                                                                        MD5:9EF0C9182629E170C9E16E43E6F90690
                                                                                                                                                                                                                                        SHA1:D67A7CF4983B3EA6072CA71F2B65CAED9B6475BB
                                                                                                                                                                                                                                        SHA-256:C8851B89019F0813F72F663F3CE2719D90F550B2614509EC57D9DB04E29C1AC9
                                                                                                                                                                                                                                        SHA-512:07D04A0974C88FA5E59920DC07E81479BF1A302FD6F86D23C0E95FA3FD6ED95B195EAE1E12850838777B999CC8A5AFCA30735867F7EAFBE2D3D4A9FC7945FBFC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-PT.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.256083418253126
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Qzw:+sv+K5+CtTFCqsUz0AUoey+Q0
                                                                                                                                                                                                                                        MD5:F3D9F679EC31E66B130C5871DEE58722
                                                                                                                                                                                                                                        SHA1:7E21735951A97D2D8ED7487D3B5F1F191EBFD77E
                                                                                                                                                                                                                                        SHA-256:0F5E604136E1DDE1C3E8CB8762E5CD64DB6BDE8B5E3CAF2B218FC64E56754A9D
                                                                                                                                                                                                                                        SHA-512:A3EA27F6233F57C2214BFEF771C6343ED707BD6F2848C92BC52FFED2C762479FFB1D7E002AAE827F88CC53196140D9877C902B3678DEF0E8D4C5B7E03C9063C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ru-RU.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.255546558926164
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+vpW:+sv+K5+CtTFCqsUz0AUoey+vpW
                                                                                                                                                                                                                                        MD5:10962FD6D81F7A79DB040C06AE4FA863
                                                                                                                                                                                                                                        SHA1:EA4974C8E87A6750B98871F57B05CEA32C6B09BF
                                                                                                                                                                                                                                        SHA-256:D975E34EBCBB7E9B5101CF5F40F58E9E16FE0DF2294406CB4D5B6E5E2F006A5A
                                                                                                                                                                                                                                        SHA-512:E829D7BBA63A14A8245EB136100A3849C82AF2FE907DB176681C595972E489D8DD16D6EB05E183F6E96CA3CE51A33952C320477C4B1AFC8D1A48D0435F928FC2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sk-SK.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.2532747748847735
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+jCKM:+sv+K5+CtTFCqsUz0AUoey+eh
                                                                                                                                                                                                                                        MD5:F1C6B997B574193DCD77D44AB9B78073
                                                                                                                                                                                                                                        SHA1:4D0EAC7FD271E1F041617D87AD92489E351F8961
                                                                                                                                                                                                                                        SHA-256:DEE4F60EABAC986018071548E7F0F77BF66F03450AE401F5450EA9B789FB8176
                                                                                                                                                                                                                                        SHA-512:A50A9B90795D68F9B3E19786A56DE4356543D0202386EFDF3890AD1668280639FFCD1EB91FFA9F02D0404CA13BB89B5FB7520ACEA25DA65C303023B441E4BA6B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.2622157735547015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+8fon:+sv+K5+CtTFCqsUz0AUoey+8Q
                                                                                                                                                                                                                                        MD5:9CCCA4570394E0014A51D72E9ECF8C42
                                                                                                                                                                                                                                        SHA1:E83B00354C2F117CDE79A43C6953861C195398E4
                                                                                                                                                                                                                                        SHA-256:E3ED5753787ACF7D31F18288E652E3323B461C7CFB5F0DD6B228A81236206242
                                                                                                                                                                                                                                        SHA-512:EDCEB6766615B45051FD8B42CFAC3D022A7175510C14039508D53B1F064254FC601D9A69CD95DEB165B0EBAEB9267861EA1500459E7420AE98571BA9B1B4B1B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sv-SE.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.254832247014533
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+8t7:+sv+K5+CtTFCqsUz0AUoey+0
                                                                                                                                                                                                                                        MD5:0E72C34904BB337A1B2909C310330D6F
                                                                                                                                                                                                                                        SHA1:24C3C3C6089E8059F4AAC2050B0A26B086560481
                                                                                                                                                                                                                                        SHA-256:A85ED88B1C02CF883025E8D0474C871BE0C9FA9817D9F3C0913396FC231EE562
                                                                                                                                                                                                                                        SHA-512:E7A8AC3143EAF5876BE04BFF46132EAE0EBBCFFEB1836305AD47B038B804F1883FEDF63A6D016C1280F4DCABA8CDD1245F9D4219EDD128B61DB31603CDF0C6A0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-tr-TR.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.253321666648074
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+XK35n:+sv+K5+CtTFCqsUz0AUoey+XK35
                                                                                                                                                                                                                                        MD5:EBEAE489FF5C8DBBD4AD2A3F99F294A5
                                                                                                                                                                                                                                        SHA1:207304D34820AA4890A592761E7A6C96AB894678
                                                                                                                                                                                                                                        SHA-256:EC9C7D27EB7E8DA4F813D8FC9A1C660C4AC78DE7294A09EF28C7C74FE945CA43
                                                                                                                                                                                                                                        SHA-512:B48DA615E4451015EF904ECCF9BCD674B3F2155F048681301F7DD36BE5A47F2E3D5C5120A8967B5E16EF33931C6C75AFC62DB7B3C38916A52F3C3BCDD3C72C8F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-CN.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.256021270909863
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+pdz:+sv+K5+CtTFCqsUz0AUoey+pdz
                                                                                                                                                                                                                                        MD5:D98340907E2989D36710CAE1A391C46B
                                                                                                                                                                                                                                        SHA1:4EF3EB1BE0B02B27818074D52A4F2F7F0033B55F
                                                                                                                                                                                                                                        SHA-256:940396650E9E79B4EB98C7D7C41B74814888D842D2F2E75C5B61A12C4C6203A4
                                                                                                                                                                                                                                        SHA-512:0A05A24B376045890037E5D35698BDBC74D09EB41BFE4067AF158654900D8DE989892419860EC50805072EDBFBA958D2C602E6A4AD1F9FF6F47662588A61F920
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-TW.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2380
                                                                                                                                                                                                                                        Entropy (8bit):5.248306985193893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Icf7y:+sv+K5+CtTFCqsUz0AUoey+Iyy
                                                                                                                                                                                                                                        MD5:6BE9DC917E4C659D83CB4533AE7CB74C
                                                                                                                                                                                                                                        SHA1:74E5C0950C1C56D3E3E5117DE3D1C3294B50E802
                                                                                                                                                                                                                                        SHA-256:2AA02C6435FE5BC168708527B326603FD09029FFAD710E3FA256ECA0734F5B81
                                                                                                                                                                                                                                        SHA-512:6A213018FBC5CEF58993F3A1FBD638ADDDE2205A50D87C86674BF437BBFFF91DC137478C40369BF254B070099680045ED531BA2B0F334D811FA639F9C2371AED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\aj_logic.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3326
                                                                                                                                                                                                                                        Entropy (8bit):5.567277301909763
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:+eV+P0Xf5pdsQmrPiNl/U0cHLKDJea6xVIfXUckHUTkZ6yXbo06Ev+3TvU:+GPQiNl/aHLZBIfsnyU
                                                                                                                                                                                                                                        MD5:D0CDD67F306C7F58ABAC34A57AA6C51B
                                                                                                                                                                                                                                        SHA1:46E59009A79F415CA091F1F228084D2EBDAED2EB
                                                                                                                                                                                                                                        SHA-256:92859B567075AB982C59ACA251BFCC0B829E97BAF7B05A60480CDF532623487E
                                                                                                                                                                                                                                        SHA-512:3A9686EA9D13ECB97A0B2CDDA9DF59F31EBE308BB4244921CEC0304107E5C6E849DDB83723730D735FFD7A78CB911EB5E8A2CC933FBB9B36F9F170A5289FE0CB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ.......... 6...9.......9...'...B...6...B.......X...6...9.......9...'...B...+...L.......9...B...6...9.......9...'...6.......B...&...B...L....tostring)[BL]: is_aj_blocked: end, returning .is_active1[BL]: is_aj_blocked: standalone installation.get_oem_implementation.[BL]: is_aj_blocked: start.info.log.core........~6...9.......9...'...6.......B...'...6.......B...&...B...6...9...9.......9...+...'.......)...B...).......X...).......X...6...9.......9...'...6.......B...'...&...B...+...L...6...9...9.......9...+...-.......B.......X...6...9.......9...'...B...+...L...-...B.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...-.......'...B.......X...6...9.......9...'...6.......B...&...B...+...L...5...=...).......X...).......X...6...9.......9...'...B...'.......J...X...6...9.......9...'...B...'.......J...K.........Ewacore:mfw\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html8[BL]: aj_logic.get_template: returning toggle toastGwacore:mfw\packages\webadvisor\aj_toasts\wa-aj-toast-che

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1736
                                                                                                                                                                                                                                        Entropy (8bit):5.795742244285048
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6t+y/a+4+NlKfObbD97TVSHXt27AJCUjNGggWmRpOGOePKjNAACpcXP2kzv:5y/BKful6t2gCqXXm3Oh0KxAACpZI
                                                                                                                                                                                                                                        MD5:8AC5AD19AB789FD4368E255D6F3CB4AC
                                                                                                                                                                                                                                        SHA1:565305E183C61620ABEF53DE7668C6101A790C24
                                                                                                                                                                                                                                        SHA-256:0BBC2D5A0B4F84664642456E021EC8BB2A6236C70CFB97820776D9DF9ABCBABC
                                                                                                                                                                                                                                        SHA-512:818116197F8759D6E5AE0FC8983186C19A14CAF6629EAD62B202C535537AD087A847D77345F358FFC86308F78792AAF392E28D0D4ED5C0490D8F4ED2040405E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..8.......=...=...=...K....providerName.providerId.priority........+...L...........+...L...........+...L...........+...L...........+...L...........K...........K...........+...L............6...9.......9...'...6.......B...&...B...'...4...'...J...Hfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-sstoast.html3wacore:mfw\packages\webadvisor\wa-sstoast.html.tostring0[BL]: calling get_toast_template_path with .info.log.core........'...L....default........'...L....DefaultSearch........+...L............6...9.......9...'...6.......B...'...6.......B...&...B...6...-...B...X...6...9...9.......9...+...............B...E...R...K......SetBrowserSetting.BrowserUtils.utils.ipairs., browser_type=.tostringM[BL] calling Base_provider:fill_url_settings_with_the_same_url with url=.info.log.core......%.?6...9.......X...6...4...=...6...9.......X...6...'...B...5...7...6...9...3...B...7...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\edge_onboarding.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4336
                                                                                                                                                                                                                                        Entropy (8bit):5.733403715661443
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:/1Ac6XFUsXEoTc+rrvVXnM/EdtsgJfQMxgkB:/mUsXEqrjVyEbpZQNkB
                                                                                                                                                                                                                                        MD5:609DC65066531B32B93EEAEA5A8EFC82
                                                                                                                                                                                                                                        SHA1:BCE318A4DECB4E82E26BEC38629FEB26D706D548
                                                                                                                                                                                                                                        SHA-256:01E4BE5D4833F91AAC40087BD4180BB33FCC77BBCD36C3F59E617557C845BA26
                                                                                                                                                                                                                                        SHA-512:D20445BF6C2DC7E37E43C40C3271CD80A602316C007143DCB1D0FD36A60A53A463F8B0419074D8347387298BD7E22AC046AC173BD61A422D0A916F99D12FA132
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........;6...9.......9...'...B...6.......9...6...9...9...9...9...-...B.......X...6...9.......9...'...B...+...L...6.......9...6...9...9...9...9...-...B.......X...6...9.......9...'...6.......B...'...&...B...+...L...6...9.......9...'...B...+...L......common_checks: end., won't proceed.'.tostring$common_checks: extension state .get_extension_state*common_checks: registry entry present.edge.BrowserType.BrowserUtils.utils!has_extension_registry_entry.browserSettings.common_checks: start.info.log.core.........'6...9.......9...'...B.......X...-...B.......X...6...9.......9...'...B...K...6.......9...+...'...-...B...6.......9...'.......B...6...9.......9...'...B...K.......!schedule_edge_ext_check: end.on_edge_check.SetEventTimer.timerFactory.edge_onboarding_check.GetOption.settings2schedule_edge_ext_check: common checks failed#schedule_edge_ext_check: start.info.log.core......A...6...9.......9...'...B.......X...-...+...B...-...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3446
                                                                                                                                                                                                                                        Entropy (8bit):5.579102473392893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:8QlNSU52MBNIsd+eE+Zo1PsLjgjg2kYIf0TfdXdWos:8YSU5pd+IZo1PBg2kYw0TfdXdWos
                                                                                                                                                                                                                                        MD5:5B7EB0E89EFFFA2FBBCE4B4981E17A1C
                                                                                                                                                                                                                                        SHA1:3C37705377C5C68BC8FCF6858BFE21E8A0CEC682
                                                                                                                                                                                                                                        SHA-256:2C1F7BE541980BB24F6560900D700A324D6707CB39D120E71DA6F02B6DF8CE9D
                                                                                                                                                                                                                                        SHA-512:7BDB450AA073E4C38B880725412A1826E67CFC02B24732218BF271D1F3DF95F5405E826F4D0C0D6944A0CEC822D576CC4F0B00F72B19E7AF76AA7B0E88E956F6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........T6...9.......9...'...B...6.......9...6...9...9...9...9...B.......X...6...9.......9...'...6.......B...&...B...+...L...6.......B...).J.....X...6...9.......9...'...6.......B...'...&...B...+...L...6...9...9...9...9...6.......9...6...9...9...9...9...6...9...9...9...B.......X...6...9.......9...'...B...+...L...6...9.......9...'...B...+...L....common_ff_toast_checks endBcommon_ff_toast_checks: WA extension is installed and enabled.ff_wa_ext_id.get_extension_state.ext_enabled.ExtensionState$ supports registry installation%common_ff_toast_checks: version .tonumber.tostringIcommon_ff_toast_checks: failed to get Firefox major version . Error .err.ff.BrowserType.BrowserUtils.utils.get_browser_major_version.browserSettings!common_ff_toast_checks start.info.log.core......#.l6...9.......9...'...B...6...6.......9...+...'...)...B...A...6...9...B...6...6.......9...+...'...)...B...A...6...9...9...9...............B.......X...6...9.......9...'...B...K...5...6...9...9...9...=...6.......9...+...'

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2022
                                                                                                                                                                                                                                        Entropy (8bit):5.793217174774446
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:qChuRIL5WuR0dyMGhKz7uRu49UEtnS2VzWGLk5a2TB+2QSY1jAHCn:qChuzuOGovuFNtnNzk5FTAdSwAHCn
                                                                                                                                                                                                                                        MD5:0172B34AF7C25D2647596ADFC729F2E8
                                                                                                                                                                                                                                        SHA1:0623B506A6297EC19EDF4EDB47256404E708628E
                                                                                                                                                                                                                                        SHA-256:7B2EA58776A72883124610173532DBF92E4A69B246B11AB9D56A586AED6C0DA7
                                                                                                                                                                                                                                        SHA-512:EEDC89052CFEB79AE960F5544CA2224809C51168808E59F196B20611F1EFCD2D29FC99348689E1B4F7E42B457B38880929BA3CEDE0BD19B2CD29961DB22505B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package.........5...'...6.......B...X...6...........B...E...R...K....require.ipairs.MFW\core\.....logger.dkjson.json.utils\stringUtils.utils\browserUtils.class.win32helper.utils\common_utils.........5...6.......B...X...6...6...8...'.......&...B...E...R...K....Module does not exist: ._G.assert.ipairs.....external.settings.subdb.telemetry.utility.browserSettings.registry.timerFactory.........5...'...6.......B...X...6...........B...E...R...K....require.ipairs.logic\.....usage_calculation.MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.ff_monitor.type_tag_utils.tests_logic.aj_logic.edge_onboarding.oem_utils\oem_util.oem_utils\oem_utils_wss.oem_utils\oem_utils_wps oem_utils\oem_util_selector.oem_utils\affid_monitor.........5...'...6.......B...X...6...........B...E...R...K....require.ipairs.telemetry\serializer

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\miscutils.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4616
                                                                                                                                                                                                                                        Entropy (8bit):5.696523953297714
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:XXeeAM6JLtWOVh7jqJlkN48gkaxwSCTNOhTCMZ+XTT:ne08tWOGJlkJgkaOBNOheMZKT
                                                                                                                                                                                                                                        MD5:84D11F6272BF83F52DAFBDDF72FE3752
                                                                                                                                                                                                                                        SHA1:C09A709B172B54F946B3EF0D41A4B54810F316D3
                                                                                                                                                                                                                                        SHA-256:AFDE57B2C2D81545EED2EE01DCEA02D87900337C8967A5158728FC514200AE52
                                                                                                                                                                                                                                        SHA-512:0457F32E9515FCCDBAC74E7626C466197CDB129F4C7AB5C5622F700AF973D39255C34D9744D57B960A7C9DBE420B2C53A6F8B293B63EB45E30CE680ED286EF57
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........$6...9...9...9...6...9...9...9...B...)...-...9...'.......B...6...9...9...9.......6...9...9...9...........)...B.......X...+...L...-...9.......D......string.GEO_ISO2.SYSGEOTYPE.GetGeoInfoA.char[?].new.GEOCLASS_NATION.SYSGEOCLASS.GetUserGeoID.kernel32.Win32.core..........6.......9...+...'...'...B.......X...6...9.......9...'...B...6...9...9...9...B.......L....GetUserLevelGeo.MiscUtils.utilsH[BL] GetGeo: Got empty value of SystemGEO, falling back to user GEO.warn.log.core..SystemGEO.GetOption.settings.........6...9...9...-...9...9...)...)...'...B...A...9.......X...+...X...+...L......handle+{B3251298-6CD7-4C88-A541-A62A7500D233}.OpenMutexA.C.Win32Handle.Win32.core........8-..."... .......X...+...X...+...6.......B.......X.*.....X...6.......9...+.......6...6...9...9...9...........B...A...A...X...6.......9...+.......'...B...6.......B.......X...6.......B.......X...6.......9...+...........B...L......(current<setting).days_elapsed.common_utils.utils.core.tostring.SetOption.settings.st

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10019
                                                                                                                                                                                                                                        Entropy (8bit):5.8252780405068565
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:76Qa+8YiRGQLtdF4ivOiTZc2qa+aBa+SU0FKgv+GFKD57eL3nYysNRJUgM:76Qa+8YAGQLdHOG1qDI/SDKg2GFC57ed
                                                                                                                                                                                                                                        MD5:14860B3CF80E140BAF4728D0A6024917
                                                                                                                                                                                                                                        SHA1:AFD61DCF44380B8496F42686B308FC8150807EEC
                                                                                                                                                                                                                                        SHA-256:FA269FBD72355257F25A52875B1E2D3FCD0DFE15EFA2653F5D36750B67C5C811
                                                                                                                                                                                                                                        SHA-512:4474DE28B075655E1C01F7DBFD2FE68DF290744DEEAB958A77C06DDDDDEB9893978908F031988AC007914B00F26801DE1C636255D61E1D7FC4386FED2645C8D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........J6.......9...+...'...)...B...6.......B.......6...9.......9...'...6.......B...&...B.......X...6.......9...+...'...6...6...9...B...A...A...6.......9...+...'...'...B...+...L...6.......9...+...'...)...B.......X...6.......9...+...'...'...B...+...L...6...9...9...9...6...6...9...B...A...........'...D....MinimumDaysElapsed.MiscUtils.utils.(interval=0)3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL.(just set).OEM_WSSUninstallDateState.time.os.SetOption.tostring.[BL] *WSSUninstallDate = .info.log.core.tonumber.*WSSUninstallDate.GetOption.settings.........V6.......9...+...'...+...B...6.......9...+...'...)...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'.......B...6...9...9.......9.......B.......X...6...9.......9...'...6.......B...&...B...K...6.......9...+...'.......&...'...B...K....NoError.RecoveryAttemptLastError_.tostringA[BL]: SetSearchOfferAllowed: nil browser string

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\affid_monitor.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1187
                                                                                                                                                                                                                                        Entropy (8bit):5.668084909814748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:63UVIdvLArX2wGdyUB8DIu6agFVIW17rF89lMLpFmJpFKlmPfJ2V:2UVI+X2wOy0FVIW7589yDypFKlmPfgV
                                                                                                                                                                                                                                        MD5:38D81CC80487896AD6789F428C395601
                                                                                                                                                                                                                                        SHA1:863E344611611F532096A657BC225A8233E58460
                                                                                                                                                                                                                                        SHA-256:C005A5F8C42F8C1840572CD2FDA0F57C5750F8069FB6F71997B1CF4E3935BBA5
                                                                                                                                                                                                                                        SHA-512:E084F6A546AF25D329D8B3ED245C17CDB2DE704C36AAB82CF26BAC053FEC98DDB4D74357BF3049605D985558E890346F51F47C808A82E09BB5AA28C6B405181E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........{6...9.......9...'...B...6.......9...+...'...-...B...6.......9...'.......B...6...B.......X...6...9.......9...'...B...K.......9...B.......X...6...9.......9...'...B...K...6.......B...6...9.......9...'.......&...B...+...6.......9...+...-...B.......X...6...6.......9...+...-...'...B...A...6...9.......9...'.......&...B.......X...6.......9...+...-.......B...+...X...6...9.......9...'...B...6.......9...+...-.......B...+.......X...6...9.......9...'...B...6.......9...B...6...9.......9...'...B...K........wps_affid_check end.apply_customization.wps_utils,wps_affid_check: applying customization.wps_affid_check: affid is not updated yet.SetOption1wps_affid_check: current WA saved aff_id is .0.does_setting_exists$wps_affid_check: wps aff_id is .tostring'wps_affid_check: wps aff_id is nil.get_aff_id/wps_affid_check: wps implimentation is nil.oem_utils_wps.wps_affid_check.SetEventTimer.timerFactory.wps_affid__check_period.GetOption.settings.wps_affid_check start.info.log.coreB.......*...'..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):560
                                                                                                                                                                                                                                        Entropy (8bit):5.07313681759058
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6f0a/55P8Z+U3bTs3IdtnugLBGgiO6CaMAEWMiXY+CSZlCi5:68aMZdTs0ugLBx2ChAEWMiPrC8
                                                                                                                                                                                                                                        MD5:2464F6D8E5B4DA3297CB9717CAFAA296
                                                                                                                                                                                                                                        SHA1:40CF24CAEFE1FFEF2CBAEAE74BC5A1B8A4EAEFEE
                                                                                                                                                                                                                                        SHA-256:5927F27EA2660AB7A8739143DF53D8E82252EA024F5DFD80CA5EEF794FF86160
                                                                                                                                                                                                                                        SHA-512:8F86762F889BFD937910AD568C8D8CE09600E9CDEE7957939E71503C58157442F2AD5CFB631F113500B8CA7DC479601BAA9E1C4E315E4E560452A5C53723E017
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........K...........+...L...........+...L...........+...L...........+...L...........+...L...........+...L...........+...L..........."6...9.......X...6...'...B...6...9...3...B...7...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...K.....is_active..get_expiry_date..get_activation_date..get_install_date..is_trial_active..is_trial..is_installed.oem_util..class.core.class.require.core._G...//E07B01EFCCBFD3D60E0DF9FF50212AC34EE7DE47EABFF7AF10B477DA5FCB0FCEAB1DBE9ED94C3A12A1D49C64EC8FEA30E256C112FAE348C554C3ABC8B16D5DAE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):672
                                                                                                                                                                                                                                        Entropy (8bit):5.316587326544983
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6DmOMYinnQlYelgLOphYfR2MQyPiOhYfQIMBFSWbKsvkLKgZ9FshBYO:6nVMeNwfR2MQsmfQIMBFkssp9GIO
                                                                                                                                                                                                                                        MD5:8FEF779163EEBD92C74BA9C2967FB738
                                                                                                                                                                                                                                        SHA1:AD80693340F99B8019A6EA6344345EE7A5F7242E
                                                                                                                                                                                                                                        SHA-256:3700BD78831EB69D4A729D1A36B3EC2BBA600A5B7F69712E520FC2952B551007
                                                                                                                                                                                                                                        SHA-512:6BD4F449E02BCA3AE65FE5191A87E79513B533977B67FCDF9FD60831BC44C35E40F998986CD2F1BE770CC4BFFD19F12B056B27EA1CF5FFBA5A7C8C96E6006FA7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........46...9.......9...'...B...6...B.......X...6...9.......9...'...B.......9...B.......X...6...9.......9...'...B...L...6...B.......X...6...9.......9...'...B.......9...B.......X...6...9.......9...'...B...L...+...L...0[BL]: get_oem_implementation: wps installed2[BL]: get_oem_implementation: wps_oem not nil.oem_utils_wps0[BL]: get_oem_implementation: wss installed.is_installed2[BL]: get_oem_implementation: wss_oem not nil.oem_utils_wss([BL]: get_oem_implementation: start.info.log.core+.......3...7...K....get_oem_implementation....//4AB5318EB6BBCBF7AE11EC9B59607943D929F7B67D342A45F32BCD44D1EBBFB04BAB7B90FD64E9C9EEBE137FF5AA20AF284D53DC021B1369548F83B80E1937BD++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wps.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5363
                                                                                                                                                                                                                                        Entropy (8bit):5.600833832306523
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:WHn6GmsvZ6o4xjk8mxfFDMkJH40m9sjvqFXf+2s3VH9bTllRUZU:U6vyfJvmAtvlJuZU
                                                                                                                                                                                                                                        MD5:B33F2D4F712476C8658E94F39C5828CA
                                                                                                                                                                                                                                        SHA1:226B88767118589F19664F43323CD606DBE91E1F
                                                                                                                                                                                                                                        SHA-256:AC93BF6D1593BF730A1F1177C1B52FEC77EF88FE4B4641A8194D6BADBB415A4A
                                                                                                                                                                                                                                        SHA-512:B5F0813A9C46A410B4A157637CDF76D2FF590078DCC0F6C45572FA7EE66E0B562FBEAF0FE30D3F890EAAFEF32294375EA7A94F821CAE61D65399C8403DCF3B65
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........?6...9.......9...'...6.......B...&...B...6.......9...-...B.......X...6.......9...-...B.......6...9.......9...'...B.......X...6...9.......9...'...B...K...6.......B...6...9.......9...'.......&...B...6...9.......9.......B...6...9.......9...'...B...=...K........wps_data5[BL]: oem_utils_wps:constructor: parse succeeded.decode.json1[BL]: oem_utils_wps:constructor: setting is 0[BL]: oem_utils_wps:constructor nil setting([BL]: oem_utils_wps:fallback to v1 .get_setting.wps_utils.tostring.[BL]: oem_utils_wps:constructor. self is .info.log.core........;6.......B...6...9.......9...'.......&...B.......9...-...B...6...9.......9...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...&...B...6...9...5...=...=...=...=...=...=...D......sec.min.hour.day.month.year....sec..min..hour..day..month..year..time.os...:. .-([BL]: wps_date_to_lua: parsed date .match)[BL]: wps_date_to_lua: input string .info.log.core.tostring.........6...9....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wss.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2385
                                                                                                                                                                                                                                        Entropy (8bit):5.578935120777878
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:eYWhvpfcvH72EQvevwdH85FkRkBjvFV4sl1z:2lpfEH7hQ6wdeFkRkBbz4slF
                                                                                                                                                                                                                                        MD5:EE8BEBE308B8759E44F001FAE52922D0
                                                                                                                                                                                                                                        SHA1:A5CB9260810FA4673BD4CFE5389DEADC8077DA4C
                                                                                                                                                                                                                                        SHA-256:D367DD87BF2E810098C042211FCB7E7A02D93722C3E087B1BF9C5F09E21CCF85
                                                                                                                                                                                                                                        SHA-512:592FFFD97723A2D99C4A31AB353BA543BED19E5946BBDBD95CEE291921735C1757932BED9EA1902CB5F1A5CC20972B25D9584C70C54A48E93505F1DBBEFA406B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9.......9...'...B...6...9...9...9...D....IsSuiteInstalled.common_utils.utils%[BL]: oem_utils_wss:is_installed.info.log.core.........6...9.......9...'...B...6...9...9...9...D....check_wss_trial.common_utils.utils![BL]: oem_utils_wss:is_trial.info.log.core.........6...9.......9...'...B...6...9...9...9...D....is_active_wss_trial.common_utils.utils([BL]: oem_utils_wss:is_trial_active.info.log.core........46...9.......9...'...B...6.......9...'...'...B...6.......B.......X...6...9.......9...'...B...+...L.......X...6...9.......9...'...B...+...L...6...9...9...9.......B.......X...6...9.......9...'...B...+...L...L...:[BL]: oem_utils_wss:get_install_date null expiry time.SubDBTimeToOsDate.common_utils.utils>[BL]: oem_utils_wss:get_install_date data is empty string.;[BL]: oem_utils_wss:get_install_date data not a string.string.type.installed.vso.GetProperty.subdb)[BL]: oem_utils_wss:get_install_date.info.log.core........L6...9.......9...'...B...6.......9...'...'...B...6.......B...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5743
                                                                                                                                                                                                                                        Entropy (8bit):5.845099323810125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:2/dh6DsRoC42Beao1CTdAe+VOleAGrLNPF0pBtw9CJkbKI3HIka:2/dhLRqy5dAZOlOXNP2p3bJoZ3Q
                                                                                                                                                                                                                                        MD5:8A3166C1FB771B3B9944B9D1668BB4C6
                                                                                                                                                                                                                                        SHA1:67C9A8A34F917ACA085DBB0ABB59FE17DAE2E1A6
                                                                                                                                                                                                                                        SHA-256:0AE3BD1393CEE7FB97FC8E9027E73C5DBC049B0866CA7F0E39A9EE6A4EA0E232
                                                                                                                                                                                                                                        SHA-512:2D276B9B688A3F5759FA04013DB2BCDB910ADE121F245C4F12D08410F9EDDFF790CB094ACE9FE3F435E334A121C750B2470A4C1E0031C178643073B4185DFAC7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........E6...9.......9...'...6.......B...&...B...6...9...9...9.......B.......X...+...L...6.......9...+...'...6...9...B...6...9.......X...6.......9...+...'...'...B...6...9...9...9...'.......B...6...9...9...9...B...8.......X...+...L...6...9.......9...'...6.......B...'...&...B...+...L.... end"[BL] should_be_selected_impl .GetGeo.,.Tokenize.common_utils.AU,DE.BingCountrySet.Bing.Yahoo.SearchProviderCodes.ProviderForced.GetOption.settings.ShouldSelectBingOverYahoo.MiscUtils.utils.tostring&[BL] should_be_selected_impl for .info.log.core........-6...9.......9...'...B...6.......9.......6...9...9...9.......B...A...6...9.......9...'...6.......B...&...B...6...9...9...9...9.......X...6...9...9...9...9.......X...+...X...+...L....ext_not_accepted.ext_disabled.ExtensionState.BrowserUtils.tostring4y_for_b_extension_criteria: extension state is .get_search_extension_id.MiscUtils.utils.get_extension_state.browserSettings&y_for_b_extension_criteria: start.info.log.core........e6.......9...+...'...).

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15366
                                                                                                                                                                                                                                        Entropy (8bit):5.919417775422355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0baij5R2F46vdSGGgOqkmnLKh0hyKc1BgjC7xBPFqLNmvC+xY:0bj1R2F4WgGGgOqkmnqkyKc1BXB+mzxY
                                                                                                                                                                                                                                        MD5:C724A0C867D7B42ECFCB3FC76562EFBD
                                                                                                                                                                                                                                        SHA1:B6903934F41F8380C99B0B924ADD6E503687AD96
                                                                                                                                                                                                                                        SHA-256:0F1236E67E94E140BB766D66281CD2DEF5E66E9995EA8EAF196D4374E1944071
                                                                                                                                                                                                                                        SHA-512:F5275B87C4AEA91D7843139247B53BF872C6CEB421AE94A54C84CEC6B7F0FB6AE158019FDA0EF1B4A809ECCD21A48423CE1FB0186C5332C66D3E58F6A456C2F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ.........."6...9...9...9...B...-...8.......X...+...L...6.......9.......6.......9...+...'...'...B...A.......X...6.......9...+...'...+...D...+...L....."*EMEA_COUNTRY_SUPPORT_ENABLED.HU *EMEA_COUNTRY_SUPPORT_REGEX.GetOption.settings.RegexTest.utility.GetGeo.MiscUtils.utils.core........16.......9...+...'...-...B...6.......9...+...'...'...B.......X...6...9.......9...'.......&...B.......X.......'.......&...X.......6...9.......9...'.......&...B.......X...-...'.......'...&...>...K........).*..^http(s)?://(us\.|ar\.|at\.|au\.|br\.|ca\.|ch\.|fr\.|fi\.|de\.|dk\.|hk\.|in\.|it\.|kr\.|mx\.|no\.|es\.|se\.|tw\.|uk\.|cf\.|cl\.|co\.|id\.|nl\.|nz\.|pe\.|ph\.|sg\.|th\.|pl\.|tr\.|espanol\.|ve\.|vn\.|malaysia\.)?search\.yahoo\.(com|co\.jp)/search.*(\?|&)fr=(mcasa|mcsaoff|mcsaoffblock|slv8-mcafee|$AdjustRegex: regex addition is .|,AdjustRegex: got special chrome frcode .info.log.core..YAHOO_CH_FR_CODE_REGEX_ADD.*YAHOO_FF_FR_CODE.GetOption.settings........7....X...+...L...9.......X.......X...-...6...9...9.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1917
                                                                                                                                                                                                                                        Entropy (8bit):5.845256021122548
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:iFZZRFnYQrEfyAb/taw2mx/YH8tEiwtRU1VWk+gOfU4s:iFz/REfyAb/Yw2mx/G8tEiwtyok+g0s
                                                                                                                                                                                                                                        MD5:098B0FFC536DA567D82ACDAE002FDC7A
                                                                                                                                                                                                                                        SHA1:2D7319EF536384EEB51874674386D777F6C52760
                                                                                                                                                                                                                                        SHA-256:155453DAE3DDC89ED01299E444C9ECC862F0A78080723486CC61C3C0AB37711E
                                                                                                                                                                                                                                        SHA-512:5750674144801F90B00E8D5B796A76F8EF1385D370CF8184C8B9A38786E75DB6C55EB86B49FC90FF670D129C9E60198C7EDAAA4E0C9959F551EF9BF52B5A02B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........`6...9.......9...'...6.......B...&...B...4...6...6...B...H...6...9...........B...F...R...6...9.......B...).......)...M...6...8...8.......9.......B.......X...L...O...6...9...6...9...9.......9...'.......6...9...B.......X.'.6...9.......9...'...B...6.......9...+...'...'...B...6...9...9.......9...+...'.......'...B...6...9...9.......9...+...'.......)...B...6.......9...'.......B...+...L....(empty)(fill_url_settings_with_the_same_url.Base_provider.SetBrowserSettingInt.(Unknown).ProviderToastedName.SetBrowserSettingL^http(s)?:\/\/(www\.)?yandex\.(com|ru)\/search\/(\?|&)fake_param=fake.*.SECURE_SEARCH_REGEXES.SetOption.settingsI[BL] ssProviderSelector.GetSSProvider nullifying settings for Yandex.Yahoo.ProviderToasted*GetUserBrowserSettingWithSystemBackup.BrowserUtils.utils.Yandex.SearchProviderCodes.ShouldBeSelected.sort.insert.table.ss_providers.pairs.tostring/[BL] ssProviderSelector.GetSSProvider for .info.log.core.........6...9.......9...'...6.......B...'...6.......B...&...B...6.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32108
                                                                                                                                                                                                                                        Entropy (8bit):5.892194849027686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:4yMfMXANe2NJ5kC+P7KfoSpVAk+4Xuw9PMr0/7wdUOxPN8w8R:4PfZMZC07iR+APL7wdUOxPN6
                                                                                                                                                                                                                                        MD5:90E8F4C9E571908566592FC834494AC5
                                                                                                                                                                                                                                        SHA1:AD3492D9C7DC9B236B8440D981FE4F12BD42DACE
                                                                                                                                                                                                                                        SHA-256:1E56120E8A7DF06069468AD0FA16B1186FCD01DE62C91C1500D685BA18CF4785
                                                                                                                                                                                                                                        SHA-512:3118C8C30EAB41CFB0279D93A2970D3B49259BB580E920DD669D84DB41EE6A8FB6F81A2009E0459FA0E2E2355E21BF0B7578BD2B5450ACF3FC3061958BA6B15A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........76...9...9.......9.......B.......X...6...9.......9...'.......&...B...K...6...9...6...9...9.......9.......B...A...6.......9...+...'.......&...6.......9.......B...A...6.......9...+...'.......&...6.......9.......B...A...K....GetCurrentMinVersion.MinBrowserVersion_.GetCurrentMaxVersion.browserSettings.MaxBrowserVersion_.SetOptionInt.settings.GetBrowserStr.lower.stringLInvalid browser type passed to UpdateSupportedBrowserVersionDimensions.info.log.IsValidBrowser.BrowserUtils.utils.core........%6...6.......9...+...'...-...9...B...A...6...9.......9...'...6.......B...&...B...-...9.......X...-...9.......X...6...9.......9...'...B...-...9...L.....7[BL]: alt_triggers_get_cohort: setting cohort to 0.logon_unlock.tostring6[BL]: alt_triggers_get_cohort: settings value is .info.log.core.regular.alt_triggers_cohort.GetOption.settings.tonumber........16...9.......9...'...B...6...9...9.......9...+...'.......)...B.......X...6...9...9.......9...+...'.......)...B.......X...6...9...9.......9...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10156
                                                                                                                                                                                                                                        Entropy (8bit):5.616068219227448
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:26foLdghiM/EbC7gwwQN0pOFbGskXtOTemIVz9VFdi/fYxDfisGzNW5cmaO4:27hM/wCgaN0pOFbGskXtOTZIVz9VFdil
                                                                                                                                                                                                                                        MD5:E614A6B94EB6205940E6EDEC2CA450A3
                                                                                                                                                                                                                                        SHA1:D99F2CEA3AC031237C39F95B6A441DC566C395C8
                                                                                                                                                                                                                                        SHA-256:60ECADC785E39DAADCCECD5F7CA4033DF92ABFAC2A95848C6814F343F5BB4410
                                                                                                                                                                                                                                        SHA-512:347201629DC10FDF4AE9A798ECC08A378C1E771417D058A9F681552349DD8B530B6EEEC28056DA23BC1FE2AE366C0B09192E09097C24F173B92B4950F063A047
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........)...6...9.......9...'...B...6...9...9...9...9.......X...6...9.......9...'...6.......B...&...B...6...9...9...)...J...6.......9...+...'...+...B.......X...6...9.......9...'...B...6...9...9...)...J...6.......9...+...'...)...B...6...9...B...).......X...6...9.......9...'...B.......6.......9...+...'.......B...X.*.6...9...9...9...........B.......6.......9...+...'...)...B...6...9.......9...'...6.......B...'...6.......B...&...B.......X...6...9.......9...'...B...6...9...9.......J...6...9...'...B...9...6.......9...+...'. .)...B...6.......9...+...'.!.)...B...6...9.......9...'.".6.......B...'.#.6.......B...'.$.6.......B...&...B.......X.......X...6...9.......9...'.%.B...6...9...9.&.....J...6...9.......9...'.'.B...6...9...9.(.....J....ignore_within_timeframe.tests_logic.tt_check: end.no_toastAtests_logic.tt_check: time of date is out of limit. No toast., higher limit ., lower limit *tests_logic.tt_check: current hour - .tt_higher_hour.tt_lower_hour.hour.*t.date.ignore_threshold_passed?tests

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2316
                                                                                                                                                                                                                                        Entropy (8bit):5.952340631132649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:nSmjnzqb8vdSdyQSiEdA/mlVias7aeKCRMB52R7N3K2ypeDqYj:n1iUsSiEiiIRaehk5ONa2CeDjj
                                                                                                                                                                                                                                        MD5:356099B39018BB09B9F5D76E32B1A9DD
                                                                                                                                                                                                                                        SHA1:A8792B6409906FBF613439C4119EA375204E1A0F
                                                                                                                                                                                                                                        SHA-256:6CCF943B320131AE916190ABBABF62CFD68D2BF49C8C0CB82ACEAC7EB6CE852B
                                                                                                                                                                                                                                        SHA-512:2F13A640A61E7A0743EE981E341136CBB9C561EA48ACC90B1E33F43D299418C2EA3C1F1810DBDEF57478AD4E63EA2372931B3C1972D8F2E4952F12D258DB71C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........(...6.......9...+...'...'...B...)...6...9...9...9...B.......X...6...9.......)...B.......6.......9...+...'...+...B.......X...6...9.......)...B.......6.......9...+...'...+...B.......X...6...9.......)...B.......6.......9...+...'...)...B...6...9.......'...B.......X...'...X...6...9...........B.......X...'...X.......6.......B...6...9...9...9...9.......X...'...6.......9...+...'...+...B.......X.C.6...9...9...'...'...)...*...B...'.......9...B.......X...6.......9...'...B...A.......'...'...6...9. .....B...6...9. .....B.......X.......X...6.!.....9.".................B.......X...6.!.....9.#.....B.......'.$.........6.......B...........'.%.6.......B...'.&.....&...L...'.'.........6.......B...........'.%.6.......B...&...L....type=E.M.G.type=F.EscapeA.HMACSha256.utility.len169+WMDgzyMpkvioeK5ZWOdq0SVmpw1jBePppGXgqisQ=.MachineGuid.QueryValue.IsValid.$Software\Microsoft\Cryptography.HKLM.Registry.Win32.typetag_includes_machineid.5.edge.BrowserType.BrowserUtils.tostring.find.%d+.match.string.*Exp

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logic\usage_calculation.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2030
                                                                                                                                                                                                                                        Entropy (8bit):5.590473959875451
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:fhO0Zf/+V+JJUh10pF/M1KsAwTh4Bdj5minH30vY3I+Cy:Q0nW0cUsABQiH/n
                                                                                                                                                                                                                                        MD5:8D0F3F265A0F5453F367700AA68B8C25
                                                                                                                                                                                                                                        SHA1:BC6436897B34F304A3698A7F9D73738CD900D92A
                                                                                                                                                                                                                                        SHA-256:7ACFE4EE9B28C2E7DE407602F3AED658ADE40EB69448917B0CBF53A495A6936A
                                                                                                                                                                                                                                        SHA-512:8F06E8385F1033B3CC3D548CB7B0292FAA6650B1EEBD865AEDEECC7A305D2D7FAF239447F4236969C62E0C7DE1C70F00477AD55EDCC7F1779D5D91BCAB6779D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........P6.......B...6...9.......9...'.......&...B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9.......9...'.......&...B...K...6...9...B...6...9...9.......9...+...-...........B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9...9.......9...+...-...........B...6...9.......9...'.......&...B...K.......)calc_on_browser_start: end. Browser .SetBrowserSetting.time.os=calc_on_browser_start: session started already. Browser .GetBrowserSetting.BrowserUtils.utils.tonumber+calc_on_browser_start: start. Browser .info.log.core.tostring...........6.......B...6...9.......9...'.......&...B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9.......9...'.......&...B...K...6...9...B...!...6...9...9.......9...+...-.......)...B...6...6...9...9.......9...+...-.......)...B...A... ...6...9...9.......9...+...-...........B...6...6...9...9.......9...+...-.......)...B...A...6...6.......9...+...'.......B...A...6...9...!...6...9...9...9...#...B...6...9...!...6...9..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\logicmodule.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4422696
                                                                                                                                                                                                                                        Entropy (8bit):6.571327417684914
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:z2gOPCanLDXRRdfkjiB2EfkiupmEqwbugui:z2znLDXRPMji9fwE4
                                                                                                                                                                                                                                        MD5:4A105F56FAA538B489D3CB8584A59FD7
                                                                                                                                                                                                                                        SHA1:D5E71B9B68D89B16FD6D47F806AACD3E18C18A8B
                                                                                                                                                                                                                                        SHA-256:EAD7609547D080ED39239F0A1226E8316EFB6A4FA0F2E3BBEE7CBB073F4E5D2A
                                                                                                                                                                                                                                        SHA-512:9667DD34D056FE0048637198647A13F85FBD91648188E79363460F7ECC72537D5B731165A041C681819619299A670D458067247F7B3F6E8795543B80F04C6D3D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$..........{@.c(@.c(@.c(..f)..c(..g)P.c(..`)J.c(..f)5.c(Z.f)A.c(.4f)n.c(..`)Y.c(..e)A.c(..g)A.c(@.c(A.c(..b)[.c(@.b(..c(..g)d.c(..g)..c(..f)w.c(Z.j)..c(Z.c)A.c(Z.(A.c(Z.a)A.c(Rich@.c(........................PE..d.....>f.........." ...$. 2.........P.*......................................PD.....ShD...`A..........................................=.<...,.=.......C.X....PA.t\....A.(~....C..f..\.:.p.....................:.(.....7.@............02.....h.=......................text...\.2...... 2................. ..`.rdata.......02......$2.............@..@.data...LF....>..>....=.............@....pdata..t\...PA..^...0?.............@..@.didat..@.....C.......A.............@..._RDATA..\.....C.......A.............@..@.rsrc...X.....C.......A.............@..@.reloc...f....C..h....A.............@..B........................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\lookupmanager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2968728
                                                                                                                                                                                                                                        Entropy (8bit):6.554306523583675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:qWKcM89toKCPjKteB8NqsL5m+9cNEZyGx/97YfTPLW1fGPQsBg:qW9o2zjLz9cIiPLWMP
                                                                                                                                                                                                                                        MD5:BE9CB3433D1284A7689B8EE7AFBB81FF
                                                                                                                                                                                                                                        SHA1:5B4A0416A138C47AF66556BBE2E1EF8229D35842
                                                                                                                                                                                                                                        SHA-256:90874835C2254624F9372B3B92FB3B9E90352F4E3DCD37B31B9EE05909F17652
                                                                                                                                                                                                                                        SHA-512:F25DCB278FCF217D61E453058F1C037F807A9734FB1CAFC6BA5D36B16101DB776E55796F991F10053DE5446910EAFA1A49DDA5640BA1D222D4E5BB3034204495
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........Y.K.8...8...8...@...8...@..c8...F...8...F...8...F...8...G...8...@...8..U....8..bM...8..aM...8..lM...8...@...8...8..m9...G...8...G...8...G[..8...G...8..Rich.8..................PE..d.....>f.........." ...$.B .........pt.......................................P.......F....`A........................................`.).T.....).......-.`....0,......0,.......-..V..|.'.p.....................'.(...@.#.@............` .`.....(......................text....@ ......B ................. ..`.rdata.......` ......F .............@..@.data........ )..D....).............@....pdata.......0,......H*.............@..@.didat........-.......+.............@..._RDATA..\.....-.......+.............@..@.rsrc...`.....-.......+.............@..@.reloc...V....-..X....+.............@..B................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1785632
                                                                                                                                                                                                                                        Entropy (8bit):7.942738490429967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:NSI3oiG08swq0fhLy0fEg6IGJIlq+S6O8:NSCG08sw3YyEg6IiYq8
                                                                                                                                                                                                                                        MD5:080FF9263F39F62DBDAE513C66B7B9D2
                                                                                                                                                                                                                                        SHA1:32DF585659003B10E7ED769932727D53480B9C34
                                                                                                                                                                                                                                        SHA-256:326CBB6CD7D6062B850337A50200C805CDCBF59A6E05818990E6352AC68B4935
                                                                                                                                                                                                                                        SHA-512:7A7A21D05FA8D2562A0598B254A25A49099AFA5EBD072DE391D9EE8DC30F57CD2830816C8A2B5997AE74C0B9924185334B15EC5CC3587B74C2E7957296E6E02B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.c......................................................9..............................................[...........Rich............................PE..L....R/`.....................t.......t............@..........................P............@.................................l)..x....`..,............... +...0..p.......T...................<...........@...............H....(..`....................text.../........................... ..`.rdata.............................@..@.data...\....@.......(..............@....rsrc...,....`.......2..............@..@.reloc..p....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\resource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38328
                                                                                                                                                                                                                                        Entropy (8bit):6.3296688801046885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:pBr3M65R3Q2HiPvYXAMxkERVQ2Ps0UAMxkEDq:pt3xLg4isx1S7xxS
                                                                                                                                                                                                                                        MD5:5254CCD2156258B8E56D8D2E235FD2DC
                                                                                                                                                                                                                                        SHA1:749724E3180574AB238C74D5891ACC9B363B2EEF
                                                                                                                                                                                                                                        SHA-256:55AA4B5983444EF6E2D5D25E7298EB575AC4A945AA5E29FCA47A75AC1EE6D62A
                                                                                                                                                                                                                                        SHA-512:1F2627EAC246F3E52D38AC596D80B170E0CAB3F859F22E290F9AF6A8E44D8D1D5ED907717AEDEAB1814A086C3B546D713C1EB199C42B445D5B1E7FD7A366B757
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q=.0S..0S..0S..O...0S..OQ..0S.Rich.0S.........PE..L...)~>f...........!...$.....>...............................................`...... .....@.......................................... ..\:...........@...U..............p............................................................................rdata..|...........................@..@.rsrc...\:... ...<..................@..@............)~>f........q...............)~>f........................)~>f........l...............)~>f............................................RSDS.p"...I.%=......c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdb........................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\servicehost.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):879456
                                                                                                                                                                                                                                        Entropy (8bit):6.484399543018805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:5xplQAEQs/OjuHAWpDg808FwOPBa56hzSsAyRa7Nz5/9tfJ4Ys7eu+uB1oWepSi8:5/+AgfY7J5/9tf+57eanrniUd
                                                                                                                                                                                                                                        MD5:AF384AA87E3D70F7A687C5C60DA2FB7F
                                                                                                                                                                                                                                        SHA1:32E4154EA9316BF82590E7480AE51283CB6B6E4C
                                                                                                                                                                                                                                        SHA-256:2976C862C9813B309F696F3CC96D516C96AA9B42545888615591D268F23F5762
                                                                                                                                                                                                                                        SHA-512:1CBB5DC5516D1143D022A1548893A2199491BAA4B1327B5AA0398BBE42FD4E7F5E1A484D6A1F15124DFF6D5D8BEBC728B58442DE388F34D1EAD78E7AB9F8A852
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.^'.h0t.h0t.h0tJ.3u.h0tJ.5u.h0tJ.4u.h0t..4u.h0t..3u.h0t..5ulh0tJ.1u.h0t..5u.h0t.h1t3i0t..9u.h0t...t.h0t..2u.h0tRich.h0t........................PE..d.....>f.........."....$............`3.........@..........................................`.....................................................x.......p...............`.......0...L,..p....................-..(.......@............................................text...<........................... ..`.rdata..\[.......\..................@..@.data...@........H..................@....pdata...............,..............@..@.didat.......p......................@..._RDATA..\...........................@..@.rsrc...p...........................@..@.reloc..0...........................@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\settingmanager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2031432
                                                                                                                                                                                                                                        Entropy (8bit):6.576852626864642
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:yqlCeOU5b8ZmtOr1xRWpWjK9XUXtJaDx0YincPHJNFudOAnaYUOG7ii2kSf:nJ5buGUFdJat0nnYTFoOCakiDSf
                                                                                                                                                                                                                                        MD5:1DDA4E57701E0CCCB6110C39C9358A82
                                                                                                                                                                                                                                        SHA1:6B94553FB9D5DCA7416FE732F5966BD9393DC65C
                                                                                                                                                                                                                                        SHA-256:B9233E27BC39D38DD73CFAEF09D08EAE86969D44C23BA839614D616B19ADAA76
                                                                                                                                                                                                                                        SHA-512:95FBC786CFA33361AE518C170027A8141A8448DE751ED8E7B998CFB058025CE4438C9CBA2F24F268E6364F63920216CDAD24C2CD1759485D1647EEEBC9FCE496
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C............`...q.....q.......................q........................................M..........Rich...........PE..d.....>f.........." ...$.F...|......0........................................ ......,x....`A.........................................l..T....l..........h............"..H.......T$..p+..p....................,..(......@............`..8...xk..@....................text...\E.......F.................. ..`.rdata...%...`...&...J..............@..@.data....&...........p..............@....pdata..............................@..@.didat..0...........................@..._RDATA..\...........................@..@.rsrc...h...........................@..@.reloc..T$.......&..................@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\taskmanager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3863744
                                                                                                                                                                                                                                        Entropy (8bit):6.541530537788506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:ZSCQDnx0inSiI8p5uJY6Fgzrx7r4HRbUr7ujvSUJ2STM1FG6AQzNyNpdNd9+z/JX:llFgzqKrFB5edkz/JX
                                                                                                                                                                                                                                        MD5:310ADA2A0DE1A11F8C0A29E926F53C28
                                                                                                                                                                                                                                        SHA1:4AAD466D23660FCF3340B7EBA26DEA504B7A089E
                                                                                                                                                                                                                                        SHA-256:60C25737A3BB2D8B6B12116F8D01DADA11CBB0FD619B0355D5C688C52EE33552
                                                                                                                                                                                                                                        SHA-512:EB54E9D09177E659306DFFAA065D84AE0EF8A0944CDCE1AF1AA8FD589A9E307A0A61E06637AF8DCB07DFCBD12DFCD411CA4B6B4CF8767236E661B6CDA83CD03E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........9.Z.X...X...X... ...X..i&...X..i&...X..i&...X...'...X... ...X... ...X..>....X...-...X... ...X...-...X...X..!Y...-...X...'..QX...'...X...';..X...'...X..Rich.X..................PE..d.....>f.........." ...$..*..F.......$......................................0<.......;...`A........................................ .5.P...p.5.......;.X.....9.......9..X....;..i....2.p.....................2.(...../.@.............*.......5......................text.....*.......*................. ..`.rdata........*.......*.............@..@.data.........5..d....5.............@....pdata........9...... 7.............@..@.didat........;......*9.............@..._RDATA..\.....;......,9.............@..@.rsrc...X.....;.......9.............@..@.reloc...i....;..j...29.............@..B................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionconfig.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28025
                                                                                                                                                                                                                                        Entropy (8bit):5.608333549819949
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wYZsk3Xyhtjn8GF+TVUIkIZncsO5lNU4MtbKV3KVpA6OmlNMVeUa1dRc:z1HyvjGUIkIZcjxU4Md23KVxqeUa1dRc
                                                                                                                                                                                                                                        MD5:674B61376E37E134B00008FF05AC555B
                                                                                                                                                                                                                                        SHA1:02CCDF9ED717CEB3F24FD32EE245D93077258CA3
                                                                                                                                                                                                                                        SHA-256:0C5712C759EF99F68D0C1CCC9D273C5949FA4650768F506A6FB73E46FF557DD1
                                                                                                                                                                                                                                        SHA-512:4D6E4A97A787DD91672B4B18BA9A869DF12FF3D85C1F34CB03C970F5462FD0C73E2E182F2B6B517FDCB01EB9E124C96BF6DC4D7EB04E2068CF46BCBA39F6FD24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............5...5...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...5...=...5...=...=. .5.!.5.".=...5.#.=...=.$.5.%.=.&.5.'.=.(.5.).=.*.5.+.=.,.5.-.=...5./.=.0.5.1.=.2.5.3.=.4.5.5.=.6.5.7.5.8.=...5.9.=...=.:.5.;.5.<.=...5.=.=...=.>.5.?.5.@.=...5.A.=...=.B.5.C.5.D.=...5.E.=...=.F.5.G.5.H.=...5.I.=...=.J.5.K.5.L.=...5.M.=...=.N.5.O.5.P.=...5.Q.=...=.R.5.S.5.T.=...5.U.=...=.V.5.W.5.X.=...5.Y.=...=.Z.5.[.5.\.=...5.].=...=.^.5._.5.`.=...5.a.=...=.b.5.c.5.d.=...5.e.=...=.f.5.g.5.h.=...5.i.=...=.j.5.k.5.l.=...5.m.=...=.n.5.o.=.p.5.q.=.r.5.s.=.t.5.u.=.v.5.w.=.x.5.y.=.z.5.{.=.|.5.}.=.~.5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...5...=...5...=...=...5...=...5...=...5...=...5...=...5...=...5...=...5...5...=...5...=...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...5...=...5...=...=..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionhandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):511
                                                                                                                                                                                                                                        Entropy (8bit):5.2454897763885455
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6nK3qDJAov4TSv5JthWqD9SXtZpCOpCzuDNjmX+Et2/XpeUXHVIWHWI2E:6nKciT253BkbpCOpCzojmuEt2vpeUvlh
                                                                                                                                                                                                                                        MD5:10C589C2CA0A2141015DE1710CA8C560
                                                                                                                                                                                                                                        SHA1:BBC9119949AFFDFBE3288DB43B823431E6C8C27F
                                                                                                                                                                                                                                        SHA-256:5464C94AE2AE89AE7C76C2C682DF6FF8F4E1B5E7D2ABA6C8928A7E6FFE919B92
                                                                                                                                                                                                                                        SHA-512:CBEC7966B6D40E90FD76100F2E15476B3343F093B18A71AC7BE9DDE58D4AA619DF9845E9F076A1DE388B1F1EB0D8B64BE30CAADA8BFF0A0285FA79CA9FE2EDF8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..B.......6...'...B...K...)get_dimension_string not implemented.error........-...L.............-...L.................K.................K..............4...........=...3...=...3...=...3...=...3...=...3...=...2...L.....set_event..set_dimension_config..get_event..get_dimension_config..get_dimension_string.m_logger=.......4...7...6...3...=...6...2...L.....new.DimensionHandler...//BA9458E2226BCBFBB4CC2FAE442CACA869BE51BFBF887744C0A27A29CB66882C3D3B875CF0FC8BA12CC77CCA092331C948D74146258B59E2F373B340E00670AC++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionprocessor.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1773
                                                                                                                                                                                                                                        Entropy (8bit):5.600872339832399
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6aHDCc479uNYJHuh+DW2ISigoKgYdo//yWXmY5WQ2I7nPxz7heqlUJu0kNj45j4x:NecQXkiW2he52OX2IDJz7gqlsuPNk5ja
                                                                                                                                                                                                                                        MD5:B0F9C1A8EE5E0D4F9A7522332F47B451
                                                                                                                                                                                                                                        SHA1:C009AC8785F1B7B95273B2F227DF098FE5CA7B42
                                                                                                                                                                                                                                        SHA-256:191D64BD5AF045AEA5E53D8C52EE5416FD4BD85E51B16A0B478A9514A72D168A
                                                                                                                                                                                                                                        SHA-512:3B544FC422995A30C4537BF0DA8CB6264C7BF174E43387BDC6924A8BE509BE1C6FA97E4671C98FE9A9ACEBF5864EAE36851C89A55F7CA4D099EBA0DD659385BB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...............X...9.......X...-...9.......9...'...B...K...6...9...B...H...-...9...<...F...R...K........pairs>Invalid dimension configuration supplied on construction..err.m_logger.dimensions........-...L.............-.......B...K.............-...L.................K............./4...6...-...9...B...H.&.....X...9.......X...6...'...9...&...B.......X...9...-...9.......-...B...9...B...5...=...=...<...X...-...9.......9...'...B...X...-...9.......9...'...B...F...R...L.........5Nil dimension handler configuration encountered.'Nil dimension handler encountered..err.value.config....config..value..get_dimension_string.m_logger.new#telemetry.dimensions.handlers..require.handler.dimensions.pairs........<....X...9.......X...-...9.......9...'...B...K...6...9...B...H.).....X.......X...9.......X...-...9.......9...'...B...X...-...9...8.......X...-...9.......9...'.......'...&...B...-...9...<...X...-...9.......9...'.......'...&...B...F...R...K........).qAn non existing handler configuration was present

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\baseaffidlookup.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):476
                                                                                                                                                                                                                                        Entropy (8bit):5.39366584225968
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6H0l3kvy33+O13I8xJ4MK2soWLIDvKNrcwR6s2k+tY:6UlU6+qsM32IWNIdvkl
                                                                                                                                                                                                                                        MD5:9F2DBC6A88858E21067AF0ADEDDD5713
                                                                                                                                                                                                                                        SHA1:43584F1D2FBFAC751909A479D6157677BC4B59FB
                                                                                                                                                                                                                                        SHA-256:1337583E5E6130334B3265EFF3D47F9EF143E075A36C7461C0653F3D784401E9
                                                                                                                                                                                                                                        SHA-512:FCCBF63373658F115DE9DAE2CFB48A6F37AFE5D53F70F19A9428B73AE293F42E308A0460DE32378B8DFCDB03A43FFE97A06034DFDD68CF4558F364DCD0CD5AF8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..t.......-...B...6...9.......'...B...7...7...6.......X...6...9.......)...6.......B.......L......sub.i.j.-.find.string.Z.......6...9...........B...9...3...=...2...L.....get_dimension_string.new.SettingsDBLookup........6...'...B...4...7...6...3...=...6...2...L.....new.BaseAffidLookup3telemetry.dimensions.handlers.SettingsDBLookup.require...//6A8F63F975933ED688D6398132A5FCA7A0167A477FDD51AAE00E1FE82BF69403B8E85967B0371CAF4B775AD8F97D083F52EF319695C4F223C2685B29AD62C3D2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\bingpartnercode.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):477
                                                                                                                                                                                                                                        Entropy (8bit):5.485745848616418
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6wfMkRwlFXzF87fu8+O13I8xJ4McusoWLIDvKnj6tyJYO:6G+DF42zqsMcu2IWnj68Jj
                                                                                                                                                                                                                                        MD5:81508CA26570DC5A794A4511189D5EE0
                                                                                                                                                                                                                                        SHA1:A1708F1E8840134C3B47EEAE80A0F11D314FE478
                                                                                                                                                                                                                                        SHA-256:698273FCC3A8F70DBF4B5DFBBEE69C68D908E1E42557DCBBE0A29B22C31C8472
                                                                                                                                                                                                                                        SHA-512:DB1948B5AE7182DBA1671F16D3C6827F75DFE7658FEF84B1709C5EC3951874A5105F4F1F8234A6198F6B3257C22F3D277245122D7E4468B024E881932D597B44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..u.......-...B.......X...6.......9...+...'...'...B...L...'...L......DISABLED.MC01.BingPartnerCode.GetOption.settings.23Z.......6...9...........B...9...3...=...2...L.....get_dimension_string.new.SettingsDBLookup........6...'...B...4...7...6...3...=...6...2...L.....new.BingPartnerCode3telemetry.dimensions.handlers.SettingsDBLookup.require...//97F8874C25D6C968394AFD4A25441830446BEE3E675AE6985A1C4DA808B855A36C75F3519A80C22F4E661401920DB0510AD53CC2EE144D06506C097667D5BC94++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\chromebasedbrowserversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1227
                                                                                                                                                                                                                                        Entropy (8bit):5.748077949431701
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6nknKRo8wzRaZaW0v8LvIWFlh5N/ucNbxPzQBOlkIE/vIf3OkO:mknKGAAWeUTlh5N2wFPzQBOlZXf3OH
                                                                                                                                                                                                                                        MD5:6F66062292A620D106743BD657C87841
                                                                                                                                                                                                                                        SHA1:593E54331A6CAAC927D5A8CD52788CF1B4A681C0
                                                                                                                                                                                                                                        SHA-256:AA75B1487DF291773793EA9E618A92D43442E6F904B5E66C607F8EB93F05731F
                                                                                                                                                                                                                                        SHA-512:BDC45D8C23973E22A7DC1C27CC6C0AC52EECBA45738CF247BD54C187F04D853392C9F2241682BE64AF17F70682FABCF689557367CDC1E5AA7FA6A7E1971371DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........!'...)...-.......)...M...-...8...6...9...9...9.......)...9...B.......9...B.......X.......9.......B...........X.......X...L...O...L......QueryValue.IsValid.options.root.Registry.Win32.core.........8'...'...-...9...B.......X...9.......X...-...9.......X...-...9.......9...'...B...L...9.......X...9...-...9.......B.......X...6.......X...6...9.......'...B.......X.......X...-...9.......X...-...9.......9...'...B...6.......D........tostringPCould not determine chrome based browser version. Returning default value..warn.%d%.%d.match.string..verion.value_nameRInvalid configuration specified for the chrome based browser version handler..err.m_logger.reg_value.get_dimension_config.pv.0.0.........6...9...............B...4...5...>...5...>...5...>...5...>...3...3...=...2...L.....get_dimension_string.....root.HKLM.options........root.HKCU.options........root.HKLM.options........root.HKCU.options.....new.DimensionHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\currentbrowserversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):664
                                                                                                                                                                                                                                        Entropy (8bit):5.423859544312155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6XUQcG7lz1jyjs301RR2JZJA5tIFEb4Md+b/Iusoa8EeJKnPaiPyRF:6XTc4DjIgCcWuMdIjE/PpP2
                                                                                                                                                                                                                                        MD5:3C3FA6ABEDF5EF3B0FA4AC5AE5A94328
                                                                                                                                                                                                                                        SHA1:F24564DC3D2707ACEB43859CB8DF0B2EAD7E36D5
                                                                                                                                                                                                                                        SHA-256:87272C87A0E92F188FABE1B6BADF4A8DEB817E8B9C2940BDDEF35EA81F5E48C0
                                                                                                                                                                                                                                        SHA-512:917C8AA05908D09DB813F13C1819B7D92B4F48ED80E3BE7DC0510FBFE53EE48801DA1A9C0174D3ACB72C9B565FD9EC5D3397F978E2E9A5AD69F8CAAAB05D1F95
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........''...+...-.......X...-...9.......X...-...9.......9...'...B...L...-...9.......X...-...9.......X...+...6.......9...-...9.......B.......X...6.......B.......L........tostring.GetCurrentBrowserVersion.utility.minKInvalid configuration for the CurrentBrowserVersion dimension handler..err.m_logger.browser.Z.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandler|.......6...'...B...4...7...6...3...=...6...2...L.....new.CurrentBrowserVersion*telemetry.dimensions.DimensionHandler.require...//19BA7D7119EECB42BEC7630F899C91A22716C813CF42B122328CA205C9498F354D8BF1848D91B1DB00F373D773A112FAD1F252DE1760B682EF5D395D83CA2A5F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\dayssincesettingsdblookup.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1082
                                                                                                                                                                                                                                        Entropy (8bit):5.595338990593027
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6jJVmWXieFExUzPCD6P1NWcaJDYVysxlAsr/zMj82IW6Cejv4aAe8:QJwW5jPX1+JeTl+j82eXjv4pp
                                                                                                                                                                                                                                        MD5:430EA68B8F6C2A8894FAFC8282456B1C
                                                                                                                                                                                                                                        SHA1:EB3CE110103217C2DE48BB2D36918F9DE21A9DE6
                                                                                                                                                                                                                                        SHA-256:B6A2956D8B16A2AC1AB75C39AB66C46CF8382A391E57276EC1D904234E334033
                                                                                                                                                                                                                                        SHA-512:D2C112A279014CD7F90E0B362FBCF30D8EB946D7418FEB3539D5015AEB385C77C5809AB9F3A023593D879DBC9B51C9057EC65060BA4DEBD2A75900C64CF7E287
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........D6...9...6...9...'...B...A...-...9...B.......X...9.......X...-...9.......9...'...B...'...L...-.......X...-.......X...6...-...B...).......X...-...9.......9...'...B...'...L...-...6...9...B.......X...-...9.......9...'...B...'...L...-...!...6...9...-...#...B.......6.......D..........floor.math.NeverDeclined]seconds_since is default_no_value, toast likely never declined, possibly toast accepted..info.tostringcNo or empty seconds_since or less than 0 database lookup dimension handler (dimension string)..warn.tonumber..UnknowncNo settings configuration specified for days since settings database lookup dimension handler..err.m_logger.default_no_value.get_dimension_config.!*t.date.time.os.i.......*...6...9...........+...B...9...B...3...=...2...L.....get_dimension_string.new.SettingsDBLookup............6...'...B...4...7...6...3...=...6...2...L.....new.DaysSinceSettingsDBLookup3telemetry.dimensions.handlers.SettingsDBLookup.require...//289EFB69A5C09772A7198F181D55AFDB8F329A435229BE12

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\defaultbrowser.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):960
                                                                                                                                                                                                                                        Entropy (8bit):5.734374192243616
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6UvNmjQ1TlioZmpV6YHTn3lgHSjrC+4iwx4PnM9E/9O0l19G:1cQ1xifpzHLl9jroim4E9YO0z9G
                                                                                                                                                                                                                                        MD5:3A8974BD6B157221E1FCAF9516B3811E
                                                                                                                                                                                                                                        SHA1:DFFEFCEE7F5F8960E94FBFF2FD44334C9876C93C
                                                                                                                                                                                                                                        SHA-256:4F3D46684FC6EBF342C868589F1345BDCB0A95F1BED028116414F7FBB5AA3933
                                                                                                                                                                                                                                        SHA-512:14D60F18C21D5858C6AC5B0FC40829EF96598E5703F54A99EFC874A8094ECC3FF2DFB5B9C1E643A7471D523C9C33DB3BDB7D7F77522F422A7F3F55A429AD2C5E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........!'...)...-.......)...M...-...8...6...9...9...9...'...)...9...B.......9...B.......X.......9...'...B...........X.......X...L...O...L......ProgId.QueryValue.IsValid.optionsRSOFTWARE\Microsoft\Windows\Shell\Associations\URLAssociations\http\UserChoice.root.Registry.Win32.core.........)'...-...B...6...9.......'...B.......X...'...X...6...9.......'...B.......X...'...X...6...9.......'...B.......X...'...X...6...9.......'...B.......X...'...6.......D......tostring.ED.^MSEdge.*.CH.^Chrome.*.FF.^Firefox.*.IE.^IE.*.match.string.UNKNOWN.........6...9...........+...B...4...5...>...5...>...3...3...=...2...L.....get_dimension_string.....options.....root.HKLM....options.....root.HKCU.new.DimensionHandleru.......6...'...B...4...7...6...3...=...6...2...L.....new.DefaultBrowser*telemetry.dimensions.DimensionHandler.require...//558C30A68277EC6180EC14AB9DB80FB0A4B4B6CB85CDDC3BCB614BE71D163EEC08EC312D78F18AFDD0C1FAD3BEBDC1B4ED72DF4918AE40CE5451B4B5D7FC0FC2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\eventsupplied.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710
                                                                                                                                                                                                                                        Entropy (8bit):5.558973814436003
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6+fl7XT767S0GwG5owMGpRXJAapC+uknxUCZIFET4M5soa8EeJK9vTuakFqT:6Q7Du+BwG5ow75P5uuJCM5E/BuDFs
                                                                                                                                                                                                                                        MD5:FE8F128AD06FDCB28BB39645246CFD59
                                                                                                                                                                                                                                        SHA1:B160AA85A02BD2D516B8DAEF2B9F6D3ACD2EFDE9
                                                                                                                                                                                                                                        SHA-256:E8CE423D84B82FD423375D4239717DD0CBCBDC7E811D5B1F3705639344A13517
                                                                                                                                                                                                                                        SHA-512:F386B8F7F5B9753D38DAECFCC7E0F728FD0AFE865C045EC65812785E595BCB0161D5A81A77118F30D075DF38EB5530308FDB20B82575BB2CE35F3159D1EBB96E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........%'...-...9...B...-...9...B.......X.......X...9.......X...-...9.......9...'...B...L...9...8.......X...-...9.......9...'...B...L...X.......6.......D......tostringLNo data found for event_mapping in the EventSupplied dimension handler.CInvalid configuration for the EventSupplied dimension handler..err.m_logger.event_mapping.get_event.get_dimension_config.Z.......6...9...............B...3...=...2...L.....get_dimension_string.new.DimensionHandlert.......6...'...B...4...7...6...3...=...6...2...L.....new.EventSupplied*telemetry.dimensions.DimensionHandler.require...//C47762B48444362AF2D5E97095372D21184B574F8201301BFE7C00DA35D84B55DBCA0FA085E30C5D55F44B76540C12F85144DF71B78769ACF1E930C0EFB2A773++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\externalutilityfunction.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):920
                                                                                                                                                                                                                                        Entropy (8bit):5.570922605080911
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6Ht1Gn4Lel9awpSLdVf507iUXU0Ol4lRYoM0JE/pnb3+9TZ:mt1venD4Vf5Ci4lRYt0Jm3QTZ
                                                                                                                                                                                                                                        MD5:D3807080D0AEC459D91011254BE4378D
                                                                                                                                                                                                                                        SHA1:56EDCD625F0EBFC8E4461DE0D827F96D765B82EF
                                                                                                                                                                                                                                        SHA-256:01D312E5962E805358C5C9FD240D2D16568875243D642C5C67428E207E7F1C5E
                                                                                                                                                                                                                                        SHA-512:6D2C81BAA36028E42FF3B9790FD626CD0634782E914595D43C5CCEF831BA79317BE407752535C43369D7B62730C8C05A99A26C4D3A14C35D29FDF9E12B3B59C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........B-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...'...L...6...9...+.......X...9...8.......X...-...9.......9...'...9...'...&...B...6...9...D...........B.......X.......X...-...9.......9...'...9...'...&...B...6...9...D...6.......D.....7) return invalid result. Returning default value...tostring0) does not exist. Returning default value. External utility function (.utility._G.defaultSInvalid configuration supplied to external utility function dimension handler..err.m_logger.func.default_no_value.get_dimension_configZ.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandler~.......6...'...B...4...7...6...3...=...6...2...L.....new.ExternalUtilityFunction*telemetry.dimensions.DimensionHandler.require...//6125F05538C54B0557109F8704AD8CA05E65FDEC6CE7106BD64B719E6FD5712F927CE0DF9C756BF7E28626487DCEAC611C6664FF3E3E780EBD588CC30C736AA3++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\featuretrackingfeature.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6942
                                                                                                                                                                                                                                        Entropy (8bit):5.636812549978688
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Zm/2qmnimFhKwEXL1IP2L59LfV/twUxYZX7XukNJK4wgcfCRKL1g+8FWwMT:omnbhKwEXL1i2L59LfV/twU+ZX7XHNJS
                                                                                                                                                                                                                                        MD5:DB0924634671345DECDBCEDE86F655E1
                                                                                                                                                                                                                                        SHA1:EE6BDB92D920C8404C12F394ADBB94E8225B0817
                                                                                                                                                                                                                                        SHA-256:0420CEC8AA18E41FCB05A31CB2F56616CCB2079A4621D4EF04A4A926D3E76769
                                                                                                                                                                                                                                        SHA-512:E916B061363D8568D1ED3105BA2393CF3ADE1B7F878E7741252D66EA5584F2116EFB14F8D65128550D75B443152CCC41E19E564E64A8776A36F7BBB6DF55156A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..V.......-...........-...-...8.......X...-...-...8...-...-...-...8...8...J...K..........d.......4...6...-...B...H...........<...F...R...6...9.......B...)...3...2...L.......sort.table.pairs.........P'...-...B...X.I.'...).......)...M.>.8...9...8...9...8...9.......X.......X.......X...6.......9...6...6.......9...........'...B...A...6.......B...A.......X.......'...&...X.......'...&...X...8...9.......X...-...9.......9...'.......'...&...B...X...-...9.......9...'.......'...&...B...O...........'.......'...&...E...R...L........=2) was detected when processing FTF dimension..Invalid information for (.err%) when processing FTF dimension.'Skipping version information for (.info.m_logger.version.0.1.GetOption.settings.tostring.IsMatch.regex_helper.enablementCriterion.enablementSetting.scope..,.........6...9...............B...6...9...3...3...=...2...L.....get_dimension_string..FTF_Registry.FeatureTrackingFeature.new.DimensionHandlerj.......-...9...8.......X...).......)...M...8...9.......X...8...9

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\firefoxversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):944
                                                                                                                                                                                                                                        Entropy (8bit):5.744005443944445
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6Xkxmjh1TliozpoMMlvQceJuu5swJPlPIE/UvSv+:Wkxch1xiopUQceJ9lJPlwbSv+
                                                                                                                                                                                                                                        MD5:7FDC49747A935B1EEDD8826AFEA42D27
                                                                                                                                                                                                                                        SHA1:DFFC558A00CBB35B0DC9F40D9F612ECF4945EF5A
                                                                                                                                                                                                                                        SHA-256:9BC224DC1D789E6FEDD9732E0CA6CD3F0E3BE19A8D8EF770EE15F89615E7D023
                                                                                                                                                                                                                                        SHA-512:29CFA1C96F52728989ABFD6062D7A0825E25B0FA3B538DF74C3E7A25B178E0EC368CDA10C589349C50BF24F85884AAEA4661FA39B9B7E8E44EE263EA60135C43
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........!'...)...-.......)...M...-...8...6...9...9...'...'...)...9...B.......9...B.......X.......9...'...B...........X.......X...L...O...L......CurrentVersion.QueryValue.IsValid.options%Software\Mozilla\Mozilla Firefox.HKLM.Registry.Win32.core..........'...-...B.......X...6.......X...6...9.......'...B.......X.......X...-...9.......X...-...9.......9...'...B...6.......D........tostringKCould not determine Firefox browser version. Returning default value..warn.m_logger.%d%.%d.*.match.string..verion.0.0.........6...9...............B...4...5...>...5...>...3...3...=...2...L.....get_dimension_string.....options........options.....new.DimensionHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.FirefoxVersion.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//56A8A67EBF0106B10CA2779FFB8E37CFB4A379C3DCE3A7C824D302FE1078388B1F1E140BD838B9B3E7D8C1F5FF732A77FCD81742EA327B79FD5BB3577DFC22E0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\freesysdrivespace.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):877
                                                                                                                                                                                                                                        Entropy (8bit):5.6459457487397975
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6q52F+CU2ua3My0VqQJsFDnjWM0rE/N87:b2F+CU2ueMy0VqQJsFDnjz0r57
                                                                                                                                                                                                                                        MD5:7A0C7743624AC355EF6E0BC19BF34CA1
                                                                                                                                                                                                                                        SHA1:5AD4039C6B832337CC6CFA2DE7BBEF4C6B4F94B7
                                                                                                                                                                                                                                        SHA-256:BA3B897FBD6319150C994B19D21F8E19E46F130D600FA1C52AF4173A0584ED35
                                                                                                                                                                                                                                        SHA-512:58841CC1824DE32A324A64C38669934E47E662C804C92302091723350FFE07E0CABE4C5D584787D71D3FE75E8093B6F12F16C5EC73420E100886741BE701761E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........4-...9.......9...'...B...6...6.......9...'...'...'...'...B...A.......X...'...L...-...9.......9...'.......&...B...6.......9...'...'.......'...&...'...'...B.......X...'...L...-...9.......9...'...B...6.......D.....#FreeSysDriveSpace handler: end.FreeSpace."?select FreeSpace from Win32_LogicalDisk where DeviceId = ",FreeSysDriveSpace handler: sys_drive - .(error).top.SystemDrive2select SystemDrive from Win32_OperatingSystem.Root\CIMV2.get_wmi_properties.utility.tostring%FreeSysDriveSpace handler: start.info.m_loggerZ.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandlerx.......6...'...B...4...7...6...3...=...6...2...L.....new.FreeSysDriveSpace*telemetry.dimensions.DimensionHandler.require...//C8B1B1805902FFE08ED1D48D165C132DCC2F05BFEFFEAC96759BF28ED2CD9493466FB82F0FAA8B25C78E6E43E1AE3F12588EF5612809C7D30CC9EF077838A71C++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\installdate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1201
                                                                                                                                                                                                                                        Entropy (8bit):5.699257071003703
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6fliqFRnf5bpZwMySNCuHz2Hh1f95dMuaBUi8kxhlAV72IWp4uFIAxoSgU7n:4FBfZPwYD+1V4uaBUiXlk72CuFIAxoSZ
                                                                                                                                                                                                                                        MD5:1A63CF1CD303008E6A36903334D7A19B
                                                                                                                                                                                                                                        SHA1:9700319FEF59B69277BE422D7791C8BF0C392BC9
                                                                                                                                                                                                                                        SHA-256:D9CA237210FEB25489C8816DAB49E3A8ADECDE02F541E9E0974785B7B49320FC
                                                                                                                                                                                                                                        SHA-512:7E27EC0B30CE82DECD98738463B0C1A5442C6E9439638049113215EE16B6CB909EB42483EBA80EB48AAAC5BFB03426A3012B7B742C1003F7D06F1A53E6C6638C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........-+...6...9...9...'...'...)...*...B.......9...B.......X...-...9.......9...'...B...X.......9...'...B...........X.......X...-...9.......9...'...B...X...6...9.......'...'...B.......L......-.gsub.stringVCould not find registry value (HKLM\Software\McAfee\WebAdvisor\EulaAcceptedDate)...EulaAcceptedDate.QueryValueDCould not find registry hive (HKLM\Software\McAfee\WebAdvisor)..warn.m_logger.IsValid.Software\McAfee\WebAdvisor.HKLM.Registry.Win32.core...........6-...B.......X.......X...-...B.......X...6...9...'...6.......B...A...6...9...'...6.......B...A...6...9...'...6.......B...A...6.......B...6.......B...6.......B...&.......X.......X...-...9.......9...'...B...'...L...L..........00000000=Invalid date returned. Returning default of '00000000'..warn.m_logger.tostring.!%d.!%m.tonumber.!%Y.date.os._.......6...9...........B...9...3...3...=...2...L......get_dimension_string.new.SettingsDBLookup.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.InstallDate.mfw.core.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\isbissecuresearch.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):593
                                                                                                                                                                                                                                        Entropy (8bit):5.596438168731846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6kmD0PplqVyCnxljwuG/duknxUCZIFEJnB4Ml2jsoa8EeJKlQeaey:6kmD0PLqoCxljoduuJ3WMl2jE/lQlj
                                                                                                                                                                                                                                        MD5:1855B04422A0347E9A45C40F7B4A467C
                                                                                                                                                                                                                                        SHA1:58437AD2367541F8543EBB1E155702D84E99B228
                                                                                                                                                                                                                                        SHA-256:E706A2746BC8AB74BCF4B39DD0A75FFE3C8B431CC8057F365EC2C875F95D4661
                                                                                                                                                                                                                                        SHA-512:911131569E00899D9FFCFD0B30D82C438CA7EEDBA938AC880790508A94DAF1F383F56C31267CCE2650E4525E5C144B15CAFEBE4F82AB8E4BFE12CA4E56440E75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6.......9...)...B.......X...-...9.......9...'...B...)...L...6...9.......'...B.......X...)...L...)...L......search.yahoo.com.find.string3Received nil value for ISB default search url..info.m_logger.GetDefaultSearchURL.browserSettingsZ.......6...9...............B...3...=...2...L.....get_dimension_string.new.DimensionHandlerx.......6...'...B...4...7...6...3...=...6...2...L.....new.ISBIsSecureSearch*telemetry.dimensions.DimensionHandler.require...//1B2FCB9865F42870CD8E20982501FA4F40F061D630F416936852450C5110F4529D63747BDD9D16DE8FE96B02CEAEF5D98E693555746A6BE028214F89573C6A64++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\lastbrowserused.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):614
                                                                                                                                                                                                                                        Entropy (8bit):5.634544586033963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6nR9pop/3wsbeRVMHkp/n09fN+O13I8xJ4MLgUsoWLIDvKH7Wdm7D:6nR9CpPkQA89fYqsMLV2IWHFD
                                                                                                                                                                                                                                        MD5:AD29D0072B66E96FE4656CC26C354E80
                                                                                                                                                                                                                                        SHA1:130DE2E13B3C03F8F2241B337EFCF9D40D857A7C
                                                                                                                                                                                                                                        SHA-256:C29DE43016BE99B970FE3AF4D0F03D25BCA0C0E81B5A729A51713495167267B0
                                                                                                                                                                                                                                        SHA-512:E20415A971E3E7080732802811787F106934076CAB9889D76AC8200119AD7634918BB6DD114F81CDF874FA390DEFFDE8DDCB965D36659C1B83E25BE0FD3FB2BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........!-...B.......X.......X...-...9.......9...'...B...'...6.......B...'.......X...'...X.......X...'...X.......X...'...X.......X...'...L........UNINITIALIZED.CH.2.FF.1.IE.0.OTHER.tostring.-15Invalid date returned. Setting default of '-1'..err.m_logger.Z.......6...9...........B...9...3...=...2...L.....get_dimension_string.new.SettingsDBLookup........6...'...B...4...7...6...3...=...6...2...L.....new.LastBrowserUsed3telemetry.dimensions.handlers.SettingsDBLookup.require...//37A26481151DE12746569C5A3774A4188C588E45DBA97416F4125F18F1C142FBB659EFE11F7B604A16079CF7888197FE0813AA446F7A0378BDF67790CFCDDC4B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\lastoemcheck.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):671
                                                                                                                                                                                                                                        Entropy (8bit):5.471940393573248
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:60w3maKqO61/NaVnEUhlWlOzE1LIrkSlTfu8cPkrI8xu4MVg3soWLIDvK50l22kd:69j1/Gn3o1L3SlT2pkxZMK32IWql22Yd
                                                                                                                                                                                                                                        MD5:33B2522222D83027DD2DD18EB4C875B1
                                                                                                                                                                                                                                        SHA1:25C3456F9403DF648A58990DE641BA50F8491694
                                                                                                                                                                                                                                        SHA-256:BF46EC1CDEE6DE371ACD9003BA3CC249AD19C1B5693D9BB4746E296145122F29
                                                                                                                                                                                                                                        SHA-512:2F3B90A264C0A893EE7A7D4297CF52EDF56489EE23E7A359D8780FD7B3B72A8E44B27E20E3051827AAE65FDFDFC431EAEEAD901987C85CAC0E9D253CFCBC983E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..4.......6...9...6...9...'...B...C....!*t.date.time.os........(-...B.......X.......X.......X.......X.......X...'...L...-...B...6.......B...6.......B.......X...'...L...6...6...9...6.......B...6.......B...!.......B...A...L........floor.math.tostring.(LastOEMCheck>current).tonumber.(LastOEMCheck=0).0.default....._.......6...9...........B...9...3...3...=...2...L......get_dimension_string.new.SettingsDBLookup|.......6...'...B...4...7...6...3...=...6...2...L.....new.LastOEMCheck3telemetry.dimensions.handlers.SettingsDBLookup.require...//0F409B41E2E005EBBA88F0239EA551D020AA068203E65EDC4800A7D2A6D6F36442615E3FFB2286C4D7D8221903880765AAE8915302E186674CBACD471FA812BB++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\locale.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):624
                                                                                                                                                                                                                                        Entropy (8bit):5.546227687178299
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6+EeA2EmWWfFcFMEwgjZ7rcf/duknxUCZIFEC4M/3Usoa8EeJKjYibTtddOn:6+EeAmqWercXduuJRM/EE/RO
                                                                                                                                                                                                                                        MD5:ECA5A82936BF53C66300186CD81903E3
                                                                                                                                                                                                                                        SHA1:4D0C119159ED870B47396B981ED95068BA4CBA10
                                                                                                                                                                                                                                        SHA-256:3A69DBB4B853DD698E17FA2602E730AB80502EA949274B1D40FEDF5FEBBF3B68
                                                                                                                                                                                                                                        SHA-512:C579F320C49A9A757C49D6EA31706E5E288928F1FD464278BF9246CFD86A36C71263A38A7C0776CE026DA79A75922EFAA3C007C85196F4F9B21E01CC74B20360
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ.........."6.......9...+...'...'...B.......X...6.......9...B.......X...6.......9...+...'.......B.......X...-...9.......9...'...B.......6.......D......tostring1Failed to update locale in settings database.err.m_logger.SetOption.en_us.GetLocale.utility.UNKNOWN.*Locale.GetOption.settingsZ.......6...9...............B...3...=...2...L.....get_dimension_string.new.DimensionHandlerm.......6...'...B...4...7...6...3...=...6...2...L.....new.Locale*telemetry.dimensions.DimensionHandler.require...//6C9C004C5F7425495976B8C75CEFF59EEE2904C137A969D7C4FB3CD27E2B6F6B6787490C62BE1B36C0682A38A0C5E093262ABD3537FB17D73947B991673D2294++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\msspstatus.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1535
                                                                                                                                                                                                                                        Entropy (8bit):5.636491145822077
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6iSHUuveVdlgG13CShqVJCaZRetV6mDlRiz6u5HMlMAIE/CgBBeM:o/v8lgGzqfCasDDlRizJ5slmQBBv
                                                                                                                                                                                                                                        MD5:B6CA989177187A3D783F5B4F3F87218D
                                                                                                                                                                                                                                        SHA1:11F7E02CE63F11FAAED7C0E27D8E82550C869281
                                                                                                                                                                                                                                        SHA-256:733E227FF52C897939FD0479D2C87F451A11359DD097705196436E276424522C
                                                                                                                                                                                                                                        SHA-512:EBE2357976A5113A6BAD080193553BFA9B6A7348ADD8A92EEDD2277B7F322626BF834B14DB359DB4A9788B0F246B4B6353D3665C852D27C3CE68A1F70B0D54D1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..k...........9...'...B.......X.......9...'...B.......X.......9...'...B.......X...+...X...+...L....|.&.%%.find........1-.......B.......X...-...9.......9...'.......&...B...+...L.......9...'...'...B.......6...9...'.......'...&...B.......9...'...B.......9...B.......9...'.......&...)...+...B.......X...+...X...+...L........Directory of .find.close.*a.read." 2>nul.dir ".popen.io..\$.gsub%Unsafe directory path provided: .warn.m_logger........*'...6...9...9...'.......)...*...B.......9...B.......X.......9...'...B.......X.......X...6.......D...X...-...9.......9...'...B...'...L...-...9.......9...'...B...+...L..... MSSp not found in registry..version_not_found1MSSp 'DisplayVersion' not found in registry..warn.m_logger.tostring..DisplayVersion.QueryValue.IsValid.HKLM.Registry.Win32.coreYSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan............'...-.......B.......X...'...L...-...9.......9...'...B...+...L.......3MSSp default installation directory not found..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\osflavour.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):796
                                                                                                                                                                                                                                        Entropy (8bit):5.728758151481667
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6U2hokcuel9pq0MexRV2Di7V7laIE/o0LXlRX:Ljk1eneoz7V7lXUXlRX
                                                                                                                                                                                                                                        MD5:C473AD50AE41F0AA265B6FD53DCC5029
                                                                                                                                                                                                                                        SHA1:624269C99B8029E88B05D263E3BD50F6EAEF1448
                                                                                                                                                                                                                                        SHA-256:54EF391A7A3B6BA64C2E928D5CF64FDE1CA4C0C7DDAAB3DC019B2B8B8ECBDCFE
                                                                                                                                                                                                                                        SHA-512:87EF2076B137BC745CC7E5FBA9ADDC572D8D30081CF5FAB5BC0465639C646B9F5BF6A7CA10A1325A90DA4868A3FE778F749B9FB89814B80D68F6A2E633C351AD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........../'...6...9...9...'...'...)...*...B.......X.......9...B.......X...-...9.......9...'...B...L.......9...'...B.......X.......X...L...........9...'...B.......X.......X...L.......'.......&...L...... .CSDVersion..ProductName.QueryValueTInvalid registry configuration specified for registry lookup dimension handler..err.m_logger.IsValid1Software\Microsoft\Windows NT\CurrentVersion.HKLM.Registry.Win32.core.UNKNOWN...Z.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.OSFlavour.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//5CFB6B297E79BEBE816C0AA782529E628AD89B3976214160849E97DC12750ECD3DDFA400CD8C6179165C8DB48BE08F8517FB85DC3306B6B3CC0F7EC66E7600A6++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\percentagehandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1139
                                                                                                                                                                                                                                        Entropy (8bit):5.605749327252425
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6minD6l0Bt/poiwYe0HBJ2sF8uil4KIjEqE/+7Js:KnDM0Bt/ZPHB5pKs7Bu
                                                                                                                                                                                                                                        MD5:51B4E6C9A00E7A7CB3E0199C02FD9B12
                                                                                                                                                                                                                                        SHA1:AB57AFDC29F8D2E47A679E5405205C59F6F18AE8
                                                                                                                                                                                                                                        SHA-256:D5BED31D2B9E58195511144A9FFAD5FBE2A1A5E5D18231D507BE817EB9F4476C
                                                                                                                                                                                                                                        SHA-512:305806E45D9B33A12484A636089227076BF0567C29869C86C3DCF93F7D1C074DAB943A77D854DEDFE228D3E8432D45DD68320A611AE8C5787EE0AD336C963561
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........C6...9.......9...'...B...'...-...9...B.......X...-...9.......9...'...B...'...L...9.......X...9.......X...-...9.......9...'...B...'...L...6...6.......9...+...9...)...B...A...6...6.......9...+...9...)...B...A...).......X.......#...6...6...9.......B...A.......X...'...L......(Division by 0).floor.math.tostring.GetOption.settings.tonumber.(invalid config)]Invalid settings configuration specified for settings database lookup dimension handler..Denominator.Numerator.(no config)XNo settings configuration specified for settings database lookup dimension handler..err.m_logger.get_dimension_config.+PercentageHandler get_dimension_string.info.log.core...........6...9.......9...'...B...6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandler.PercentageHandler new.info.log.core.........6...'...B...6...9.......9...'...B...4...7...6...3...=...6...2...L.....new.PercentageHandler"PercentageHandler file loaded.info.log.core*telemetry.dimensions.DimensionHandler.req

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\postupdatereboottimelookup.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1077
                                                                                                                                                                                                                                        Entropy (8bit):5.574514341312559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6kwX7ue9P+AP67aap522lxSOYypacVjK8AekoGFn+MYaE/EWxpCact:1ex+AP67aap5zxSspnKn+0bYaPd
                                                                                                                                                                                                                                        MD5:40FF003D4E887281D910F146DD66E236
                                                                                                                                                                                                                                        SHA1:916B1D9D9CD13E80C00EB394420094BB29B83505
                                                                                                                                                                                                                                        SHA-256:BFEFCE4F155C3BCFBC75AC4E95151A3FE4A06ECD0C976597A298C966EB579861
                                                                                                                                                                                                                                        SHA-512:EE84F181DC8CFEC786C7F02EB30A5D5E9E4AD25548C205DD649BC6C475105317069203D97833E5AEFBEAF5573C0B5AAC91B98F99519E9D5495527BF9F5595664
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..i.......6.......B...7...6...9...6...B.......X...U...'...6...&...7...X...6...L....0.len.string.str.tostring........n6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...'...B.......X.......X...'...L.......X...'...L...6.......9...+...'...)...B...!...6.......B.......X...6.......9...+...'...'...B.......X...L...6.......9...+...'.......B...6...9.......B.......!...........!...........!.......)..'....X...)..'-.......)...B...-.......)...B...-.......)...B...-.......)...B.......'.......'.......'.......&...6.......9...+...'.......B...L......:.floor.math.SetOption.UpdateDelay.tostring.UpdateDelayDelta.pending.fresh.!VersionChangingRebootPending.*InstallDate.*LastUpdate.GetOption.settings..x0_.......6...9...........+...B...3...3...=...2...L.....get_dimension_string..new.DimensionHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.PostUpdateRebootTimeLookup*telemetry.dimensions.DimensionHandler.require...//4F7395100B6E392345F54AD57EE93347DB31FA4F9AD4B53116FA4

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\profilescounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):574
                                                                                                                                                                                                                                        Entropy (8bit):5.631859811794459
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:67k98ezZigQVAJ93mHln+zivcxC7YuknxUCZIFEeu4MXsoa8EeJKWu0ArcgzJgK+:6hezcZKM+GkXuuJsMXE/t61Vh
                                                                                                                                                                                                                                        MD5:32FF03C9F0FC9005C601701E4178215A
                                                                                                                                                                                                                                        SHA1:B970BE1F7A07F7EF9F050DF410FA528217F59CE8
                                                                                                                                                                                                                                        SHA-256:2CA715A37239809B2883EEAB9C3E2EBA7D9595CE1F388A7E1EF87477C27CF305
                                                                                                                                                                                                                                        SHA-512:E18EC14F3E80781E618099E240685EEB8B695192DD06F9D689F8F6EE72BA885A6567FFE096BABFCAA48DFCB6C6C69114DA2A2D96BC21A66610771B2A60E22140
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6.......9...B.......X...-...9.......9...'...B...'...L...)...6...9.......'...B...X.......X.......E...R...6.......D......tostring.SYSTEM.[^,]+.gmatch.string.0.Failed to get scopes.err.m_logger.GetUsersScopes.settings.Z.......6...9...............B...3...=...2...L.....get_dimension_string.new.DimensionHandlerv.......6...'...B...4...7...6...3...=...6...2...L.....new.ProfilesCounter*telemetry.dimensions.DimensionHandler.require...//232AE1AD57E0C175F40B4435507646BBA66EC8B40F7F9B4055CC50B22FA4DAA46A5E8F57B3FFA98AABAE9377DA520EE28E28B3815C5D0DC70DFE615F4281BF81++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxysubtypehandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):788
                                                                                                                                                                                                                                        Entropy (8bit):5.683170372765027
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:66wlBRe6KwlRg21VUlaIhotoIKszNQ1amXWgAXrCD3czFAE5f4mO9IFEscFEC8sJ:61XVuaA6oNsgHnaDfxYEVE/GiMUHaN+
                                                                                                                                                                                                                                        MD5:8432F848850ADA226AFDF5A5EE9EC165
                                                                                                                                                                                                                                        SHA1:430A89871C263775592C35D8375CD7E9D70D705F
                                                                                                                                                                                                                                        SHA-256:7FFB5F57398F10C6F5867706AF7A1EDD891C389B3DB523042A6CFCCFE7DD787F
                                                                                                                                                                                                                                        SHA-512:610224EEE093C1E2D09E8A8FB81D1C2BA261721BF91218625BE9DD3018E09B77F33F14D756C7C1CDC1295C5C1050573736CFEACEE13254D8A8F28E239B15955F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........<'...6.......9...+...'...+...B.......X...'...X...'.......'...&...6.......9...+.......)...B.......X...'...L...6.......B.......)...-...9.......X...6.......9...+...'...)...B.......X...-...9.......X...6.......9...+...'...)...B.......6.......D......tostring.ProxySubTypeFirefox.FIREFOX.ProxySubTypeSystem.SYSTEM.tonumber.-1._PROXY_PREF.StreamingHost.*GTI_REST_URL.GTI_Streaming_Disabled.GetOption.settings.X.......6...9.......+...B...3...=...2...L.......get_dimension_string.new.DimensionHandler.........6...'...B...4...7...5...6...3...=...6...2...L.....new....SYSTEM...FIREFOX...ProxySubTypeHandler*telemetry.dimensions.DimensionHandler.require...//94297D00FA695EEC430AA2AA4E923C4558657F711954B9AF929024789C3B852383AAE2C9FCC9A105F3A5B8377CF4DB0392B3D1CC472AF227C894B756264CD519++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxytypehandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):745
                                                                                                                                                                                                                                        Entropy (8bit):5.623544609396992
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:66wqeWhs8JczWhCg2h6OeCD3czFAE5fzyrsTjIFEtpWIfbDtsoa8EeJKDLT1yvnK:66dembJcSs6PDfLwiCIjxE/Arh0N
                                                                                                                                                                                                                                        MD5:A8658540AB75DE27DB7BACBA31A8CBB5
                                                                                                                                                                                                                                        SHA1:9F5C2AD911E196BFCA07BD254057CF5DF97AF461
                                                                                                                                                                                                                                        SHA-256:676534B8BB1DF6BF5ED3283D9A045F9F3BDBFB334EB684CF4049F3C59ECC091F
                                                                                                                                                                                                                                        SHA-512:0A24DC5133C4C613746DB54681A7247DA51C1B0CF9948F987A7027A00A8E995D8F0D5FD65610D3A9B1DD9EAF0D13BA26B93D55BF41142216000EA5B6301FFCBD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ.........."-.......9...'...B...'...6.......9...+...'...+...B.......X...'...X...'.......'...&...6.......9...+.......)...B.......X...'...6.......D......tostring._PROXY_PREF.StreamingHost.*GTI_REST_URL.GTI_Streaming_Disabled.GetOption.settings./ProxyTypeHandler self.get_dimension_string.info.............9...'...B...6...9.......+...B...3...=...2...L.....get_dimension_string.new.DimensionHandler.ProxyTypeHandler.new.info.........6...'...B...6...9.......9...'...B...4...7...6...3...=...6...2...L.....new.ProxyTypeHandler!ProxyTypeHandler file loaded.info.log.core*telemetry.dimensions.DimensionHandler.require...//C44B17998582EDCF4AD8B37A4DBD2026579B73E4B59BC5BEF373B6F41EF0D566FD705CFB49D430906904F85A9BCA86C69B0FD395A5833D1D73C8F2CAC27353D4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\registrylookup.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1256
                                                                                                                                                                                                                                        Entropy (8bit):5.666749269657573
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6g57OnQex+WvY9TwBD7PAjXgl1ge6rDt2LpdfFUpFe7xFLklUGIE/8tXwQcf+ghd:/qZxlvzvojgfgdDULpkALklSRwQ9Id
                                                                                                                                                                                                                                        MD5:B8A3CA9D1FF997BCB3A772B4DCF77A68
                                                                                                                                                                                                                                        SHA1:01D9A6E304E786E973DD4B3A90FEC8A01BCDAA5B
                                                                                                                                                                                                                                        SHA-256:B271DE1F4DAFC22FA66E770650BC60CB5DA60CBAA259B09BCD0F79FD6C46FAD4
                                                                                                                                                                                                                                        SHA-512:C283D9972609420059B60C59F539A31A22B8CE5F2E4A605C79A223719D6E2DE77E2A1B91F5AFA584E51350A4C5AE131CF50BE38B2B07299CD71026D678C549BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........m'...-...9...B.......X...-...9.......9...'...B...L...9.......X...6...9...B.......9.......X...9.......X...9.......X...9.......X...9.......X...-...9.......9...'...B...X.@.6...9...9...9...9...9...9...B.......9...B.......X...-...9.......9...'...9...'...9...'...&...B...X.'.....9...9...B...........X.......X...-...9.......9...'...9...'...9...'...9...'...&...B...9.......X...6...9...B.......X...9.......X...6...9...B.......X...'...6.......D......default_no_value;Invalid result returned for registry lookup on value (.QueryValue.)..) (#Could not find registry hive (.warn.IsValid.Registry.Win32.coreTInvalid registry configuration specified for registry lookup dimension handler..sam_desired.value_name.options.sub_key_name.root_key_name.tostring.default_no_keyONo registry configuration specified for registry lookup dimension handler..err.m_logger.get_dimension_config.Z.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandler.........6...'...B...6...'...B.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\samrecoverable.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                        Entropy (8bit):5.709692332529722
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6AnfqeIYFxO8waLvpV53SxdMrE/xXWZh7:znfqlY7lwaLvpX36arT7
                                                                                                                                                                                                                                        MD5:4AAE1F947A2ABE8136B3EA99B6EAD698
                                                                                                                                                                                                                                        SHA1:CC8903DFC2414822082D791986E4B886C170B86C
                                                                                                                                                                                                                                        SHA-256:7EA3E4A47AD7102102A8B2D0D20889105B4707684A4D0451142A3C7A30453F12
                                                                                                                                                                                                                                        SHA-512:FF3283E458652AD454E66F4F316164C4F765B485F94A12F82B88F3704F449BAF78B902338D583DCBBA2FC7B9787214059B38DCDB8410C4049045F9130E4EB8BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........;)...6.......9...+...'...+...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...+...B.......X.......X.......X.......X.......X.......X...)...6.......D....tostring.oem_recovery_v2_disabled0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WA_INSTALL3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL4*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_ACTIVATION0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_EXPIRY.*ShowSearchSettings.GetOption.settings.Z.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandleru.......6...'...B...4...7...6...3...=...6...2...L.....new.SAMRecoverable*telemetry.dimensions.DimensionHandler.require...//C8E66FCB3709B445029B4256E8F0AF3EE9ECC3B1D20B0CE077FA384E427DEBF30B8FAACE3CEF9A71423BC5E40303878E01DF54DB1F1D14391EEB347CEDEB5EA3++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\searchannotations.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):597
                                                                                                                                                                                                                                        Entropy (8bit):5.6079888686052435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6A649K5bN23Rc9rGSxfzgYGAyKIFEJnB4MF3fsoa8EeJK+mnThtFXmmIVJ447Jn:6149KNEO9rGkBWMF3fE/+IHFCL447Jn
                                                                                                                                                                                                                                        MD5:3EDC5414DC135ACF5E3AFCABA2DD62CF
                                                                                                                                                                                                                                        SHA1:334A33998F98A195CB8D5624EAB92A7E2A8B5055
                                                                                                                                                                                                                                        SHA-256:1534F0235132619D10720A507E5BB0E31F599EBC62384091D070EC895A1B86BE
                                                                                                                                                                                                                                        SHA-512:8DFC67842833D276517074FD78756202B20EF2C5F6F421A082285988C8A3DFCD175B21BFC7345ED2FFEFE9F5941810C70841D1D2815E52C41615B860247E623E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6.......9...+...'...'...B.......X...'...L...X.......X...'...L...X.......X...'...L...X...'...L...K....InvalidOption.AllSearchAnnotations.ALL.NoAnnotations.NONE.SecureSearchOnly.ONLY_SECURE_SEARCH..*CurrentSAOInExtension_ch.GetOption.settingsV.......6...9.......,...B...3...=...2...L.....get_dimension_string.new.DimensionHandlerx.......6...'...B...4...7...6...3...=...6...2...L.....new.SearchAnnotations*telemetry.dimensions.DimensionHandler.require...//74EDADD62DC46071CA49BC4D1D99DE0C6FD91F12D6B2D6F8A5A7D98D059A0A60BB41CC22DDEBF480D5042E2AA780153A916B3C6971BBC35EECFCA38217DCC44F++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\sequencenumber.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):834
                                                                                                                                                                                                                                        Entropy (8bit):5.602362765264458
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6YGwlWhl/GUuftTJCd30vLTpopCe07iMNRtfYNiMYGAyKIFEK4MDrWbsoa8EeJKX:6PuNJCtsLCAHiWnQUMvWbE/0oXBQA2M
                                                                                                                                                                                                                                        MD5:6F0BA21E57D6FBA315EAC2A4FDDF8A9D
                                                                                                                                                                                                                                        SHA1:DCE4F9CF43DE25ED0FD1A76085D9BDEF603A3AE3
                                                                                                                                                                                                                                        SHA-256:C104BE36F09D44CB1C7FF791E617E500A2549AF187A75A7F0F4940C46A281929
                                                                                                                                                                                                                                        SHA-512:83D0910697007D72C0C9E60954AD188C4B46B691BD8F4CED96E9166F87508DE23E5B143395A12BF3567BB158E256939EEDB6D8FACAD4BC19989BA0468E63DBE5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........G'...6.......9...+...'...+...B.......X...L...6.......9...+...'...)...B.......X.......6.......9...+...'...)...B.......X.&.-...9.......9...'...B...X...6.......9...+...'.......B.......X...-...9.......9...'...B...6.......B.......6...9.......B...).......X...U...'.......&...X...6.......D......0.len.string.tostring&Failed to update sequence number.;Failed to update sequence number after rollover event..warn.m_logger.SetOption.*SequenceNumber.*SequencingOn.GetOption.settings.OFF.....V.......6...9.......,...B...3...=...2...L.....get_dimension_string.new.DimensionHandleru.......6...'...B...4...7...6...3...=...6...2...L.....new.SequenceNumber*telemetry.dimensions.DimensionHandler.require...//884AF9C521FE5B6E4682FC2D2C1DEE2A19BAB8D66725AE6894643D5DF0C4B2C7D072BFD62F274C235ACD69173F68258AE5BE95CCAD28B8833C11CD0806AC0B14++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\settingsdblookup.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):811
                                                                                                                                                                                                                                        Entropy (8bit):5.529332571566126
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6viHHw7mniI8luL4Yvfsb97ZsCodUjb97ZsJArspC8tIFEs4M7xzsoa8EeJKSUQw:6v77Oi4L4iKqdUvsFLXM7pE/QtMLiwPN
                                                                                                                                                                                                                                        MD5:06B81C72D9E684E02E4F57E0D98B5D74
                                                                                                                                                                                                                                        SHA1:2FAA77CAEDF033E341F0EF72C26B5956E09A6612
                                                                                                                                                                                                                                        SHA-256:C525A2BBB6EC36AFA446B5523F6F9144C66E1F850AD5596126A805BD4EEC646F
                                                                                                                                                                                                                                        SHA-512:546DE78BECA067C4DBB41DFE5FAEA782C0A480D5EA27EA655DEE0FE297289E1AAE4D63F166F0696231A530CD967D697F07944CB93E008DB52640E2C350B3A503
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........+'...-...9...B.......X...-...9.......9...'...B...L...9.......X...9.......X...9.......X...-...9.......9...'...B...X...6.......9...9...9...9...B...........X...'...6.......D......tostring.GetOption.settings]Invalid settings configuration specified for settings database lookup dimension handler..default_no_value.setting_name.in_contextXNo settings configuration specified for settings database lookup dimension handler..err.m_logger.get_dimension_config.Z.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandlerw.......6...'...B...4...7...6...3...=...6...2...L.....new.SettingsDBLookup*telemetry.dimensions.DimensionHandler.require...//FFCF21751146DA69907699688DF2AC7ADA180489595965BC856A9834512FE835D864603CFECBC2B5539D65064D2DADD71ABC5B7ACC57C7E2CF8C2810D0EDFFD8++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\simplewmiquery.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1058
                                                                                                                                                                                                                                        Entropy (8bit):5.65335272529763
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:61F2237FZPPi0pzsxOLs0tl17FDndMRPjE/yhbeP3n:WFZ3PPi0pqOLJPtFDnaRrxhiP3n
                                                                                                                                                                                                                                        MD5:4FD510B69F570AD1685ED4F5FBC82152
                                                                                                                                                                                                                                        SHA1:1C43BED9A9C6F6C558D572BE9619F5B0FE863E9D
                                                                                                                                                                                                                                        SHA-256:52F27C0E3C06E288EC1024288D6A65EC643455DC4305628C5D947F216834FE5F
                                                                                                                                                                                                                                        SHA-512:86FA0581B77DF92C6C208CD65BEDA7B260A0C60B5905F03AA67F0DD893EEBB3AA7DB36BE0AC22FBE6D4D796EE797ADEAA6D6F164C4D30EE2C1C8D0169C78A820
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........U-...9.......9...'...B...-...9...B...'...'...,...'.......X...-...9.......9...'...B...L...9.......X...6...9...B.......9.......X...9.......X...-...9.......9...'...B...L...X...6...9...B.......6...9...B.......9.......X...6...9...B.......9.......X...6...9...B.......6.......9...................B.......X.......-...9.......9...'...B...6.......D..... SimpleWMIQuery handler: end.get_wmi_properties.utility.aggregation_type.namespaceUInvalid settings configuration specified for simple WMI query dimension handler..field.query.tostring.errorPNo settings configuration specified for simple WMI query dimension handler..err.top.Root\CIMV2.(error).get_dimension_config"SimpleWMIQuery handler: start.info.m_loggerZ.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandleru.......6...'...B...4...7...6...3...=...6...2...L.....new.SimpleWMIQuery*telemetry.dimensions.DimensionHandler.require...//FDC5784CDCD0610B65142107D345FC9367CA7345288D4EDC8F818DDEBDA4D040AA4FD025

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\staticvalue.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):555
                                                                                                                                                                                                                                        Entropy (8bit):5.504002474100086
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:63VMRLVUpCRryJAnDpC8tIFEXB4MWsoa8EeJKGFV6q7SashEvf:6mdVYeaolLkMWE/+6+NkGf
                                                                                                                                                                                                                                        MD5:2DAD5261E65F46E139061B46F691B79A
                                                                                                                                                                                                                                        SHA1:1B2286D22B4E7D6DB01878C9D812E69BEB8FD697
                                                                                                                                                                                                                                        SHA-256:F9BC3121DA0EB7008D87EA75B9508D314DBB1F3BD6FB50C77099CFFF71D600F3
                                                                                                                                                                                                                                        SHA-512:3D87AED088108340A854E8B847B737C5A35BFE189163CA89B9B33E81900F35519BA30C73C12FC90C98BB583F5EFAE5030A8961991F4A65388D841C2728C41A2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........'...-...9...B.......X...9.......X...-...9.......9...'...B...L...9...6.......D......tostringAInvalid configuration for the StaticValue dimension handler..err.m_logger.static_value.get_dimension_config.Z.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandlerr.......6...'...B...4...7...6...3...=...6...2...L.....new.StaticValue*telemetry.dimensions.DimensionHandler.require...//A53724C182237A1447D14B59F653434521F35A2DAA32D8BB2F4AD7EFCE86717649CA6A7095333E9ECB23C26436CC7F1E559052D1D3813EC162A5EAF85E4C61A9++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\suitestatus.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):861
                                                                                                                                                                                                                                        Entropy (8bit):5.591587532517702
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6LSgolbGXSPyKOq+/huuZwibRl4xAIE/UT6ix:+o1GiLR+/lRl4vLJ
                                                                                                                                                                                                                                        MD5:CF95013E7AACB0837D99FD08F8EDC081
                                                                                                                                                                                                                                        SHA1:98A2367B37ABFB8B35A0D5C2407F3E1650D83A91
                                                                                                                                                                                                                                        SHA-256:0805C512B646D7F7A6299CB4EB28BD6E23E02D109734546E1838A27AFDED0129
                                                                                                                                                                                                                                        SHA-512:FC6100C450F5D32DC0F9AC1E5B152BFEE388D8DFF0D7E1F47450FC8866A9915CD4FD5CF9632CA4CBE1484C591070D0F04480FEA0C23A02DDCD9C6E18F1EA493B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........&)...6...9...9...'...'...)...*...B.......9...B.......X.......6.......9...+...'...+...B.......X.......6.......9...+...'...+...B.......X.......6.......D....tostring.*Freemium.*Orphaned.GetOption.settings.IsValid5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core......Y.......-...9...B...6.......B...........X...+...L...+...L......tonumber.get_suite_status..&.......-...9...D......get_suite_status.........6...9...............B...3...=...3...=...3...=...2...L.....get_dimension_string..is_suite_installed..get_suite_status.new.DimensionHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SuiteStatus.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//DC79DB05C9ADCECCE6879C7BF1E491F469939F9E54A8FDAD9DB391A6336ABA34E732FB46104A04C9D4C7F5FC145A47CB898264C1237E7D687CDDC171BA86C310++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\telemetryversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):732
                                                                                                                                                                                                                                        Entropy (8bit):5.550345560547796
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:64IJQlcBnmakbsAOwitZm9j4a8pCwUitZJAooDpC8tIFEs4MpUiH/Iusoa8EeJK5:64gwclma/AOwiKE7uiZqlLXMpUiHjE/5
                                                                                                                                                                                                                                        MD5:1B2F21A5922E4E39E128CD0893B2DF6C
                                                                                                                                                                                                                                        SHA1:20E92A638025556F1FE8AC9EBA8A55662102099D
                                                                                                                                                                                                                                        SHA-256:BABF9C8B536EF016F6A59250F5415EEE87E9F04FFBBFB8D14DCDB4B18E2A022E
                                                                                                                                                                                                                                        SHA-512:0675BA0D6F109523020B336165A5F614C810F36CCCF2338DA8BF23BDED8831A43513CD9DBCD0CEE9A42C50B3779E697D8D92B3297CCFC354B3DF30C822F1A252
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........%'...-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...'...L...6...9...B...........X.......X...-...9.......9...'...B...9...L...L.....GUnable to read version data in TelemetryVersion dimension handler..warn.require.UNKNOWNIInvalid dimension_config for the TelemetryVersion dimension handler..err.m_logger.version_path.default_no_value.get_dimension_config.Z.......6...9...........+...B...3...=...2...L.....get_dimension_string.new.DimensionHandlerw.......6...'...B...4...7...6...3...=...6...2...L.....new.TelemetryVersion*telemetry.dimensions.DimensionHandler.require...//D53A715BAE8A9DF31BE9ED57A2FA9911F2AFC038204A16E4864CB966E7D837B37301D0551B8F443869CF60BD753BAD543E4F748F8696703EC2152F0E4BB370F0++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\updatepending.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):551
                                                                                                                                                                                                                                        Entropy (8bit):5.596838614146162
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6KIhjlRCEWzsgmXykYGAyKIFEPlr780Isoa8EeJKqAKqnXiHp:6TDA8g6y3lHNIE/qAKqnX2
                                                                                                                                                                                                                                        MD5:911E0943FC3C417DD43AA0A7A2A9E916
                                                                                                                                                                                                                                        SHA1:D4E711E764F2CDB43B1B276187EBF1FE04A13D96
                                                                                                                                                                                                                                        SHA-256:3061802CF2547F58CEA3C1C0374A40A4075B15EF995CFDBD46DAA3FEFCEE1D8D
                                                                                                                                                                                                                                        SHA-512:F1CA60BE15BB2A438333CB2AEBEC49327133A6094418253DC81F7280E836657944CCC3C1D418485714220544C1A35197334FCEFA946C8A78CA1CF46E157CEA2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...9...'...'...)...*...B.......X.......9...B.......X...'...L...'...L....true.false.IsValid-SOFTWARE\McAfee\WebAdvisor\PendingReboot.HKLM.Registry.Win32.core...V.......6...9.......,...B...3...=...2...L.....get_dimension_string.new.DimensionHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.UpdatePending.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//CBED428B9D026B16B535CF27B0B3BF190E3253D2E89B33203A414E375B24EB58B24DA4D50BBD358B541ED02BFB56747CF73CD4C412FD901D966F67D40723288A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\updatependingversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):731
                                                                                                                                                                                                                                        Entropy (8bit):5.626894843565386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:66IhjlRCEKXKXnf/nuzT46iuatmXykYGAyKIFEQlr4+0Isoa8EeJKZa91xVVnOcT:6DDAHKPv8UhH6yolkjIE/Za9vVVnS1O
                                                                                                                                                                                                                                        MD5:A4A428BCB6BC35BC5C14FD6EFA89175B
                                                                                                                                                                                                                                        SHA1:65A70573FC859D3E682074FC24CDD7FEF03F1658
                                                                                                                                                                                                                                        SHA-256:2DFAAFAE0F2494978F60D862DAF24E0D47DD3C5C57A27883A2E5E23F47ED42FD
                                                                                                                                                                                                                                        SHA-512:056135B8FBCD40F99D3B008704C326EDEC077EE2DF8447714A36C9CCD2A30BA0BDDCED3C17A699475966AF854983CCB8F7EA32C2060C21CCDE58EE28EDE51387
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...9...'...'...)...*...B.......X.......9...B.......X...'...L...6...9...9...'...'...)...*...B...........X.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...L.....FullVersion.QueryValue.UNKNOWN.SOFTWARE\McAfee\WebAdvisor.RebootNotPending.IsValid-SOFTWARE\McAfee\WebAdvisor\PendingReboot.HKLM.Registry.Win32.core...V.......6...9.......,...B...3...=...2...L.....get_dimension_string.new.DimensionHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.UpdatePendingVersion.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//1DA6DCB73C2206EAF66189D67A912756E802C033FA115CAF0186A05E088287D1128E91635EA5C3C1223C85542783C72F6AD634E77496D6FB0482F394CA1AAC34++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpsdatesetting.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):486
                                                                                                                                                                                                                                        Entropy (8bit):5.531918028742958
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6Wm8lgkk0uknxFsmRA4MH0usoWLIY3pKVTmowBkGCGCHqE:6WtlgkbuuIm1MH0u2IY3k5DOnCGCHX
                                                                                                                                                                                                                                        MD5:408B17F7C456D4746DE8324FA719C277
                                                                                                                                                                                                                                        SHA1:6935064711244335F884E9BA00FE34B6076E8672
                                                                                                                                                                                                                                        SHA-256:6B93E29C3B3682036FC89AA55DC8A1F72853C5731EA80F36C07310E101D07BD1
                                                                                                                                                                                                                                        SHA-512:A9BDA19475F72CA2FEDF758DDD39A7D8B8D0026D3BD3E7CAF2541D242FD5B19131512B8EFDA4AC83A37DA12AD9559215378824BDCD08114C72A24EC720FE1B13
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9.......'...B.......X...6...9.......)...)...B.......6...9.......'...'...B.......L.....-.gsub.sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.stringM.......6...9...............B...3...=...2...L.....format_output.new.WPSSettingx.......6...'...B...4...7...6...3...=...6...2...L.....new.WPSDateSetting-telemetry.dimensions.handlers.WPSSetting.require...//E464638243E4E2634C0AB85A15DD99B7F197F8D6408E6D79751E1ACD3BF3C1EED8FB9EFC9D15DB385CC3F94E01CF93C027DEB599A1D5BC61C45C2F810E8A807B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpsdayssinceexpiry.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1226
                                                                                                                                                                                                                                        Entropy (8bit):5.645305467301911
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:68K9YrN+Iuz8ecC4CrisVLAe0bVUkM0dabVtjue2JMAhk2IY3k1SNXGHWeW:FKuN+HcwDCe+/M0s20Ai2cS/T
                                                                                                                                                                                                                                        MD5:E65F99F6F0C7030D8BC9A73F87DF43D0
                                                                                                                                                                                                                                        SHA1:E7A6CA290646D3D642B4C88B6AD88AB08AE404D7
                                                                                                                                                                                                                                        SHA-256:C8CB9612D419B2C986B02BD63CFDDD3156F6D1983B7EDC666C98A14117233B91
                                                                                                                                                                                                                                        SHA-512:F88C9DD44ACDA32A1C8DE0E543F0DEE6E128BD3A98023BBC5A4E61D6F400813DBF48990974343AA4F72A68780E92DD21BA4296981CEE92A88FA6034898EBD697
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........J).......X.......X...6...9.......B.......X...6...9.......'...B.......X...)...L...6...6...9.......)...)...B...A...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...9...5...=...=...=...B.......L....day.month.year....month..year..hour...day..time.os.sub.tonumber.%d+.match.len.string..4.......6...9...6...9...'...B...C....!*t.date.time.os........:6...9.......9...'.......&...B.......X.......X.......X...L...6...9.......'...B.......X...6...9.......)...)...B.......6...9.......'...'...B.......-.......B...).......X...'...L...6...9.......B...6...9...-...B.......B...!...6.......D........tostring.floor.math.INVALID_DATE_FORMAT..-.gsub.sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.string.NO_WPS_KEY.NO_WPS_SETTING.NO_INPUT_SETTING%WPSDaysSinceExpiry: input date =.info.log.core...W.......6...9...............B...3...3...3...=...2...L.....format_output...new.WPSSetting|.......6...'...B...4...7...6...3.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpssetting.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1424
                                                                                                                                                                                                                                        Entropy (8bit):5.728258176403919
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6UlTifnPNyUwcGuVHfyULClnA5RzKx39PtFmUc9GWk04RDSc3+WsY13UjseE/gBq:hTgN+O1ff5Uv1FfcIRDS1jsek
                                                                                                                                                                                                                                        MD5:BDFA3233C1A22A32BD365288FC625F57
                                                                                                                                                                                                                                        SHA1:5503B3A947658048BBC69499AA4564D6823B72B7
                                                                                                                                                                                                                                        SHA-256:5205B5E0EED3EC5DE8B78DA6082E883911DA93E5F01CA23BCB64AAE11CC0A474
                                                                                                                                                                                                                                        SHA-512:6B6AD9AA06D8891CA1883B675F534086E1E9A5E46B9FB4994614E3EA7226BE9EFF90944314BAF64F12F4B73D9F858884581B55DD2B0EC7735930FEE6F5F7E0A0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........g....X...6...9.......9...'...B...'...L...X...6...9.......9...'.......&...B...6.......9.......B.......X...6...9.......9...'...B...'...L...........X.5.6...9.......9...'.......&...B...6.......B...6...9.......9...'.......&...B...6...9.......)...+...B...6...9.......9...'...B...6.......B...H...6...9.......9.......'...6.......B...&...B...F...R...'...8.......X...8...6...9.......9...'...6.......B...&...B...6.......D....WPSSetting: returning .NO_WPS_KEY. = .pairs,WPSSetting: parse succeeded. Json keys:.decode.json_parser%WPSSetting: wps json setting is .tostring.WPSSetting: key = .NO_WPS_SETTING)WPSSetting: returning NO_WPS_SETTING.get_setting.wps_utils.WPSSetting: setting = .NO_INPUT_SETTING+WPSSetting: returning NO_INPUT_SETTING.info.log.core........L............-...9...+...-...9.......X...-...9...-...........B...-...9.......X...6...9.......B.......-...9.......B.......L..........format_output.lower.string.lower_case.key.setting_namev.......6...9...........+...B...3...3...=...3...=

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpssuitestatus.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):586
                                                                                                                                                                                                                                        Entropy (8bit):5.467409333274798
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6UoUHVhElFJrsWm8dcfzOd4DITmu7TwFCZ/EK4MHEsoa8EeJKj+Jmlu6Wigh:6JMyqWm+coxjXw48MHEE/CWgh
                                                                                                                                                                                                                                        MD5:194891CFE53383772F1ED5F6A32EA7AE
                                                                                                                                                                                                                                        SHA1:2B81BF921689F6493947D07B22B4EB64A9AA5D04
                                                                                                                                                                                                                                        SHA-256:64E520B39E3E10A1E4795B6418F867EF5A0CF763F84A0B1D5A9B960B7446D76E
                                                                                                                                                                                                                                        SHA-512:758CF73E813F51F298CFD6D001D152E43B9A3FE02EFCC8DD7E5FE0A899267D987AF133B85CD68810A056FE7739E015B8F30389E4CB495BCF66F1D58D04001ED4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........)...6.......9...B.......X.......X...6.......9...+...'...+...B.......X.......6.......D....tostring.*WPSEverInstalled.GetOption.settings.is_wps_installed.wps_utils..&.......-...9...D......get_suite_statust.......6...9...........+...B...3...=...3...=...2...L.....get_dimension_string..get_suite_status.new.DimensionHandleru.......6...'...B...4...7...6...3...=...6...2...L.....new.WPSSuiteStatus*telemetry.dimensions.DimensionHandler.require...//C1B03D4DEEC117E8532FDCB44FF28C56B98A8FCEDD7BE31175600BFCBED4FBF709ABFE354F9B35994DBA2FDAE210025BF6B1B732CCE6090155EB03D59072834D++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpstrial.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):461
                                                                                                                                                                                                                                        Entropy (8bit):5.536917675800623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6rWo2O4Kwz77tdi9Guu7FsmRG4M/soWLIY3pKTenn1cWn3Ilpx:652O4K2HLikuu2m3M/2IY3khW3gL
                                                                                                                                                                                                                                        MD5:A031325725D110CFCD7C325CFF35BB8D
                                                                                                                                                                                                                                        SHA1:2E33D8E3E61875E52832D20E40110CED63B25C13
                                                                                                                                                                                                                                        SHA-256:53C54CE9EC85546122830B4F71B6C1DA07A046C585C89E3FFBBBCEC942834B08
                                                                                                                                                                                                                                        SHA-512:F0DEFB3FDA962AEC87FACB5454D9B8BA9E07352E33686993B5D5795965B858DFCD09892BC16003C5378DCBAE035147583F3F90C6E2CC0840F4B53299AB5EF266
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............X.......X...'...L...X.......X.......X...'...L...X...L...K....0.Paid-Expired.Paid-Active.1.Trial-Expired.Trial-ActiveM.......6...9...........+...B...3...=...2...L.....format_output.new.WPSSettingr.......6...'...B...4...7...6...3...=...6...2...L.....new.WPSTrial-telemetry.dimensions.handlers.WPSSetting.require...//3A2C3A1B85DFE3A5300507C8296E0CA1A722955C5DEB944435E489042A0BBC5FBB808D3AF23C02B6893F392C396AAC3E43BDBA4A0E469D18D3DA2C53A58256E2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wssaffid.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):651
                                                                                                                                                                                                                                        Entropy (8bit):5.733101559581756
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6Pr2oFtgLR4MxSmulXR1OOuknxUCZZQ+4MSQdsoWLIEKrCzW9hVOO:6qoFeLRJJwRNuuJcfMSQd2IjOz8hVh
                                                                                                                                                                                                                                        MD5:1126F5D358109ABACAB8B0EA6868AF41
                                                                                                                                                                                                                                        SHA1:338E00501DD56D1392FCB6C1A19AC2299BE6F247
                                                                                                                                                                                                                                        SHA-256:AD16DC5B7FB8999EAD73A019E41D789EBE1EBFB564038C3E498C2E88C377985D
                                                                                                                                                                                                                                        SHA-512:555ECB668A52D1719B712D6A7FFB0439F2F5207FB14A06DED8952933C0F95E0FF98A40E560B6BD871DA0781683816DF4FC6007FA63AB2D4071D80BBAE85E037F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........#-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D......tostring.NULL_AFFID_ERROR..affid.QueryValue.READ_ERROR.IsValid+SOFTWARE\McAfee\MSC\AppInfo\Substitute.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed...U.......6...9...............B...3...=...2...L.....get_dimension_string.new.SuiteStatuss.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSAffid.telemetry.dimensions.handlers.SuiteStatus.require...//13A8EDFC36C37D395894A24F7999D08BEBFFB1DF554492DE000A092D0BB2F753804D7379079222595902EBC0BDD8873DC3775A3C7C9B67BAB8B73349ECFE8770++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsscspid.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):577
                                                                                                                                                                                                                                        Entropy (8bit):5.6260555132685015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6JHg+kZtnOxroQ2vfrY1OvpCFeuknxUCZZQ+4MLnusoWLIEK912p96UjWI:6JALZecvTYkpuuJcfMq2IjH2XLjF
                                                                                                                                                                                                                                        MD5:4E6FC13BD82EADC81A309DE345E6E520
                                                                                                                                                                                                                                        SHA1:DC98B3A5E6E7D2D12582B599CF0FA9C6CF0320F0
                                                                                                                                                                                                                                        SHA-256:E621B353007E1B7E3D3761D6A8EF7DE7923F3E833E6010E1750C59C7564E3B04
                                                                                                                                                                                                                                        SHA-512:AA7DE4C4CEF873EE7C0C73C5C1DCF9307247A159D8C9E90BFA04493DC40D8E75709994E7043BCF2D65BD78B4D2DDD8100A9874AE62305505AF41D13872E69BC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........-...9...B...-...9...B.......X...'...L...6.......9...+...'...'...B.......X.......X.......X...'...6.......D......tostring..__not_available__.NO_CSPID.CSPIdValue.GetOption.settings.NO_SUITE.is_suite_installed.get_dimension_configU.......6...9...............B...3...=...2...L.....get_dimension_string.new.SuiteStatuss.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSCSPID.telemetry.dimensions.handlers.SuiteStatus.require...//4C2D0246CA915B194F3984E0BAAB3880EF45FC1D49A0506A2521B93B362D7ED08179AB0F8CD4035E55721125A2265BDFA23084168FE7D81FFAC4E202CE2A131B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsseuladate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):682
                                                                                                                                                                                                                                        Entropy (8bit):5.5654749720650685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6Lkl8gL+SeAXJV8ra71ObWLixqArstSgtlxm45haHCZEplra6hsoWLI/soWLI/3X:6ZFSeAZUmSWLPJSK5h14l9h2I/2I/6ef
                                                                                                                                                                                                                                        MD5:C4A25DF2E367B2E49359941B4425D42E
                                                                                                                                                                                                                                        SHA1:8442CAA5EDE9D8BCEC7FB4DF23EDC7BE4B949A77
                                                                                                                                                                                                                                        SHA-256:E5DFE70D755B9A0E4E6769C1187785CEA6663F2F27936EFC8D5EF33AB27F8559
                                                                                                                                                                                                                                        SHA-512:2CE8A063A9C966985FB4A61F2FD9B09F68A3AEC802C0EB571D2D9F8C7F191F7A429AE3328C519851A15CF495F4956602FD3F8DAA36A6EDC9ECEC0A4A80D1FA20
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........-.......X...-...9.......X...-.......X...-...9.......9...'...B...'...L...-...9...B.......X...'...L...-...D..........NO_SUITE.is_suite_installed.UNKNOWN3Failed to construct the WSS eula date handler..err.m_logger.get_dimension_string|.......6...9...........B...6...9...............B...9...3...=...2...L.....get_dimension_string.SuiteStatus.new.RegistryLookup.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.WSSEulaDate.telemetry.dimensions.handlers.SuiteStatus1telemetry.dimensions.handlers.RegistryLookup.require...//7B41B3659D609EDB8C06F65701D96A9ED8B3C51A3675F7D8A50F30A7253F5799C97C6DB0E6D030DB18077A652DF823B8F87A3F4B2EC641D00CDB942E5F430AC6++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsspackagetype.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):495
                                                                                                                                                                                                                                        Entropy (8bit):5.556089236401764
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6YvKpYFpbmvzLuknxFso4MH2hAusoWLIPKnkVhzofeCSXG:6YvK2FcrLuuItMH2hJ2IynkVhzvW
                                                                                                                                                                                                                                        MD5:1BD99A89D395FACD8F41CA41BE4C29A1
                                                                                                                                                                                                                                        SHA1:06A3150116E0A6C71B935F7A9C71B3FD945DF554
                                                                                                                                                                                                                                        SHA-256:E47B8D3C36455CECC0E648F0CAD30C0117682697DE9D48802DD40B87AD95C627
                                                                                                                                                                                                                                        SHA-512:D8CF44EEA1C4F7A54AC09CD8063D2210D698613C025A8A556AA11C626E7816A0968EA2742E6A3EF6997C053BCDC30B19BC0D294628107081C19EAD4B1C58773E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ.......... ....X.......X...'...L...'...).......)...M.......9...........B...6...9.......B...).......X.......'...&...X...........&...O...L....*.byte.string.sub.M.......6...9...............B...3...=...2...L.....format_output.new.WSSSettingx.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSPackageType-telemetry.dimensions.handlers.WSSSetting.require...//B4152E58E93B0D30F8C6E0BC9DCD07B09746330CFF384CE83BC9B121EE5E781A26CDDC9F9E4B2286A52937824CC0678A596C3291FED3BF8F7C93E09B750B8C59++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsssetting.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1442
                                                                                                                                                                                                                                        Entropy (8bit):5.778896431163995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6YlP+rYW/mAENhRsWA6iTzvfg0lh+XjWwRfqNRV+mSWl8q49Scuh+WsYAZMn2Ija:NAElsWA6iTzblhajWCyT8Al8l9SDIunW
                                                                                                                                                                                                                                        MD5:771EBA2326A5B28DAF8DCA4428A18178
                                                                                                                                                                                                                                        SHA1:4F36DEDA50253685B13752C216940D09100B31DF
                                                                                                                                                                                                                                        SHA-256:DCDC6DF2BFAE3EE8577C563F8F0EDB53BF565A7CCDF3CF9BA8C7BB10C6118BB4
                                                                                                                                                                                                                                        SHA-512:F3B18422180F9D9EECB54B3C08F91AD5A43561CBE949D132E4F1932BAE62C3E95E754D63689E5159328F3460AD51BFDAEB31FC3BDCD2BBCF77804642833A5EA5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........('...-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L...6.......9...........B.......X.......X...'...X...6.......B.......L......tostring.UNSPECIFIED.GetProperty.subdb.NO_APP.IsValid#SOFTWARE\McAfee\MSC\SubManager.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed....t.......-...9.......9...'...B...L.....FBase WSS Setting handler format called. Returning original value..err.m_logger........K'...-...9...B.......X...9.......X...9.......X...9.......X...-...9.......9...'...B...L...-...9...9...B.......X.,.9.......X...9.......X...-...9.......B...........X...-...9.......9...'...B.......9.......X.......X.......X.......X...6.......9.......B...........X...-...9.......9...'...B.......6.......D........tostring?MD5 function incorrectly hashed data. Using default value..MD5Hash.utility.UNSPECIFIED.NO_APP.MD5EFormat function incorrectly formatted data. Using default value..format_output.NO_SUITE@Invalid configuration for the WSSSetting dimension handl

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsssettingexpiry.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):940
                                                                                                                                                                                                                                        Entropy (8bit):5.433077897705084
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:68K9YrN+Iuz8it4CWVDPVrtjueXMd2IyJWPy:FKuN+Cdsfd2MPy
                                                                                                                                                                                                                                        MD5:0870970CDF448EFB6065025880D6BB94
                                                                                                                                                                                                                                        SHA1:A401DF2F26AF6ACE89649AA9D4C46073C1B468B1
                                                                                                                                                                                                                                        SHA-256:5F124941159F92D9A4F8DDDFFC8550C70436CACDDCD6070DA729A91A80C73A08
                                                                                                                                                                                                                                        SHA-512:0017F9D39B7C4DE75C78BC0528D09F11D30816234AC256173EF03EFCFCDBB9D18B25B3CA512D05F364C2E8D42CCFCB73359B4676431DB8B5AE94B49C65EF96B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........J).......X.......X...6...9.......B.......X...6...9.......'...B.......X...)...L...6...6...9.......)...)...B...A...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...9...5...=...=...=...B.......L....day.month.year....year..hour...day..month..time.os.sub.tonumber.%d+.match.len.string..4.......6...9...6...9...'...B...C....!*t.date.time.os.........-.......B...).......X...'...L...6...9.......B...6...9...-...B.......B...!...6.......D........tostring.floor.math.INVALID_DATE_FORMAT...W.......6...9...............B...3...3...3...=...2...L.....format_output...new.WSSSettingz.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSSettingExpiry-telemetry.dimensions.handlers.WSSSetting.require...//0A6F74C1DA94C46846F4E6509F969C86B56EC26D9CA656128A7E91963AA3EE795223D348F2451F6987B7102BC419336C5D1924087F34F648E9ED18740CA49D99++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wssversion.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):653
                                                                                                                                                                                                                                        Entropy (8bit):5.70326826859418
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6Ox2oFtgLNzcP4XR1OOuknxUCZZQURlr7A0csoWLIEKNKAFlroKpVhn:6ZoFeLhcPwRNuuJcwlZc2IjhmKVn
                                                                                                                                                                                                                                        MD5:D8EB26D7D8D48314CB845AF21A62BA3D
                                                                                                                                                                                                                                        SHA1:8967BE6B3FD0EB91379949065695E7F3B56EBC41
                                                                                                                                                                                                                                        SHA-256:C1B3FE9036C88E24F98C46258867345E81F5888513D932FD5FF21D099C22AC10
                                                                                                                                                                                                                                        SHA-512:F76CC6F2F21744154FB9757AACA89D8E22BAEEA89C45AA5762BD3D0773B02D0949A353FEE95D2F9E407FBCA2C05C758E7A30F551572157D262001067CFD783EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........#-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D......tostring..ReleaseName.QueryValue.NO_VER.IsValid.SOFTWARE\McAfee\MSC.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed...U.......6...9...............B...3...=...2...L.....get_dimension_string.new.SuiteStatus.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.WSSVersion.mfw.core.Win32Helper.telemetry.dimensions.handlers.SuiteStatus.require...//51AE1E71F90DCEED2C986AFCD6C78337E0D4373B5F00D9B911FD3E7CC8691A4010DBC6CD1808518C1FC64D1BB30CAE8DFC9DA5D9FC5E35351DA909F6286F2D90++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsswps.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1471
                                                                                                                                                                                                                                        Entropy (8bit):5.623174665731814
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6ziuY/92CMhnEs6pJ7oLdoCnqyXgzysccVzoFnqy7g2ISNvt0Q+cOQluHRMvWJuV:3uU9+1JkSo4qCmJ1opqX2hNF0Q+clHvR
                                                                                                                                                                                                                                        MD5:8F9AE821D39BD9BC9338068DF61A1C5B
                                                                                                                                                                                                                                        SHA1:792E5EFE664C163A0D3F3770E7AFA78CFAAAFE39
                                                                                                                                                                                                                                        SHA-256:BE9518FBC1F6EA3B752368D6244FBE9B5FB609454362826A6029BBC74D91FAC5
                                                                                                                                                                                                                                        SHA-512:37E07C1896BBFD651F7568598EE8625EDEEB54F1163754316D93D457B54D0E612E136807017356F46E4A002ED32F4EFD94662D78D297340CA01585162F5FBB31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........~-...9.......9...'...B...'...6.......9...+...'...+...B...6.......9...B.......X.......X.8.-...9.......X.4.-...9.......X.0.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X.=.-...9.......9...'...B...X.6.-...9.......9...'...B...X./.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X...-...9.......9...'...B...X...-...9.......9...'...B...L.........VWssWps: Expecting wss subconfig and wss handler in dimension config, but got nil.3WssWps: Nil wss dimension handler encountered..wss!WssWps: WPS is not installedVWssWps: Expecting wps subconfig and wps handler in dimension config, but got nil.3WssWps: Nil wps dimension handler encountered..err.get_dimension_string.new#telemetry.dimensions.handlers..require.handler.wpsjWssWps: WPS is installed, or WPS was once installed and dimension is SuiteStatus or SuiteEverTurnedOn.ch

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\version.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):235
                                                                                                                                                                                                                                        Entropy (8bit):5.182157759415833
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:8k4kikwIWmLQJX8n+OgydUFd1KVHE2C66y4XpVv:90kRLQJXcQdWPE3v
                                                                                                                                                                                                                                        MD5:3F8AE4FF352166FF91CD7C7D5C943573
                                                                                                                                                                                                                                        SHA1:6137538ED58FF8A471B303A08FEBDB61345D9F0D
                                                                                                                                                                                                                                        SHA-256:CEC3D2F004FFD768334A6FCD041488B637218A03B027CF8D907C4268C1A91511
                                                                                                                                                                                                                                        SHA-512:C086AC460233F6F8DEBBAA374A7357C718AE0A996E9357D313B9522902972BB197E6C1CCE9E9964C362AA98EAD986F92EDF047CF8E3965103D6CA3FA325B2CE8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:--$FileVersion=[VERSION_MAJOR].[VERSION_MINOR].[SUBMINORVERSION].[BUILD_NUMBER]..return "4.1.1.898"....//BCD6F533B96B03002BFF0DE7E7CA8ACDB93BFA5C086E5E33C69CB85057A7E097D602F547098A6560E823F428A45EE3082C6FEE7AAB043A78CC8D6E552B7C4600++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventformatter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1412
                                                                                                                                                                                                                                        Entropy (8bit):5.530651910403726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6K1Jgy3rpRIDeoLrlv7KPryoWMikfGRZcuKjzjp7DrXHSjutPrVO:BcCIRvlQmDMaZSN3XucVO
                                                                                                                                                                                                                                        MD5:9BEBC5E057DDDCB24BD7F8179DA5EEED
                                                                                                                                                                                                                                        SHA1:CC983D4E313623D78AE0259A91BBC57125448EA5
                                                                                                                                                                                                                                        SHA-256:23744192672388948F5743DE3AC74B7479CF41D7F175074FA5F66C0EEED88248
                                                                                                                                                                                                                                        SHA-512:6AC91792FB7C55DDFE96A98E1AB02ED8D2B16448A452E70C03A6566ECF034B3A8C894B70C3F711CCEF3C33F568517464C5D7A2FA90A9A0C381C51FFB13FC04EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..$.......-...9...L......m_event_config$.......-...=...K......m_event_config........-...9...L......m_event........-...=...K......m_event".......-...9...L......m_dimensions".......-...=...K......m_dimensions........-...9...L......m_metrics........-...=...K......m_metrics".......-...9...L......m_extra_data".......-...=...K......m_extra_data........)....X.&.6.......B.......X...6.......B.......6...-...B...X...'...6...9...'...6...9...6...9...............B...A...A...&...7...6...9...........6...B.......E...R...L......gsub.replace.sub.byte.%%%02X.format.%.ipairs.tostring.string.type?.......6...'...B...K...&format_event_data not implemented.errorL.......6...'...B...K...3get_formatted_event_identifier not implemented.error......!.$4...5...=...=...=...=...=...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3. .=...2...L....#get_formatted_event_identifier..format_event_data..encode_uri..set_extra_data..get_extra_data..set_metrics..get_metrics.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventhandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2836
                                                                                                                                                                                                                                        Entropy (8bit):5.490724168738662
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:mkeaI98lToMD9BJZKCqn3ma3wlwY7zmDg/75Zev5fqp4D9K74JL7SMHhsRK3DyX3:m3uDbJZJqn3maEme7vxg/hFh2K3uWmL
                                                                                                                                                                                                                                        MD5:F07D136902E3D381B1DE5A7C06FC7308
                                                                                                                                                                                                                                        SHA1:5E3D99A8A370F4BEEAA3200038967BC2E34CF8F6
                                                                                                                                                                                                                                        SHA-256:BE54D76CFE2877286B84A1BA70D5800726DCC91452642805E81C8F08134FAA91
                                                                                                                                                                                                                                        SHA-512:5F5DD58F91E68A663768D8F43878E472358D4184B6636CCE8E0E4B63EFA2D2EF1AF6E8DF3CB7F7F137809DC2887264334413EF508D4CEDCDFE3E5EBFD2BB712A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........'...6.......9...+...'...'...B...........9...'...'...B.......6...9.......'...B...X.......X...+...L...E...R...+...L....([^,]+).gmatch.string.%s+.gsub.telemetry_deny_list.GetOption.settings.............K.............-...L.............-...L.................K.............-...L.................K.................K.............-...L.....D.......6...'...B...K...+handle_telemetry_event not implemented.error........-...<...K.............I-...9.......X.......X...-.......X...-.......X...9.......X...-...9.......X...-...9.......9...'...B...'...L...X...-...9.......X...-...9.......9...'...B...'...L...9...-...B...9...-...B...9...-...B...9...-...B...9.......B...9...B.......X.......X...-...9.......9...'...-...9...&...B...'...L...L.............5Invalid formatter supplied for telemetry event: .set_dimensions.set_extra_data.set_metrics.set_event.set_configCAn event name was not supplied in the telemetry event payload.._event_name.6Invalid event data suppied for telemetry handler..err.format_eve

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventtransmitter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):514
                                                                                                                                                                                                                                        Entropy (8bit):5.268068623538178
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6nbteRM5oA9hcXtGJ2gznkxiRM5ajmoCfSnTXGSGjl:6nbtNokhcXtGJxkxxajqfSrMB
                                                                                                                                                                                                                                        MD5:B7378839A7E520D54C20C74777F036AF
                                                                                                                                                                                                                                        SHA1:9A376DD3495B4FF80742434BB6E56503CD92191B
                                                                                                                                                                                                                                        SHA-256:F571FD6CEA4522EA02F9F3BA1818C683376F91C403740F4E40610DD09651BCE5
                                                                                                                                                                                                                                        SHA-512:5C8D6C2B2FB451A5A83674F4EF1096DF0850F7A2892E3ABB62E8FC873E4C4194222404C95D193B2D4071842F0A3D0D3AA2E02268A7C590BB4B7C5F7F6DD199C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..B.......6...'...B...K...)transmit_to_endpoint not implemented.error@.......6...'...B...K...'get_endpoint_value not implemented.error>.......6...'...B...K...%get_header_value not implemented.errort.......4...=...3...=...3...=...3...=...2...L.....get_header_value..get_endpoint_value..transmit_to_endpoint.m_logger=.......4...7...6...3...=...6...2...L.....new.EventTransmitter...//9624E4EF82072A03CCFA755184668AC580B9F2221C9E91CE6A662AD248D92C33080638BC1DE5BB4927D5FFB8275CE7C8065F0CDE8EF726C3E0863A58D65DCF94++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_aws.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4377
                                                                                                                                                                                                                                        Entropy (8bit):5.7210907742052015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:rvS4++y4QztwEGprKeJYYE8Wp1ZYqNM3G0fW3fiYlrdp:jSt9NhwXrKe58bC3Gscik
                                                                                                                                                                                                                                        MD5:C9D20E590B6C79F7EC818F7D06268E6B
                                                                                                                                                                                                                                        SHA1:EECDAB95FC82C8FA6364BCDD9F905912179E9423
                                                                                                                                                                                                                                        SHA-256:7CDD3302A889BA1B0DC941E7412F7442EF2739FD904FE3CAF158954005A274AE
                                                                                                                                                                                                                                        SHA-512:E11EAC377E13C0AADBC9C52153239F8AEAD1717D53024900E5B73DD0B421427EECE44E97F4E83FA8BF9DD54C50C8B51A84A88A7BD10159E595BFAC375189C5AB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..?.......6...-...B...H.......X...+...L...F...R...+...L......pairs........-....X...-...9.......9...'...B...+...L...-...9.......X...6...-...9...B...H.......X...9.......X...9.......X...6...9...B...<...X...-...9.......9...'...B...F...R...X...+...L...+...L.....5Nil dimension handler configuration encountered..tostring.value.config.pairs.m_dimensions=Empty event data supplied for formatting dimension data..err.m_logger.............X...-...9.......9...'...B...+...L...-...9.......X...6...-...9...B...H...'.......&...6.......B...<...F...R...+...L......tostring.Metric_.pairs.m_metrics:Empty event data supplied for formatting metric data..err.m_logger......!.......X...-...9.......9...'...B...+...L...6...9...9...'...'...)...*...B...'.......9...B.......X...-...9.......9...'...B...+...L...X.......9...'...B...........X.......X...-...9.......9...'...B...+...L...'...-...9.......X...-...9...9.......X...-...9.......X...-...9.......9...'...B...+...L...6...-...9...9...B...H.M.-...9.......9...'...6......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_ga.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3124
                                                                                                                                                                                                                                        Entropy (8bit):5.609038092105817
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:fLZ+42VV09YI2zlp1sIQ+mjIG0fW3sdf8ge:fL44RyXzT1sIptGslfA
                                                                                                                                                                                                                                        MD5:383EC36FB97E888D9B13ADB5150DACEE
                                                                                                                                                                                                                                        SHA1:3A420C17D3E8A0251D9D40F3F307059156A51DB5
                                                                                                                                                                                                                                        SHA-256:7AF07CDB88D522773896462F38354C964F2B88FBDE4053906159D2605695C62B
                                                                                                                                                                                                                                        SHA-512:676942C5991B357F28B18A649804AE0781B686CDD387A1C507E5EF13AF38AB446D6749419E09881D31D059EF2D2FA588FCADEBA197DB0F69AABB49D8D012E455
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..L...........'...-...9.......B...'...-...9.......B...&...L......=.encode_uri.&?.......6...-...B...H.......X...+...L...F...R...+...L......pairs~.......'.......X...).......X...'.......X...-...9...6.......B...A.......'.......'.......&...L......=.&cm.tostring.encode_uri.1.h.......'...-...9.......X...6...-...9...B...H.......-...........B...&...F...R...L........pairs.m_metrics........._'...'...-...9.......X...-...9...9.......X...-...9.......X...-...9.......9...'...B...'...L...6...-...9...9...B...H.,.-...9...8.......X...-.......B.......X...-...........-...9...8...B.......X.......X...-...9...8...X...-...9...8.......X...-...9.......9...'.......'...-...9...9...&...B...'...L...F...R...-...9...9.......X...-...9...9...).......X.......-...-...9...9.......B...&...L............metric_id._event_name.) when processng event: -A mapping value could not be found for (.metric_value.pairs?Invalid configuration for GA formatter 'get_event_string'..err.m_logger.m_event.mapping.m_event_config.1.........v'..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_json.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3452
                                                                                                                                                                                                                                        Entropy (8bit):5.632512353228418
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:RXYMvS4+VjYlQJqnaMIwLuoJVvBSIQ0x/qbvdkZY4tuwQTdON7MrC9V2mUW3gMNe:rvS4++3PBKKY4tugdMrG0fW3fz2Z
                                                                                                                                                                                                                                        MD5:49CD3E7E4481483378E48C8FFB79526C
                                                                                                                                                                                                                                        SHA1:4AB51892B9895F05B31BDE50FF426125FC2AC640
                                                                                                                                                                                                                                        SHA-256:2A58391C650334E628C6B32652C70F39BAC8CACE041F12EE93BDAD6C652512F2
                                                                                                                                                                                                                                        SHA-512:E8C6508B493A9FA21725F6D20B07E34B6FFFF5D89430571D0FCD788814CE63C0FC6B305AA5918ACFA0181C2787C193AF03635F1B3ACE9DF614AFEE988D165331
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..?.......6...-...B...H.......X...+...L...F...R...+...L......pairs........-....X...-...9.......9...'...B...+...L...-...9.......X...6...-...9...B...H.......X...9.......X...9.......X...6...9...B...<...X...-...9.......9...'...B...F...R...X...+...L...+...L.....5Nil dimension handler configuration encountered..tostring.value.config.pairs.m_dimensions=Empty event data supplied for formatting dimension data..err.m_logger.............X...-...9.......9...'...B...+...L...-...9.......X...6...-...9...B...H...'.......&...6.......B...<...F...R...+...L......tostring.Metric_.pairs.m_metrics:Empty event data supplied for formatting metric data..err.m_logger..............X...-...9.......9...'...B...+...L...6...9...9...'...'...)...*...B...'.......9...B.......X...-...9.......9...'...B...+...L...X.......9...'...B...........X.......X...-...9.......9...'...B...+...L...'...-...9.......X...-...9...9.......X...-...9.......X...-...9.......9...'...B...+...L...6...-...9...9...B...H.-.-...9...8.......X...-......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handleonnavigate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):406
                                                                                                                                                                                                                                        Entropy (8bit):5.438210148159206
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6IWlLK4X9uR4MrCEu5JJKkkOMQFSSpUMqeO:6bLltJMmEuUkkOMnSCMqeO
                                                                                                                                                                                                                                        MD5:7083C9FDB33FFA247058547652D30265
                                                                                                                                                                                                                                        SHA1:10E3A6D69187076EDD835D4B23BB618A5BD8F616
                                                                                                                                                                                                                                        SHA-256:CE2D4F570972076F6226BD5053727D13A037A907509234C0C43D2B090AC84508
                                                                                                                                                                                                                                        SHA-512:76AC3297B18707BDF39CB0002FF3387F325D6E0F44441A85A905EE98E473535F8095D4A478ABCE8B937D282BE86E64BDFF5063B5DBD4488754A51E3C506CB56C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..>.......6...'...D...)handle_on_navigation not implemented.errorZ.......6...9...................B...3...=...2...L.....handle_on_navigation.new.EventHandlero.......6...'...B...4...7...6...3...=...6...2...L.....new.HandleOnNavigate"telemetry.events.EventHandler.require...//EFF8E244B67AB9E2A103DEB12A24D01096F152651FE8EED9C2628357680824720B357BE150A6A4FC8B8D98ABC3B36D9AE83A6905EE5ACFB9D3E96F62C4777EA2++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\adblockcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3075
                                                                                                                                                                                                                                        Entropy (8bit):5.789521226645445
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Vh/mkG1vxDdLkUe4g1yL1azfiu2Z0nq3336cyN5/Rd+4p3ssJi2B5yGzO40hco0b:buPDd65712ZX33HkBrkvYjEK
                                                                                                                                                                                                                                        MD5:523EF945988E83B9E2022DBC3D615F9E
                                                                                                                                                                                                                                        SHA1:E53BB08D7ACFC76D1D48F010F8171D026DD7C222
                                                                                                                                                                                                                                        SHA-256:8171C237AD8D22D331D49F3141AD8ECB6852BD0CD9C0F1EECB6B2529DBDD53AD
                                                                                                                                                                                                                                        SHA-512:9B3DDC635BAD908256DC84E3B85C2FCE5A0FEF10264A64C3C7F2256F977DF02490A1C811A20520119A387AEAA1E4311E69D893C0740AF80116EE77078F3938AB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ............-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...9.......X...+...9.......X...6...9...B...........'...9...'...9...&...6...9.......'...&...B...6...9.......'...&...B...6...9.......'...&...B...6.......9...............B...6...9...B... ...6.......9...............B...6.......9...............B.......6...9...B... ...6.......9...............B...6.......9...............B...........6.......9...............B...+...L......SetOption.GetOption.settings._Occurence._TrackerBlocked._AdBlocked.lower.string._.tonumber.default_no_value.in_context.prefixFOEM Adblock counter handler called with an invalid configuration..AdblockCounter.get_telemetry_configVOEM Adblock Counter handler telemetry event called with an invalid configuration..err.tracker_count.ads_count.interaction_type.browser

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\blockpage.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1154
                                                                                                                                                                                                                                        Entropy (8bit):5.477029567856194
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6UAe99gul+OdtOMKqCC5Vg6pVgPVgUUMfEWE5XLZ+nAWLLEMVvU052fQ:Ae7gu/dTyXQePe9MfEWE5bZ+AWLLx5Hl
                                                                                                                                                                                                                                        MD5:0B0C74C74C9ADBA5C697BF728759687A
                                                                                                                                                                                                                                        SHA1:420C63D03B24ACF21BBA80FCE9012F813C9BABC7
                                                                                                                                                                                                                                        SHA-256:0308515CB014D2F25FDE9331936A62A3F72AFCC03752516E72E28573732D0EE5
                                                                                                                                                                                                                                        SHA-512:2BE64C14154711B29E24E78580B86E3A5D4B97EC7E250303713E3B77A596DE614CF908DF9C8D334A7EF41ABADACED5917FA73884F22C590A08438DC8F56C01C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..y.......6.......9...+...'...)...B.......6.......9...+...'.......D....SetOptionInt.*CounterPagesBlocked.GetOption.settings..........9.......X...9.......X...6.......9...'...D...X...9.......X...6.......9...'...D...X...+...L...K....msad.ads.blocked.Frame.msad.sites.blocked.PublishMessage.wssEventSender.Top.level.Typosquatting._event_name........2-...9...B.......-.......X...-...9.......9...'...B...+...L...-...9.......X...-...B.......X...-...9.......9...'...B...-...-...B.......X...-...9.......9...'...B...-...9.......X...-...'...=...-...9...D............transmit_telemetry_event.default.metadata-Failed to report block page event to WSS2Failed to modify *CounterPagesBlocked setting.Impression.interaction_typeDEmpty telemetry information returned when processing block page.err.m_logger.get_telemetry_eventf.......6...9...................B...3...3...3...=...2...L.....handle_telemetry_event...new.EventHandlerh.......6...'...B...4...7...6...3...=...6...2...L.....new.BlockPage"telemetry.events.E

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browser_host_launchers_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2597
                                                                                                                                                                                                                                        Entropy (8bit):5.73966935355903
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Uq1TSmh/5dSko6RPYzTzk8Gl5nt4uLxmnuCqI/l/dw1vlTtrRONcExMvdWig+Miz:Gmh/5dSNHCrtvQIgm1vlRS6EOz
                                                                                                                                                                                                                                        MD5:E2F6632971010E91064E95A6AC20B25D
                                                                                                                                                                                                                                        SHA1:6C26A9DB1B5568D003C36C424194BCA2E994CA14
                                                                                                                                                                                                                                        SHA-256:5B33E143874222A867A6A9D39F3663450A539BF5EE86420054CE81FC94B1135E
                                                                                                                                                                                                                                        SHA-512:8424F84A79160670F85616E15FE5E05051163CDBF783B2B390F8CFFE91E32A6BBEB69469CA2DB9F70BBA6EB689DA202E9EEEE18542A1ECD4ACA2C5B5BFD2157C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ............-.......9...'...B...+...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...L...6.......9...+...-...)...B...6.......9...+...-...'...B...6...9.......9.......B...6...9.......B.......X...-...9.......X...-...9.......9...'...B...L...+...6.......B...H...9...9.......X.......-...9.......9...'...9...'...&...B...X...F...R.......X...-...9.......X...-...9.......9...'...9...&...B...4...9...=...4...=...6...9.......B.......<...+...6...9...B...H...9.......X.......-...9.......X...-...9.......9...'...9...'...9...'...&...B...X...F...R.......X...9...6...9...9...B.......9...<...6...9.......9.......B...7...6.......9...+...-...6...B...+...-.......9...'...B...L...........6browser_host_launchers.handle_telemetry_event end.SetOption.signers_json.encode. and signer "signer object for executable .signers.new object for executable . found.object for executable .pairs.Number of entries exceeds telemetry limit.warn.maxn.table.decode.json.core.{}.GetOption.settingsCbrows

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browsernavigate.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1932
                                                                                                                                                                                                                                        Entropy (8bit):5.590686408359143
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:2KJlV06e4yTof023kfHe7guhLMrzKTzuF5cEuDq1lWU:NV06ePkHae1hkHLcEWqHx
                                                                                                                                                                                                                                        MD5:B196F8CC9713DD2E29A6D0B314AA42F2
                                                                                                                                                                                                                                        SHA1:6C756F55CF5AD5D29944412CD31CB97A51A37EB6
                                                                                                                                                                                                                                        SHA-256:F706F4D7F18466BEB506A7A4674914F55D504563070C41C32EBB3B3CDA003778
                                                                                                                                                                                                                                        SHA-512:7A7002CDC55D9BE0C405726415EF798ECA872B98BBBAEB72A3B4D7E66DF1FC90B10323D10D3459BEFB938C9E70447C35DC3EBA582594568DADC4E098FDF3A1BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........@-...9...B...-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...6.......X...-...9.......9...'...B...+...L...9...6...B...9.......X...9...9.......X...9...9...B...9...-...9...............B...9...B.......X...-...9.......9...'.......&...B...L......Failed to handle event: .handle_on_navigation.new.update_dimension_configs.dimensions.dimension_overrides.set_dimension_config;A global dimension configuration has not been defined..g_dimension_config.handler. Handler: 8Browser Navigate handler does not exist for event: .err.m_logger.get_telemetry_event.get_dimension_processor.........6.......X...6...9.......X...-...9.......X...-...9.......9...'...B...K...6...6...9...B...H...+...9.......X...6...'...9...&...B...........X...9.......X...-...5...=...=...<...F...R...K........config....handler..config..handle_on_navigation.telemetry.events.handlers..require.handler.pairs;A global telemetry configuration has not been defined..err.m_logger.events.g_telemetry_configy.......6..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\commonlogicloader.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1199
                                                                                                                                                                                                                                        Entropy (8bit):5.805004212873645
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6NpCgnQBwRdSFCC4il8dtdxzhj/3d+kFtiuWeTOf/hbP:qCgnawRdSFWHjfd+seB
                                                                                                                                                                                                                                        MD5:B51E528635C38339019922CA16F9EF02
                                                                                                                                                                                                                                        SHA1:328BF6115B4E4415F36D14DA9FCE5BF5FA666FF9
                                                                                                                                                                                                                                        SHA-256:A2B774A9367368B2830E10230383043F4424E7A0F700B0B3D7A8F689A15CD6E2
                                                                                                                                                                                                                                        SHA-512:D0E1D706381B315323130C2ECA4C9FF46C948843732DE1E7F2AF33A247F828EBD289131AD531FF5084AB8FC5DA6C7B5E60ED3AAD0751460D66A151006ACFE940
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package.........5...'...6.......B...X...6...6...........B...E...R...K....requireFromLogic.pcall.ipairs.\logic\.....MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.type_tag_utils........W'...6.......9...B.......&...6...9...'...)...B...6...9...'...B...6...9...9.......'...&.......B...9.......X.5.6...9...:...9...B...).......X.-.U.+.....9...'...'...B...6...9.......9...'...........&...B...6...6...........B.......X...6...9.......9.......B...6...9...9...........B...........X...6...9...:...9...B.......X...X...6...9.......9...'...B...K....loadSSProvidersCode end.FindNextFile.err.requireFromLogic.pcall.Loading script: .info.log...luc.gsub.cFileName.string.handle.*.luc.FindFirstFile.Win32.core.WIN32_FIND_DATA[1].new.void*.cast.ffi.GetInstallPath.utility.\logic\providers\.m.......3...7...3...7...3...7...6...B...6...B.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\contentsecuritypolicywasm.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1827
                                                                                                                                                                                                                                        Entropy (8bit):5.497546128801579
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:BPBNPQCrLjzUK7cq1+ZgzW6A/46+sEF66CaJ5Kds:BpNP1LMIAWN+6tMs
                                                                                                                                                                                                                                        MD5:879E96F74F301A1CA39B7E4FE1AEFDAB
                                                                                                                                                                                                                                        SHA1:B8C5F8FA8B21C8E0DAEA4030666B6732017EA3F2
                                                                                                                                                                                                                                        SHA-256:8678AD45820758B846B6F26421CD655C7191CFBCDC195BE3F3EDFB36DD56E562
                                                                                                                                                                                                                                        SHA-512:7EE931F6564B327D0485E8A63230C28883431EE02AF69C8D4E88F3366E795D9148063FB7D9D9BBA399B0C6208632E769C52BDC255884E93B8774804E00CA4F9C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........-...9.......9...'.......&...B...-...6.......B...8...L........tonumber2Inside get_counter_setting and the colour is .info.m_loggerd.......6.......9...+.......)...B.......6.......9...+...........D....SetOptionInt.GetOption.settings.........@-...9.......9...'...B...-...9...B.......-.......X...-...9.......X...-...9.......X...-...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9.......X...-...-...9...B.......X...-.......B.......X...-...9.......9...'.......&...B...+...L...+...L...........zThe counter did not increment successfully when processing Content_Security_Policy_Wasm. The counter setting name is .PREVENT_WASM^Event does not carry all required components when processing Content_Security_Policy_Wasm.err!Content_Security_Policy_Wasm._event_name.colour.policy.browser.get_telemetry_eventBInside handle_telemetry_event of Content_Security_Policy_Wasm.info.m_logger.........-...9.......9...'...B...-...-...B.......X...-...9.......9...'...B...+...L...K.........uBro

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\dailycounters.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2965
                                                                                                                                                                                                                                        Entropy (8bit):5.837073063203526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:8VFPRtpqYOuIcOMRKik1nsO2KslR/NWN7jhOMMsEAOVp/0wK2cDTOh26QMyfdRAR:YFP5qY9bK1V2pJqjh6sWtI8rifflhaL
                                                                                                                                                                                                                                        MD5:6209D42F4111FDB1364ABE78FE81D0D3
                                                                                                                                                                                                                                        SHA1:8131E408B0F40C4BE3B3763AF089795F3C598993
                                                                                                                                                                                                                                        SHA-256:123632C3989DC1395AABFEA2B10E9EC285D59E3CD7FAEB9C73ABF82DD24D59D8
                                                                                                                                                                                                                                        SHA-512:C8116399EA235921AA0309B708D637331E53FD0240045FBC1093E6C395FF095EF5060820591ED06AD09F2CA193E7C5D8ACC12902172575FF263E59336200A4C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9.......9...'...B...6.......9...+...-...)...B.......6.......9...+...-.......D......SetOption.GetOption.settings-Inside increment_toast_check_event_count.info.log.core.........^+...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...9.......X...+...9.......X...6...9...B.......6.......9...........'...9...'...6...9...9...B...&.......B.......6.......9...........'...9...'...6...9...9...B...&.......B...+...L......SetOption.lower.string._.GetOption.settings.tonumber.default_no_value.in_context.prefixEOEM Daily counters handler called with an invalid configuration..DailyCounters.get_telemetry_configUOEM Daily Counters handler telemetry event called with an invalid configuration..err.m_logger.triggerType.browser.get_telemetry_event..... .)...-.......9...'...B...-...9...B...+...+...)...+...'...4...'...>...'...>.......X...9.......X...9..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\dailyping.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3726
                                                                                                                                                                                                                                        Entropy (8bit):5.6102145639698415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:KD6xV06enuLko8aSXretqa/tz/CoQNB5cTjamz4OyR:K8VrenuL0XrU/tz/CoQNSamzU
                                                                                                                                                                                                                                        MD5:39785CF3ACC751D7173093E7D11ADC69
                                                                                                                                                                                                                                        SHA1:3364B71A8745C3DF497CB406DE66DCC3DA1E9D0E
                                                                                                                                                                                                                                        SHA-256:3CBBACD5EBEEE38188BF3D6C18B40458FEAE54D39C55984DD43FD8675CF9D168
                                                                                                                                                                                                                                        SHA-512:A50B13BDD0DC67A59682201CA4475EFC6C9F5E63A5F3BCF8C781B57EA17E987F11790DF38042B64C7716E5BDC72312F2460E7A535688CFE3DA9BC0DEED7F1D88
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........M-...9...B...-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...6.......X...-...9.......9...'...B...+...L...9...6...B...9.......X...9...9.......X...9...9...B...5...9...-...9...............B...9.......B...-...<.......X...-...9.......9...'.......&...B...X...-...9.......9...'.......&...B...L....... succeeded to handle event: .info.Failed to handle event: .send_on_ping.new....metric_value..extra..update_dimension_configs.dimensions.dimension_overrides.set_dimension_config;A global dimension configuration has not been defined..g_dimension_config.handler. Handler: 4Send on ping handler does not exist for event: .err.m_logger.get_telemetry_event.get_dimension_processor.........'...6...-...B...H. .....X...9.......X...-...9...9...9...B...9.......X...9.......X...-...9.......9...'.......'...6...9...B...&...B...6...9...B.......F...R.......X...-...9.......B...K........set_extra_data.tostringG) has requested to have the following added to the event payload: .Event handl

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\domainnavigatedcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3282
                                                                                                                                                                                                                                        Entropy (8bit):5.854153126838354
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:IWmahbRwTtnDsgLgYjnLHfXCwhXZT7D7hv8pKKh4s0r0fPi2iFizX5/ggZDfEtJd:I5ngs/XVN8bXihWjZDfEHrXp
                                                                                                                                                                                                                                        MD5:FAF916C772F946DA30A76E3EF30327C0
                                                                                                                                                                                                                                        SHA1:A64C20A0E6DF50E4541D9B9C8A9C1EAB5304C2D3
                                                                                                                                                                                                                                        SHA-256:C7E85FC156A4DE9A298F4CE3BF56A5A62B497EBCD1C3FBDFCACCB8E9127E1CE4
                                                                                                                                                                                                                                        SHA-512:EEC7A8DE2E9CA35C163F3E7DA72899F49B9D90D2476B991BFA1CD7AD3B89C71C471EC687E4D2F3C8BA19A422B8419BA669432F83BFFEC956BDF59D110634478C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..n.......6.......B...H...6...9.......9...B.......X...9...L...F...R...+...L....domain.urlMatch.match.string.pairs`.......4...)...6.......B...H.......9...<...F...R...6...9.......B...L....sort.table.domain.pairs.........+...L...........|-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...6.......9...+...'...+...B.......X...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...6...9...B.......9.......X...6...9...B.......9.......X...9.......-...9...-...B.......X...+...L...6...9.......'.......'...-...9...&...B...-...9.......9.......B...6.......9...............B.......6.......9...............B...+...L............SetOption._.lower.string.domains.tonumber.default_no_value.toboolean.in_context.prefixGOEM Domain Navigated handler called with an invalid configuration..DomainNavigated.get_telemetry_config.domain_navigated_disabled.GetOption.settingsGSearch Term handler w

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\downloadscan.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1781
                                                                                                                                                                                                                                        Entropy (8bit):5.681283969089115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:oeQDKesTJV5mAcmFMYeLPPTXEINGleqj6fZ+zAGXKlwqF:oeXegTmAcmFMYebkleK6UC/F
                                                                                                                                                                                                                                        MD5:6F38B71F2BE987E4B28780CACB23250B
                                                                                                                                                                                                                                        SHA1:0AA6AB08DF074B7C10A5A06DDAF19186DB462FE0
                                                                                                                                                                                                                                        SHA-256:20D0EF8C3BDF9DDB9C72B56A0B914448A0DD450CB965B07D05F44E5F0F9C0EE6
                                                                                                                                                                                                                                        SHA-512:F9B4391892F36E133B684533BCC7C86E943640D1F0CBA9E8A9EDBC9D8031A3413D973914819F46DDA2DC8121B0B45D7763F0A7DD76E5894573B9FAB4E16E9CFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..X.......6.......9...+...'...+...D...&*DownloadScanSendProcessTelemetry.GetOption.settingsU.......6.......9...+...'...+...D...#*DownloadScanSendFileTelemetry.GetOption.settings........;'...+...9.......X...'...X.!.9.......X...9.......X...'...6.......9...'...B.......X...X...9.......X...9.......X...6.......9...'...B.......X.......L...X...+...L...6.......9...+.......)...B.......6.......9...+...........B.......X.......L....SetOptionInt.GetOption.settings.msad.files.safe.AcceptRisk.msad.files.blocked.PublishMessage.wssEventSender.*CounterDownloadsBlocked.Blocked.interaction_type.DownloadBlock.*CounterDownloadsScanned.DownloadScan.name..........V-...9...B.......X...-...9.......9...'...B...+...L...-.......B.......X...-...9.......9...'...B...6...9...9...'...'...)...6...9...9...9...B.......X.......9...B.......X...-...9.......9...'...B...+...L.......9...'...B...9.......X.......X...+...L...9.......X...-...B.......X...'...=...9.......X...-...B.......X...'...=...-...9.......B...-...9...D........

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\formlogindetect.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2858
                                                                                                                                                                                                                                        Entropy (8bit):5.660251106582566
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:PykkVZ6XJzUUPRRQRyv99mTk+ljfGXPoL8DX/gdkFF9wtRwK+cRJjKvV/gLCvwYI:AAXmkmvRGg6/FF9wkqSoL
                                                                                                                                                                                                                                        MD5:DB8AF3A609959C5D8F75DE005F0AB24E
                                                                                                                                                                                                                                        SHA1:3CA168DF90621F3855E76CDCB17B9F756ACC7207
                                                                                                                                                                                                                                        SHA-256:61B90F8BE359E5F8BD2B77F343BA2EA32B228389C48D0D3C60FE71E4ABE5F545
                                                                                                                                                                                                                                        SHA-512:55D080690BAE1A2CFE892E70EB06E14DAB6F396AC7231CC12DE7EEF1FC930A3E61E1823CEB92E1E4D80AF99806F1636FBA1F7D72E86846265AE5B3877D2FCD82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..q.......'.......9.......B.......X.......9...'...'...B.......X...'...L.....^www%..gsub.match.%w+://([%w.-]+)%.(%w+)........f-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...6.......9...+...'...+...B.......6.......9...+...'...+...B...........X...9.......X.......X...9.......X...-...9...B...5...=...9...=...9...=...-...9.......B...-...9...B...9.......B...-...9...B...+...L...X.......X...9.......X.......X...9.......X...+...L...X...-...9.......9...'...B...+...L...K.......8Login Detect handler type is neigher form or login..transmit_telemetry_event.set_event.get_dimension_processor.set_telemetry_event...._event_name.FormLoginDetect.type..browser..url..count.1.name.FormLoginDetect.login.form.login_count_disabled.form_detect_disabled.GetOption.settingsOForm (login) Detect handler was supplied a malformed event for processing..err.m_logger.type.browser.url.name.get_telemetry_event........G-...9.......9...'...B...-...9...B.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\heronerrorslog.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2692
                                                                                                                                                                                                                                        Entropy (8bit):5.680846849656769
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:JLDSErqpelylipRBAdRAGPHX7yPoJOpBDFyWoNRQ0jTPWHFOjQsYqgA388Gq:BuoqgpyOQJOHFyWciaaksq
                                                                                                                                                                                                                                        MD5:B7731FA3F6F77C4039B842F78DF8E88C
                                                                                                                                                                                                                                        SHA1:70E1352D0732D0492AE3E1C1FB30A1657DF2DA5F
                                                                                                                                                                                                                                        SHA-256:72125C521605BCEA56F761475510BBBB5505DC317516391959EBF6F4DA10E4CA
                                                                                                                                                                                                                                        SHA-512:10DD8D94A988C6C7A78EDBDD195CC578A65804D683D921C74E747F9F686A52F1021C2D766BB53CCF114701F63EB3F9857D4B347232A738A862107CD0990FE6A1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........#...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......+...9.......X...9.......X...+...'...9.......X...9...6.......9...+...-...+...B.......X...-...9.......9...'...B...+...L...6.......9.......-.......B.......X.......X...'...X.......'...&...'...9.......X...9.......X...'...9...'...&...'...9.......X...9.......X...'...9...'...&...'...9.......X...9.......X...'...9...'...&...'...9.......X...9.......X...9...'...9.......X...9.......X...9...'...9.......X...9.......X...'...9...'...&...'.......'.......'.......'.......'.......'.......&.......'. .....'.!.&...6.......9.".....-.......B...+...L..........SetOption.}.{.,"metadata":.,"line_number":.,"error_code":.,"error_type":.,"function_name":."file_name":.".default.null.,.[-HeronErrorsLog heron telemetry disabled..info.GetOption.settings.default_no_value..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\installedapplications.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1284
                                                                                                                                                                                                                                        Entropy (8bit):5.569931748518726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6q+rPwnuaPUM2Xjd0BLqJ2Z9uKwKciAjQWllBBMlFelr5TAhU69NFjrV:d+rPwnuaPUzj+BewLuKwKHAjQY2KrwFF
                                                                                                                                                                                                                                        MD5:51AFF49C7B2E5687F8CABE8CC190B2FF
                                                                                                                                                                                                                                        SHA1:7227084C8A00D19870E3226D9B9DDA0EB830A410
                                                                                                                                                                                                                                        SHA-256:2B57D8409B26DE27501CC77991FCCE82730FB86829A17401254573E1EEEB0CCF
                                                                                                                                                                                                                                        SHA-512:62923074DA6E090B87863318D0BDEAC5C3EA1ABC60DF2975F3155CCE3E6B4137441DEA618D2A14449CB11E9208AA0C5542B62CF0F4979869E732BDC24563F200
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........+...L...........U-...9.......9...'...B...6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...6.......9...B.......X...-...9.......9...'...B...+...L...-...9.......9...'.......&...B...5...=...=...-...9.......B...-...9...B...9.......B...6.......9...+...-.......B...-...9...D..........transmit_telemetry_event.SetOptionInt.set_event.get_dimension_processor.set_telemetry_event.applications.version....name.InstalledApplications.version..applications.._event_name.InstalledApplications applications json payload: .Nil payload so not sending.GetInstalledApplications.telemetry*Ver_to_send < ver_sent so not sending*Ver_to_send = ver_sent so not sending.GetOption.settings@Entering InstalledApplications event handler's send_on_ping.info.m_logger.........6...9...................B...'...'...3...=...3...=...2...L.....send_on_ping..handle_telemetry_event Installed_Apps_Version_Sent#Installed_Apps_Version_To_Sen

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\installedextensions.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1381
                                                                                                                                                                                                                                        Entropy (8bit):5.676053309697312
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6hrRTr3yTmJ2LTD3gRoWf6xQ6FF9K6FXovjhSUAAtlEBABg5z9BStQ1MuVO:irh3Rc3gRoWfRqKhvjQUAAtWOmnktYMF
                                                                                                                                                                                                                                        MD5:84FFDB81D9E4297C3F4FE63C00960962
                                                                                                                                                                                                                                        SHA1:7CCB59E22DCF95DC9D330A7082F7CBC242A5EDAA
                                                                                                                                                                                                                                        SHA-256:A6DF1C3F267858F7CC7CA23D4A1A8DE30E1ED28AA1BE69383776FE4548E6B3A6
                                                                                                                                                                                                                                        SHA-512:D4B2B41519FD7DAF5EBE9D61DA6DF012E053ABB17AF553E8315B9C0FDDC0546B7773FC752CEADBFA08E3A29117E1EEF30DFC0384FB62E7BC3466653731D316E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........+...L...........\-...9.......9...'...B...6.......9...+...-...)...B...6...-...B...H.H.6.......9...+...-.......&...)...B.......X...-...9.......9...'.......B...X.5.6.......9.......B.......X...-...9.......9...'.......B...X.&.-...9.......9...'.......'.......&...B...5...=...=...=...-...9.......B...-...9...B...9.......B...-...9...B.......X...6.......9...+...-.......&.......B...F...R...K............SetOptionInt.transmit_telemetry_event.set_event.get_dimension_processor.set_telemetry_event.extensions.version.browser....extensions..browser..version..name.InstalledExtensions._event_name.InstalledExtensions. is *extensions json payload for browser: ANil installed extensions payload so not sending for browser .get_extensions_info.browserSettings8Ver_to_send <= ver_sent so not sending for browser .pairs.GetOption.settings>Entering InstalledExtensions event handler's send_on_ping.info.m_logger.........6...9...................B...'...'...5...3...=...3...=...2...L.....send_on_ping..handle_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\ipc_stats_handler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1538
                                                                                                                                                                                                                                        Entropy (8bit):5.627456044852654
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:P9kLI4iAgaG9D/IwKpkjqbdWi+tGnwM1n:dtaG9Dpbjg/
                                                                                                                                                                                                                                        MD5:ACD7807538351250261E3959C9FBEFD6
                                                                                                                                                                                                                                        SHA1:4CF55CC9C371321F8B1625FC9B629883D7F13D25
                                                                                                                                                                                                                                        SHA-256:2458CCE2733CCE8CBB9606B241E7C38F92924799C89DEFE2334561710243E728
                                                                                                                                                                                                                                        SHA-512:E9FBCA65014D1C1FA088D6F940A413FDD80FCAFC1EE38B3CB765671B60FE99089CEB277C03C3533DB5FC5BB62FF7F1473367FC701ADA8259F6F0E7B02F12E497
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..q.......6.......B...4...)...6...9.......'.......'...&...B...X...<.......E...R...L....]+.[^.gmatch.string.tostring.S.......-.......9...'...B...+...L.....-ipc_stats_handler.handle_telemetry_event.info........]-...9.......9...'...B...6...6.......9...B...A...-...9.......9...'.......&...B...-...'.......B...6.......B...H.7.-...'...6.......B...A...:.......X...:.......X.+.6...:...B...).......X.%.5...:...=...=...-...9.......B...-...9...B...9.......B...-...9.......9...'...9...'...6...9...B...&...B...-...9...B.......X...-...9.......9...'...B...F...R...-...9.......9...'...B...+...L.......'ipc_stats_handler.send_on_ping end5ipc_stats_handler.send_on_ping event sent failed.transmit_telemetry_event. = 4ipc_stats_handler.send_on_ping sending counter .set_event.get_dimension_processor.set_telemetry_event.count.stats_type....name.IPCStat.stats_type.._event_name.ipc_stat.count..tonumber.:.pairs.;.counter string: .get_ipc_stats.utility.tostring)ipc_stats_handler.send_on_ping begin.info.m_logger......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\logicscripterror.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1461
                                                                                                                                                                                                                                        Entropy (8bit):5.449699126433896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:63uqzOLpKkGfeLSDAlcl+mzP4n3QnvIRRsInTWEpqaEsJVRLRnrfUkdWMML9KzH3:2ZEgveLSDtl+mzQAvYR3SEEaEsvRtr1j
                                                                                                                                                                                                                                        MD5:989789975DD20147607C271CDD8CA115
                                                                                                                                                                                                                                        SHA1:C2F77E8845CBCC77F84C32DA7CA2E55D69A18468
                                                                                                                                                                                                                                        SHA-256:E9AF4C91C9892894E7F95FDE26356A3EBF5D00C17CA7BFDD83A986E046FF7D6C
                                                                                                                                                                                                                                        SHA-512:276087B7044066FD8A592CC3EE670FD0D915571B03E8005DB0ED76D6BEECD829FE5E06A45A2B389F7AC672A4364871B761EF1F6B4737569EEB019B7AD0E0F988
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..R.......-.......9...'...B...+...L.....,LogicScriptError.handle_telemetry_event.info........]-...9.......9...'...B...5...6...6.......9...+...'...)...B...A...=...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...9.......X...9.......X...-...9.......9...'...B...+...L...-...9.......B...-...9...B...9.......B...-...9...B.......X...-...9.......9...'...B...6.......9...+...'...'...B.......X...6.......9...+...'...'...B...L...-...9.......9...'...B...+...L.....&LogicScriptError.send_on_ping end.SetOption-LogicScriptError.send_on_ping event sent.transmit_telemetry_event.set_event.get_dimension_processor.set_telemetry_event+LogicScriptError.send_on_ping no error.endPoint.LogicErrorEndpoint.errorMessage..LogicErrorMessage.errorCode.LogicErrorCode.GetOption.settings.tostring....errorCode..endPoint..name.LogicScriptError._event_name.Logic_script_error.errorMessage.(LogicScriptError.send_on_ping begin.info.m_logger.............9...'...B...6...9...................B...3...=...3...=......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\lowsearchusertargeting.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3322
                                                                                                                                                                                                                                        Entropy (8bit):5.626487817954363
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:EobQuIMP0wVFoHpliXLhhPcDs7+21LGg70WdSzk:EQ70w8J6cHg7Zdak
                                                                                                                                                                                                                                        MD5:EDDB62DD2CEBF99C24F2B9DF839C9AA3
                                                                                                                                                                                                                                        SHA1:998AEFB89AA957005834CA879B11163C7A23A688
                                                                                                                                                                                                                                        SHA-256:E4E86E9B37AF8680EC4F1C5EC69B00258402BC189E9550E0C828B8B193A9E692
                                                                                                                                                                                                                                        SHA-512:05BFAF46A9422466164DB318397662C10D5F21F0B58F36E3BB8A28892AA548D78A7B028DD7B60979DA0CB36933861DED59D7D9C04223E5F98D1A7A0475F9B0E7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........2...6...9.......9...'...B...'...6...6.......9...+...'...)...B...A...6...6.......9...+...'...)...B...A...6...9.......9...'.......'.......'.......&...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B...6.......9...+...'...+...B.......X...'...X.......X...'...6...9.......9...'...6.......B...'...6.......B...'.......&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B...6...6.......9...+...'...)...B...A...6...9.......9...'.......&...B...6...6.......9...+...'...+...B...A.......X...K...6.......B...6...9.......9...'...6.......B...&...B...6...6...9...'. .....B...A...6...9.......9...'.!.....&...B...5.".=.#.=.$.=.%.=.&.=.'.6...9.......9...'.(.B...-...9.).....B...6...9.......9...'.*.B...-...9.+.B...9.,.....B...-...9.-.B...6...9.......9...'...B.......6...9.......9...'./.....&...B...6.......9.0.+...'.......B...6...9.......9...'.1.B...K.....9send_low_search_user_targettin

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\metriccounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1431
                                                                                                                                                                                                                                        Entropy (8bit):5.5499061183628635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6RfbyDu5ID3ecfGtK2t2qefdlPMvzUbmkctm2MtKc4Lc5ks+A:Sfyu5IC42t2qeHME1n2xc4oK1A
                                                                                                                                                                                                                                        MD5:F024B1DFB2730D6767C9C2ACAC728B77
                                                                                                                                                                                                                                        SHA1:48D766E960515E9898CD232F32AD2D4A58792481
                                                                                                                                                                                                                                        SHA-256:B3B502451CB8CD3F81F7BFD9588CC9BA64EC5500A6721B369E8B773D88F27E5B
                                                                                                                                                                                                                                        SHA-512:196E4953F2B3FB09C0FFCE9DC2EEC799BB94E80E5470D070BD7AF06E731CC96F677BC64CB00B1C9DC5CB8450B759E4BE66D741A9C051B34D39B56389402F94F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........=-...9...B...+...).......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...6...9...B.......6.......9.......9.......B.......9.......X...9.......X...9...6.......9.......9.......D......SetOption.max_value.GetOption.settings.tonumber.default_no_value.in_context>OEM counter handler called with an invalid configuration..err.m_logger.setting_name.metric_id.get_telemetry_config.........\-...9...B...+...+...)...+.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...9.......X...+...9.......X...6...9...B.......9.......X...9.......X...+...6.......9.......9.......B...).......X.......X...9.......X...9.......X...9...9...=...=.......X.......X...6.......9.......9.......D...X...+...L...K......SetOption.metric_value.max_value.GetOption.settings.reset_count.tonumber.default_no_value.append_zero.in_context>OEM counter handler called with an invalid configuratio

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\navigatedtoday.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4062
                                                                                                                                                                                                                                        Entropy (8bit):5.548836098240396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:2vcwHPwydCpyX1ooaQNhyzDzqBi2SaoxszrwcHvh9A:2UwHPwydCp8ooauIzDzmi3aoeH5A
                                                                                                                                                                                                                                        MD5:7D362C1DE1477DE76CEA988F506E5243
                                                                                                                                                                                                                                        SHA1:60751E2A46596A9E7906848E3985D908D93608CC
                                                                                                                                                                                                                                        SHA-256:A0B50CC1F8BD8EDB869E767871902153C821EDCD56E8583CDD1DE25E59F52DDF
                                                                                                                                                                                                                                        SHA-512:C130C0B705AAE7AE534F501EB25361FC26A7412FD7BA1B1C19A528E1ED11214E9FA75E327BD59EFACED358DA2056DA6440B99632ED71DAC867DA21E61A292119
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..c.......6.......9...+...-...)...B.......6.......9...+...-.......D......SetOption.GetOption.settings.>.......6...9...6...9...'...B...A.......L....!*t.date.time.os..Y...........X.......X...6.......9...+...-.......&...)...D...)...L......GetOption.settings.a...........X.......X.......X...6.......9...+...-.......&.......D...+...L......SetOption.settings.Y...........X.......X...6.......9...+...-.......&...)...D...)...L......GetOption.settings.a...........X.......X.......X...6.......9...+...-.......&.......D...+...L......SetOption.settings...........6...9.......9...'...B.......X.......X...-...9.......9...'...B...+...L...6.......9...)...B...-.......B.......X.&.-.......-...B...A...5...-...=...-...=...=...=...-...9.......B...-...9...B...9.......B...-...B...6.......9...+...-...+...B.......X...-...9...D...+...L...-...B...-... .......X...-.......B...-.......)...B...-...........B...5...-...=...-...=...=...=.......=...-...9.......B...-...9...B...9.......B...-...B...6.......9...+...-...+...B.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\newtabcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2773
                                                                                                                                                                                                                                        Entropy (8bit):5.815567707758781
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:ADSsjz5ADtkfWjtm4DmRta30IaZfiFeNWBv4dXrXjH2pxVwAjzO40W+p86EBle:AuvJB+/dOYDcz0p8xBs
                                                                                                                                                                                                                                        MD5:D53C1BD3C1C7F7DF5B6B172A7BD0A6B9
                                                                                                                                                                                                                                        SHA1:E60086708001BBEF5582AEA0344BECA00DA6466B
                                                                                                                                                                                                                                        SHA-256:CE41FCD6DC03E44203A6728495F6F861B0D5055ED8F0D0DC2D67397314E1D7D8
                                                                                                                                                                                                                                        SHA-512:935BFC01C8CFA835FC15DA77BEF4A9E09D46196C88CA30B1B1500EB65484D0ADD9007EE56CA0B7F7A155135FFB3D2DC82D2FAF71C2C388A12FD6827A5BDFDBB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ............-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...6...9...B.......9.......X...6...9...B.......6...9.......'...9...'...9...'...'...&...B...6...9.......B...6.......9...............B...6...9...B.......X...6.......9...........6...9...B...A...6...9.......'...9...'...9...'...'...&...B.......6...9.......B.......6.......9...............B...........6.......9...............B...+...L......Impressions.SetOption.GetOption.settings.MaximumNumberOfShortcuts._.lower.string.tonumber.default_no_value.toboolean.in_context.prefixEOEM NewTab counter handler called with an invalid configuration..NewTabCounter.get_telemetry_configUOEM NewTab Counter handler telemetry event called with an invalid configuration..err.shortcutCount.action_type.browser.name.get_telemetry_event3Entering NewTab Counter Han

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\pushnotification.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2927
                                                                                                                                                                                                                                        Entropy (8bit):5.646248207343047
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:lEIVPGKqKVUIG7JEx6XR+IxWRnhb3lzXdM2LCkPTbxYqTeSvCPGMGuah7uJnUtXf:lEGPGKqKVU3h3ctrMCCovHTeICPGMdnI
                                                                                                                                                                                                                                        MD5:2379D9E8ECF7BBFEFA1613FF55B26B72
                                                                                                                                                                                                                                        SHA1:3936C4B0B9973F61CFEC2197CC08C072BC6C1A26
                                                                                                                                                                                                                                        SHA-256:1AF46F33E6CBBEF85819E09465A7FFD89C490C9396C387E0929DC75F2D857D66
                                                                                                                                                                                                                                        SHA-512:90C314C8BFF10D76E599E57F8EBBC1DDA4D1209B4D705B6447C3CA5312C98084E6647D221F8521F0AF5586880C04990C26D514AD97E76D31F9430E5D23658A69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........;PushNotification ver_to_send < ver_sent so not sending;PushNotification ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings.........'...6.......B...X.......'...6.......B...'...&...E...R.......X.......9...)...)...B...........'...&...L....].sub.",.tostring.".ipairs.[........()...4...6.......B...X.......9...'...B.......9.......B.......9...'...B.......9...).......B...........X...6...9...........B.......E...R...-.......B...........J......insert.table..:.sub.//.find.ipairs..........5...=...=...=...L....count.data.event_action....count..data..event_action..browser.ch.name.PushNotification._event_name.PushNotification.........-...................B...9.......B...9...B...9.......B...9...D......transmit_telemetry_

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchreset.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3219
                                                                                                                                                                                                                                        Entropy (8bit):5.488555050020129
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:+nEGPoKkKVUm0/Vj7Egg6kLqIkjKlDgP9w03qIIp5d+6VNPN1CK:EEGPoKkK6hRgHg91qNHf
                                                                                                                                                                                                                                        MD5:6A34CF408C5D6DCB4C6B9E5D13D11E8C
                                                                                                                                                                                                                                        SHA1:ADBA3F19DEF5EAC41127A4978FED300673015D93
                                                                                                                                                                                                                                        SHA-256:61659A7343959C20D821501C7DCD50AF573D6FD6545F42C3B17D7BAC7F8A811F
                                                                                                                                                                                                                                        SHA-512:6DE1F655720DABEEA36E22F0A606B83291C8B60CE66E2FA3326974840BAC25B1F8EB0175E7203B97F8D4F07A1AFF0B79AEEAAB8F7C7D181B73A53B07764851D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...9...6...9...'...B...A...6.......9...+...-...)...B...).......X...)...L...!...L......GetOption.settings.!*t.date.time.os........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........<Running processes ver_to_send < ver_sent so not sending<Running procceses ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings..........-...9.......9...'...B...6.......9...+...-...+...B.......X...+...L...-...9...B.......-...9.......X...6...9...6...9...'...B...A...6.......9...+...-.......B...6.......9...+...-...)...B...+...L...6.......9...+...-...)...B.......X.L.-...9.......X...-...9.......X...-...9.......X.@.-...B...).......X...-...9.......9...'...B...+...L...-...=...-...B.......X...6.......9...B.......X...-...9.......9...'.......&...B...-...=...-...B...-...9...-...B...-...9.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchsuggestcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2602
                                                                                                                                                                                                                                        Entropy (8bit):5.792574522520305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:8DSsjz5AKD4Ku9Ta/+figTJdYfl/N4tSuQ8P4i2LeY0zO4ttWpc:8uvK+8EZTEBMHQ8PfCMdAc
                                                                                                                                                                                                                                        MD5:461AEA14313F4DEFB85926603979FEA8
                                                                                                                                                                                                                                        SHA1:D1F47D767E29378B0351A86C57DCAAFA99250328
                                                                                                                                                                                                                                        SHA-256:C8D78B017027BB20EF190A9C37DF1BA1F98E6FE09A4D03D04D0CB746170126D1
                                                                                                                                                                                                                                        SHA-512:754CDEC7DEBF38A78C39AC534F5E2F43295770F7D0B4E31BA9ED8052AA65C8F321E8250459A4B33EFCACF62F6FE19990FA24AE690F46B690A9F4F3431EFC5E51
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........e-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...6...9...B.......9.......X...6...9...B.......6...9.......'...9...'...9...'...9...&...B...6.......9...............B.......6.......9...............B...+...L......SetOption.GetOption.settings._.lower.string.tonumber.default_no_value.toboolean.in_context.prefixLOEM SearchSuggest counter handler called with an invalid configuration..SearchSuggestCounter.get_telemetry_config\OEM SearchSuggest Counter handler telemetry event called with an invalid configuration..err.search_type.interaction_type.browser.name.get_telemetry_event:Entering SearchSuggest Counter Handle Telemetry Event.info.m_logger.......$...-...9.......9...'...B...-...9...B...+...+...)...+...'...5...5...5.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchterm.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5387
                                                                                                                                                                                                                                        Entropy (8bit):5.6732568139133654
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:v2GmsH9ij/KtDUOdCQUkitR1rbJgYuQer6gYjOLLjmnJucaA2NaAqMlQOk1bh3B5:vNH6KWB/86gNLMrYXQOkbhDie8MMXa
                                                                                                                                                                                                                                        MD5:C1D971EC9E4704A08BC126E2EBEA7404
                                                                                                                                                                                                                                        SHA1:CA980FAD55B6574ECE74C6205736D3487E0BBF69
                                                                                                                                                                                                                                        SHA-256:E70C7BB5ECE95763D3183DD1495C13B4C4DF8411137D844169BA868243253D68
                                                                                                                                                                                                                                        SHA-512:5370848312546F5D0B44474DEF4D89607C292E045106C9F0CEA535C7A65DF45F22A123A55DF3064011E032DF7F04664641E2645B4BE233995FE26880BB38CCD8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..8.......6...9...6.......)...B...C....tonumber.char.string+...........9...'...-...D......%%(%x%x).gsubc.......6.......B...H...6...9.......9...B.......X...L...F...R...+...L....urlMatch.match.string.pairs........06...9...........B...7...7...6...9.......6.......B...6...9.......'...B...7...7...6.......X...6...9.......)...6.......B.......-.......B.......6...9.......'...'...B.......6...9.......B.......L......lower. .+.gsub.first2.last2.&.sub.first.last.find.string.2.......-.......-...8...9...D........firstIndicator........F'...6.......B...X.>.+...6...9...B...X...+...6.......B...X...6...9.......'.......'...&...B.......X...+...X...+...X...E...R.......X...+...X...E...R.......X...6...9...B...X...6...9.......'.......'...&...B.......X...+...X...E...R.......X.......X...9...X...9...'.......&...E...R...L.... .category.exclusion.%f[^%w_].%f[%w_].match.string.inclusion.ipairs.........+...L.............-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\securesearchhit.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7651
                                                                                                                                                                                                                                        Entropy (8bit):5.668784126503203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:UD2R/OT7AVWyUDIj9zGLGrDGza3TsQNv0soa6:g+EUVWwj9zR/Gz6TXK
                                                                                                                                                                                                                                        MD5:1E329F45B74E93D672D22C417F87E998
                                                                                                                                                                                                                                        SHA1:36FEBD009652CCB3335797C8BCEE8D9A32FE3FFE
                                                                                                                                                                                                                                        SHA-256:98585A70701F1F547019EAE3EABAEEFFB2529C2A5DA728FFB7C94971CF78132D
                                                                                                                                                                                                                                        SHA-512:465B3B3E30760E237CCB361175F324E1800AC574E579CEFF1826F904D6C208BCF08513B63ADDCD1BEE62556C4D9090EC034E4096984A7D7CF980C6AECBEF4F3C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6...6.......9...+.......)...B...A...6...9.......9.......'...6.......B...&...B.......6.......9...+...........B...K....SetOption.tostring. - count: .info.log.core.GetOption.settings.tonumber.........$6...9.......9...'.......&...B...9...9... ...).......X...U...........X...6...9.......9...'.......'.......'...9...&...B...5...=...=...9...=...L.......month..year..day..day., day: ., month: /Secure search hit add_month result, year: .month.year-Secure search hit add_month, num_month: .info.log.core..........!6...9.......9...'...B...6...9.......B...6...9.......B...6...9...........B...6...9.......9...'.......'.......'.......&...B.......L...., difference:., target_time: /Secure search hit days_until, start_time: .difftime.time.os!Secure search hit days_until.info.log.core...........~6...6.......9...+...'...)...B...A...6...9.......9...'...B.......X.f.6...9...'.......B...-.......)...B...-.......)...B...6...9...-...........B...A...6...9...-...........B...A...6...9.......9...'...B...6...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\securesearchtoast.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2887
                                                                                                                                                                                                                                        Entropy (8bit):5.704212400755332
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:HDNk2Kly+sCE86dqBAEuQKAS0+7RhPIcLm+2qUXfR2WqrDIM5Oo:jlKOn86U7uQZhct8Jw5
                                                                                                                                                                                                                                        MD5:95FB4900444FA10323D65CF34D504F5A
                                                                                                                                                                                                                                        SHA1:FF894E30901D72DF12987A44AC696C257AE0226D
                                                                                                                                                                                                                                        SHA-256:32840B4EAED3F90A7692F4B9270FB6609D7F4A0FC30C2C9A8B690C6CE5885969
                                                                                                                                                                                                                                        SHA-512:8582EC63F60155F874FA36143200E432A2C81039C67B7A30F5F14B22E5F845DCB542603F4100DA2AEDC6AC25382A8A50CEC4DEA86EDF7491F31FA31510CB8D89
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ........<...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...9...7...X...'...7...9.......X...9.......X...9...7...X...'...7...9.......X...6.......9...+...-...9...&...9...B...X...9.......X...9.......X...9.......X...6.......9...+...-...9...&...'...B...=...6...9...B...-...9.......9...'...6.......B...&...B...6.......9...+...'...+...B.......X.D.6.......9...+...'...)...B...)...'.......X.#.6...9...!.......B...6.......9...+...'. .)...B...-...9.......9...'.!.6.......B...'.".6.......B...&...B.......X...-...9.......9...'.#.B...'.$.6.......X...'.%.....&...7...X...6...'.&.'.%.....&...7...-...9.......9...'.'.6...&...B...'...9.......X...6.......9...+...'.(.)...B.......X.!.6...9...!...B...).......X...6.......B.......6.......9...+...'.(.)...B...X...6.......9...+...'.(.....B...6.......9...+...'...)...B...5.).9...=...9...=...9...=...9...=...6...=...=.*.6...=...-...9.+.....B...-...9.,.B...9.-.....B...-

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\sendimmediately.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):391
                                                                                                                                                                                                                                        Entropy (8bit):5.342988422594243
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6WUWJL48s187K54wwU4oJ9Vsug8JAbyKWrVucu1ngjQKyhJddJO:6WNJL4XH54o4MV35JJKWrPu6jQjJ4
                                                                                                                                                                                                                                        MD5:35216B15300487BDA6D32AAD4250AEC5
                                                                                                                                                                                                                                        SHA1:CAF7ACA8A1846A6167FA39A27590442C9B345C50
                                                                                                                                                                                                                                        SHA-256:0DBEBA7B7F4E02C4A8A999D5483619DBEF12A7963A0C9F4EF47563EC98CD56B0
                                                                                                                                                                                                                                        SHA-512:8FBA4E3C683F8828FD6444F33FE47D7FA361F72695966C55E35458840245D09A9AB7DE238D9C4B1CC29F9946EBB1F20C505A38CC74590714794A079821BADD5E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........-...9...D......transmit_telemetry_event\.......6...9...................B...3...=...2...L.....handle_telemetry_event.new.EventHandlern.......6...'...B...4...7...6...3...=...6...2...L.....new.SendImmediately"telemetry.events.EventHandler.require...//7EF46D90BD45A8A1C8FA285D181AC5C33AC144FD16648387401EB1FC68BFFE8DC54EFE3E4E05980E9872AAB5EB4B167EF5F3A412A70504BC3F097665011E48B3++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\smareputationcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2733
                                                                                                                                                                                                                                        Entropy (8bit):5.810678771226106
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:fZDSqxViOC0k8r/cnZ93tDTHKNas+fubKRt/4LrjbBVat+Uvkr0g1kDii2Bcaiur:fZuyk/h8YTZZubKRxcvNoI2G7dv9r
                                                                                                                                                                                                                                        MD5:3CBB56B97190939639ECBBACCE608B7A
                                                                                                                                                                                                                                        SHA1:4F4237352279E2E79FBEC8226AF57DBD3ECED728
                                                                                                                                                                                                                                        SHA-256:B2A686361753AE315C4F9B973FECA4074C00A28E26E6C379AB4360CAA356901C
                                                                                                                                                                                                                                        SHA-512:BEE603BA66796E41EA8FA8B9B4315F4C4544CA7D1F54AE1EAEC109C4E37E3644B44398A8D41478B37BD6C115A06EF5C6E0C2CFF285D8D679DF6A67935E2C30CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........g-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...9.......X...+...9.......X...6...9...B.......6...9.......'.......'...9...'...9...&...B...6.......9...............B...9... ...6.......9...............B...+...L......SetOption.GetOption.settings._.lower.string.tonumber.default_no_value.in_context.prefixMOEM SMA Reputation counter handler called with an invalid configuration..default.SMAReputationCounter.get_telemetry_config]OEM SMA Reputation Counter handler telemetry event called with an invalid configuration..err.count.color.site.browser.get_telemetry_event;Entering SMA Reputation Counter Handle Telemetry Event.info.m_logger.... .*...-...9.......9...'...B...-...9...B...+...+...)...+...'...4...'...>...'...>...'...>...4...'...>...4...5...>...5...>...5...>...5...>...5...>.......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wabadgenotificationcounter.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2478
                                                                                                                                                                                                                                        Entropy (8bit):5.751845140494356
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3DSqjdEmfSEpie56rnaafiIOmvu6iGFVFVTRwKhlqFIoi2dNqkzO4LdIjfe:3uQfD+a4HhXiwAZIPa7iDe
                                                                                                                                                                                                                                        MD5:32A4F95A9FFAF6E272CFBC27626B825E
                                                                                                                                                                                                                                        SHA1:8E752829D7A30AA038FBF15CAFF385AF8AC0523C
                                                                                                                                                                                                                                        SHA-256:07FA6E0DD02E0E7B34174A93BBA15D9FB845F98A28EFF7AE78E543804A9F9CA6
                                                                                                                                                                                                                                        SHA-512:52920E005A191EE5C2463AA8BB588E3436E1BCA98CEBEAD6E9656536646AC5F695368FFA0161CF8D37233F499951670A0043EE9A230E9A097537B3D5D5ECE48B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........j-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...9.......X...+...9.......X...6...9...B.......6...9.......'...9...'...9...&...B...6.......9...............B...6...9.......6...9...B...A.......6.......9...............B...+...L......SetOption.max.math.GetOption.settings._.lower.string.tonumber.default_no_value.in_context.prefixROEM WABadgeNotification counter handler called with an invalid configuration..WABadgeNotificationCounter.get_telemetry_configbOEM WABadgeNotification Counter handler telemetry event called with an invalid configuration..err.count.feature.browser.name.get_telemetry_event@Entering WABadgeNotification Counter Handle Telemetry Event.info.m_logger...... ...-...9.......9...'...B...-...9...B...+...+...)...+...'...5...5.......X...-...9.......X...-...9.......9...'...

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wssanalytics.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):734
                                                                                                                                                                                                                                        Entropy (8bit):5.492330376395228
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:66mF5GlsglzZ7GlsggGlN5bW0oHQp3AnupBlyzRu+nGpIjHx4Xdf0qqV4M135JJz:66I5VglN7VggGlwQFAnup/Z+nPaNfPML
                                                                                                                                                                                                                                        MD5:7A1CF12D80DDC114D4192FE1FA0F9EA3
                                                                                                                                                                                                                                        SHA1:0DAC40F718785082400AF592E1C55BFB5AE4E778
                                                                                                                                                                                                                                        SHA-256:3F97A3FA8C242DC1F118C72C59259C0BEB0E85FC6FBDB11BE9A159F03811E31A
                                                                                                                                                                                                                                        SHA-512:2C687D48D853E79A54257CD656088179C6FA71257F58156B341CC9E983B1ADAC898B500433AD68A19652B2526F62CF2CC14FAA9B710AC6476D949BB3BE300A6F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........#-...9...B.......-.......X...-...9.......9...'...B...+...L...-...-...9...8.......X...-...9.......9...'...B...+...L...6.......9...-...9...D..........PublishMessage.wssEventSender>Invalid message passed to WSS Analytics telemetry handler.messageGEmpty telemetry information returned when processing WSS Analytics.err.m_logger.get_telemetry_event.........6...9...................B...5...3...=...2...L.....handle_telemetry_event....msad.files.safe..msad.sites.safe..new.EventHandlerk.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalytics"telemetry.events.EventHandler.require...//07C7B0A4D290DA6F6363AE90EF8697169CD5E5F7634E3ABC89689456D8E2D384541B2EA0C90F2A85EF28FBE30F5C3A048FE9D0C6D0F9586B431F89CDBC82E306++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wssanalyticsraw.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.517270660703353
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6x5GlsgyPAH6WfEFzMclyzRu+nGpIjHL4XH54o4MaL5JJKvhjC35FMAI:6x5VgyP6czMAZ+nPEX5oMaLUvEpQ
                                                                                                                                                                                                                                        MD5:A3114E8582651607093473638D9F68F9
                                                                                                                                                                                                                                        SHA1:F252EF9BAE5820B328088A3E1EC9D539425FF716
                                                                                                                                                                                                                                        SHA-256:563C845465D30C7DFCFC12762836B541F798E2A22B17EA6443ECE240F5B0BA0E
                                                                                                                                                                                                                                        SHA-512:1D46F1EFF05F93A3301F69FB5787C4C7A9971163296AFBD4ACA221C646FD2CAB794956B3CBB046C976BA22BF5A7C8DC6BE1CDF6F23C4CE34CD2E346BB00E2634
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........-...9...B.......-.......X...-...9.......9...'...B...+...L...6.......9...-...9...D........message.PublishMessageRaw.wssEventSenderGEmpty telemetry information returned when processing WSS Analytics.err.m_logger.get_telemetry_event\.......6...9...................B...3...=...2...L.....handle_telemetry_event.new.EventHandlern.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalyticsRaw"telemetry.events.EventHandler.require...//B14565C0152A58A87F778ED97AB95BED4550662F131759496C84A3B0B8BDD55EF7FDF1BF372B48FABA3969C132C9B7566C1A5E8E9634429CC4C28936325BA9A4++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\sendonping.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):384
                                                                                                                                                                                                                                        Entropy (8bit):5.405943148971105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6AWBAok48s1SK0HL1WU4oJ9Xucjg8JAbyKTgKqWmYVsORKXNg9ayYMbe+:6AWa4XbgLT4MXFj5JJK+P4mXNryFbe+
                                                                                                                                                                                                                                        MD5:43446E7FBD2ED6615FA7A41383E847BB
                                                                                                                                                                                                                                        SHA1:657B7ECDEAF1A06DBEE1F4F615909BB1829A1855
                                                                                                                                                                                                                                        SHA-256:F3F6CCBC480837394F355E1B5A992D12F32863D8B3BF1838F9154AD8F8AB8A95
                                                                                                                                                                                                                                        SHA-512:CD8B503D22C86C58BEFD9AD7E98AE18C047B21C7C468C0B230CE43B50BA878713078C51FD8AA423D60EBED963AC22B54ABB008F44E9E81A59245AF908080F084
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..6.......6...'...D...!send_on_ping not implemented.errorR.......6...9...................B...3...=...2...L.....send_on_ping.new.EventHandleri.......6...'...B...4...7...6...3...=...6...2...L.....new.SendOnPing"telemetry.events.EventHandler.require...//27E37EFB40196584CD1EA57D59306EBBB0A7AFAC400F4BBE1F373D2B7A31064385CFAEAA9C1AD7D34D0EC3A38C98E657DBCB3F2D31626542C12E0CD1BA7C8B47++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryconfig.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32368
                                                                                                                                                                                                                                        Entropy (8bit):5.485058202694766
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DtjmpberiSoQXmV/Px1IEOyoT6XBt7QuX9GFymAkNV:0JiiiMPxyyoTq7lX9GA0
                                                                                                                                                                                                                                        MD5:30269BC1DEF2CB47150B232B290C07BA
                                                                                                                                                                                                                                        SHA1:0468F83507403C977164D229D90999E231ACF290
                                                                                                                                                                                                                                        SHA-256:23318F270AE80F357BB64D99DEEC0CD5CE6E833E043BF07B22DD32052A8A79DE
                                                                                                                                                                                                                                        SHA-512:0BBCD590871D29F5657BB14E1B231543DB3484A3205706936392BA139E659463F6A2C1542A806EF31285D4845CE81E30D91340459265CB3D5A4232C6D5B40EC9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............5.(.5...5...5...=...5...5...5...=...5...=...5...=...5...=...5...=...=...=...4...5...>...=...=...5...5...=...5...5...5...=...5...=...5...=...5...=...5...=...=...=...4...5...>...=...=...5.!.5. .=...5.%.5.#.5.".=...5.$.=...=...=...4...5.&.>...=...=.'.5.).5.(.=...=.*.5.,.5.+.=...5.0.5...5.-.=...5./.=...=...=...4...5.1.>...=...=.2.5.4.5.3.=...4...5.5.>...=...=.6.5.8.5.7.=...5.>.5.:.5.9.=...5.;.=...5.<.=...5.=.=...=...=...4...5.?.>...=...=.@.5.B.5.A.=...4...5.C.>...=...=.D.5.F.5.E.=...5.L.5.H.5.G.=...5.I.=...5.J.=...5.K.=...=...=...4...5.M.>...=...=.N.5.P.5.O.=...4...5.Q.>...=...=.R.5.T.5.S.=...4...5.U.>...=...=.V.5.X.5.W.=...5._.5.Z.5.Y.=...5.[.=...5.\.=...5.].=...5.^.=...=...=...4...5.`.>...=...=.a.5.c.5.b.=...5.h.5.e.5.d.=...5.f.=...5.g.=...=...=...4...5.i.>...=...=.j.5.l.5.k.=...4...5.m.>...=...=.n.5.p.5.o.=...4...5.q.>...=...=.r.5.t.5.s.=...4...5.u.>...=...=.v.5.x.5.w.=...5.y.=.z.4...5.{.4...=.|.>...=.}.4...5.~.>...=...=...5...5...=...5...=.z.4...5...4...=.|.>...5...4..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryhandler.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2298
                                                                                                                                                                                                                                        Entropy (8bit):5.670325288487503
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3K1O3RnzJvZT0xdRmdTyDg1IlteIXwBf++wlFGAxBnGPqrjmRrSurJDr98AK:VvZTauEtRQcNxaJ5ti
                                                                                                                                                                                                                                        MD5:40EFA25D9511C8CD76BD62CC0FC6ED28
                                                                                                                                                                                                                                        SHA1:7083F3291FD104EC5CCFF55B92E6134B1F6B0261
                                                                                                                                                                                                                                        SHA-256:C4FCDA06AF774981610A12D4DF36DD1DE556AEA5051F9A0A34051AF48617A76F
                                                                                                                                                                                                                                        SHA-512:FD61B0012F05D1CB73BFC08731A50C21568F47A0381D3C26487B6B7B356A6EB8E986C6BA9B6D246EFD383EE75233359D05C599D912796781F632746EAC8FA9A2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........66...9...8.......X...8...L.......9...'...B.......X.......9...'...B.......X...'.......&...6.......9.......'...B.......X.......X...+...<...L...6...9...)...B...'...6.......B...&...6.......9...)...9...9.......B...+...L....currentline.short_src.Log.utility.tostring%Failed to load package. Error: .getinfo.debug..include.external.mfw..^core%..^mfw%..find.loaded.package......%...6...9.......X...6.......X...6.......X...6.......X...6.......X...6...9...)...B...'...6.......9...)...9...9.......B...)...L.......X.......X...6...9.......9...'...B...)...L...6...9.......9...'.......&...B...6...9.......)...+...B.......X...6...9.......9...'.......'.......&...B...)...L.......X...9.......X...6...9.......9...'...B...)...L...6...9...9...8.......X...6...9.......9...'...9...&...B...)...L...9.......X...6...9.......9...'...9...&...B...)...L...6...'...9...&...B.......X...6...9.......9...'...9...'...9...&...B...)...L...6...9...6...9...6.......B...9. .....X...9. .9.!.....X...9.".9. .B...9...6...9.......

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_aws.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1852
                                                                                                                                                                                                                                        Entropy (8bit):5.7090579919680255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Y23cZu6+uxCDmxCSOpLhB8uhSZ1leqq6AXq6x3rAxQcNpzkJanuF/o:/ZiCDmxCFNhucSZ1le56QqUAQcNJ9f
                                                                                                                                                                                                                                        MD5:90211EE285324FD453E662A448B9D6E5
                                                                                                                                                                                                                                        SHA1:B3484A0E8C95649D9AE159827055A07B80D77C90
                                                                                                                                                                                                                                        SHA-256:B7A266BF64A885B4370B39104D556B709123C027620FDAEDBAC53D99D818830D
                                                                                                                                                                                                                                        SHA-512:C2E503F1C6E241D402F0ADFE92D4F1DA40F16158CD7E6C33EAC8FA8992D729BCEC75F80CE7F1947542CABB0E244A138F244B6D9248E38D66BAA8457635ECF8C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..O.......+...6.......9...+...'...+...B.......L....*AWS_QA_Mode.GetOption.settings.........-...9...B.......X...-...9.......9...'...-...&...B...-...L...-...9.......9...'...-...&...B...-...L.........9Entered Transmit_AWS get_header_value and headers = <Entered Transmit_AWS get_header_value and QA headers = .info.m_logger.is_qa_mode......../-...9.......9...'...B...-...9...B.......X...-...9...B...-...9...B...-...9.......9...........-...'...'.......&...B...6.......9...........-...'...'.......B...X...-...9.......9...'...B...K.......=Transmission to AWS disabled by setting *TransmitAWSNew..TransmitTelemetryEvent.sender.web.PUT.get_endpoint_value.get_header_value should_transmit_to_endpoint.Entered Transmit_AWS transmit_to_endpoint.info.m_logger<.......-...9...B.......X...-...L...-...L..........is_qa_mode........-...L.....[.......6.......9...+...'...+...B.......X...+...L....transmit_aws_enabled.GetOption.settings........&6...9.......B...6...9.......B...9.......9...'...B...'...'...'...'...'.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_azure.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2110
                                                                                                                                                                                                                                        Entropy (8bit):5.76937466877934
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:azFRv6zh4yYuRzf9gTZz2LhQgd6zEeq63o6xFbSSFl0anuLI5Y:azjKhFtWTZkhZdKEe13oU5SSFbUKY
                                                                                                                                                                                                                                        MD5:89612C2832610B5408332FBCEC225125
                                                                                                                                                                                                                                        SHA1:7BFE9E1D4B3EBB97A9B3B37148935EFA22E2A5EC
                                                                                                                                                                                                                                        SHA-256:40C18DEC34FD5876E2D6F3DF158A78C19D927B95B4FB3D1B36461E5D860FF7C7
                                                                                                                                                                                                                                        SHA-512:6F6AF84C595D6F7BA98B1A8096FE57D1DAB1A7D9575AC8EC0494D5C7AE906557407C26BC59569E22F5CAAEC3A9F3D2DB7944E20653B2CF7AE39E65B726E897B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........N-...9.......9...'...B...-...9...-...B...6...9...6...9...'...B...A...*... ...-...9.......9...'.......&...B.......'.......&.......6...9...-...B...6...9.......B...6.......9...-...............B.......X...-...9.......9...'...B...'...-...9.......9...'.......&...B...'.......'...-...9.......B...'.......'...-...&...L..............&skn=.&se=.&sig=.SharedAccessSignature sr=.hash: .default_hash_will_not_work7HMAC Sha256 function did not return the right hash.err.HMACSha256.utility.len.string...ttl: .!*t.date.time.os.encode_uri4Entered create shared access token in lua azure.info.m_logger..I.........-...9.......9...'...B...-...9...B...'.......'...-...'...&...-...9.......9...'.......&...B...L........headers: ..servicebus.windows.net...Host: QContent-Type: application/atom+xml;type=entry;charset=utf-8..Authorization: .createSharedAccessToken*Entered get header value in lua azure.info.m_logger........,-...9.......9...'...B...-...9...B.......X...-...9...B...-...9.......9.......-...-...'..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_ga.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):582
                                                                                                                                                                                                                                        Entropy (8bit):5.54472158728917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6VTVTtuIiCiuyws+YpOnkxiRM5DKCo4MVCqu67jKYC6Z4GpNoC:6tfiCiuPVkxxbtMVCf6K9KR
                                                                                                                                                                                                                                        MD5:174207C69662060821EECD30A386255F
                                                                                                                                                                                                                                        SHA1:584B499AFB50AA4AE987D9A35E739692EEAA22BC
                                                                                                                                                                                                                                        SHA-256:F67FD8374C82A7F58A90D2E0D7A6A7A07D486CDE6A501960750E28C088B206EC
                                                                                                                                                                                                                                        SHA-512:6F06FCB1107C8052B93D7A4509039246B63F2B01F4BDDCEA54003D5539169296A53CA47B21461E6C18A9C872B0E25635C8D879E6CB0A8A8D81EA81F98EC518F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6.......9.......'...'...'...'...'...B...K.....web.POST./collect!https://google-analytics.com.TransmitTelemetryEvent.sender,.......'...L...!https://google-analytics.com........'...L.............6...9.......B...3...=...3...=...3...=...2...L.....get_header_value..get_endpoint_value..transmit_to_endpoint.new.EventTransmittern.......6...'...B...4...7...6...3...=...6...2...L.....new.Transmit_GA&telemetry.events.EventTransmitter.require...//159FF38C1975B5C34464C3DB524BD224000DADD85693A250DEDC648B24287ADCED60CC833C1E07E24986FAE847F7E08B8AFAA8863F49E62C455C76DB03A35D3B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_aws.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):883
                                                                                                                                                                                                                                        Entropy (8bit):5.677927460774469
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:65P2OfDKrzUgjFkEOpLh2uea1qRmhuh1rAZ4hMBLYW2ZnW5T/qs:qRrKf7jlOpLhzHUUhuh1cZ42BLWW5jz
                                                                                                                                                                                                                                        MD5:F6EE7228C587AA73A5C34F332900545A
                                                                                                                                                                                                                                        SHA1:39C835DD22DF530E93252005E815FE8A47A19393
                                                                                                                                                                                                                                        SHA-256:ECBFFB9097E15CB9A6753B43E7FAF72780FA78E5EA21F71482315534CD07D676
                                                                                                                                                                                                                                        SHA-512:5DEC074A462FEF17C275AC2BA3EA661F20100BEFFAD4FCBA7C0BF5B4B2B00F65DFDADAC527525C863331395473BB11E04DD3F10BF489FA18D1452DDF49FC0FEA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........6-...9.......9...'...B...-...9...B.......X.$.-...9...B...-...9...B...-...9...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...............'...'...............B...X...-...9.......9...'...B...K.....=Transmission to AWS disabled by setting *TransmitAWSNew..web.PUT"TransmitTelemetryEventTimeout.sender.AWS_Telemetry_Flags.AWS_Telemetry_Timeout.GetOption.settings.get_resource_value.get_endpoint_value.get_header_value should_transmit_to_endpoint5Entered TransmitTimeout_AWS transmit_to_endpoint.info.m_loggerN.......6...9.......B...3...=...2...L.....transmit_to_endpoint.new.Transmit_AWS........6...'...B...4...7...6...3...=...6...2...L.....new.TransmitTimeout_AWS/telemetry.events.transmitters.Transmit_AWS.require...//E8B34337233BEE6298F47F62077D730B5689809891ED692206873061EAB9A9BCB5C4EDB81DA5A2D3C59A2379E1DB3445255EA2D124BB2944236926A1433D172B++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_azure.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):855
                                                                                                                                                                                                                                        Entropy (8bit):5.721360893101492
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:6vAqhEDwe2LhXVLhueOgR87viuZ3wMnLYF7106uB:QAqhEj2LhXVLsLgovjlnLOJ01B
                                                                                                                                                                                                                                        MD5:E3396259DBBA66DDA574C94659FAA016
                                                                                                                                                                                                                                        SHA1:23F091D238293EEBA7A0402FE1556528D76AA56B
                                                                                                                                                                                                                                        SHA-256:8A682B441BA6013CC523AF5FDB7296520E3FDE110EFD1F63852FE03A62DF1074
                                                                                                                                                                                                                                        SHA-512:E564CE753CEE35EBC7A211D4B8D02743F7AE5A39994F04F751FA356CEDC18AFCB2009B7342AB718C5AC059E67105DDA024D04F653C4C75ACA26C99B2C0AC6FF6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..........*-...9...B.......X...-...9...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9.......-...-...'...'...............B...X...-...9.......9...'...B...K........./Transmission to Azure disabled by setting..info.m_logger.web.POST"TransmitTelemetryEventTimeout.sender.Azure_Telemetry_Flags.Azure_Telemetry_Timeout.GetOption.settings.get_header_value should_transmit_to_endpoint.........6...9.......B...'...'...3...=...2...L.....transmit_to_endpoint7/wadp32h01/messages?timeout=60&api-version=2014-011https://cu1pehnswad01.servicebus.windows.net.new.Transmit_Azure.........6...'...B...4...7...6...3...=...6...2...L.....new.TransmitTimeout_Azure1telemetry.events.transmitters.Transmit_Azure.require...//5C186D41FD4055FC236E926654FBCAD6D01FA6BB1794A39019B81E3046AF6EB9FA9FDFDA0BBCE0BA6441775021DD404683F45AD55794F32C42A2E4A7499C441E++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_ga.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):605
                                                                                                                                                                                                                                        Entropy (8bit):5.652003285567163
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6t0VIAe4Zrm2iCDuQLqk3Rf3ZSM5xXCX4MxOPLYjKkDTZLzx:66y4M2iCDueqk3RFxXCIM6LY2kD1Lzx
                                                                                                                                                                                                                                        MD5:3A0F9AFB5F6AE736DC53549CDE33C826
                                                                                                                                                                                                                                        SHA1:40CC46BCCCA650414A60790AB4D6F94B155AED0A
                                                                                                                                                                                                                                        SHA-256:4F8BFAE8DDCD3CA3E8FD5331928189620B73906B61A1E3369B4BE293C312DCAC
                                                                                                                                                                                                                                        SHA-512:C12E6243CDBF20A5F99747F51A52FB4E8B3F073804D2C715275296F85BA6B0DAAEF3BD62268D10524BFA9F00D3D6E357330709DE153A37F70D4B830B16AA0A08
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ...........6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9.......'...'...'...'...'...........B...K.....web.POST./collect!https://google-analytics.com"TransmitTelemetryEventTimeout.sender.GA_Telemetry_Flags.GA_Telemetry_Timeout.GetOption.settingsM.......6...9.......B...3...=...2...L.....transmit_to_endpoint.new.Transmit_GA}.......6...'...B...4...7...6...3...=...6...2...L.....new.TransmitTimeout_GA.telemetry.events.transmitters.Transmit_GA.require...//B6BB18795D256FD52098E126DEF5FA82FB3F190F4149E5C090F50EDFE745E231FB7CFAC47A36B865D877908E412679DA2BC4F667A70938343E293341CD121C26++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\events\version.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):235
                                                                                                                                                                                                                                        Entropy (8bit):5.210394840073203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:8k4kikwIWmLQJX8n+Ogyd8VK5k4bdUhj5elV4V+ZvnFJA:90kRLQJXcW25eOVYuvnFJA
                                                                                                                                                                                                                                        MD5:0DE18845C0649E65BB955CDDC340B8C7
                                                                                                                                                                                                                                        SHA1:B70A097DB14B43D35C606860D94638BC890D0730
                                                                                                                                                                                                                                        SHA-256:BDDDE6B8A73D2F2277BCFFB8E1AE34CF1238161FA25F350C69FFA842E16F0CBB
                                                                                                                                                                                                                                        SHA-512:6F8AF2F90CCF474B19280993008CB7DCD9938E3098C8C467A393EC17C8C9E56EE8716101BE4E5B8AE8A8BFB9EA335A16AF08BE63D3BD6F207265B5DB4D4DAD01
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:--$FileVersion=[VERSION_MAJOR].[VERSION_MINOR].[SUBMINORVERSION].[BUILD_NUMBER]..return "4.1.1.898"....//799A198156340D915A1DBAD80B335C43FC9F0068F8B846A355D3C31B906A2C7B236982319E67B0BC79E21BE2BBCA7763BE524D2D70B4544FCFA88344A9B4E403++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\download_scan_ui.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1024
                                                                                                                                                                                                                                        Entropy (8bit):5.059439346106341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:4cZZCLtlDbUM6OUdREsAAZZSmQcMIc+PcM6icd7FZFWtkZn:pCtlDbUiUPEsA4Fg+UfFnFXZ
                                                                                                                                                                                                                                        MD5:C7C3F008DCACFF4B60E42F47B360CFEA
                                                                                                                                                                                                                                        SHA1:298ADB267124D64489C8B7E14CDF8AD7E3E3AC49
                                                                                                                                                                                                                                        SHA-256:D2B06B541AA3F79B33D11B6045A428718FEBF22FAAC5D86C5455292186ADC92C
                                                                                                                                                                                                                                        SHA-512:F9A095A28F65BB88CA68A35B632CF788B157728C19B14F507FB4909A223C0DBF94682B15794894039DA24061D844FCB247F6B34AAB13B6034FA8C38A1D05F167
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var Download_Scan_UI = function(){.. this.elements = {};.. this.elements["name"] = "DownloadScanUI";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["count"] = "0";.. this.elements["_event_name"] = "Download_Scan_UI";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.count = function(val).. {.. this.elements["count"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//D24D76A712FE78CF23C2981FA3C0E8E1CAC1D01C09586D5436F4BE8D06A96F323AE817778BB03B46D0541568C9DE9E61C6F03833B7

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgeonboarding.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1003
                                                                                                                                                                                                                                        Entropy (8bit):5.027477039325366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hwaLteVUM6QcTQMs/mQc9cwPcM6oaccJFZE4fFJtoE:3teVUk4sKuwUsDgnf9foE
                                                                                                                                                                                                                                        MD5:DB618639C311C7D018A1723EAA9F728D
                                                                                                                                                                                                                                        SHA1:147D4C67F02589C18900531718F3EA44A7BCFB76
                                                                                                                                                                                                                                        SHA-256:F1CACB5478BC09E30DDA342F84E82EC83559B9833B1C915B10E7721A6C59FBDF
                                                                                                                                                                                                                                        SHA-512:8FBB77A582CD29405E1FABC5DB67A6390AB7495925C433125F3F5B5E8277CFCD5A90822C2376A7ABC289DD3089824BF723CB5ED262D83413D28D3E8FD80485B3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var EdgeOnboarding = function(){.. this.elements = {};.. this.elements["name"] = "EdgeOnboarding";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "ed";.. this.elements["type"] = "default";.. this.elements["_event_name"] = "EdgeOnboarding";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.type = function(val).. {.. this.elements["type"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//15E2AC231D37C128A477A04B69B3F2FFC6ECA95D8474844FBB4EAAB96915D31F0BF45D5B143B91C8014B347EBEBE6E9FD95F0F92095B09346C8DD1F3548AE33

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgeonboarding.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):686
                                                                                                                                                                                                                                        Entropy (8bit):5.362499393952789
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6DbtRkb6KamGBXBiE0Lu02e+vo5I8o+2r4E4Mz7tKVUs6ynU2:6Hk2DdJvE5D2MMgIyU2
                                                                                                                                                                                                                                        MD5:9868C518B61C957DA5463BA957D90B17
                                                                                                                                                                                                                                        SHA1:7276A8535500500F0055E046835C61B914744A6A
                                                                                                                                                                                                                                        SHA-256:472C44BB14E70A6420516432306E733726A6F06F18F8BCA09FFE16DC675336EB
                                                                                                                                                                                                                                        SHA-512:53C46FF7975D167252ED7AE71BBB18F387F3D385CA92CDA8BCCE798A88BDE7964B70D8DBB98C4CC1FFF82A1B3560B4C5F046B91C221000EC90006A5280E4FE2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............-...L...................-...L...................-...L...................-...L................4...6...-...B...=...6...-...B...=...6...-...B...=...6...-...B...=...'...=...6...9.......9.......B...L............encode.json.core.EdgeOnboarding._event_name.type.browser.action_type.tostring.name.........4...'...'...'...'...3...=...3...=...3...=...3...=...3...=...2...L.....Serialize..type..browser..action_type..name.default.ed.UNKNOWN.EdgeOnboardingY.......6...'...B...4...7...6...3...=...6...2...L.....new.EdgeOnboarding.core.json.require...//E40B0579E78D55C6E5C59AA242375F72CC5D2CB3C43BF870EE370B3D70F132491F39DCE45DEEA602E8FA4D8F7839B2074F1205F04C9FD5873EB786BBC429CFCD++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgesecuresearchonboarding.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1084
                                                                                                                                                                                                                                        Entropy (8bit):5.065252181672922
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hKLtQXQMM6QMUsZcucwPcM6XcaFZ1ioQQjo:GtQZkMUs6XwU4anoyjo
                                                                                                                                                                                                                                        MD5:56711443205DBEE0D0683798DE04F6A7
                                                                                                                                                                                                                                        SHA1:E6412E0BF24014E6879841C3CADFB6FE434DEF7B
                                                                                                                                                                                                                                        SHA-256:6F7031E3A68D17DBC2CE68E5410296DD0E903E54D1543B24D1797B25B9E0A7C6
                                                                                                                                                                                                                                        SHA-512:738C83383D6251BA937AA8E04F8B36A8987CDC32CA23A6192365C0932CECF30CA1136EFB197C80240B2104905120914A944DA466097FE8DEB00ECC3A86C81F94
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var EdgeSecureSearchOnboarding = function(){.. this.elements = {};.. this.elements["category"] = "EdgeSecureSearchOnboarding";.. this.elements["action_type"] = "default";.. this.elements["browser"] = "ED";.. this.elements["impression_type"] = "UNKNOWN";.. this.elements["_event_name"] = "EdgeSecureSearchOnboarding";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.impression_type = function(val).. {.. this.elements["impression_type"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//7AE73BB9B9FBCA65C1D2C1944F29409365A4AC20A1138A

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgesecuresearchonboarding.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):752
                                                                                                                                                                                                                                        Entropy (8bit):5.435233014241964
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6DbtRkb6KaWBXBiE0Lu842e+/OovtIGWoG5iF3v4MDa7tKvmHFcxrRRTdD:6Hk2DEIGMt0B5WgMDvmHixrRFdD
                                                                                                                                                                                                                                        MD5:D36AE5C5B64BDE91D16AC4C871066487
                                                                                                                                                                                                                                        SHA1:FC433EE2021966E0532CD4FD55821A7AC024AA69
                                                                                                                                                                                                                                        SHA-256:155DB8A8E56DF0434DEEAD676E5921865038C7DFA6603F683D2B42B014CA66C6
                                                                                                                                                                                                                                        SHA-512:7750DC4FA0314EEBD3F46B6677EA9D34D4B5857735A8CF2D4012E5D2AAC703C84B3E016B5A46B7E10AE3650E9D6A871F3B4ED0D76E7BF7C01F67F56297A09373
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............-...L...................-...L...................-...L...................-...L................4...6...-...B...=...6...-...B...=...6...-...B...=...6...-...B...=...'...=...6...9.......9.......B...L............encode.json.core.EdgeSecureSearchOnboarding._event_name.impression_type.browser.action_type.tostring.category.........4...'...'...'...'...3...=...3...=...3...=...3...=...3...=...2...L.....Serialize..impression_type..browser..action_type..category.UNKNOWN.ED.default.EdgeSecureSearchOnboardinge.......6...'...B...4...7...6...3...=...6...2...L.....new.EdgeSecureSearchOnboarding.core.json.require...//0472C3D319C050C65772758DE68BD62E49B2301BEF4F08847C1095D2EA5C4FF83B0D1432BC1C4A9024331989E9BFED557FB6830E4B391F266C6F34FE5311E613++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\extensioninstallationtoast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1068
                                                                                                                                                                                                                                        Entropy (8bit):5.057653615858933
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:L5hLt9DVUM6OUzvUsdwcucwPcM6iczfFZ3/qf6S:L5Ft9DVUiU7UsdlXwUPLn3NS
                                                                                                                                                                                                                                        MD5:F0F0DD847CE06CA97D93CFC8BC5FD7CB
                                                                                                                                                                                                                                        SHA1:A950D4E13655BC0385A71C4F17C3CA47B17AB9B0
                                                                                                                                                                                                                                        SHA-256:8D69F4A60842ADC4D44D485F1F51756D1FD1CA113FC1E63500918FD75D943DFF
                                                                                                                                                                                                                                        SHA-512:BA2C8CDF85B2217ABA17E7A15860E69DB7CE9A1CF6BAF49B6B62BB7CF6251158B3ECF0CD555A26AD20A5C140772AD2E33F6FF5FD3E1297D7B34D0312D242D1FC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var ExtensionInstallationToast = function(){.. this.elements = {};.. this.elements["category"] = "ExtensionInstallationToast";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["sequence"] = "UNKNOWN";.. this.elements["_event_name"] = "ExtensionInstallationToast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.sequence = function(val).. {.. this.elements["sequence"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//33D3B13A949278C716F09846244592C3F146976442DFE6C06B64A1A4FA79EF

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\fw_av_warning.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):861
                                                                                                                                                                                                                                        Entropy (8bit):5.108474425977437
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:7WJwqwHwzyAdYETwM6RETwscWmQbwRo5AJbwzyAd1oBPbwM62ogFwfwS+axuraTU:7LtQbUM6OUsDmQcMIc+PcM6cFZS7hDE
                                                                                                                                                                                                                                        MD5:3A396B9AFE1C933046CAEE86659AAC78
                                                                                                                                                                                                                                        SHA1:E1706E5E31CC58665197A6922464BE550BEFDC6C
                                                                                                                                                                                                                                        SHA-256:5F1F3BFF6C0B7E2A9BB1ADF406A166DFAC35E62A52CB68399DDFE4860373E41F
                                                                                                                                                                                                                                        SHA-512:DDF98383058E956DAF31F563F25107F3EF5E1FF26AC457E36F7BBCA8740C9225DDF0BD6B43F6D12BA1AE1FAABCB79E34521B089996CF6C00FEC0C232C405F96C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var FW_AV_Warning = function(){.. this.elements = {};.. this.elements["name"] = "FWAVWarning";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "FW_AV_Warning";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//C569B16A5B9F5C02D595395C243623A8F650CE2F09B57CB615006B0F5D0B8793F581F88DA9CA1DC2E082593A134E4C8CEFBB2F02C0B2780905CDEBD1F1EB24E5++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\newtabextensionoffer.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1053
                                                                                                                                                                                                                                        Entropy (8bit):5.076728526401366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:RDhLtxVUM6OUDUs2cucwPcM6kcTFZYb6ujL:/txVUiUDUsvXwUdTnY+U
                                                                                                                                                                                                                                        MD5:74B0F3FBB9B6BD00077A3DAD3334E321
                                                                                                                                                                                                                                        SHA1:EC3DF40C39BAF554F88E8BAEF341E3456D425F90
                                                                                                                                                                                                                                        SHA-256:A459836EA97955B49445275620088B6B21998DB851359E8B0AFD37D7CA0D98C9
                                                                                                                                                                                                                                        SHA-512:882E0BFB8520684738FDBD38106F53770E79E9DB9D5A99ADCD7DB83C5DE7E1B74B13FE5F7C516DF9CEE12E1CFC103D9BE679A4B72AEC6777BBF5D4147BC4C9AC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var NewTabExtensionOffer = function(){.. this.elements = {};.. this.elements["category"] = "NewTabExtensionOffer";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["variation"] = "UNKNOWN";.. this.elements["_event_name"] = "NewTabExtensionOffer";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.variation = function(val).. {.. this.elements["variation"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//2D1037F781D04CF9B38892705AEB629F1BED8D623A3003D6758849BF62A0160245D5536BA943B

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\onboardingballoon.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1053
                                                                                                                                                                                                                                        Entropy (8bit):5.068987633217678
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hfhLtEbUM6OUf1Us/mQcMIc+PcM6NTQcf9FZwYEgZfH1j1:XtEbUiUf1UsKg+Uxhf9nhf1j1
                                                                                                                                                                                                                                        MD5:B5AE66FFFA07B9B0CF1197272008E476
                                                                                                                                                                                                                                        SHA1:F5F272847827C8D1C38B322989FADC8049AF90DB
                                                                                                                                                                                                                                        SHA-256:1791690900C4FD05FC33B376BD02B37431287AB6323FB5D0A05D6CACC4CE7868
                                                                                                                                                                                                                                        SHA-512:73BF64E57F5F2636347CE22B02EF7DFFB19108E95683654AE2F128AB2B1A9D065C0A5346F56351A04A0DD52038ABDD8BD8362AF77AD9912C39C3C565BA7C9E19
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var OnboardingBalloon = function(){.. this.elements = {};.. this.elements["name"] = "OnboardingBalloon";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["balloonType"] = "UNKNOWN";.. this.elements["_event_name"] = "OnboardingBalloon";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.balloonType = function(val).. {.. this.elements["balloonType"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//FD9067F17EA1B950C63115489DF20CE388F1082808D69D7E490BEB6C1697270E484081150A9D8

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\optionsdialog.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):860
                                                                                                                                                                                                                                        Entropy (8bit):5.09739975654482
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:ROQWJwqwLlxojwY9QXDwM6RETwsRxo8DKrbwLuoSQbwY1oBPbwM62ogFwfw0JXbp:RvLt/K5M6OUs0cyQcTPcM6cFZoFjQ0
                                                                                                                                                                                                                                        MD5:06C6CC175CA088525460D1DDE4706162
                                                                                                                                                                                                                                        SHA1:F892EB7ADFCB614EC6C8FF858F0D6DC8DDE126C5
                                                                                                                                                                                                                                        SHA-256:E04BEC164B272E5373A5CA67C3C9F556D88285D4684CB5359FD21A296A39A3E1
                                                                                                                                                                                                                                        SHA-512:CD24C5E5DBB0BEFE1251CE2673BA5327E2912758961FA0397F59614303EBAED7A2578B68F7F56ED6B399CA1A9D13A48AF93C4F35C9FB758328A0C35DF905273C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var OptionsDialog = function(){.. this.elements = {};.. this.elements["category"] = "OptionsDialog";.. this.elements["actionType"] = "Impression";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "OptionsDialog";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.actionType = function(val).. {.. this.elements["actionType"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//9D8FF4A66A2B1C8D1146394F2DA86C9821257CBAFD608FFB7135B2BB91BF101B354BEAC4C96FC3444A35113D048059C3101140B67382DF9BAE11D7E860FF38FD++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\productupselltoast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1701
                                                                                                                                                                                                                                        Entropy (8bit):4.919989510850699
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:WFt4VUiU7UtUqmUjrUsCXwUPwId1j7nT1O:et4VUiU7UtUqmUjrU5X7PwId1jzT1O
                                                                                                                                                                                                                                        MD5:C52A1CF6592DFA8B4A0CD8B04DD20628
                                                                                                                                                                                                                                        SHA1:7C4899E6C428D23BBC468E36370708ABE0EB9178
                                                                                                                                                                                                                                        SHA-256:17FAAF545714CE92F8FCAEB1568CB71F800678637506A6D734F4C48EB5012033
                                                                                                                                                                                                                                        SHA-512:1A4F6FF2458E0A98E64FCB56AABE4264AE1954EA06D85CC8954F1B8DC22053BFE99715CF2EA69E42D4CDF4E12ED5E59CA85EAF84FFF3AF5BCEA72FA489E03092
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var ProductUpsellToast = function(){.. this.elements = {};.. this.elements["category"] = "ProductUpsellToast";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["sequence"] = "UNKNOWN";.. this.elements["product"] = "UNKNOWN";.. this.elements["variation"] = "UKNOWN";.. this.elements["trigger"] = "UNKNOWN";.. this.elements["url"] = "UNKNOWN";.. this.elements["_event_name"] = "ProductUpsellToast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.sequence = function(val).. {.. this.elements["sequence"] = val.toString();.. return this;.. };.. this.product

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\protectionscore.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1033
                                                                                                                                                                                                                                        Entropy (8bit):4.961781853227125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:eLtj9UM6hUcvjQMs4mQchcoPcM6jTccv5FZvgjbrBP:0tj9U64stSoUwgn4H1P
                                                                                                                                                                                                                                        MD5:BE2589B5580CDDAE5D13319400D7474B
                                                                                                                                                                                                                                        SHA1:E011BEB3CFC219E7DABF40A21E873E94CC59DD90
                                                                                                                                                                                                                                        SHA-256:C22DD5993A2B90D140446EF74561E09F57D5A5001E9246DD7C026A6B72BC741E
                                                                                                                                                                                                                                        SHA-512:D19D1C743C7D05EC3FCEAEE34FC921B0E3AA025CF58C7CF96BA3CFDB8EB9C4BD7C0C68095B18C1EF23882F09E6399E9449291BE8DF480D2A460F7251421F7927
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var ProtectionScore = function(){.. this.elements = {};.. this.elements["name"] = "ProtectionScore";.. this.elements["event_action"] = "UNKNOWN";.. this.elements["browser"] = "ch";.. this.elements["toasts_count"] = "default";.. this.elements["_event_name"] = "ProtectionScore";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.event_action = function(val).. {.. this.elements["event_action"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.toasts_count = function(val).. {.. this.elements["toasts_count"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//9FBDDA3324F283596AC88E76988ED918A179C3CA14EE01986FF54B697C4AB3A95BA047148DD9F41A9BFB3B65A4950A606

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\pscore.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):981
                                                                                                                                                                                                                                        Entropy (8bit):5.032562317627676
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:00LtQcM6jcQshmQc9cwPcM6oaccJFZXKcTV/L:FtQcP/swuwUsDgnXdTJL
                                                                                                                                                                                                                                        MD5:E4EEFC43EDA5D53EC7CAF099918DB83E
                                                                                                                                                                                                                                        SHA1:C863E7BDBE842548B9CAD62ABDF44A9993ECADDB
                                                                                                                                                                                                                                        SHA-256:C40BD2EED4DE4B15B2C739A95718FD8414DC9774B899D8BE1E409DD3B45BC6DA
                                                                                                                                                                                                                                        SHA-512:97B882391CC107C3C0963486404540CE274BF3724E48A864EA43197529D157F8091DCDB4AAD779D3AEE4EFA614DDBF764641FEE034CF99F6AABF71DC5ADC947D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var PScore = function(){.. this.elements = {};.. this.elements["name"] = "PScore";.. this.elements["action_type"] = "UKNOWN";.. this.elements["browser"] = "UKNOWN";.. this.elements["type"] = "UKNOWN";.. this.elements["_event_name"] = "PScore";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.type = function(val).. {.. this.elements["type"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//71C04A93F56A6BED155F1CF1946DEB45D37AE5748A4B89C36330A59E2D49668FC7F25BB8ED21051FA5B2DCAAE904E182C2A5D4A162231BBE31361BC9E7881383++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\secure_search_toast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1751
                                                                                                                                                                                                                                        Entropy (8bit):4.866147230589644
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:HFt9ZorU1Qi58eRls5XwUvgYmsQiAXX8O4nSM9J:lt9ZorU1N5PrAX7vgYmsNAHNaxJ
                                                                                                                                                                                                                                        MD5:D42DE70EAD6B85BF81400F762E28AD47
                                                                                                                                                                                                                                        SHA1:9EB5ED0D805BB367AA2E0C36FD57C2A757BA7726
                                                                                                                                                                                                                                        SHA-256:F924A636455CC635E205206298EDC6A39ECE9B0D755F609D5823B207B0D05B2F
                                                                                                                                                                                                                                        SHA-512:038ACEF5AF3DC15EB41B2941A9995E4FA4F0760126275BB8B21D7028AB5CF53D7C85011FABEE906D6940DF1A036F3E9CF5A08F8520DCAE407400E1415252CEB8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var Secure_Search_Toast = function(){.. this.elements = {};.. this.elements["category"] = "SecureSearchToast";.. this.elements["action_type"] = "default";.. this.elements["browser"] = "default";.. this.elements["provider"] = "UNKNOWN";.. this.elements["toastType"] = "RegularToast";.. this.elements["metadata"] = "default";.. this.elements["response_time"] = "default";.. this.elements["toggle_count"] = "-1";.. this.elements["_event_name"] = "Secure_Search_Toast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.provider = function(val).. {.. this.elements["provider"] = val.toString();.. return this;.. };.

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\securesearchstatechange.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):714
                                                                                                                                                                                                                                        Entropy (8bit):5.313033001513417
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6DbtRkb6KaiBXBiE0L+nAK+gUc6N+l5sxg0XE5I3B4M/Gtz7tKJytF9Hni6N:6Hk2DUAfPc6N+lus5IGMCgJytF9HP
                                                                                                                                                                                                                                        MD5:6C790EE1BBD15697BD9FD15556615572
                                                                                                                                                                                                                                        SHA1:07F686335F2C45B4BEF2E5CD3F796E79EA9C7233
                                                                                                                                                                                                                                        SHA-256:E0B1033303C13C6B7B60925F49CDCA256C4AA810CE213CF834AEBE7ED4256913
                                                                                                                                                                                                                                        SHA-512:2072AE48216734D54FEC4E1A8B78E3AB2BD87655F8ED62434DB1C2A171D45C19C7D32A1634C91D8FBC515E1C606DEC1AAAC6A351E31FF52BA0AC07BF4963E88E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............-...L...................-...L...................-...L...................-...L................4...6...-...B...=...6...-...B...=...6...-...B...=...6...-...B...=...'...=...6...9.......9.......B...L............encode.json.core.SecureSearchStateChange._event_name.prevState.browser.newState.tostring.category.........4...'...'...'...'...3...=...3...=...3...=...3...=...3...=...2...L.....Serialize..prevState..browser..newState..category.UNKNOWN.SecureSearchStateChangeb.......6...'...B...4...7...6...3...=...6...2...L.....new.SecureSearchStateChange.core.json.require...//0C3C3DDF3F0FC3F6FBC8884FEB865996BF278AFFD8663547A9012EE1665E259922E0F3DD956DEED7C6E84FDC1DB29871251A17220A14ECB8C041CFF5A2887BC6++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\survey.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1690
                                                                                                                                                                                                                                        Entropy (8bit):4.894292692007079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:ltgxDUQUWUVBUiUyJUiUs83NsxnudV7gyEUQneGqJVC:ltgxDUQUWUVBUiUgUiUf3NsxnudV7gUk
                                                                                                                                                                                                                                        MD5:FC02B4F0AD63BE92359E9162F9A2787A
                                                                                                                                                                                                                                        SHA1:8F2E07F1600159834535DCC74C7C7AB9FDCC6DEF
                                                                                                                                                                                                                                        SHA-256:0AB1D628730DFA2C0384AD750944F213012F01166C990A1E6EB1A52FC44C3AF1
                                                                                                                                                                                                                                        SHA-512:15CE821107930A9A14DB9C943FD7765D57B8E2261E1002F7F0CC7B39EC0165A06C38B66AC2F8D6FB07C436C168C604F4DE805B0B22DBB8B6A55ABB159DE20EC0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var Survey = function(){.. this.elements = {};.. this.elements["name"] = "Survey";.. this.elements["survey_type"] = "UNKNOWN";.. this.elements["selection"] = "UNKNOWN";.. this.elements["experience"] = "UNKNOWN";.. this.elements["showTimes"] = "UNKNOWN";.. this.elements["interaction"] = "UNKNOWN";.. this.elements["payload"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "Survey";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.survey_type = function(val).. {.. this.elements["survey_type"] = val.toString();.. return this;.. };.. this.selection = function(val).. {.. this.elements["selection"] = val.toString();.. return this;.. };.. this.experience = function(val).. {.. this.elements["experience"] = val.toString();.. return this;.. };.. this.showTimes = function(val).. {..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\survey_ui.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1355
                                                                                                                                                                                                                                        Entropy (8bit):4.927973801191775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:HYLtFiUM6OUxDUcPQMkQMsamQcM/cxPcM6qNXcxeccLQLrcKFZ02Ac:GtFiUiUxDUSGsTLxUONsxnW5Kn0w
                                                                                                                                                                                                                                        MD5:04FBFDED6873A8D16FBE6BA50E1DCC50
                                                                                                                                                                                                                                        SHA1:2C627DFE2F5CC65DD275C54A34D0A6AEEADD9765
                                                                                                                                                                                                                                        SHA-256:76145A7A4A2B8030121E2AE9C89902AFA2BCC73E57E33792C3EAE8B615A81D67
                                                                                                                                                                                                                                        SHA-512:B54F42A2583C020BFAAF159C7FC4B2D59ACE21A09E3819B7B292B04CF66CA5DD9A299266CAA94DE37B1FE0F280580E1CA00C4C0794AF18B290628BF05CD70779
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var Survey_UI = function(){.. this.elements = {};.. this.elements["name"] = "Survey_UI";.. this.elements["interaction"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["survey_type"] = "UNKNOWN";.. this.elements["selection"] = "default";.. this.elements["scenario"] = "default";.. this.elements["_event_name"] = "Survey_UI";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction = function(val).. {.. this.elements["interaction"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.survey_type = function(val).. {.. this.elements["survey_type"] = val.toString();.. return this;.. };.. this.selection = function(val).. {.. this.elements["selection"] = val.toString();.. return this;.. };..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastcheckcompleted.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1029
                                                                                                                                                                                                                                        Entropy (8bit):5.078863284049842
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:dLtUM6OUc7UdrUsMchPcM6mFQccLcd7FZU5D:JtUiU+U9UsRhUyLFnU5D
                                                                                                                                                                                                                                        MD5:0A038736A0BDAD849ABFC68546BF7819
                                                                                                                                                                                                                                        SHA1:2F0BD42826659AF0BD93CE26524B34A501311A7A
                                                                                                                                                                                                                                        SHA-256:10B4624F885A33CD0B9965E8A6316033C343D4385FE3C3AC98CB6DC2D0423644
                                                                                                                                                                                                                                        SHA-512:5C673433043544E674E266C13A256C8BB62D907FE7AB22C5A8151C4B1D215705E68FD68D14770C077F4025F3D0C89DC340737750E29A171ED749819B2B57F8E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var ToastCheckCompleted = function(){.. this.elements = {};.. this.elements["category"] = "ToastCheck";.. this.elements["browser"] = "UNKNOWN";.. this.elements["triggerType"] = "UNKNOWN";.. this.elements["count"] = "UNKNOWN";.. this.elements["_event_name"] = "ToastCheckCompleted";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.triggerType = function(val).. {.. this.elements["triggerType"] = val.toString();.. return this;.. };.. this.count = function(val).. {.. this.elements["count"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//5CB3BE8D6D1103DBE43DFC3F29ADC636BADB55A26AA016BF5B11E7B80A76873005DD83837899277701AD146301B48C60750F8

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastcheckcompleted.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):691
                                                                                                                                                                                                                                        Entropy (8bit):5.372227706729409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6DbtRkb6KanBXBiE0LZW+tLVeS5sxg055qwIB4M67tK28xbb8Ga:6Hk2DmtZhuB5LM328xbb8R
                                                                                                                                                                                                                                        MD5:27182092AEAA581D1C142F1E0CC44060
                                                                                                                                                                                                                                        SHA1:B74215F78631DA55AE86F3530E7AB78D69AB2712
                                                                                                                                                                                                                                        SHA-256:79182DD4A9D77CF0ADAEE39F6D80CD71E90C90B8C0A8A6208BE70EC5FF6BA368
                                                                                                                                                                                                                                        SHA-512:07665CDBF2DAD14F1EE3B973A4F153BF5F517CBCECFAC8C1A270D2463BF368DF98E85E029FC4A8A653A26FDECE06F4ED566B9E113027CE33C8BF49B4C17AEAD9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............-...L...................-...L...................-...L...................-...L................4...6...-...B...=...6...-...B...=...6...-...B...=...6...-...B...=...'...=...6...9.......9.......B...L............encode.json.core.ToastCheckCompleted._event_name.count.triggerType.browser.tostring.category.........4...'...'...'...'...3...=...3...=...3...=...3...=...3...=...2...L.....Serialize..count..triggerType..browser..category.UNKNOWN.ToastCheck^.......6...'...B...4...7...6...3...=...6...2...L.....new.ToastCheckCompleted.core.json.require...//A273A5315B579A40BFA7EE0D74F5570524400B254EF12385867A025C61DA7FB260748DBA8F44163460C1217FD698492694E6043D5D0657278CEE5C1A5F03CBE7++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastchecktriggered.luc

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):699
                                                                                                                                                                                                                                        Entropy (8bit):5.370799319235948
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:6DbtRkb6KanBXBiE0LZkUo+tLVe0yrroqwIB4MeUi7tKcVcpOkTgjxfHY17VYUDe:6Hk2DlU9tZywLMeUv9AaIHC7VYse
                                                                                                                                                                                                                                        MD5:1478AE15609A028A4962A83F51B2F889
                                                                                                                                                                                                                                        SHA1:76F3B070A2E7A18CEDCE0ABB0015B4AEB41E1D08
                                                                                                                                                                                                                                        SHA-256:FAE99FC1CCF4CB15D14FD98950A3E87B463146413526EBB6AA54C25B4B44B0B6
                                                                                                                                                                                                                                        SHA-512:BB1520EA04B9EECD399B46AA06EB640F6FFBCD4A636268196EE96561D7ACBDA2791402E90D6569155CC6C37DCB51B450CEDF56CC8368A3894204C70DBC0DA06C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.LJ..............-...L...................-...L...................-...L...................-...L................4...6...-...B...=...6...-...B...=...6...-...B...=...6...-...B...=...'...=...6...9.......9.......B...L............encode.json.core.ToastCheckTriggered._event_name.count.triggerType.browser.tostring.category.........4...'...'...'...'...3...=...3...=...3...=...3...=...3...=...2...L.....Serialize..count..triggerType..browser..category.Started.UNKNOWN.ToastCheck^.......6...'...B...4...7...6...3...=...6...2...L.....new.ToastCheckTriggered.core.json.require...//DB9A0FF7C37F00E3166DD553C062BB88C90602770199F7960B2EEC270EF0A54D3C21FAC405EE0674D56658E9A95C6AD5634B3D339A5446A8EFA3BA814B4DF0DE++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\user_welcome.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):855
                                                                                                                                                                                                                                        Entropy (8bit):5.09899205467336
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:PJH1WJwqwsETwzyAdYETwM6RETwsbMWmQbwRo5AJbwzyAd1oBPbwM62ogFwfwtrU:PbLtRUbUM6OUsfmQcMIc+PcM6cFZkGs7
                                                                                                                                                                                                                                        MD5:242DE790F10E221CFD4F91D27D9A341D
                                                                                                                                                                                                                                        SHA1:BE59936901B8EDF61CDA23D30B98BE49F30D6D0D
                                                                                                                                                                                                                                        SHA-256:067F71BC6D7CC2D2CE85771B0766E8602DB8ADDDC6A187C78019DCCBDA31C1EF
                                                                                                                                                                                                                                        SHA-512:BBF694E9989738A7C42DC17DBAC2445BD792D107044D81F856B8071D3FF61BF1430C438FE1CC84664B678E9E6FFB84EE2D80B5BD8C668DEFC7AEB30A080D824D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var User_Welcome = function(){.. this.elements = {};.. this.elements["name"] = "UNKNOWN";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "User_Welcome";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//B640E262078A7FB18EEC4316F5EB7426599E82A0790B148C0B5EA99D7AAAC419040FCF4C9DD7587301323630B217443A70F0EE38D5F064C371250234BA8BCD10++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\webboost_upsell.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):871
                                                                                                                                                                                                                                        Entropy (8bit):5.0861911425915585
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:gTLtTFEL5M6OUsHFCmQcMIc+PcM6cFZTh/enE:gftT+L5iUsHFg+UQnl
                                                                                                                                                                                                                                        MD5:E4B60E95146066C85BBCA4A9FD4D700E
                                                                                                                                                                                                                                        SHA1:58F808A79615E2BDCF5EB9040DFCA8D61DD9EE6D
                                                                                                                                                                                                                                        SHA-256:841A932CBE059B97C9B3F3E2F018E832E4AE37406563706F7CAEA6EA6C7D53B6
                                                                                                                                                                                                                                        SHA-512:10B355A3F88E2B605DA07D4AB4F44D987ED3A041CE4F603BC0F1009A9C73B2BBB7A92FB4768EAB601BDB8510270C0E3834C215DCF4628F9F6E45184BEC114A87
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var WebBoost_Upsell = function(){.. this.elements = {};.. this.elements["name"] = "WebBoostUpsell";.. this.elements["interaction_type"] = "Impression";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "WebBoost_Upsell";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//0137FF8C3CC3358809560EE97A79C79C6828DADFA10210F59787270EB75675DFD3C9A52D0BE4BB8E791F2B2F66B769827486DC851278396C41444C46BFACB99A++

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\wssatpassisttoast.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1867
                                                                                                                                                                                                                                        Entropy (8bit):4.881326525476856
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:pFtdVUiUOU71U0DUmUjrUsTXwUi37mId1j7ny:TtdVUiUOUxU0DUmUjrUaX7i3yId1jzy
                                                                                                                                                                                                                                        MD5:8C453DFD17366776C451A5198A65EC33
                                                                                                                                                                                                                                        SHA1:4D1AD60BD8515FFBAEF64D7BF659C857C68EBB62
                                                                                                                                                                                                                                        SHA-256:48D3A924C6E5A31586764DE7747C4D6098C0F0CF40EAEC3B7EA986B74C807045
                                                                                                                                                                                                                                        SHA-512:66D7505492D067AE14F944FA20D24E3D18FB466A3ED5645B42B634F698637EE77D0383898CEAE0A0CBB6572553BDE73111BB30F0AB7C57119C5CB2D50F524FEB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:var WSSATPAssistToast = function(){.. this.elements = {};.. this.elements["category"] = "WSSATPAssistToast";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["counter"] = "UNKNOWN";.. this.elements["threshold"] = "UNKNOWN";.. this.elements["product"] = "UKNOWN";.. this.elements["variation"] = "UNKNOWN";.. this.elements["trigger"] = "UNKNOWN";.. this.elements["url"] = "UNKNOWN";.. this.elements["_event_name"] = "WSSATPAssistToast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.counter = function(val).. {.. this.elements["counter"] = val.toString();..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\uihost.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):858176
                                                                                                                                                                                                                                        Entropy (8bit):6.486858378721303
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:lMPwwvquKhovuPMoL3Yk5o0Qct+w+1uUpHTxQ3sT+UMcpV/JJcf27ihMZoCI1wVa:lvSFKg2sZMcpV/JKyi0PI1wCVL1
                                                                                                                                                                                                                                        MD5:D1BEFCFE26C5C2132BDABBF332306004
                                                                                                                                                                                                                                        SHA1:93BD6C3FA4F87278BE0A41E7EFF3263B362609E7
                                                                                                                                                                                                                                        SHA-256:C004F670B0A30E68D1FA49061C0014847D19A88CEFDC3A51BDBCF5BB300F11C6
                                                                                                                                                                                                                                        SHA-512:126D60B502DDAB1039A9457FC3E6B52049019BC8DBFAC0566DB0513BC9A04E142F5CBC6623F3AB121A0D6FF04FE94CBAC18203989390DF63E571538C97E03FC7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^..g0..g0..g0...3..g0...5.Ig0...4..g0.Y.4..g0.Y.3..g0.Y.5..g0...5..g0...1..g0..g1..f0...9..g0......g0...2..g0.Rich.g0.........................PE..d.....>f.........."....$.F..........@..........@.....................................A....`.....................................................x....P..p.......t.......@....`..@...<...p.......................(.......@............`...............................text....E.......F.................. ..`.rdata...S...`...T...J..............@..@.data...@........D..................@....pdata..t...........................@..@.didat.......0.......l..............@..._RDATA..\....@.......n..............@..@.rsrc...p....P.......p..............@..@.reloc..@....`.......t..............@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\uimanager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5406424
                                                                                                                                                                                                                                        Entropy (8bit):6.528801066295422
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:3D12ZAweoykRLDXap8Bgh7HMOfx0xpEmQM:zwZXRLDXaWBgh7s2x1M
                                                                                                                                                                                                                                        MD5:2A9466B91B587E3F6F0EFC307D7A7571
                                                                                                                                                                                                                                        SHA1:C3D8AA51FD4DFF7A1C66D3384AF18B3CAEEF61E7
                                                                                                                                                                                                                                        SHA-256:BBFCACBF4203D7A69FB94F46D35B08ED216B5F4C9329F95B69099DE6AEBED49B
                                                                                                                                                                                                                                        SHA-512:1244B06987D64FF3DF0064DE1A345783E2C1BAA0486B9C8E06A4E6D292A6972E25476DBFD69D3C00ACF72C4D8B279FAC41A09C560AE28592F99F350F3082B019
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$...............................@.......@.......@........................h......#............................... ..........................5...........................Rich............................PE..d...q.>f.........." ...$..<..<........3......................................pT.......R...`A..........................................K.<.... K.......S.P.....P.......P.......S.(...|UG.p....................VG.(...0.C.@.............<.(... .K......................text.....<.......<................. ..`.rdata...[....<..\....<.............@..@.data....8...PK......>K.............@....pdata........P.......M.............@..@.didat..H.....S......$P.............@..._RDATA..\.....S......&P.............@..@.rsrc...P.....S......(P.............@..@.reloc..(.....S......,P.............@..B................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\uninstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2772760
                                                                                                                                                                                                                                        Entropy (8bit):6.529357700123426
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:m8mQnkpPjye5ry5Lj3uqJfnhpM6c37BSBquZba:lnkpLry5LjpnzbcrXuZ
                                                                                                                                                                                                                                        MD5:19DF152A109B3ADA309DF4D746EFF367
                                                                                                                                                                                                                                        SHA1:07A64B74CB760F990F1ECFA26BA97C3A54C2DC96
                                                                                                                                                                                                                                        SHA-256:D7CC8F1D662E0ABAAEEE5B0FC7783C98C726CBFFE6D3175FD7BEACC2DA148BFB
                                                                                                                                                                                                                                        SHA-512:B20CE372AC1D928D28FAB9CC79728B1B75DFAB09EBCE8C5B961F29ADFDE5E6E456CD4607E72DE5BCF76DC1A9197551A5505D4440738ED2BD684B724B8FB71D2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......c.;1'bUb'bUb'bUbl.Vc0bUbl.Pc.bUb..Qc4bUb..Vc+bUbl.Qc.bUb..Pc[bUb=.Pc&bUbl.Tc0bUb'bUb&bUb..QctbUb'bTb5`Ub=.\c\bUb=.Uc&bUb=..b&bUb'b.b%bUb=.Wc&bUbRich'bUb........................PE..d....~>f.........."....$.....d......p..........@..............................*.....*.*...`.........................................@1 .(...h@ .......#.@.....".0A...@)......p*..,...8..p....................9..(....*..@....................& .@....................text............................... ..`.rdata...t.......v..................@..@.data........p ......X .............@....pdata..0A...."..B.... .............@..@.didat.......`#......&".............@..._RDATA..\....p#......(".............@..@.rsrc...@.....#......*".............@..@.reloc...,...p*.......).............@..B................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\updater.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2716008
                                                                                                                                                                                                                                        Entropy (8bit):6.572287125590082
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:B0b29tvWPbHy9CMjaVp1tb2LEeQBx0UQ8m1spEp5ysfnB:/9YHoCMjaVzg8mKpY
                                                                                                                                                                                                                                        MD5:D9EF75352B044EB8FBB7DC0EF93E7052
                                                                                                                                                                                                                                        SHA1:58725605F77B86534B4FA34450C4840DDFAD65FA
                                                                                                                                                                                                                                        SHA-256:724D118CADD47500AD7752C4E0AB3DF25542458238A7B91D5B4DEB86F2C37FAC
                                                                                                                                                                                                                                        SHA-512:606DB594D881200A89B7C6030FAD3E07C3920CC7B59B1DDE3112859D26413D427D61E6A5AB5F87BFE8F2631EC27CC9B2F22C021544B0D1503F0013D6428853D1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......u%..1D.\1D.\1D.\z<.]&D.\z<.].D.\.:.]"D.\.:.]=D.\.:.]FD.\z<.].D.\z<.]&D.\+;.].D.\1D.\0D.\.1.]bD.\1D.\.E.\+;.]ZD.\+;.]0D.\+;.\0D.\1Dr\0D.\+;.]0D.\Rich1D.\........................PE..d....}>f.........."....$.......................@..............................).....w.)...`...........................................$.$.....$.......'......0&..<...f(.h....`).4)...K".p....................L".(....a .@...............X.....$......................text.............................. ..`.rdata..............................@..@.data...Le....$.......$.............@....pdata...<...0&..>...4%.............@..@.didat.......p'......r&.............@..._RDATA..\.....'......t&.............@..@.rsrc.........'......v&.............@..@.reloc..4)...`)..*...<(.............@..B................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\wa-ui-uninstall.js

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10214
                                                                                                                                                                                                                                        Entropy (8bit):3.9178210410024463
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:/QL4RLAq8F9BeGgTcNPRzNPx6RlrC052h3:P1Ii2V
                                                                                                                                                                                                                                        MD5:DA6B610074FF870DF6BEF5351D7CA8E1
                                                                                                                                                                                                                                        SHA1:9DAF13E8CD2E82C06F7CFC7EFD6FCE0FAC3932E6
                                                                                                                                                                                                                                        SHA-256:8437CAF7C143E32A822E22935E3D689DB0AD930E65F5DD06F8946E8063E155BB
                                                                                                                                                                                                                                        SHA-512:2E8F4FED807E46568808FE718561D9A6E82973065AFA31E99465F3962511829AE58FDC18E268EBD617E984A5936E55E7518A6C02AE1CD518D9B30A9B63D3EEFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/* Uninstaller UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.UNINSTALL).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml(),.. _data = _core.data;.... ui.Uninstaller = function () {.. var checkProgressInterval,.. checkUpdaterInterval,.. checkUpdaterNumRetries ,.. buttonOkId = "wa-uninstaller-button-ok",.. buttonCancelId = "wa-uninstaller-button-cancel",.. buttonCancelCss = "wa-button cancel",.. buttonOkCss = "wa-button ok",.. version = _webAdvisor.getVersion(),.. el = {.. $header: $("#wa-uninstaller-header"),.. $content: $("#wa-uninstaller-content"),.. $footer: $("#wa-uninstaller-footer")..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\wa-uninstall.css

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3354
                                                                                                                                                                                                                                        Entropy (8bit):4.82572822613824
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:UKQqFbbgRjujt6whhzIr3EXNkd9ZcRx1+zRMJ9NDG4lzD+v8:FxFb8Rjujt6wr8r3EXNkFcRx1+zRMJ9H
                                                                                                                                                                                                                                        MD5:8B320241397D098AACB37ACBD8E25B3D
                                                                                                                                                                                                                                        SHA1:9F2A93A3FEB193DBE14FB43C47BFD40B0408CCD8
                                                                                                                                                                                                                                        SHA-256:FCF79DA4D417987F10F530E511B015620721E2B2A3799C297595D6AAE8EF51A4
                                                                                                                                                                                                                                        SHA-512:ECDAE1839B8B520838A141441DDA4ACE1FD3DEF27DB6676EBA5740AA44273DF09231B52BED3F7A790CCC017A06680CB687B1D896B2BAC1CAF7579D5B0CC9587D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:body {.. background-color: #ffffff;.. overflow: hidden;..}....#wa-uninstaller {.. width: 600px;.. height: 473px;.. border: 1px solid #BAC6EA;..}....#wa-uninstaller-header {.. height: 48px;.. display: table;.. width: 100%;.. background-color: #F5F6FA;.. border-bottom: 1px solid #BBC7E7;..}.... #wa-uninstaller-header > div {.. display: table-cell;.. }.... #wa-uninstaller-header .title {.. vertical-align: middle;.. }....#wa-uninstaller-header-close {.. float: right;.. position: relative;.. top: 12px;.. right: 12px;.. cursor: pointer;..}......#wa-uninstaller-content {.. margin: 24px 30px 0px 30px;.. color: #404040;.. font-size: 12px;.. height: 67%;..}....#wa-uninstaller-start h3 {.. font-size: 16px;.. font-weight: bold;.. color: #53565A;.. margin-bottom: 5px;..}..#wa-uninstaller-start h5 {.. font-size: 14px;.. font-weight: 400;.. color: #53565A;.. margin: 0px;..}....#wa-uninstaller-st

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\wa-uninstall.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1303
                                                                                                                                                                                                                                        Entropy (8bit):5.270909527295211
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:csY0TEL0GNVMz7jVMz7EVMz7VMz/VMzlLVMCdLG7OLG3LGt1LGzQMw8Qb:3XTEL0Sv265iCdLG6LG3LGt1LGzQMZQb
                                                                                                                                                                                                                                        MD5:82B24C6C9E8BF7C4ABCB6E696062E07A
                                                                                                                                                                                                                                        SHA1:2ED0BB97030493B7F43DD1370782974976433D97
                                                                                                                                                                                                                                        SHA-256:7EF680996011424FD257BBBB59FB4242A53DA47F90B3B9701E5BDB54141F68AB
                                                                                                                                                                                                                                        SHA-512:8CCB6BF59F64F6BA86474D95542D02CA639BC78C24691FE59AAC4B52BEE63174A0FE7E890B406BF03ABAE92CEAD6AB8BD947EF303B8EA832BD4866289AE5C4EE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-uninstall.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-uninstall-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-uninstall.js"></script>..</head>..<body>.. <div id="wa-uninstaller">.. <div id="wa-uninstaller-header"

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\wataskmanager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3588080
                                                                                                                                                                                                                                        Entropy (8bit):6.554888495920594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:7YK6qU7x7u0GZhw1HRb7/WZBmdsLdiGjf9oAPq8YHb/2Yh1syMR0/J3Pod:+wZhwv7tVCRY7eq1sy/J
                                                                                                                                                                                                                                        MD5:D74143B2FD3DB8F9407D36D0C1B5F8BA
                                                                                                                                                                                                                                        SHA1:93042E422794847FE8338E25A9BEA72BF929E643
                                                                                                                                                                                                                                        SHA-256:218FD9724A74DD5A9D9A73D04CC990DA7C9E47B23B4D86E267616558B77F7288
                                                                                                                                                                                                                                        SHA-512:095FE97B1427B9705423BDEE13BDA7FEE22121A1BB2E3FEC5F89C0D15639FBF977184573E08C98489B605846F7E6815660DCC27E730D38C5054D8A6AB4EB04A0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$...........................y.....y..................,.................y.............,.....................................s..........Rich...........................PE..d.....>f.........." ...$..'.........0w".......................................7.......6...`A..........................................1.T...D.1......@7.`....@5.,....z5..E...P7..^...Y/.p....................Z/.(.....,.@.............'.@.....1......................text....'.......'................. ..`.rdata..^L....'..N....'.............@..@.data...,#....2..<....1.............@....pdata..,....@5......83.............@..@.didat....... 7.......5.............@..._RDATA..\....07.......5.............@..@.rsrc...`....@7.......5.............@..@.reloc...^...P7..`....5.............@..B................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\webadvisor.ico

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):99892
                                                                                                                                                                                                                                        Entropy (8bit):3.9749743269785345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                                                                                        MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                                                                                        SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                                                                                        SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                                                                                        SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):676
                                                                                                                                                                                                                                        Entropy (8bit):4.824937383394461
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:ShnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:ShnPOaKioAjxEaN94MpEJq7SBlMZ79oi
                                                                                                                                                                                                                                        MD5:D4525EEF75A5ED31DD1463E94E63EE32
                                                                                                                                                                                                                                        SHA1:9D2B35EF3800BF1CD34F6AFE03EDF1B02F75B7EA
                                                                                                                                                                                                                                        SHA-256:E8BE10CE45725068D0B6F7B90C1F86C90B0F949B9FB4229CF9EE4A82DF9980E8
                                                                                                                                                                                                                                        SHA-512:E92548F4F2B49138BEFE5800DD459F0A9DB3062B32661D98BD9E393D2510E9B41822ABCA3FDF179A7EBCA6B8899E0634B668FDDD1D1A1E67D8A5876F11C85D18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):332
                                                                                                                                                                                                                                        Entropy (8bit):5.199984426997364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:3FHWb4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1Hi7Gv6iK1re/3dwwBi
                                                                                                                                                                                                                                        MD5:ED06108D883C1FFED6910F55AC4A5A3D
                                                                                                                                                                                                                                        SHA1:7974E1658801A128A23C0B2737545F2AB5C5F3F2
                                                                                                                                                                                                                                        SHA-256:B659E0167E9CEBFB8A031F259D840577B3897ABF3E91C2ABBE3E8F947598FF47
                                                                                                                                                                                                                                        SHA-512:075F93DE9A8065B939BD947D23F2D3F1EA793AFA492CA030B0B24C4FB223F85846A37DF908ED5DD08987AFFA60AB3ECB6ACA512C777F05E9DD7849976868D6E8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.chrome.extension.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):675
                                                                                                                                                                                                                                        Entropy (8bit):4.830153549273225
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:JaWhnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:JaWhnPOaKioAjxEaN94MpEJq7SBlMZ7R
                                                                                                                                                                                                                                        MD5:B09DB140B1A6360DC1D7F6BCF9D85B22
                                                                                                                                                                                                                                        SHA1:09839EFA3B9055D51BFE566E9F5F8B7529B085D2
                                                                                                                                                                                                                                        SHA-256:395D1298C7E5A9D6A7F45A0A84F89A0652DE890F202812FE3EF0DA830F24A98C
                                                                                                                                                                                                                                        SHA-512:F1539E728D9F7DB8870CE58D2B4C49431DB288DD4D26D3C3D52374BB1B856001E8BF541650CF77813308060EDC57939E35E0B21D99EE18F0D2681FE052E91145
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.firefox.extension.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                                                        Entropy (8bit):5.221057694206649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:3FHWEas4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1HZaW7Gv6iK1re/3dwwBi
                                                                                                                                                                                                                                        MD5:49D8FD2B7CDD52D1CD2F2F3F019A597D
                                                                                                                                                                                                                                        SHA1:62548306CE140C5336570EB02D4AF566121CFC65
                                                                                                                                                                                                                                        SHA-256:B114F82CBCB910A1F282E823266801468571F3F2DB9802AFFD3C758F933CE9C2
                                                                                                                                                                                                                                        SHA-512:3F9FA7C2D56A3BA12690D1D2107FC12D66CC6294D0C1A5003221E4B7A6C6481197BFD05CDEFFDE09F2D2AEF55132CE8CBEB40953AD25A96BF40675907FE68B16
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3060712
                                                                                                                                                                                                                                        Entropy (8bit):6.7809760106128545
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:UCO7YmPHylVj3myfphYVoY5GOb1yv4nzwrD05xtnew54/3vZnBDKg/F86bBt1TAv:Ut06HI13RfoS+rFxtx+3Xfs
                                                                                                                                                                                                                                        MD5:DAEB30ACFABE42C4815D04673D167B63
                                                                                                                                                                                                                                        SHA1:23BA3E0CF2BCA87AB6A984A9D2F846BF5832E1B2
                                                                                                                                                                                                                                        SHA-256:F6BCA637D5CF3D5EBA4C9B48B6825EBD8A0F324A59B70D756E153B6585666CA7
                                                                                                                                                                                                                                        SHA-512:5678CE77B1B73EB0FBEB96CA305B411B4AD7B2C4A5FF78370C9F216DBED36386FFE6411328DDBD6476965C7ACD89B4BC7C15DE9354EE98C5B4F88D9968630440
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........8.w.Y.$.Y.$.Y.$.!.%.Y.$.!.%UY.$;'.%.Y.$;'.%.Y.$;'.%.Y.$.&.%.Y.$X,.%.Y.$[,.%.Y.$.!.%.Y.$l.%.Y.$U,.%.Y.$.!.%.Y.$.Y.$FX.$.&.%.Y.$.&.%.Y.$.&S$.Y.$.&.%.Y.$Rich.Y.$................PE..L... .>f...........!...$.."..,................".............................../......./...@A..........................*.....|.*.......-...............-..!....-.@.....).p...................@.)...... '.@.............".......*......................text....."......."................. ..`.rdata........".......".............@..@.data.... ....*.......*.............@....didat..`.....,.......+.............@....rsrc.........-.......+.............@..@.reloc..@.....-.......+.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):662504
                                                                                                                                                                                                                                        Entropy (8bit):6.664375265298234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:D1btYO+v7ftQNF8XpEB3iePkNEoj+rgSfshPyMjEmjM0ZQ15E:Rb3g4oj+pMjEmw0O3E
                                                                                                                                                                                                                                        MD5:29D2C8DF586879A81D8B4E21C1916A4D
                                                                                                                                                                                                                                        SHA1:221EE1EB754113636BDACD00A18F9E59661F4EBC
                                                                                                                                                                                                                                        SHA-256:CE6D31F4CA28D5EDE624FD724E8A99CFB47776391A4339090B1ABBBF7A0BE4D8
                                                                                                                                                                                                                                        SHA-512:7CDBC57D37DB1468960F871F55E639FEEE954661E0D159A38ECCEF6C2270606E32AD49779FE409EDE69CAE960FCFBC52E309115D7796A27FFAE914A256377130
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......#..~g.-g.-g.-<..,h.-<..,..-V.}-e.-..}-f.-5..,?.-5..,w.-5..,~.-..,f.-<..,..-<..,w.-s..,e.-..,k.-...,h.-g.-B.-..K-b.-.,f.-.,..-...,j.-...,f.-...-f.-...,f.-Richg.-................PE..L...x1.e...........!......................... ............................................@.........................P.......(........p..@........................^...A..p...................@C......pB..@............ ...............................text............................... ..`.rdata..V.... ......................@..@.data....Y.......@..................@....rsrc...@....p.......8..............@..@.reloc...^.......`...<..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3484392
                                                                                                                                                                                                                                        Entropy (8bit):6.545556365357322
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:7IxMdBZq+DEOrOVE3fuJmCRhd+43jN52BA7kAr9S7oilYb4Jud74hy36RO:XEOrO1jNYSpilYndq0
                                                                                                                                                                                                                                        MD5:86DD7104F29B84681116801719336DEC
                                                                                                                                                                                                                                        SHA1:28493BC9FD3D0A5C8B2F6311F6D061C8286B612C
                                                                                                                                                                                                                                        SHA-256:4F98836C41B72B529C5B14E3001F71A1100772BAE5392803176EBCAB8FBD6C7B
                                                                                                                                                                                                                                        SHA-512:5179913F8AD2CE23276CBCC387A3789F02F824D59FABA1CC8F12780C027A63256FA9A356C0A950B697EF0C2EACCD66F064445FDA4952D092617186FC2E7169DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........e....eU..eU..eU.|`T&.eUHzaT..eUHzfT..eUHz`T..eU.|fT..eU.{`T..eU+qaT..eU(q`T..eU.|aT..eU..`T..eU&qaT..eU.|dT..eU..dU6.eU.{lT..eU.{eT..eU.{.U..eU.{gT..eURich..eU........PE..d.....>f.........." ...$..&...........!.......................................6......h5...`A.........................................y0......z0.......5.......3.......3..>....5.dZ..l.-.p.....................-.(.....+.@.............&.8...Hu0......................text.....&.......&................. ..`.rdata........&.......&.............@..@.data.........0.......0.............@....pdata........3.......1.............@..@.didat.......p5......~3.............@..._RDATA..\.....5.......3.............@..@.rsrc.........5.......3.............@..@.reloc..dZ....5..\....3.............@..B........................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):822640
                                                                                                                                                                                                                                        Entropy (8bit):6.402981551979998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ESMUeSJFVwoykQGh5YHWSGBjfWeVoNErPgd7hFn:ESbRJFBykQ8YHWvFWeVKErPgf5
                                                                                                                                                                                                                                        MD5:B2985F3137A70B3F64FEE061CCC5F2FC
                                                                                                                                                                                                                                        SHA1:6AF2342DDC4ACBF308D519C5857EFE3F3733F55E
                                                                                                                                                                                                                                        SHA-256:2D7698E65AA98EB6BC73BD387B4FE3730F22096907E9D4EDA206BF217BA0A7AC
                                                                                                                                                                                                                                        SHA-512:246F33DB73132333EF140CCACB3479F38C72698D1BDE960B698ABC8509600A031FED67554DB7B08328FBA6DA3372E0FCC252B11CFA712448B2B69E0D08F3F660
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.........Wm.9>.9>.9>..:?.9>..<?P.9>...>.9>..<?..9>..=?..9>..:?.9>S.<?.9>..=?..9>..8?..9>..8?.9>V.<?.9>r.<?.9>.8>.9>3].>.9>y.=?.9>y.<?..9>).0?.9>).9?.9>)..>.9>).;?.9>Rich.9>........................PE..d...R1.e.........." .................................................................[....`.................................................x........P..@........x......p....`...... ...p.......................(.......8............0..(............................text............................... ..`.rdata.. ....0......................@..@.data...Tt...@...L..."..............@....pdata...x.......z...n..............@..@_RDATA.......@......................@..@.rsrc...@....P......................@..@.reloc.......`......................@..B........................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSE

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSES.chromium.html

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8851986
                                                                                                                                                                                                                                        Entropy (8bit):4.750815293212135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:fUrV6CV675knWSgRiPyQlrUmf1C6C6y6Z6/678HaBMypuO:sfhaw
                                                                                                                                                                                                                                        MD5:8E263CC42A54CE9A3562008EADE01062
                                                                                                                                                                                                                                        SHA1:5053B8D240852729C73282C9D2C2BEB3D749D2E7
                                                                                                                                                                                                                                        SHA-256:6F95E9FF1F5C55233BCB1520C1296A0C7AFF9CB4D864086DA191ACB77E7A068F
                                                                                                                                                                                                                                        SHA-512:D25652D9F8CA416219DCFD742AE330319386D499C1C70BC1830A68F6F4EB5CB01072C7986157E26C4298D4587AF06D33D0B8C8FF0CEC6069577C418618FB0E4F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may use, copy, modify this code for any purpose

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_100_percent.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136004
                                                                                                                                                                                                                                        Entropy (8bit):7.915638220816395
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TzwJCGIekwc9W2bg3yhPaL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Tzw1IekZ42k3yMK18Gb0OV8ld0GecQ35
                                                                                                                                                                                                                                        MD5:E4CBB48C438622A4298C7BDD75CC04F6
                                                                                                                                                                                                                                        SHA1:6F756D31EF95FD745BA0E9C22AADB506F3A78471
                                                                                                                                                                                                                                        SHA-256:24D92BBEB63D06B01010FE230C1E3A31E667A159BE7E570A8EFE68F83ED9AD40
                                                                                                                                                                                                                                        SHA-512:8D3EA1B5CA74C20A336EAA29630FD76ECD32F5A56BB66E8CEF2BCE0FA19024EA917562FD31365081F7027DDE9C8464742B833D08C8F41FDDDC5BD1A74B9BC766
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....................;.........x.........e...................V.....P.............i!...#...).....8...;....@...VC....E....G...>J....L...^N....R.....U.....Y.....Z.....[.....].....^....c_....}e.....k....5m.....n....2o..h. p..i.Aq..j..s..k..u..l..x..m..|..n.&...o.....p.......`.................L.....?..........................................................H.....X...........=...........w......#.....*....s,.....1.....4....k>.....A.....I.....M....gW....a....e...mg...8p....x....y....{....|...........................h........l........~........G....u.........h........h....=..........................................c.....7.....................;...............................................f.....B.......................T...........?.....5... .*...#.".........H......................................(.....{.........................................................../...........J.................q...........R...........2.............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_200_percent.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):195949
                                                                                                                                                                                                                                        Entropy (8bit):7.941377697125107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:ZDQYaE/N6Mrvy/3JPD9W2bg3yhPaafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+y:ZDQYaSN6svydD42k3yxgx5GMRejnbdZR
                                                                                                                                                                                                                                        MD5:99B95D59D6817B46E9572E3354C97317
                                                                                                                                                                                                                                        SHA1:6809DB4CA8E10EDD316261A3490D5FC657372C12
                                                                                                                                                                                                                                        SHA-256:55D873A9F3AC69BBF6EB6940443DF8331EBD7AA57138681D615F3B89902447E7
                                                                                                                                                                                                                                        SHA-512:3071CFEB74D5058C4B7C01BFE3C6717D9BB426F3354C4D8A35BD3E16E15CDE2F2C48238CB6382B0703B1CC257D87FCECFB84FBF4F597F58E64463CEEDE4366DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....................B...................................$....).....,...T4...8....@...D...AY....n... s....}.......k.........]........D....h.....q.....+..................................).................Q.........h.M...i.8...j.b...k.V...l.[...m.....n.....o.....p.?...........;.............................9.....OH.....R...._U.....Y....?c....He.....h.....m.....x.....z..............3.................S...............o................................&..............&..............&....;....S....n....;..............9....7....$....E....6"...^%...[,...y/...6....>...A...h...i...n....ns.....t.....v.....w.....x.....z.....{.....}.....~....W...........r.....`.....A.....".....:.....@.................%...........>.....b...........w.....K......... .....#.m....g........"........./.....e.....>.................R...................................(...........M...........~.............................y.................U...........S.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\d3dcompiler_47.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4922000
                                                                                                                                                                                                                                        Entropy (8bit):6.4005523440244385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:6CZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNh:BG2QCwmHPnog/pzHAo/A6
                                                                                                                                                                                                                                        MD5:FF94158AAE261FEDA9A4E890687EC159
                                                                                                                                                                                                                                        SHA1:73E18C24C24BBBE4B9A6610449E107340DD5A1AA
                                                                                                                                                                                                                                        SHA-256:59BC90CFCB01297C5CF55F3B9B64355ABE9B1E8E1BCC91ED6F6F63613E632F48
                                                                                                                                                                                                                                        SHA-512:3F195D7F3A5D2183F6E566B4CDFF6D02BF79F31C4D6582EA80FBBEA84E0FE903329D8804E77F54FB9ED42429C7395C2DA4B71DADC6F64C31A94273915DB95ADA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....<.L...`A........................................`%G.x....(G.P.....J.@.....H.......J..:....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\ffmpeg.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2896528
                                                                                                                                                                                                                                        Entropy (8bit):6.71818880996116
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:n0h7iln3U9ZzcZ90CvaQL3nm2+hTf6yfPvJr8PNSt2wLlDZMkSf2F:Hnke90dCnmMyMkSe
                                                                                                                                                                                                                                        MD5:3D5EC97BDBBA444EE7D32A654000639B
                                                                                                                                                                                                                                        SHA1:674978EC1A6A0651A8530C5C38773F6425CAFD7A
                                                                                                                                                                                                                                        SHA-256:303E741ACC90EC72962D9C658BCDA184340338E5C1198900DF3D7A96BB3A8BF1
                                                                                                                                                                                                                                        SHA-512:CF86144EDD8D03D0BB94740D1FFC6EA173DED4C10AD45C4A20F13DEE1062150FADBA6866C8C00E0B188BA465152718FF9DC36A61EB72F18C4AF6B375605EFF9D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....ce.........." ......#......... ........................................@B......5,...`A..........................................*.......*.(.............@......+..:....B..3....).......................).(....2#.@...........H.*.P............................text.....#.......#................. ..`.rdata..L.... #.......#.............@..@.data.........*.."....*.............@....pdata.......@.......*.............@..@.00cfg..8.....A.......+.............@..@.gxfg....,....A.......+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...3....B..4....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\icudtl.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10631872
                                                                                                                                                                                                                                        Entropy (8bit):6.276946936240822
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:1IPBhORjFQwCliXUxbblHa93Whli6Z86WOH:1kwVAliXUxbblHa93Whli6Z8I
                                                                                                                                                                                                                                        MD5:62880B7D351A9F547B62B8DA6C97CE25
                                                                                                                                                                                                                                        SHA1:057F11003013CFB3F1C63E6BDD4F2F9949FF0104
                                                                                                                                                                                                                                        SHA-256:7C40C811D30D459DBF04A04C141B60EB4247CD58A008FB836605317DF665748F
                                                                                                                                                                                                                                        SHA-512:0D6F83175A91D90F4CC3EC4D9071B7ACD0CD8EBBCC592322E46FDE2ADB7198E035AF62C45A11A622F2A908E26D4DD8B8D1AF023E634A74D0824D02C791BA3C1A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .....tE.......E.......E.......E.......E...6...E...6...E...g...E..@h...F...h...F.....$F.. ...7F..@...JF......]F......pF.......F.......F..p....F......F.......F......F.. ....F......G..0....G.......G..P...AG..@...TG.....gG..P...zG.......G.......G.......G..0....G.......G.......G..@....G.......H..P...%H......5H......HH..P...YH......mH......}H..@....H.......H.......H..P....H.......H.......H..@....I.......I......0I..@...AI......UI......lI.. 0..|I..p0...I...0...I...d...I.. e...I..`h...I...h...I...i...J...J.."J......>J...!'.UJ...-'.lJ..@.'..J..05'..J...5'..J...>'..J...>'..J..PC'..J...F'..K..@G'./K..`.(.FK....(.cK....).|K..P.)..K..0H*..K....*..K....+..L...o+..L...x+.5L...y+.NL..0|+.eL...}+.~L..@.+..L....,..L....,..L..p....L...\...M.. ....M..0...:M..@...JM......]M......rM.......M.......M.. ....M..p....M..../..M..../..M..@./..N..../..N..../.$N..@./.8N..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libEGL.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):495760
                                                                                                                                                                                                                                        Entropy (8bit):6.409208933540656
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:pg9l96cDNg9883RGYrMkNOCzLEUU2s2LXxvZ:pqlYcq68hvrMi4ULP
                                                                                                                                                                                                                                        MD5:17B27CA1649A7AC14A26574D6C9E2028
                                                                                                                                                                                                                                        SHA1:3583DB54838E50DE777D4246EFE49F5A8743770F
                                                                                                                                                                                                                                        SHA-256:6F763E395FC4650A2A17BAE1CF3A268B1A6B4EB081D19D7868522476E2F91C12
                                                                                                                                                                                                                                        SHA-512:3620616AA90077ECF89E787ED2D2644D8AF3C0A79FABFD8E89C68941DF3CCBFBD83687B3956F3882EE27E409EBCBE5093A102B49ACFA3C1D10C92027A9EEEC7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....ce.........." ..... ...0......P.....................................................`A.........................................".......0..(.......x........B...V...:......................................(...@1..@............4...............................text............ .................. ..`.rdata.......0.......$..............@..@.data....K....... ..................@....pdata...B.......D..................@..@.00cfg..8....`......................@..@.gxfg...`$...p...&..................@..@.retplne.............<...................tls....!............>..............@..._RDATA..\............@..............@..@.rsrc...x............B..............@..@.reloc...............H..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\libGLESv2.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7508112
                                                                                                                                                                                                                                        Entropy (8bit):6.488303026501504
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:pAgpTkR1Ff1SCUDuVyALwkQyx9StmZe5wXVrjD:q9GPc+kgcXrj
                                                                                                                                                                                                                                        MD5:6CA5C317701092DDAF7500A55F6B9B42
                                                                                                                                                                                                                                        SHA1:74532206A38649A56F5AAA4756D3983797BFFA13
                                                                                                                                                                                                                                        SHA-256:549E1ADD7364EF61573830371528DE024AAA8F2C38DCCAB676C0CB8706788FF5
                                                                                                                                                                                                                                        SHA-512:6900136D42EF7963D632BBB4BC2C11346011CEF57AB63D6ED87F0BCF8398584B6A0F693FB3FAC0A6A89D5D50E74D128397A7D45B3ED1DB87376EF239B90D70E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....ce.........." .....bW...........J......................................`s.....3.r...`A........................................=.i......j.d....pr.......o..T...Vr..:....r.d...|\i.....................P[i.(.....W.@............j.....`.i.@....................text....aW......bW................. ..`.rdata........W......fW.............@..@.data...4.....k......lk.............@....pdata...T....o..V....n.............@..@.00cfg..8.....r......Jq.............@..@.gxfg....+....r..,...Lq.............@..@.retplne.....@r......xq..................tls....B....Pr......zq.............@..._RDATA..\....`r......|q.............@..@.rsrc........pr......~q.............@..@.reloc..d.....r.......q.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\af.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):435973
                                                                                                                                                                                                                                        Entropy (8bit):5.420771352473224
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:yL0N/vpzXda2KCh2bM70i2Jyngy86BVCgIxHSt2lyV9V5t/te6AziApNi2:yL0FxzXda2LIbM70i2Jyngy86BVCgIxZ
                                                                                                                                                                                                                                        MD5:D16EF573959CF5CF0A6EEA20136B9C0B
                                                                                                                                                                                                                                        SHA1:E3384AE3EE92E1DAE47A48E45589372E940AAB33
                                                                                                                                                                                                                                        SHA-256:73A8401E6DC17C4DAF86B42C65B81359348F7E6B4D62D8637138E747BB3FF0AE
                                                                                                                                                                                                                                        SHA-512:064C2912F766F10EC042ADF82709AC9582CB8430E3550690FC17343C380DCBABADC0084E08AA5F3EB6FAF79A652D26E1FE2606625A180B7F47808DF07A566933
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.J...h.R...i.Z...j.f...k.u...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............".....*.....2.....:.....A.....H.....O.....P.....Q.....V.....c.....r.........................................M......................._.........................................1.............................b.......................V.......................e.......................q.......................m.......................x.................*.................[.....r.................$.....5.............................B.............................].......................Q.......................-.....U.....^.......................&.....x.......................r........... .....7.............................r.......................P.......................H.......................k.......................>.......................>.......................d...........0.....D.................\.....~...........B.....v.......................=.....K.................$.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\am.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710422
                                                                                                                                                                                                                                        Entropy (8bit):4.889515373188112
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:xzCqEYtxbGUTZwuMhqNx9TvLB/m/+9zT85J933Vw0upOAPxx30jH8+V:5CqpxSUTZsqNxlLBu/+9zT85J933Vw/o
                                                                                                                                                                                                                                        MD5:39A396FCE4D93F744B3C786D62D2686C
                                                                                                                                                                                                                                        SHA1:7EC8176E652B666B6AB9FFFB6CB9B7DCFDD1A2A2
                                                                                                                                                                                                                                        SHA-256:0B1D326BE9DABCDA8E37740017383F2D8F1BEC7A8FDB1F11EBE538C3632453FD
                                                                                                                                                                                                                                        SHA-512:798063B51F745FC2C9E7F852F72CE55939ED41305D070D1844C790755F7AB42A6830406BA2485237D37A0C46B804512E7DC37C65B7F03249C28741A4F706017A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."k.e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.4...}.F.....N.....S.....[.....c.....k.....r.....y.................................................................L.....l.....-...........\..........._.....!.......................;.................L.................'........... .....j.....................................................I...........b.............................n...........9...........*.....I.....$...........k.................o.................2.......................^.............................n.......................'.................*.............................7.................$.............................`.............................-.....T...........L.................A.............................M.................|.................:...........^.................~...........`...........S.............................1.......................J.................8.............................(.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ar.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):776660
                                                                                                                                                                                                                                        Entropy (8bit):4.901282904991353
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:OzoB4gW/B/RbVGQKvvYUNDjwkhb5YNip+olYMgSENX//:Ipg55X+L
                                                                                                                                                                                                                                        MD5:14B15761CB9D4E1956812DF8B42C2AEA
                                                                                                                                                                                                                                        SHA1:7C25580D892711B9EFF1A3ACE4E6699EA64E0706
                                                                                                                                                                                                                                        SHA-256:C8D405127B032587E6AE6426A35CB766139BAE26170CA08D811354486AB667F8
                                                                                                                                                                                                                                        SHA-512:EC9A6E6E715C817726AD744FADCA4D1AF3015D95421774CCFE54D616225B7A17E862E086FE0AEBB3A903D2EBFB27779CFFCD713D3042ECDF9761C24C5A56CDCF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.....k.....l.9...n.A...o.F...p.S...q.Y...r.e...s.v...t.....v.....w.....y.....z.....|.....}...................................................................(.....E.....|.......................5.....Y...................................g.......................\.................q...........K.....b...........U.................>...........".....g....."...........4.....Z.....9.......................M...........A.....o.................K.....f.....m.....Z...........9...........G.....q...........8...................................A.....a.................;.....Y...........X.................N...........8.....\...........a.................=.............................U.................W................./...........*....._...................................A.................F...................................N.....t...........k.............................n...........M...........+.....b...........p.................-.............................1.................E

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\bg.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):807254
                                                                                                                                                                                                                                        Entropy (8bit):4.657332043590551
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:05iZCv/q5ftlYMdAs1axUB4x3aCKGtVDqSmvunp8dIO+5ZJquLRlbQDwN/6ZIQ6Y:0mCv/q5ftlYtUB23a0tVDqSmndIO+5Zk
                                                                                                                                                                                                                                        MD5:01DFB1A7815613FA0A5411235F45B27B
                                                                                                                                                                                                                                        SHA1:3BF1EA5597AC77B26BD30CAA1EFEA7CB4F7A1B19
                                                                                                                                                                                                                                        SHA-256:13D08D2C4972CD18BB8EA8A57587DAD29684C2336F73282DD3284B0649377CF8
                                                                                                                                                                                                                                        SHA-512:5D8A65E5A17AA163FB679E003E1837EA96E515B105C9977029A5CA4854845289DE5D65C0EDFD473CB74410C5CACDB5B360F25A69776705FB05F48688D92680DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."z.e.Z...h.b...i.j...j.v...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.%.....-.....2.....:.....B.....J.....Q.....X....._.....`.....a.....f.........................................c...........k...................................n................._...........&...........Q.................V.................T.....@...........`.................r...........>.....(...........t...........r.............................].................,...................................T.....{.....".................-...........R.................y...........i...........8.................+...........>.................7.............................L.............................M...........).................'.........../.....q.................G...................................n...................................z........................ .....!....@!....0".....#.....#.....#.....$.....%.....&....Q&.....'.....'.....(....G(.....(....r).....).....).....*.....+....8,

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\bn.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1043696
                                                                                                                                                                                                                                        Entropy (8bit):4.274774940218697
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qiTj8zSyVwde8yRWFyW2Ge/a/0hfI0PLvCIOvkMBbStDn5JiXlZ0:bTj8mySc8VcE8vBO7Bby5Il2
                                                                                                                                                                                                                                        MD5:FF4F966849B4107535E41D037D9144C7
                                                                                                                                                                                                                                        SHA1:3A973857B061914E8905BDA7E8F2BDAFA384588E
                                                                                                                                                                                                                                        SHA-256:2DC26DEE345271F4606650912B0B7B5DF68F621F2920864E0E36C1D1B22459B1
                                                                                                                                                                                                                                        SHA-512:98772F266F9553F77F91B11DC4589EC8A0930554E9E0B381BBACD8D23CE794C04F6FE821388A6E87CB14CB59C7522C18C06B1AF11FC177C7E40EF71242ADCBA7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.N...h.V...i.g...j.s...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....E.....M.....T.....[.....b.....c.....d.....i.............................E.....O...........G.....<...........................................................J...........F...........s...........`...........e.............................y....._.....6............................._...........[...........m.............................Q.....u.....m...........g.....0.................A...........y.................x...........=.....`.....@...........Y...........U...........Q.....}.....5...........).....O...................................X................................... .................f...........C.................>.................9.....e.....M ....&!.....!....5".....".....#.....#.....$.....$.....%.....%....'&....*'.....'.....(.....(.....)....?+....2,....e,.....-..........C/...../.....0....G1.....1.....1.....2.....3.....3....(4.....5.....6

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ca.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):491145
                                                                                                                                                                                                                                        Entropy (8bit):5.414447286175489
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:k8E42a7G6ELn1R355PAF4N3Mw2juwHzejm0XNlGq8EmsTRvIs3cmlLEY0CJ7MyUw:iiQpDR+Vac/MNI5/EB5HTBaY
                                                                                                                                                                                                                                        MD5:A0B45B122241CF0C11A081EEFB9CB4C6
                                                                                                                                                                                                                                        SHA1:91FD660A4688AAA70FEE42E783B8B1863B4D11D7
                                                                                                                                                                                                                                        SHA-256:7D911CDA51564500DD7A6DE43A1E347869427C035B15FA25CAD0526BE9E055B1
                                                                                                                                                                                                                                        SHA-512:ABCB3BCB96934189CDFD52528CD7C65EA870C9B997BF6349599B7064FE6F4BEF0D34809F0F958E4D4E46486E7C0A41F86B5ED0A132BBF20743D41F3AF64788B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.N...h.V...i.^...j.j...k.y...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......!.....&...........6.....>.....E.....L.....S.....T.....U.....W.....q.......................m...........i.................].................R...........6.....U.................P.....m.................O.....b.................F.....W...........A.................6.......................~...........&.....:.................+.....?.................b.....}.......................#....................... .....p.......................N.......................N.......................].......................J.......................#.....n.......................^.................&.......................[.......................V.......................m.................<.................".....|......................._.......................i.............................?.................L.................".................$.....D.........................................0.....L.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\cs.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):505998
                                                                                                                                                                                                                                        Entropy (8bit):5.852692589945994
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:MI6vfxlz7skzhZZD7ZUVNzrAMnz15/8VEgkNOQw3SBbY8Qm:9mbz7sobnZUVtRz15/8VEzNOl3SX
                                                                                                                                                                                                                                        MD5:1101C784521A550B0561B363722086DE
                                                                                                                                                                                                                                        SHA1:838F2BFE3432B87B950A2EC5D9862D2F58FDE3E5
                                                                                                                                                                                                                                        SHA-256:CC6FF937D1C9FEC4634DB4E2F6C0718D2606FE2D5D25ADDF1314E110C5B78772
                                                                                                                                                                                                                                        SHA-512:ECA3CE2075D3C920116C9E34957631E0617A869467BB76B09873AE96F7803F20032A6DD0A0F785F9E59DCFCE3A4CCECDAB2D445A860BEE20D42E140B45E74089
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.*...h.2...i.:...j.F...k.U...l.`...n.h...o.m...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....3.....C.....U.....g.....|.......................).................".....1...........4.........................................?.......................;.......................>...................................U.....w...........^.........................................;...................................I.....c.................2.....I.......................,.....{.......................j.......................~.................(.....y.......................n...................................(.....<...........1.....u.................$.....?.....S.......................4.................'.....=.................^.................;.....V.....j...........M.....}.................l.................8...................................b.................f.......................[.......................n.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\da.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):457300
                                                                                                                                                                                                                                        Entropy (8bit):5.462360584216823
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:CVNYzbxqzVBYO5c0orUrnwlH2oJwREbtEbvvXe5aNrRppd4gTGqfwQ:CV4bVLr2nQJ5SrJTpB
                                                                                                                                                                                                                                        MD5:5B033C206820ACE5EB4C6F82AED34A5D
                                                                                                                                                                                                                                        SHA1:28017CFC13259273022059F02564FFC99DCD75A4
                                                                                                                                                                                                                                        SHA-256:1A51DE04CB205C708520F1B013447F1A89F0B1330DBCE6D1E71CF355319D1108
                                                                                                                                                                                                                                        SHA-512:E423069F7A895179EA17BE5774284E9E2E27F02C40BAC7D7211CAB77348800622796F04C3E6618905364E189CA5EC772ED7DBD285872777D163D3EBEC08A64D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."v.e.b...h.j...i.{...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.$...}.6.....>.....C.....K.....S.....[.....b.....i.....p.....q.....r.....t.............................0.......................e.................,...........>.......................q.......................d.......................L.....v.................M.....|...................................K.......................r.................+...........4.................1................./.............................l.......................E.......................0.......................6......................./.............................n.......................W.........................................H.......................,.............................].....z.................r.................B.......................B.......................Z.......................V.............................-.....c.................^.......................8.....T.....a...........#.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\de.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):488577
                                                                                                                                                                                                                                        Entropy (8bit):5.513232917056381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:hHb3YfHLHsf63K7UpTzighla/nxDUBEmw3Am0o268dz5qRwT1MROI+ChF:yzY63K7UpCgvaPhf0p5q9+ChF
                                                                                                                                                                                                                                        MD5:7CCDC41A3DBDF89058D71629225664AE
                                                                                                                                                                                                                                        SHA1:E15C35B18685D9573349FF4247733B5F5ADA8717
                                                                                                                                                                                                                                        SHA-256:163EA4C2CF67EDD0526A8E18D3810872E92A1D4E17B5CF4F04107FDA5967B0C9
                                                                                                                                                                                                                                        SHA-512:13B20B0DB02A0A7480C56C79304EF594353507E1A30DA0130B73AA8E9EC7636F306315A6F40729B10DC725F936642D2E2B282ED3040A079A6F25A7F9F7F1AE28
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|...............................................................................................z.................g...........'.....<...........4.........................................Q.......................|...........&.....:...........@.....w...........)...................................H.....Y...........[.................B...........(.....B.............................f.......................w.................#.................".....3...........@.........................................?.......................h.................!.................K.....].............................c.......................].......................[...................................N.................O.....m.................i.................4.......................v...........N.....X...........u.................Q.......................m...................................L.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):885915
                                                                                                                                                                                                                                        Entropy (8bit):4.739553297972224
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:W1YcXPeGgx1vhxi6o/mqHMeD2fpaEAj0vSKjaEA3H8EuiEc7t2DQ739Qtf2ktKMq:AYcXPeGgx1vhxi6o/mqHnD2fpaEAj0vC
                                                                                                                                                                                                                                        MD5:2B391B2B35F7E096F696FAF5DC093366
                                                                                                                                                                                                                                        SHA1:1409134A46FCB84457A0E332EDDE98F7666246BD
                                                                                                                                                                                                                                        SHA-256:F1FE39AF50F4BFE9EDCEA3AF6C132E87D464D7277FB491ED95D7189B3157D20D
                                                                                                                                                                                                                                        SHA-512:AA640CA41DC9D4F60392B61BBEAD215345ABD32369B0DE90ED1D7CA2FF7A838D04689D538789A1ADC0324FE4539C34DB26B6C245155E51FB0308AF13B60BFDAE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."w.e.`...h.h...i.p...j.z...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.).....1.....6.....>.....F.....N.....U.....\.....c.....d.....e.....g.......................&.....M.....+.............................n.......................,.....^...................................#.....y...........?.................>.................,.....e.....m.....g...........6.................G.....b.....I...........w.................N.................8.....0...............................................T.................b...........P...........g.....A.......................m...................................,.......................".............................#.....+...................................*...........S.................e...........S...........m.....-............ ..... ....P!.....!.....!....~"....@#.....#.....#.....$....k%.....%....$&....N'....i(.....)....X)....Y*....@+.....+.....+.....-......................s/....=0.....0.....0.....1.....2....N3

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\en-GB.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):398638
                                                                                                                                                                                                                                        Entropy (8bit):5.532075614025896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:bY/F2I4WPMdRwa/YBNSxMP9eFESofaYvskuN5jVS6B7RuKv:btpswRxMSESau5RSuv
                                                                                                                                                                                                                                        MD5:745918A5A74C7B6F4818A8BB8813F456
                                                                                                                                                                                                                                        SHA1:031F50286D003844425DDAC557E13E2EA4554BC2
                                                                                                                                                                                                                                        SHA-256:91BDBF5F1F6BCBCAF16E47865F72EC97D72C74174FB929F089D14C00989F91F4
                                                                                                                                                                                                                                        SHA-512:5A1EB0231352705BAB527AB27543612D75CB00C522620828CE2A0FDB0B47BE9DAA2DD7A192F8B4BF299007C5AF1D9515F900B9586BA44DD2BD9F4CD4436AA681
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.8...h.@...i.N...j.Z...k.i...l.t...n.|...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.....W.....f.....v.................Z.......................X.......................Y.......................P.......................&.....O.....].............................o.......................R.......................H.......................$.....k.......................:.....f.....q...........:.....|.......................!.....0.....n.............................Q.....r.....~...........&.....X.....k................./.....;.............................E.............................J.....s.....~...........7.....t.......................9.....O.............................W.......................&.....m.......................D....._.....n.................F.....V.................3.....K.................f.....t...........4.....k.................*.....V.....e....................... .....{.............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\en-US.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):401341
                                                                                                                                                                                                                                        Entropy (8bit):5.524682081269705
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:1InAdQi32OqOMWvX3BO4XMP9ehWMIfaYRGrc55FSMnC/M1UwB:1IAdQqOONvXMyWMGv57SoUwB
                                                                                                                                                                                                                                        MD5:C9C2ABCB04E1AD5F1A20244DA8D595A8
                                                                                                                                                                                                                                        SHA1:89CA81DA21900074A5CCDCDC852768277B2B620B
                                                                                                                                                                                                                                        SHA-256:0364C73F320E441B03CB2AFCAACA3FFBFAC51A3559DCD0FF99A1ACCF82C7F762
                                                                                                                                                                                                                                        SHA-512:96BBF21174F56A111A2FC6EC024AB2F143945306797E77D773367A7FAD42B7828EBB7B08D0DAB76858D9FA340BF3205BE403BC53DF9E5E4E390058C94A751FFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.#...w.0...y.6...z.E...|.K...}.].....e.....j.....r.....z.......................................................................K.......................`.......................U.......................X.......................3.....x.......................;.....b.....o.................&.....=.................%.....=.............................m.......................;.......................%.............................O.....j.....y.............................].......................!.....o.......................K.....x.......................;.....F.............................N.......................(.......................#.....b.......................!.....A.....V.............................u.......................\.............................\.......................;.....s.................\.......................o.......................e.......................%.....G.....W.................0.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es-419.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):484842
                                                                                                                                                                                                                                        Entropy (8bit):5.3948267356117015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:IiaVobJnVwgKzEFRy7CkcrMjntvYs1kyagv8pPukXA0HjrW5fl5e+GLF47PRRIHO:gKdED+sYzTpsJ5ELF47PdbSTw
                                                                                                                                                                                                                                        MD5:C8F488B85C17431360E531AA507BE979
                                                                                                                                                                                                                                        SHA1:BEA5D66BDCC05869A0389E051A9217FD49E48FCD
                                                                                                                                                                                                                                        SHA-256:536339D99DEE6E8C01F018D4700DDD92CE063F765766A48073AEB256669680C1
                                                                                                                                                                                                                                        SHA-512:1D7F9F84A8D7C055BF705C71EFAEA817F1B9DEDD5BA314FEC6CE5324F578D3130B5541BB52FA55DB9F6E46EFA8E152D50199A61C7E2466844A4414DF65D61C22
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........""h.e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................h...........\.....w...........O.................@.................;...........(.....j.................(.....R.....e...........".....J.....[...........U.................T.................2.................T.....g...........<.....z.................}.................x...........P.....w.................=.....X.................1.....@.................8.....N...........+.....p.................G.......................=.....n.....y...........".....R.....\...........*.....j.....z...........m.................?.......................I.................0.......................X.................P.................%.....?.................5.....N.................g...............................................`.................t.......................e.....................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\es.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):484986
                                                                                                                                                                                                                                        Entropy (8bit):5.367134061997785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:6kqGWOZ1+zun+V4HgspZpGrUKjs5f2rYDoRRiN6PZGMj:6BbOSSmirpKjjs5ursoRwBA
                                                                                                                                                                                                                                        MD5:29CBDCC2168F1BB29532122C39E67A1A
                                                                                                                                                                                                                                        SHA1:F086C79D60DAF2B0A7DF91916387EFA461795DCB
                                                                                                                                                                                                                                        SHA-256:232F41AB5996C917687276E82C177DE208B36E77AA834BB5D94D6A331F4180FE
                                                                                                                                                                                                                                        SHA-512:B603EDF2A18F5893AB482B0C34E4126F824FBDD1B669927D7BC30D68E2E5BDF78D7D4B2AABDBE257987E8E19F440D9396A3683340B94C3FD844C70E34E93D8A8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."k.e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.+...|.1...}.C.....K.....P.....X.....`.....h.....o.....v.....}.....~.........................................g..........._.....z...........\.................H...........8.....R...........5.....q.................G.....v.................H.....p.................{.................o...........(.....F.................a.....r...........B.....~...............................................C.....h.................P.....f.................:.....I.................B.....X...........$.....W.....j.................S....._.................=.....H................. .....*.......................'.................\.....v...........,.....X.....u...........&.....M.....l...........S.....x...................................e.......................Y.......................o.................*...........>.................A.................5.................Y.....m.................8.....K.................\.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\et.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):438663
                                                                                                                                                                                                                                        Entropy (8bit):5.47129533877654
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Co6kjhAvuvJ1O7RCqDW+jDk+xdt0T5cqvT/F1AiGGZv5/je43S3apLU0xPQQbm:CoTjhouS9DVDNOX9v5/jpC
                                                                                                                                                                                                                                        MD5:5B169234895D929930140B4869A0B81A
                                                                                                                                                                                                                                        SHA1:F58BA50D1E19CE191A0F8117F3E70F7F3DCB7362
                                                                                                                                                                                                                                        SHA-256:C465DA80B14981BDBC687B7C37BF70D2BD4B8E03293C04AE5410F84C91EF980E
                                                                                                                                                                                                                                        SHA-512:C4297E272B5C04A0EE0956B873D5246591BEE98C3B340E72202F3448381C691096A5BC540FDBCF61FB40D6A69270AFA7198C1F0CCF3B2E84CABC906E23EB022C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........*"`.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................k...........b.....}...........L.....|.................q.................!.......................!.............................t.......................s.................%.......................O.......................S.......................c...................................S.....j.........../.....Q.....l.................8.....D.................#.....3.................;.....F.................G.....U.................?.....G.................:.....I.................<.....D...........,.....g.................-.....L.....b........... .....D.....g.................L.....Y...........!.....U.................$.....>.....O.................;.....S.................W.....r...........m.................[...........!.....F...........".....X.....e.................!.....5.................1.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fa.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):720855
                                                                                                                                                                                                                                        Entropy (8bit):5.022549799082519
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:xYtlvU8u313uyqoe+slXcfqvdUzOT4imdAQifaQ2XxFvGq+MXvOthgdpxHsAQi6j:8M8u313uyqoe+seq1UzOT4imdAQifaQz
                                                                                                                                                                                                                                        MD5:F7DA0D07B54698BF8A213D0CCF1942C0
                                                                                                                                                                                                                                        SHA1:D64FFF18274EBE71A4AAA4754F9BB99D616FA000
                                                                                                                                                                                                                                        SHA-256:33BDD6EB52F648D475306F35B6103500B864672CBF39CC0FBD8C4AC84C997DEC
                                                                                                                                                                                                                                        SHA-512:CE7A7B3DF4C814A26E3FD9FDDAFC01AC1A4B2A87EF2D2893DB5D0EDF8E5B8BFE34AFB6E91FF94306248361D57C6B3BD63D116635FB756AAB74C4AED38F31C88F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.....k.....l.....n.....o. ...p.-...q.3...r.?...s.P...t.Y...v.n...w.{...y.....z.....|.....}...............................................................................I.....p.....U.....&.................z.....+.................{.....;.......................d.................}.....).....o............................."...........[......................./.....{...........;...........'.....C...................................e...................................0...........9.....m...................................o...........E.....\...................................".....i...................................d...........4.....V...........|.................|.....+...............................................J................._...........L.....l..... .................W...........M.....r...........G...........C.....e...........................................................0.................s...........i.......................................... ....l .....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fi.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):449023
                                                                                                                                                                                                                                        Entropy (8bit):5.435118446970961
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:JzlRT+nYGj1FT19iPzGI6B2Roh2jX7GsPzWvOEHGaSNLD5jYWyHRErWacu5CGWO/:JqYGFT19u5JvRa65jYdHRErWaPl0Yb
                                                                                                                                                                                                                                        MD5:1CBFA553A5B1DE642EA4C248DFE1EDBA
                                                                                                                                                                                                                                        SHA1:5DE05B3C11FDD59FF5064A153A6DCBDA33350971
                                                                                                                                                                                                                                        SHA-256:8F3E8EC0FBB471B45DB65A77DC1013E3363F387D3D0C6A458C90F371907D0085
                                                                                                                                                                                                                                        SHA-512:EA3B99BE7DA893BE8C3B228D1D3D7B644A1F5425B5380DC3E0AE0BA1BD29CF39DABE73819BCC4FA67F10A488F018E9FA2328995CB78F40AE8FDB66AA514188AA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}...........................................................................................2...........7.......................e.........................................A.......................K.......................).....r.......................N.....t.................q.................+.......................'.......................*.......................J.......................s.......................M.............................].....~.................-.....W.....a.................@.....M....................... .....z.......................^.......................S.................".....p.......................=.......................3.......................1.......................;.....{.......................X.......................P.................).......................w.................$....................... .....b.......................).............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fil.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):507368
                                                                                                                                                                                                                                        Entropy (8bit):5.207212722895636
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:/a4EFuKhJ6hbb8GmxKGp7xLyBDQZSHJu0FeKznGOZ3jmF5aVmzb8ATf3H:/SXJ69BmBsp7aF58mv
                                                                                                                                                                                                                                        MD5:8CE446CAC9221F07F912BE59534D86EC
                                                                                                                                                                                                                                        SHA1:15CD1B902B26ABBE665FED518575748483A9C3E4
                                                                                                                                                                                                                                        SHA-256:B6CE37B1AEB4CA17A7F78EBC8F97C2807F588DFC4AD3E0639005C626B5C9B939
                                                                                                                                                                                                                                        SHA-512:20BE2B5C7E8FCA897109B1DC8219931EAAA1C8296B1D26DCC7F9058168FEF371D7955FB0F6C5693399B83FA81D27369EFAC8C3742059EEA2333BD66D20B8D0D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.L...h.T...i.j...j.v...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.%.....-.....2.....:.....B.....J.....Q.....X....._.....`.....a.....f.....s.......................W...........F.....d...........[.................]...........J.....q...........f.................$.......................1.......................t...........%.....T...........j.................Y.................-.................T.....n...........i.................b...........N.....p.........../.....Z.....w...........%.....M.....Z.................8.....G...........$....._.....u...........A.....w.................I.....{.................J.....{.................L.....~...................................^.......................X.......................H.......................q...........*.....a...........(.....R.....l...........J.....}...........&.............................1.................@.................@........... .....V.....n...........&.....N.....d...........Z.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fr.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):525519
                                                                                                                                                                                                                                        Entropy (8bit):5.393542369720876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:rf94ZLoeeEfW6QuaWV5sKzTeX/Z5MYnYZMBrNWiKe5exMJSWkt40wCA73OF8WqiQ:rfB0V/r5jS
                                                                                                                                                                                                                                        MD5:A1DE4AD3D9B7AA8F122BA00CB983E49C
                                                                                                                                                                                                                                        SHA1:323D6E1B4ED75F9406BB8488D7FFC7E12FA96886
                                                                                                                                                                                                                                        SHA-256:A69F52162F6081A06F835EDE10818218DF6E211F00D0EF24561E6221F4696E61
                                                                                                                                                                                                                                        SHA-512:542F0818EA4517FDEA929F3D4938F7DE75E2A5E6D872607E548F87DE7E9CD0737FAB3F5E82AB7895F44E809279D81C490999ED055ACBDDAFE84F85E60CE2E23B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.8...h.@...i.Q...j.]...k.l...l.w...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................!.....).....1.....8.....?.....F.....G.....H.....J.....Z.....h.....z.......................N.....p...........W.................?...........$.....@.................o.................L.....x.................\.................7...................................@.....d...........B.......................k.................0.............................%.......................f.......................`.......................f.......................~................./.......................2.............................}.......................|.................C...........'.....>.................2.....P.......................&.................,.....H...........S................./.....~................./.......................|.................N...........L.................:...................................j.................2....._.....s..........._.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\gu.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1019985
                                                                                                                                                                                                                                        Entropy (8bit):4.31663406991556
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:zIMpRrC1YKJvPF0WxrHYCjXCl3HIwjAwREJKVMjNiT7llj63rFWlPvpqi5eQWkYh:8QRu15JvPHxMCjSlLTkh015cVhYYHB
                                                                                                                                                                                                                                        MD5:02BFA1114FD5B75261C24D6C0E6441F7
                                                                                                                                                                                                                                        SHA1:D48B80339405CB8C8EC7A19B688E8D544938C4C7
                                                                                                                                                                                                                                        SHA-256:BBB17268412FB3E13584CA4DC90A94F984177D3C97EE89AF2A57324709F8ED1D
                                                                                                                                                                                                                                        SHA-512:751B91D381C882A5DC0C0EE6313CF3E7EF51B4D369330A169CF9625DE99E6019233109E815FC474FAE44D79235940BA2CE68AF7033F4C4C994E2774BBD8105BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."x.e.^...h.f...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.#...|.)...}.;.....C.....H.....P.....X.....`.....g.....n.....u.....v.....w.....|.......................&.....b....._.....0.....l....._..... ...............................................a.......................G.................r...........\.....|....._...........z.......................V...........n.....B...................................7.....4...../.......................".......................4.....p...........P...........E.....m.......................................................................'...........}.......................C.................j...........u.......................\...........K...........R.....{...................................b.................'...........t............ ....9!....|!.....!....."....W#.....#.....#.....$.....%....3&....f&.....'.....(.....).....).....*.....+....<,.....,....|-....H................../....s0.....0.....0.....2.....2.....3

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\he.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):630920
                                                                                                                                                                                                                                        Entropy (8bit):4.630663820009303
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:6iRfEbxhQ3SxsheRvre4maaW/gNZpl60XA4OX78eQCap4X59U4omhV5ylm7eDnw7:6iReew53ok
                                                                                                                                                                                                                                        MD5:9FCCB330D8B07CA54661407CF737D847
                                                                                                                                                                                                                                        SHA1:2C6F52801B66AAC7D08ACB60D9736F9149E48AE5
                                                                                                                                                                                                                                        SHA-256:BB06D364A91B8641724254822B2EEC5D0675E262A4CBF93B92494F601807DBEF
                                                                                                                                                                                                                                        SHA-512:0CBF36643CC7B1D85DC7CB7825BC816A8538D0CC50B137DD27D5A9703324AE7FF271D38DC0CD6E4A99C6B391070690B90EB8DDB1CC511BC8D84D49A32D36C34C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.&...i.7...j.C...k.R...l.]...n.e...o.j...p.w...q.}...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....G.....`.....y...........[.......................E.............................k.................p...........?.....a...........V.................#.......................s.................K...........b.................r...........Q.....p...........g.................O................./.......................#.................4.....a...........K.....}...........'...................................H.....[...........Q................. .......................Q...................................:.....M...........t.................e.........................................@...........7.................E.................=.................&.....?...........".....S.....l..............................................."...........J.................s...........@.....g...........S.................\...........I.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hi.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1072787
                                                                                                                                                                                                                                        Entropy (8bit):4.2950102192986686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TOsoU87801sObZWjUNOBKV/BB0ZV1dsuOlzLZW3XHLeOTByntDPtDlqpZs4J/8Wq:xfElWjuOGy5I5oJJa
                                                                                                                                                                                                                                        MD5:CD91036827739441E4CC849AA30706D6
                                                                                                                                                                                                                                        SHA1:CC8E4C53E18DB16876F855C2377F3CF0E2ABF95A
                                                                                                                                                                                                                                        SHA-256:0936587AA072339F8DC347506E5553159319A686010CA1912BED1D830E107C6E
                                                                                                                                                                                                                                        SHA-512:553773BDC11BE94F495B88E0587D572455EF68C182D51C9E1AE0E3AA23744F836996A446ED136AFC562EB9A110E435B494D5955D2792A364A619111E7B3550E6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................*.....O.....z...............................................?.....z.........................................^...........`...........n...........V...........Q.....t.....[...........^.............................\.....6...........f...........v...../.............................\.........................................Q.......................:.................K...........%.....>.................:.....k.....*...........<.....[.......................'...........z.......................Z.............................d...........P...........H.....t...................................F.............................. ....s ....'!.....!.....!....5"....)#.....$.....$.....$.....%....y&.....'....R'.....(.....).....*.....+.....,.....,....c-.....-.........../....V0.....0.....1....^2.....2.....3.....4.....4....\5

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hr.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):489113
                                                                                                                                                                                                                                        Entropy (8bit):5.523236785909083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:L5ntcJhHDvjz84N5dkYjjaBV08IRpy+w4DrRkpNAyFOSGqf3rrHlcIG0uP1aSNZA:/cJhvNcw9PwUGMly5Ur7jdicO
                                                                                                                                                                                                                                        MD5:EF62A50CC098AFCF3FAB69C7502219E9
                                                                                                                                                                                                                                        SHA1:DB474CF332C90DE660FC575EF897D5389B65784C
                                                                                                                                                                                                                                        SHA-256:07EFFA557C8BC822626C05A4D299296F88D3DA0654248C326D796F7C2DE3EC64
                                                                                                                                                                                                                                        SHA-512:7AE6F40C7BF404532DF0BC2FFA449E0D99DEBC2B9816450ED0D015B1634DD96CD5650AB6AF5A6D44D52D0E3C9C81836EE350210C4F8A13BE6CC0CB796A630350
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."\.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.0...w.=...y.C...z.R...|.X...}.j.....r.....w...............................................................................................m.................Z.................+.......................y.................0.......................,...............................................4...........1.......................s.................3.......................U................./...........H.................-.....~.......................X.....z.......................>.....N.................H.....].................:.....I.................L.....a.................4.....D.......................,.................g.................".....D.....a.................'.....G.......................4.................Y.................5.....Z.....p...........=.....o.................i.................a...........<.....N...........6.....t.................[.......................8.....V.....h...........D.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\hu.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):526055
                                                                                                                                                                                                                                        Entropy (8bit):5.6492163480603805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:RG4U0RnIyvDoBrDu9O5gVHPCegBAcnky1FB56wqZfK81YX56xTkXqeJrn5gRSDCO:RG4UMnbguUdAIB56wKk6qjrn57iLW
                                                                                                                                                                                                                                        MD5:51B14B96D1B9FA99ED849347A8954133
                                                                                                                                                                                                                                        SHA1:5259B749576A9612E429A665DFC8BF47651C39EA
                                                                                                                                                                                                                                        SHA-256:70D4A0724A2E0E80EC047E7683EEC7715C0FB5F88795CC97A63E4C2EE2237800
                                                                                                                                                                                                                                        SHA-512:B68D4BC792F29DF210602A557D0B3333A95E30CD03A0A4CB5F537C9C51DA9937119391F2A359C03FB874C1F540C23F44BEF121E45F048F32B1DB06D67A0BAD1B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.$...h.,...i.=...j.G...k.V...l.a...n.i...o.n...p.{...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7.....G.....].....r...........4...........U.....s...........j.................F...........,.....F...........>.....t.................g.......................u.................[.................>...........e.................S...................................C.....S...........V.................K...........7.....V...........J.....v.................k.........................................Q...........-.....D...........N.........................................i...........7.....L...........R.................#...................................).....E.................<.....e...........,.....k...................................k.......................a...................................C.....d...................................;.................S.................6.................5.....Q...........B.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\id.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):431922
                                                                                                                                                                                                                                        Entropy (8bit):5.389359401295906
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:DT9syVtlTqQWoK3UqC1s/fjeVnjHFm6mPAJc25TVh5vtblSzjsEaeh:D5suavkqHiVnjHFnm4Jd5TVhIh
                                                                                                                                                                                                                                        MD5:3B5E08406059D1A76566E9A5D4C9B15A
                                                                                                                                                                                                                                        SHA1:6BF45F2647E959EC1B545763180E8F29961AB3E1
                                                                                                                                                                                                                                        SHA-256:60409D8B785DD057E3495190B18E6D6D235D8313555341CBA5F64327E3D8C3AA
                                                                                                                                                                                                                                        SHA-512:6C4150C064EDF6ED0B83B216CE62134BBAB12137E6B45749DAD08D1D1734B3365309414900615137C6ACDD12250ADD5C69A222DAA7984A94EE850AAA55AF1B8F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.L...h.T...i.e...j.q...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....^.....l.....y.........................................6.......................'.......................C.......................F.......................$.....h......................._.......................j.......................V.......................5.....b.....o...........5.....p.................^.......................;.....V.....g.......................+.....y.......................R.......................9.............................b.......................;.....h.....t...........".....T.....a.................K.....].............................`.......................8.....~.......................b.......................9.....S.....a.................A.....P.................H.....a...........Y................./.......................B.............................Y.....x.................G.....~.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\it.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):477964
                                                                                                                                                                                                                                        Entropy (8bit):5.300124197784544
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Y+mNNNc5Rqviax9RwYMfjNBYISOqRRRsO1Stk+RT9Tjex5GOt/ELmubPUvbT9fL1:YjTNARqvwO3eZ3A8lhHtRA5hlo6
                                                                                                                                                                                                                                        MD5:4E7AB6A5D407BF4D3F96671D65E467F9
                                                                                                                                                                                                                                        SHA1:67F43053CCD167F2CE6D945202F64DF29EE1AC49
                                                                                                                                                                                                                                        SHA-256:20408C09D9447F44AA920F2529D231072DB8BB9C0C8B8FAFA2DB733561EB6964
                                                                                                                                                                                                                                        SHA-512:BF493E1A1C0898F7A54F8A5278DC0CA345E9937EFE269B1BD3A3BC90645D767070EC9C117DF001F8C3B51B4A383C30F025DAF79606AC1840FCC5878AD4C53624
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."|.e.V...h.^...i.o...j.{...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.*.....2.....7.....?.....G.....O.....V.....].....d.....e.....f.....h.....{.......................K...........9.....U.................\.....m...........e.................u...........).....R.............................q.......................t.................8...........0.......................}.................;.......................X...................................i.................5.....a.......................C.....Q.............................~.................0.............................f.......................:.............................d.........................................H.............................L.....b.....x...........&.....R.....g...........C.................%.....h.......................>.....i.....|...........a.................i...........Y.....p...........j.................a................./.....|.......................^.............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ja.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):584193
                                                                                                                                                                                                                                        Entropy (8bit):5.694400988777854
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:WzLA//bCXyIrwdzzln44dZns2C4tb85BnDxV5:ALA//OXyqw9RdZns2C4+5BnV
                                                                                                                                                                                                                                        MD5:74E2430CF18DB7ECAE2A9B1FEEB049B5
                                                                                                                                                                                                                                        SHA1:362A5F3E4D8A79B9D0B041D62A8A5233E20FB208
                                                                                                                                                                                                                                        SHA-256:1A726C500B5B3EFDBC7B9E6626765DCB8957005F9C072C09D1F517587D6B673A
                                                                                                                                                                                                                                        SHA-512:324D0BA770C09CCCAC4C59E0E0605846A4E18F32CC79F14FBD4E5B0172F439EF8DEE538F686458B3A07E5E8B4528EF67AA5D339AE25F7C601C9A302CAA7970F9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........^!,.e.....h.....i.....j.....k.#...l.,...m.4...o.I...p.V...q.\...v.h...w.u...y.{...z.....|.....}...........................................................................................9.....Z.....{.........................................D.....\...................................f.................{...........#.....5.................0.....@...........*.....[.....z.............................a................................... ...../.................G.....V.................................................................`.....{...................................0.................,...................................L.....^...........I...............................................6.................6.........................................>...........*.....~...........2.................0.........................................^.....y...........N.................F...........N.....c...........|.............................C.....d...........R.................7...................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\kn.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1173741
                                                                                                                                                                                                                                        Entropy (8bit):4.225519544497436
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:vLwIIKo4A60R0RevnIS7d5EnUj+uF+h0FJ:vMIIKUz5SUz
                                                                                                                                                                                                                                        MD5:56C5F63F439CC962B815BBC4F3F12C32
                                                                                                                                                                                                                                        SHA1:C96248CAFD869FEF11BC37AEFB1382D0F60A7855
                                                                                                                                                                                                                                        SHA-256:14B332541C2CCE0835202372F8CC822AEF30B3575B651C96219A88B8D1381648
                                                                                                                                                                                                                                        SHA-512:9210759D8E73266381FBF04280AAD0BC5006F315CE3FCA74FE304B3261AF0BA399210F0B84620230D6AA0C667E60C0A6D9E67681FDFAC401338E9331475BB7F6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........1"Y.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}......................................................................._...........*.....^....._...................................v...........j.............................g.......................D.....1...........{.......................1.............................9.....?...................................c.................................................................2.....}...........n...........S.....f.........................................7.....q.....E...........z...........Q...........t...........x.....0.......................V.................".....! ..... .....!.....!.....".....#...._#.....#.....$.....$.....$.....%....a&.....&.... '....H(.....).....)....%*.....+.....+.....,....^,.....-....Z...........9/.....0....J1.....2....e2.....3....L5....J6.....6.....7.....8.....9....,:....d;....I<.....<....<=.....>.....>.....?....X?.....@....tA.....B

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ko.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):492782
                                                                                                                                                                                                                                        Entropy (8bit):6.069818388014136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:+nSZ8uRit3zdYBb/XHcit8OQ4EVhrxsRCqR5A7eVt+8ftKq7hUomrOe7nB:USZ8uRDcu5c8TQnB
                                                                                                                                                                                                                                        MD5:A9B446BB79B0E5D0B4AF4F7243B1F3E2
                                                                                                                                                                                                                                        SHA1:FCF962506B32B34A6315ED61ACDECE33DF3DBF23
                                                                                                                                                                                                                                        SHA-256:507FC8D2A468456F2842B65A111FC0C74FE1F56D5F5AC0D6E743AEF186B43B2F
                                                                                                                                                                                                                                        SHA-512:E7F281206BD481427A75B581F8B2A435EB8A29BD8B5586A8DB78605B1C1BBC20DC1F4B2FF92D04C62FB509DC6E1E062D1D584C195E386C5C2FFDA0F764276AA6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........F!D.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.&...s.7...t.@...y.U...z.d...|.j...}.|...........................................................................................................I.....g...........@.......................x.................;.......................Y.......................^.......................m.......................~.................3.......................).........................................#.....3...........6.......................L.....p.................-.....R.....b.................-.....=...........!....._.....{...........?.....s.................J.....~.................M.....}.................K.....|...................................B.......................2.......................=.......................W.................+.....|.......................G.......................J.......................]........... .......................8.....O.................F.....Y.................,.....?.................0.....C.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\lt.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):531495
                                                                                                                                                                                                                                        Entropy (8bit):5.642978583072715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Z8zeZddcMEXRfMAYVeXWjCCM5Gz52uxSog6Sbt:KzudcMERMHO2M5w2wSo+
                                                                                                                                                                                                                                        MD5:49201FAE17B715A15FA03C4D89DD2176
                                                                                                                                                                                                                                        SHA1:7C559C174850DE48C4A2837FE32C58F74D8150B3
                                                                                                                                                                                                                                        SHA-256:4A80792CB9A401EBFA7EC3212182B5024D651CA6A5EAD8FC9809D0D3AD4803CD
                                                                                                                                                                                                                                        SHA-512:3016F721D77206E13E275E7EEA1ADC95D403FEACCF595EACF933940485031E9AAC0C29B6F47A9FF5F73B08C354B7B82C72193C83E1FF09D84CB5B9B72B708166
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."p.e.n...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.*...|.0...}.B.....J.....O.....W....._.....g.....n.....u.....|.....}.....~...................................V...........D....._...........u.................o...........I.....c...........Z.................$.......................c.................6...........0.....d...................................t...........$.....5...........#.....].....m.............................v...........T.....r...........T.....{.................y.........................................g...........%.....8...........,.....f.....u...........s.................?.......................u...........#.....1...........d.................H...................................S.....{...........m.................M.................=.................6.....I...........p.................c...........*.....N.........................................H.....h.............................J.......................j...........:.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\lv.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):529136
                                                                                                                                                                                                                                        Entropy (8bit):5.634149006390685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:oAbYD8by28DerxZMNmtVFItX9a4jXcmZib3z5SyT2otETUswxqEAYRFoDs1r:oAbYcFk5I4owiz5pETKqns1r
                                                                                                                                                                                                                                        MD5:335158EFE454819A0DC8DE0EDB0F0E90
                                                                                                                                                                                                                                        SHA1:85871F85F626DB1FC597EF24C79C84115A66C17E
                                                                                                                                                                                                                                        SHA-256:113073CF60AE3D2BCF8A61DF655762E34BA28E4B35B97DE33C18E13F959D76FF
                                                                                                                                                                                                                                        SHA-512:F81733BCA3FA65C789630B55C4F414A8541E71C4E1ABA56BDB9D231CE189677B3BFF4DC57C92FBE1CBC88F1F2F7FBF1A7E4319A8918C50409FCBA958D743CCBC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........8"R.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.&...t./...v.D...w.Q...y.W...z.f...|.l...}.~.....................................................................................................p.................]...........(.....;...........p.................\...........-.....L...........+.....g.....r...........g.................#.............................9.........................................m...........3.....F...........j.................X...........N.....o...........:.....`.....v...........C.....l.....~...........Q.....x...................................]................. .................E.....T...........=.....p.................y.................V...........I.....a...........$.....?.....T...........S.......................y.................>.................H.................5.....N...........R...............................................P.................N................./...........*.....d.....t...........F.....a.........................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ml.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1219982
                                                                                                                                                                                                                                        Entropy (8bit):4.262128412360071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:enA2cMmsbbAxRnxffi177/zY8Cmn1py1rcC3e2hh5L/7djZ8fI3pI:sSdiZ/C3eI5L/7X8w3e
                                                                                                                                                                                                                                        MD5:1030C08FFBBE7366CE5B7D55BC8ECC0F
                                                                                                                                                                                                                                        SHA1:B45B53C1E47A0051560C607874357130C499563D
                                                                                                                                                                                                                                        SHA-256:E1F97CE3011D9231F23FE033BDBB0905C173921B18402D362BFC35224FF67DB7
                                                                                                                                                                                                                                        SHA-512:3B9127A0EEC02F75F79C66F5F7845B65C4EBE2E6A33989C7686815FFE0651BE47D42F55C2F32A67A221495A8BEBF043D853DF7B244A68F89390044210E52DD3D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........2"X.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.......................................................................0.....p...........".....f.....O.......................c...........1.....~.....m.........................................z...........*...............................................U.................y.......................x.......................A...................................j.............................v...........................................................6.................b...........z.............................z...........%.................c...........o.....7 ..... ..... .....!.....#.....#.....$.....$.....%....-&....e&....*'.....'.....(....`(....<).....*.....*.....*.....,.....,.....-................./...."0....f0.....1.....2.....3....`3.....4....a5.....6...._6.....7.....8.....9.....9.....:.....;.....<.....=....9>....4?.....?....'@.....A.....A....qB.....B.....C.....E.....E

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\mr.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):999814
                                                                                                                                                                                                                                        Entropy (8bit):4.292642596004364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:FUob5vNBksvu/nTuViFo0vYJGVXUPC9hY7xFEMUCG3GRw3RkR3KtOu1zLAQ4BmHs:Fvb5Du/ni50i0r4Q5gRJp5Rprwg
                                                                                                                                                                                                                                        MD5:EAFB18D633064D0F02A3EFF3EFF9AADD
                                                                                                                                                                                                                                        SHA1:A8846E473014BE80125630F1C5B51366220FF018
                                                                                                                                                                                                                                        SHA-256:FCB7C4AEED28AE4D16FA7B82D9571165AAB0FDD46EB65D3AB29007231630CCEF
                                                                                                                                                                                                                                        SHA-512:D332A4B7F4CB1583A5BF5CE08FDB46661A5BCCBF0A66F7F5AB6CE04367E9BC589588DCB32F443695A3AB129DC50D2962ED4C138F97858639D4EA37C117E23495
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.:...k.I...l.T...n.\...o.a...p.n...q.t...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................#.....$.....%.....*.....L.....n.................1.....i.....'.....c.................V.............................F.....L.....I...................................2.................2.....R.....\.....:.................t...........{...............................................o...................................^...........k.................u...............................................V...................................4.................[...........N...........o...........R...........k...........^.....(........................ ..... .....!.....!.....".....".....".....#....B$....x$.....$....f%....,&.....&.....&.....'.....(.....).....*.....*.....+.....,....Q,.....-....z....../....L/.....0....[1.....2....A2.....3.....4.....5.....6....Y7....c8.....8....q9....z:....X;.....;.....;.....<.....=.....=.... >....A?....5@.....@

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ms.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):453603
                                                                                                                                                                                                                                        Entropy (8bit):5.263221817977717
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:w7Iw1hcujkKorUX7mxbIFYRl1X7ezIrR5sbZKMMEVdED:wswfcugKwUKxbVl1reg56lMr
                                                                                                                                                                                                                                        MD5:3D0DC94A638F98D9BF3C0F60F89A0C95
                                                                                                                                                                                                                                        SHA1:A979B04C65832D908305FB0406CB0653271AD744
                                                                                                                                                                                                                                        SHA-256:A9F9AE23A3BC2AC919C5B46D16B7E1F3BFF73698D2626260196210E101D119C2
                                                                                                                                                                                                                                        SHA-512:6D687F1EB9A7FDA3791295487063393B8F0A7409B55461B185AAF106C596229DE6988114230625D6504B869D25D7A624BC3B90D66A0BDF561CB05A57D5B87C15
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........;"O.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{...........................................................................................................q.................L.......................n.................5.......................O.......................C.......................E.......................k...........$.....<.............................i.......................W.......................t...........A.....S.............................`.......................6...............................................).......................".............................p.......................c.........................................3.............................e.......................H.....q.................1.....f.......................).....5.................'.....6.................D.....]...........T.................&.......................>.............................b.......................B.....o.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\nb.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):441512
                                                                                                                                                                                                                                        Entropy (8bit):5.436019023287174
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Zx93W1+5dOY/k7Op7fszJPMh5br46Iofh:Zx93W+rXePMh5n4PS
                                                                                                                                                                                                                                        MD5:9C18DFA9E69C1D7810132800D084136C
                                                                                                                                                                                                                                        SHA1:BBAA9576E1B012DF33D79A5DC7776C00E67295E4
                                                                                                                                                                                                                                        SHA-256:4F3BABCBEC0D138654EC59FD8AB5FD58DA2273237A587928B9687928C7CA10FF
                                                                                                                                                                                                                                        SHA-512:A82B1E340A25A3858906DED73624BD0BE4B3CCD1F5728560480B4A4E3A78529F5A178D20CF7D95FD55DED7CA4FA95A5FFF87D89F0520EA08B54E7B99C9057D6B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........ "j.e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.'...y.-...z.<...|.B...}.T.....\.....a.....i.....q.....y.................................................................n...........a.....v...........?.....x...................................k.......................l.......................Z.......................[...................................,.....O...........\.................6.......................r...........7.....Q...........q.................0.....|.......................Q.....v.................4.....Y.....i...........0.....h.....|...........<.....j.....z...........B.....t.................7.....`.....p.................\.....j...........T.......................b.......................F.....e.....~...........+.....M....._...........L.......................v.................#.......................8.......................F...................................Y.................J.....v.................%.....B.....P.................I.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\nl.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):455078
                                                                                                                                                                                                                                        Entropy (8bit):5.3792948383662385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:HLTFwwa9TZgO73giDngp97gVvG5hHhpXCFbG559toxeGpbhN+gyPTC:rTF89T6gVvG5l1559toxeGpbhNuPTC
                                                                                                                                                                                                                                        MD5:5CDE06A63C9DC07FDBB0FDC94E403D00
                                                                                                                                                                                                                                        SHA1:11BE56054908F1F9CD56AB77692FE3717EE91EE8
                                                                                                                                                                                                                                        SHA-256:3B9ED5ED0DD07D8FA67412A046AB085137542C156876DBFE6F83376571AF91A3
                                                                                                                                                                                                                                        SHA-512:2716496DCBF76CC2DECE938103813A8DBC17D4C795B4E3459A572DE4F62F9AC0E1788DE3A21F5FB287AD364DECBD541A5E3BDDD406E130D2A9C72118CCEE5390
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.B...h.J...i.[...j.g...k.v...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T.....`.....p.................!.......................p................. .................L.....b.........../.....e.....|...........'.....P....._.................3.....A.................P.....q...........I.......................^.......................m.................+.......................t...........3.....L.......................#.....q.......................E.......................4.......................6.............................n.......................M.....y.................B.....v.................a.......................p.......................V.....w.................D.....l.....~...........P.......................U.....s.................K.....}.................`.................F.................-.................].................M.....~.................6.....Z.....j...........,.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pl.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):509320
                                                                                                                                                                                                                                        Entropy (8bit):5.773091636307711
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:v+GWoOB/ZBjSowU/b+Xgv2iWWbafPfCUdxe3mdU8dmo1Qhwal5cNL4U+8/:GIPb71Qhp5ZM
                                                                                                                                                                                                                                        MD5:B44FCF9FDC4EC7BB5E72CAE30AA15C01
                                                                                                                                                                                                                                        SHA1:DAAAE4AA7987BCCE299995FEEA5C54F2D77B61D4
                                                                                                                                                                                                                                        SHA-256:7F1A8392FE3AFF4E6BB4BACBC1F4B395F08ECAFDA9F81E36B41B77FB4AB0BC76
                                                                                                                                                                                                                                        SHA-512:52B46D7AFFAC4949FA19841D26D2F4BF877E36CBDA4B75F3FF289A7ABE9A80C2A014B1AE23D3079F4D31ED5FA76C320103733284A2C13D99A451810407325674
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."o.e.p...h.x...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.*...|.0...}.B.....J.....O.....W....._.....g.....n.....u.....|.....}.....~...................................f...........a.....}...........K.................*.......................w.................,.......................!................. .....2.................?.....e...........[.................8.......................N.......................z...........>.....Z...........k.................G.............................S.....v.......................:.....H.................J.....^.................L.....^.................D.....T.................+.....;.................+.....<...........&.....s.................%.....B.....Y.................#.....I.................9.....N........... .....o.................9.....W.....n...........!.....G.....c...........@................."...................................5.....`.................G.....X.........................................,.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-BR.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):479561
                                                                                                                                                                                                                                        Entropy (8bit):5.4365485252742225
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Z2goEz6oEyiXNBXBLtmiJWpyCp5c4JkjIsR/kVdw:ZXoHHyv5bJvsRcVu
                                                                                                                                                                                                                                        MD5:DE8FF9456BA9EA999D0D1BC9B831E7CE
                                                                                                                                                                                                                                        SHA1:1D67C6DD97FCF221C71137CC8B1946368807ABA8
                                                                                                                                                                                                                                        SHA-256:B32FE8F602EC9800D59806E097E369FD065D8FBF473DA40FD29289493489930C
                                                                                                                                                                                                                                        SHA-512:5A3A48DDAD801382EC9065C6160698DD746AAE810374C2B772D521A1764E7E0FD2C28C5DD1CDCCB50834D699EE19441713FE10A91DDDEAD46BA0CFF3EDBD6984
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."l.e.v...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................r...........Z.....v...........=.....v.............................".................!.....6.............................l...................................H.....x...........m.................H.......................m...................................Y.....r...........~.................C.......................#.......................!.....|.................$.......................'.....~.......................].......................7.....e.....o...........,.....d.....u...........p.......................x.......................I.....o........... .....K.....c...........\.................@.....e.....~...........F.....~.................a.................N...........(.....>...........?.......................f.......................>.....d.....y...........Q...................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-PT.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):480680
                                                                                                                                                                                                                                        Entropy (8bit):5.413568252819253
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:2MyBFs/8K4/ieJVJJxh0plLGDf0wz5+KKSR+v:2MyBFx1z5+KKSR0
                                                                                                                                                                                                                                        MD5:002D5B37E68A0725DD7D89FE3FC7EC48
                                                                                                                                                                                                                                        SHA1:545DE8047D3F89150516B95031965ADC8F17DF68
                                                                                                                                                                                                                                        SHA-256:1FADFF356A7E89A8FF2AF3DDF84F70FD0CE69525C7787F8ADAE10BEED9D76D4E
                                                                                                                                                                                                                                        SHA-512:ABAD6CBB30A958BB84A521A66636AF4221A9F63774122D3AC3B552503930AD83D343EC4C8109C8031CAB17C546EF7549AA0F87746E39A80F6758FAD28ECEE129
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........7"S.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.$...t.-...v.B...w.O...y.U...z.d...|.j...}.|...........................................................................................................z.................`.................I...........).....D.........../.....s.................:.....d.....t.................H.....Z...........H.........................................h.................,.................+.....;.................Y.....n...........d.................9.......................$.....~.........................................,.......................4.............................u.......................N.....{.................<.....p................._.......................o.......................4.....N....._...........#.....P.....j...........C.......................Y.......................C.....y.................O.................=.................0........... .....g.................n.......................b.......................j.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ro.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):498034
                                                                                                                                                                                                                                        Entropy (8bit):5.462067165925256
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:vTONXXaMqapFzWovxpllKueGP5fBo0xs2h/bulOa:vCXXaMzFzWoJplQuN5Zo8/na
                                                                                                                                                                                                                                        MD5:7056FC61DE4A16C7F4F5BF44D2E87F8A
                                                                                                                                                                                                                                        SHA1:99D16DCB3B1AEFC472601439F630E1244B1AA277
                                                                                                                                                                                                                                        SHA-256:B7BA9435D82F6BEDD7005B6E868EE86F0BB6C4D7B312FE5F5D4AFBD440AD5B85
                                                                                                                                                                                                                                        SHA-512:529152DA39F7ADE6713206FA9F767B35B9BF03816387579522EEA78AC7D0E150BAD557FCDBEF51E76D52E39F61A0B4E54FF6A3B592EB7E34FAFDB98AFE460F7C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."u.e.d...h.l...i.}...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.$...}.6.....>.....C.....K.....S.....[.....b.....i.....p.....q.....r.....t.............................A.................9.................3.....G...........N.................?......................._.......................B.......................Q...................................L.....p...........N.......................r.................-.......................~...........N.....|.................9.....V.......................%.....v.......................[.......................X.......................E.............................k.......................S.........................................M.............................e.......................j.................7.................".....t.......................e................................... .....5...........2.................'.......................t.................$.....x.......................z...........9.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ru.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):816954
                                                                                                                                                                                                                                        Entropy (8bit):4.834266897182259
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:m35b4e7TKfQjRo4YS7yODNKg/z+iIaJqShsNoqcnYHReXN2hsO3j/MvbzvMCsjAF:mlPf+V5l6pz
                                                                                                                                                                                                                                        MD5:91379A583D22FA9343ED466C261366FF
                                                                                                                                                                                                                                        SHA1:61E8C39235945C4F38807B14AC74DA7D3257759A
                                                                                                                                                                                                                                        SHA-256:0D4D0B8052519848ABD182C44DFBF444A77A0C6994965C4A3001F0A3A4D1459E
                                                                                                                                                                                                                                        SHA-512:DDE26B59A1E5F94D5B245F47399D7A9D3DB8D247037331A471C39B1D7E79E236C5A0732FEA4C53B843D8EAFF1F54CA155A816A193B7BAA870FC458A5AADF76BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.:...h.B...i.S...j._...k.n...l.y...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................#.....+.....3.....:.....A.....H.....I.....J.....L.....i.............................F.......................(.......................Y.............................\...........E...........M.....p...........".....f.....}.....1...........#....._.....R.............................".....t...........P...........1.....V.................8.....e.....i.....c...........2...........E.....r...........3.......................t................./...........4.....m...........8.................7...........:.....u...................................W.......................(...........t...........).......................i.............................!.......................C...................................-...........\...............................................7.............................0...............................................;.....T.....,...........I

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sk.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):514787
                                                                                                                                                                                                                                        Entropy (8bit):5.823755040121771
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:MjsFAECOdqsskQcNfytiEmap5DvojL6xuXLPxt9Y:2ydqswgyRp5UjLnlt6
                                                                                                                                                                                                                                        MD5:78BC785A75EE512391A9CB462A771C09
                                                                                                                                                                                                                                        SHA1:229D39E017174DC0A8CEFCFCC72B0FECA94D6208
                                                                                                                                                                                                                                        SHA-256:EC15C82956EBDDB7B246C78045AD414ED34CA97D890A915070E252C8715096B0
                                                                                                                                                                                                                                        SHA-512:96556F6072E69351E1BBCE06BBF896B1AD53060C7CBAF7928EEBBE0F610F5E8778B2B8B97A5A268B7942A1C8D1ADC6BEA0403383A2A5BB99049437E95D575EA0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."u.e.d...h.l...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.#...|.)...}.;.....C.....H.....P.....X.....`.....g.....n.....u.....v.....w.....y.............................l..............................................._...........3.....M.................W.....n...........=.....l.................8.....a.....u...........N.................C.................2...........).....d.....}...........`.................3.............................).....z.................K.....k.................A.....g.....y...........:.....a.....s...........S.........................................&.......................7.......................V.............................1.....|.................4.....O.....c.................4.....I.................K.....[...........X.................-.....{.................1.......................Q.............................S.................N.........................................+.........................................I.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sl.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):494964
                                                                                                                                                                                                                                        Entropy (8bit):5.49413802901098
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:tWAZlfdLptj7B2jJiV95b0cnJHje7i/fzvJqv:tlZDptjrV95b0cui/fzvi
                                                                                                                                                                                                                                        MD5:E76E473C419C25768B08A95A2822918F
                                                                                                                                                                                                                                        SHA1:0FA7E2FCABB03A8788F50F1D4B4EB383C833E9BA
                                                                                                                                                                                                                                        SHA-256:FCD27A9F5CB4B4BE373DA7076A8232006EBE020999FDF90D20745F16CD7EF223
                                                                                                                                                                                                                                        SHA-512:E39AE0ACBB7D148D6ADE676D92E83FA9FB433230BAE4339C31693A538198BF0679ADEF51883B96F8DFBCC8593A982544C64A2B265897F35A693183B27070EA5B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."..e.F...h.N...i._...j.i...k.x...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}....... .....%.....-.....5.....=.....D.....K.....R.....S.....T.....V.....h.....v.................+.................&.................-.....>...........J.........................................#.............................r.................'.......................g.................3.................K.....a...........5.....l.................z.................k...........<.....b.................(.....@.......................%.........................................<.....P.................J.....[...........A.......................S.......................W.......................s.................*.............................d......................._.................0.......................a.......................Z.......................z.................,...........v.......................6.................5.......................1.......................#.............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sr.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):763089
                                                                                                                                                                                                                                        Entropy (8bit):4.7513575774952015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:5cDypz07IT6KvuDeqIdl11i8gFeYTotLA5s2MxMxmobA370JMS/k/M:5ceV3QCA5exBI
                                                                                                                                                                                                                                        MD5:48ABF758A49E2E8AAB013F2BF56091C0
                                                                                                                                                                                                                                        SHA1:CA909BC28B03BF959AC32E218A318289E0BADBF0
                                                                                                                                                                                                                                        SHA-256:B4CF2D19B5E443B57CA9D1189880458A7CACFE1C8B231265557A3FB58F597617
                                                                                                                                                                                                                                        SHA-512:22D65DF1CD35A8127296420A699F26EDF55813FD6A970050DC9B2B051AAF7DA2CF2FE6314A94977587021C02AA7D8B42541E1D08D5940FB7E1AF127E87268C68
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........&"d.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v. ...w.-...y.3...z.B...|.H...}.Z.....b.....g.....o.....w.................................................................?.....,...........m...........e...........r.................[...........#.......................I...........x.................w...........4.....K.......................G.....G.............................-.................v...........o...........z.....1.............................i...........6...................................>.....a...........^.................y...........z...........I.................?...........X.................Z.................>...........m.......................[.............................=.....e...........t.......................&.....s...........`...........S...........F.............................f.......................G.............................K.....i.....W...... ....p ..... ....t!....."....S"....t"....."....o#.....#.....#.....$....=%.....%

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sv.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):444074
                                                                                                                                                                                                                                        Entropy (8bit):5.5541915821924555
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:NoWjWd1DOBvgqLMxTFyxycT4RFcm/8GM4iMjSO9DE/xWcqVj5fY5p6gKb7:NoyWHwvg9FN5w5po
                                                                                                                                                                                                                                        MD5:06C878C1538813E5938D087770058B44
                                                                                                                                                                                                                                        SHA1:C8AB9B516B8470BDEE86483151AE76368646BFFC
                                                                                                                                                                                                                                        SHA-256:90DC45426BC1302AA05261F136881DDF038272E9AC315297AA8E5DAE2B31109B
                                                                                                                                                                                                                                        SHA-512:6DDF615BCF0A8C62221233687BAE1EEDA5CFD749AA8ACC179D6650987289201B405EDD453FC181A1D250EBA9BBDF61EA28FB7C694539FAE3D320BFDEA56665CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h."...i.3...j.?...k.N...l.Y...n.a...o.f...p.s...q.y...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................!.....(.....).....*.....,.....=.....O.....c.....w...........|.................C...................................L.....e...........5.....n.................@.....o.................?.....p.................d.................6.......................i.......................s...........".....2.................y...........*.................7.............................d.......................A.......................5.......................B.......................7.......................'...............................................).......................>.............................g.......................8.....Y.....k...........C.......................d.......................U.....}.................K.....................................................3.....Y...........%.....U.....h................. .........................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sw.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):466983
                                                                                                                                                                                                                                        Entropy (8bit):5.347321289295822
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:DYetNRoQ8cizJcrZ5DFCXRdPUNbQGRL8D5o8j2g7C5v3iZVqBce/Bruh2:0wNRoQszG5vX
                                                                                                                                                                                                                                        MD5:55241312A3AABA14A6B19A9012CA25B8
                                                                                                                                                                                                                                        SHA1:69FADF0817FAEC3BC6B018F0AF5F63378ADE0939
                                                                                                                                                                                                                                        SHA-256:722C86BD857A93AE06CA0B7CFE2CC04237A7ED5A52586CAB7246336C802ABE37
                                                                                                                                                                                                                                        SHA-512:612F815C25E9F593D1F1C4DE8E9016DCE048CFE90F21319C4CDBB5772580CB8C71229E9DDBA60852CD0BEC80A07A783ACE24F873D90DC3323E5FDCC44905F2C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."p.e.n...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....}.............................O.................4.................B.....T...........G.......................`.......................Q.....|.................6.....e.....s...........@.....t...........".......................o.................".....}.......................~.................+...........:.......................Z.......................+.....N.....W.......................#.................Q....._.................D.....V.................W.....b.................9.....F.................9.....B...........&.....l.................8.....d.................B.....s.................T................. .....|.................R.......................-.....z.................;.......................z...........O.....c...........E.........................................`...................................5.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ta.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1205916
                                                                                                                                                                                                                                        Entropy (8bit):4.040140087934281
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:tP3cOQSyU/FnX0m/5HqMh/Y56zxtRqcA25tm1vYpiMyk:5XX/5KWY56zscA25tm1vYpiMyk
                                                                                                                                                                                                                                        MD5:2C0A9CC4A7C775FF13A6888234265CAB
                                                                                                                                                                                                                                        SHA1:497BDE42737667FC833BBB9D8A9EDAF014D99957
                                                                                                                                                                                                                                        SHA-256:1DD55659EF21082B9D58BED50F387C0E1FC0F28D0EDE52251B9ADA25ED2A657F
                                                                                                                                                                                                                                        SHA-512:B862221CF17D3F2CA0495A8A3E1F630AB915FD9B2A46AC16C71DEFFEE9A6F71264A8550233781474D60CC6001A48C7C658C77D4E0DBD5B543E768928119D2F0F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.(...h.0...i.A...j.M...k.\...l.g...n.o...o.t...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.....k.................:...........5...........$.....v...........`...........(...........Z.................%.............................O...........j.....L.........................................m...........u...................................;.....c...........7.................................................................8...........m.....I...................................9.....d.....n...........L.....C.....4.............................3 ....a ....Z!....J".....".....".....#.....$....Z%.....%.....&....:(.....)....Z)....U*....=+.....+.....+.....,.....-.....-....F....../.....0.....0.....1....E2....S3.....3....[4....35.....5....I6.....6.....7.....8....[9.....9....+;....><.....=....p=....\?....FA.....B.....B....DD....QE.....F....{F.....G.....I.....I....'J....+K.....L.....L.....L.....N....9O.....O

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\te.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1115461
                                                                                                                                                                                                                                        Entropy (8bit):4.293134907326594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:0xWx17McKN4Ceht/d49Hwb0orWp0Bi3p1FayNdiTlC2pegqNFOVLrOo54NwQvw9k:0Ge35HMjE
                                                                                                                                                                                                                                        MD5:5F9B7A945638B88E75A3175A7923119D
                                                                                                                                                                                                                                        SHA1:6AF614F2CBD72DA2224F48A203A6430A623FC7ED
                                                                                                                                                                                                                                        SHA-256:3B476D2CE7C72C3A10170808020DC3F1A87309F9F725B08217C4716B28D10888
                                                                                                                                                                                                                                        SHA-512:3B66C9152EC032D6F2372AE5075CBFE7D0FB398C4BF173A7F8C76D91D9EAA816E6F839B90884533B46A9224E9FB52C4D439B3D1907885B8E9F80C5C55A852B65
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........1"Y.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y.............................................................................%.....b...........T.......................)...................................p.......................................................................c.............................K.......................8.....n.....b...........9.....u.....l...........?...............................................1.................!.....V...........D.............................4.....u.................@.......................".....i...........Z............ ....1!....."....w".....".....#.....$....,%....p%.....&.....'....\(.....(.....)....Q*.....*.....*.....+....S,.....,.....,.....-....:...........3/.....0.....1.....2.....2.....3....l4.....4.....5....T6....27.....7.....8....N9.....:.....:.....:.....<....J>....{?.....?....>A....OB.....C....zC.....D.....E....IF.....F.....G....hH.....H.....I....jJ....eK.....L

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\th.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):940464
                                                                                                                                                                                                                                        Entropy (8bit):4.333123617146776
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:vn0UN9LyZYA1T7z1L/LpftQvsYnDROgv1V5UdZWLRffgstBjj8/qGvdw3lozG2IC:vn03ok5j5x
                                                                                                                                                                                                                                        MD5:84AD3F888C0EC307BB7B8C278CD36757
                                                                                                                                                                                                                                        SHA1:948A5F8B43D059280D5374CA6D66E8DFC6A76D49
                                                                                                                                                                                                                                        SHA-256:56665860FE6577FBE00543A47A15E10ECEAE83458815F2989D179E42AF07F81B
                                                                                                                                                                                                                                        SHA-512:7001C0607DF927145E40A605E2B97914D02712D11E09CA20339CB1AEFB042A1F853FD06E78B76F6DC6F19B6DF837BCA12946A3470C6C064CA767AF1DB57042E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........O!;.e.....h.....i.....j.....k.....l.....o.....p.....q.#...r./...s.@...t.I...v.^...w.k...y.q...z.....|.....}.....................................................................................7.............................n...........u...........v.............................Y...........m...........`.........................................T.....m...........K...........4.....+...........<...........[.......................u.......................}.....&...............................................U.......................`.......................J.......................R.......................r...............................................h.......................c...............................................@.................z...........E.....|.......................1.....Q.............................!.....X...........] ..... ....F!....|!....{".....".....#.....#.....$.....%....N&....o&.....'.....(....s).....).....*....~+.....+....*,.....,....v-.....-.....-.........../....T0

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\tr.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):476860
                                                                                                                                                                                                                                        Entropy (8bit):5.622879660217315
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:FQ9HSLQl2q4qRv75az4lTxJXZvqcf4Sd9Ipksge7545/R+Ei1OCvdhAMTwiBK+66:F4SEl2q4qzaklVBhIpV545/g
                                                                                                                                                                                                                                        MD5:0AEDF5C2F6F4F49074A2ADEA454DF4C9
                                                                                                                                                                                                                                        SHA1:A48D9D8461E61170257897766DBD6906E754A0C3
                                                                                                                                                                                                                                        SHA-256:3F4658B3811B36F5CAD794E48E6507335ABFE78B0BFA0C80D1EF9C5D7BB410D0
                                                                                                                                                                                                                                        SHA-512:E359E446330FC154C16E34A7335174F372BCE701FAF85DE8A5F4B432CE3E10C69F42C93B7182DEAC89BB4D29750D0DD525B6DCD74A5B7BD724F544D14BA44A79
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........G"C.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.%...r.1...s.B...t.K...v.`...w.m...y.s...z.....|.....}...........................................................................................5...........X.................7.......................q...........,.....G.................C.....V.................&.....5.......................*.................,.....N...........A.......................f.......................].........................................].................-.......................3.................!.....2.......................,.......................;.................A.....R.................E.....R.................>.....J.................C.....P...........U.................'.......................(.....u.......................\.......................}.................9....................... .....y.................8.............................6.................N.............................4.....z.................Z.......................x.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\uk.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):817430
                                                                                                                                                                                                                                        Entropy (8bit):4.86581943160599
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:LVaMf4WifCrn2RIxnaLIN0ZCViZIJ7I5SB3IjzAJmEIl5ujLNiXElqb1EfC:Ld1i6rxI95bE2
                                                                                                                                                                                                                                        MD5:64AA9344ABD9A32F10D6C05A58EDA4EB
                                                                                                                                                                                                                                        SHA1:3286EE43F36E2232677B4573E8B4A3303C7DF048
                                                                                                                                                                                                                                        SHA-256:CA20AF5982AE706F5029467901D7D66F90B261F03C7D240D0D1AB2FCA2B50A7B
                                                                                                                                                                                                                                        SHA-512:DD768B314DA50B8BA5A006A4E56D70044C1AF79960834722894D930F5347194AE7F9F5697BC4CD0790A79341635CB1DF8C74FF45F74D1736049161AF5B163EFB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.....k.....l.....n.....o.$...p.1...q.7...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................#.....M...........s.....6......................./.......................=.......................X.......................*.................H...........4.....I.......................*.................Y...........G...........A.....g.......................$......................./.................j...........2...................................J.....k...........j.................z...........x...........4.................)...........:.................,.............................$.....n.................R......................./.....s.................k.................g.............................J...........9...........:.....n...........B.................3.......................<...................................m...........7...........v ..... ..... ....w!.....!....3"....P"....$#.....#....@$

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ur.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):713246
                                                                                                                                                                                                                                        Entropy (8bit):5.136901438119978
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:5xU+Nw5U8PoF8xxyWJM5T5BZPEFYWmumwQYrSwadcJKwUzu8co/9NjjFpvTg:5xP955DW3
                                                                                                                                                                                                                                        MD5:88EEF2798DEE8A361C3EA9BAFAA02A35
                                                                                                                                                                                                                                        SHA1:6F8D4CE422336CA5048EF35D6ECE360A9B416D8A
                                                                                                                                                                                                                                        SHA-256:91318006C880E427417A2B2FFF81FD451769A5536FA16D1DC185972137BC2D6A
                                                                                                                                                                                                                                        SHA-512:DB36B58186F165FF3F746AC483F75B6FED596FAD9B3F335E86B374B359E563407ACF58AC7CDED9420E4FCB91F31EEBC8A91C7777EA59BAFCED8CFF2F1C0E9A53
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........."z.e.Z...h.b...i.j...j.v...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.%.....-.....2.....:.....B.....J.....Q.....X....._.....`.....a.....f.....~.............................p........... .........................................+.....`.......................>...........I.................L.................;...........G.............................}...........^...........N.....m.........................................;.....g.....E.......................@...................................:.....\...........E.................=................./...........N.................P.................3.........../.....{.........................................u.......................,.....r...........".......................k...........+.....L.......................N...........O.................[...........6.....\.................(.....Y.....)...........`...........h.............................5................._.................H...........| .....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\vi.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):564786
                                                                                                                                                                                                                                        Entropy (8bit):5.797828508773141
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:KwEm5WJNuE+ciwJFrAsUaBScxgsHlZ0JdHqRPzaM508ETCoFAi1PzisTm7oA:TAJoE+ciwJFgaTxgsHf0J4P508uCri1c
                                                                                                                                                                                                                                        MD5:4C5C09CB7E6EB120C8019FE94E1AC716
                                                                                                                                                                                                                                        SHA1:F018E7F095605E21DB24944B828CC3580CBA863F
                                                                                                                                                                                                                                        SHA-256:E7319CA18EBA379772954132493BBABB448D4E97D755B85360ED337216B48800
                                                                                                                                                                                                                                        SHA-512:D171EE83CF02A8904290A74DF1224556887E41333B8A01FBD95F0CACC88D230195FBFB6F99F9E02573D4864B3C95B570A77C2A0B1E19324D2599925E40684807
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.....h.....i.....j.....k.....l.....n.....o.....p. ...q.&...r.2...s.C...t.L...v.a...w.n...y.t...z.....|.....}.....................................................................................$.....C.......................5...........I.................c...........W.....}...........~.................>.......................3...................................O...........A...........S...............................................G.....^...................................\.................`.......................z.................%.................A.....R...........P........................................./.......................D.......................W.............................b.................g.................2.................1...........(.....^.....~.....'...........#.....r...........V.................;...................................W.....~.....!...........7.....K.......................H...........1.....f.................R.................7.................@.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\zh-CN.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):408159
                                                                                                                                                                                                                                        Entropy (8bit):6.667080735281946
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:iDL1fUjJVNmz7+anG7a5DnyykkFS5C4TNpI3DaNllf:sGJV4zia/5Dny2S5jTNpI3DY
                                                                                                                                                                                                                                        MD5:07B6C43D87DBF93AC8ABE6837F3C2103
                                                                                                                                                                                                                                        SHA1:79E033179B445609B3F1756C3F4184D5EFACF1C2
                                                                                                                                                                                                                                        SHA-256:7F85B35938FADCA91BFD8F92CA53613718E375EF010C340947DD27A4FF66594C
                                                                                                                                                                                                                                        SHA-512:38EF8F8A8A950B11C18EB7A40DA721B888EF792A49E1371DC8C1EB22058A6791F95BF9B25DF4BA190A7AA6CB62CE38B0BFAEA83C71B62CDE6980D12CF9DA53F9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........!..e.h...h.p...i.x...j.{...k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w.....|.....}...................%.....-.....<.....A.....I.....P.....W.....Y.....^.....g.....s.........................................E.......................C.......................N.......................R.......................*.....w.......................X.....~.................s.................%.............................h.......................T.......................j.......................I.....c.....}.................6.....B.............................i.......................q.......................Q.......................6.............................`.......................{.................".....k.......................G.....l.................:.....^.....p.................Q.....q.......................&...............................................1.................b.....t...........@.....x.................=.....c.....r.................#.....3.......................%.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\zh-TW.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):404179
                                                                                                                                                                                                                                        Entropy (8bit):6.680398224941187
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:SpyK3dSRMig8KJ392h2Du0AhVF5a5nzICFG0yn/9yYTo:k2dgpfAhVF5a5nzjqn/e
                                                                                                                                                                                                                                        MD5:960E99A171C4ED4B6D787027BA88774D
                                                                                                                                                                                                                                        SHA1:E3869AFF0C52841C9DF718133E7C4BE2977DE7FB
                                                                                                                                                                                                                                        SHA-256:E42640F5309ADD2EA7FD5A4DB503B93E479EF14807710A06D7E53A0F261DA8E6
                                                                                                                                                                                                                                        SHA-512:4E51D787AFF8F425D101882BD70E71B88B253F2CA61ED54DD7FF77C7E3A1D6570B270F4EB91F2D03869EA4537D09E141F3E32EA3A27537295EC698BF26305CBF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........t!..e."...h.*...i.;...j.?...k.N...l.Y...n.a...o.f...p.n...q.t...r.....s.....t.....v.....w.....y.....z.....|.....}.......................................................".....+.....7.....F.....U...........E.......................=.....f.....r...........2.....d.....v.........../....._.....t.................E.....Q.............................y.......................m.......................e.......................M.......................<.......................R.......................X.............................V.....v.................!.....D.....S.................$.....0.............................f.......................N.......................&.....{.......................x.......................S.....m.......................3.......................).......................*.....p.......................+.....z.......................b.........................................Z.......................l.......................6.....w.......................C.....j.....|...........5.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources.pak

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5409591
                                                                                                                                                                                                                                        Entropy (8bit):7.995554964553005
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:98304:SUUxSt0AoqmWPV95jG1p60RCPNSIh1SUeCQ29GrwrJ9ctYXiQxSlzY7G/bh4sWrr:SUUktgqdd95jghUV/hQUeCN8krJ9YY+A
                                                                                                                                                                                                                                        MD5:2694D3CA546E9BA8B37201741D1B8FFA
                                                                                                                                                                                                                                        SHA1:322EE81DB1036EBA84D8991BFCB2E6D829B9D632
                                                                                                                                                                                                                                        SHA-256:F66BA8D1C1ACD35F244965433D5CFEB1D0FB3B81AFC630F131AD9C9E288D03E0
                                                                                                                                                                                                                                        SHA-512:4D555C61040D48CC8E2237867885A0651CFB4166FEB0F18E4A442540E1C1123571B1298125507D98B4C833717A9E4D732C8C6B2C487009C639BC3447740CE60A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........"...f.....{.X)..|.,,..~../....;B....aD.....E.....O....q...........5...................................f...........A.....a.....?..........<.....<.....<.....<O....<~....<.....<.....<.....<.....<L1...<B8...<M<...<.<..P=.<..Q=.@..R=.B..Y=BG..Z="K..[=.T..\=ec..c=...d=t...e=....f=...g=#...h=....i=....j=%...k=....m=[...n=.....=.....=....=.....=.....=.....=.....=.....= ....=.....=.....Dl....D.....D;....D.....D.....D.....Dq....D.....D~!...Du-...D58...D.I...D.[..pI.l..qI.y..rI....sI:...tI ...uI...vI...wI....xI=...yIi...zI....VJB...WJ....ZZQ...[Z*...\Z....]Z....^Z...._Zs...`Z. ..aZx#..bZ.'..cZ.(..dZ.*..eZ.,...ZV;...Z.A...Z.F...Z.G...Z.K...Z*_...Z.g...Z.j...Zmm...Z~v...Z.{...Z9....Z1....Z.....[.....[.....[w....[.....[.....[(....[.....[f....[.....[.....[7....[.|...[A...~.........................<...........<.....-...............................................N.....6......................................... ...........$.....Y................_...........w............................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1262
                                                                                                                                                                                                                                        Entropy (8bit):5.412279038895346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:v/WFGWvVB/yvVlx1RnQnkfP4RRg5RuBRGHC:v/WkUVB/QVDQkfgR65RKR7
                                                                                                                                                                                                                                        MD5:5B34CDA07F9DB2DCD583C98C2A357C9A
                                                                                                                                                                                                                                        SHA1:75116E9EB0BD4D967E4E1409E8CA321DF74AB658
                                                                                                                                                                                                                                        SHA-256:E20A734E0B2CA43293B87CFA8F31AB43EAF99A89F90482502492546D7E34141D
                                                                                                                                                                                                                                        SHA-512:C4E5D699A10219FE649D848CD60547D73089EF007F38BB905947068792C3E76D1A173B274ED69CD43C85A7B6F10B90BBFDD426EC63E24741F799619EE94CA450
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................{"files":{"main.js":{"size":689,"offset":"0","integrity":{"algorithm":"SHA256","hash":"692b0b0bb4388cc72d7fbebd13608c779fd28ed6792ac38db8fdaae3e55391e9","blockSize":4194304,"blocks":["692b0b0bb4388cc72d7fbebd13608c779fd28ed6792ac38db8fdaae3e55391e9"]}},"package.json":{"size":53,"offset":"689","integrity":{"algorithm":"SHA256","hash":"d3565de5ec307c1dcc57fc9550976e67bac071eab7970673f63b6a6ccca24baf","blockSize":4194304,"blocks":["d3565de5ec307c1dcc57fc9550976e67bac071eab7970673f63b6a6ccca24baf"]}}}}...const path = require('path');..const Module = require('module');..const { app } = require('electron');....// Parse command line options...const argv = process.argv.slice(1);....let file = "";..for (const arg of argv) {.. if (arg.match(/^--app=/)) {.. file = arg.split('=')[1];.. break;.. } else {.. file = arg;.. break;.. }..}....function loadApplicationPackage (packagePath) {.. try {.. // Override app name and version... packagePath = path.resolve(packa

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar.sig

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (684)
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):685
                                                                                                                                                                                                                                        Entropy (8bit):5.947506019169076
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:xjRe3mjT7X7ovJZ46imOX6oDdHJ62RgjFklzBLpHUDyY7PdKfFlbln:xjI3mjf76o6imQtDZ+xwR+pKdlRn
                                                                                                                                                                                                                                        MD5:2F8397E50536FB945500F7242D9EEACF
                                                                                                                                                                                                                                        SHA1:C18EE272D0ED2269844BE4DF93BF4E26028944DF
                                                                                                                                                                                                                                        SHA-256:83840B400EF2A00E9CBB6299DEA20DFCC0DFD9689D382169C0301D89B51A8E88
                                                                                                                                                                                                                                        SHA-512:F6B48EDB8E608837BE9ACB40AB3CC56C5A5668716B960EC31946CFBBC80BB7E4E7F118BC3041AADE76D0F8B2D28D7C1CCA4DE26E48BBCFE86326A124172F262B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:En79ab3KpCJVSQy9cdi2nTsRH+OuEiF7lzGxoXVPNNIqUu6PWra5wK1BuQM7/8aM1zLhamhr6eeUxeMkzZv1rdXlI5k4ykt3eddiJTFwAQ+J1AkkwquVDaeWMQU9GKkIcAkNzPr7v93z+tMd/hhY5ekNQMczHuaZkjXTezXd/sZ41F5RWNsBnC1Xky7YQ7OLj0GdwKTKpJHeInkHTn/pz/NKuHB7s9q2FCU/WPUb3lgQDuz9d969vJjqscG46iuRLcBxLV6IKgayw+kOzlTR6ZJM3FCM5KGVaDD+4vIF5qO/ZQEqx7//nlcigPTBiMIoC050mRz9rNYl7oVVFB7CP2cna+5dlACsc7s/3jPX971ofpTRV7ZmXwAXE+VAQX+FO3/4p3Esn1GjtQTX+WeE/7v/FMvMCnZ5t/2RbhAUkaPhleVYwhUEfEY0tFT88zh6jmNSjrTtMl3IrLMnIkVdY5s4FMlP6ZB859FdvGhfAazqpQZsbvb5rZf3WVfKd5cZ6fZ2V2X0qW1cL7rSkB1zMVEcvyJirWuUiSx3/IFtcMWTubq8amswGNTRYyVxQoEEof+ekQNysuOoGEpEGkX6oETY88FSOYZxBZGBAgBp8MGY0Gew7CWnQja3QxeuPTpx+9tS9Y0saAcwUS3yToOWCUUPSftY0XOpfoiVPeOjolM=.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):166021264
                                                                                                                                                                                                                                        Entropy (8bit):6.737540703169629
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1572864:I69T1tvks4hW81ZG8M1wDxA2td8ql5kMyIjPmreeatjGqyoWdy9l28+6ChQphDKp:W6Y/U84
                                                                                                                                                                                                                                        MD5:EECF7A555E3BBE3C95008DADE51C9322
                                                                                                                                                                                                                                        SHA1:9AF0F383838125D1B50455325CEFEB784F673140
                                                                                                                                                                                                                                        SHA-256:2AF8C0E0F20B19D2845DD823D0353B338A84EEFDC4E0186131FDDB0680152772
                                                                                                                                                                                                                                        SHA-512:B5BD8AB13FC9A2AA0EB51148BCC06982C787727ED5F3CA0CD7B288E1AD15E538AD18C12F39E32431DE09389CF620D0E9CB7090A039D018455915F0ED3D46B73C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....ce.........."...................,........@..............................!......I....`.............................................i6..$...T.......|}.......<B......:...0...v...Ux......................Px.(.......@..............H....8..`....................text...)........................... ..`.rdata..."s......$s.................@..@.data....mD......n.................@....pdata...<B......>B..b..............@..@.00cfg..0...........................@..@.gxfg...@B.......D..................@..@.retplne..... ...........................rodata......0...................... ..`.tls.........P......................@...CPADinfo8....`......................@...LZMADEC......p...................... ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc...|}.......~..................@..@.reloc...v...0...x..................@..B................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\snapshot_blob.bin

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):268732
                                                                                                                                                                                                                                        Entropy (8bit):4.129712207392431
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:rbr3R2ER50fFjzgZ911bECxLyuUR27gLz3jzOXSO2xQJjKbCP:rP3R2E0fFCFbECxe527gvk
                                                                                                                                                                                                                                        MD5:40A3C2200E4126E8C47A7802532C9236
                                                                                                                                                                                                                                        SHA1:212A4686DEA5A467B7B6FA54397E42122B235F1E
                                                                                                                                                                                                                                        SHA-256:94AA518FC892EE9A0F1EB5FE35B60123EE61A5F848864B00519B96D8D5D9786D
                                                                                                                                                                                                                                        SHA-512:FA1A943822ABE3737587D520654078117CAE86C58FEFE6DD6A09F4A08C09293E9547A0AD79C52F8638DFBB1C496DF3D0E828CE414176C8FBB77113BE41212866
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.........J|j11.6.189.22-electron.0...............................................c...z......X...a........a........a........ar.......a........a..............m.D.-.....q....`$.......y.D.1.....e....`$.......D.5.....q....`$.........D.9.....q....`$.........D.=.....q....`$.......Y.D.A.....q....`$.......D.E.....q....`$.......D.I.....q....`$.......}.D.M.....i....`$.......D.Q.....q....`$......ID.U.....q....`$.......D.Y.....q....`$.......D.].....q....`$....(Jb...(L.....@..F^.!..%.`.....(Jb...,P.....@..F^..`.....H...IDa........Db............D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\v8_context_snapshot.bin

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):595812
                                                                                                                                                                                                                                        Entropy (8bit):5.22268730962
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:6TY0P3R2EpdCFbECxUg8zifcarDJI2GZaGKtQPd9ZVetBRkPjBgnYAz7E:m5itRHtQfVEP7E
                                                                                                                                                                                                                                        MD5:264E3B574E4F86B1FC47B2427402E779
                                                                                                                                                                                                                                        SHA1:4A4F9E7C3DA262713E4CF7AF6AC51822C56B5EF3
                                                                                                                                                                                                                                        SHA-256:ED559C6E81B6003B2057E5C1B0BDB5B28CA094B895CA86C69FE11C5C9E014F06
                                                                                                                                                                                                                                        SHA-512:144365D0FB83576AAA02EA6ECEA51D7BA2CACB044EEA568A08F65B98A83D3E7D7E693738E065E22F94BFD1165D0EA93A749DD1325D829257A9BB6607A9A927DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...........11.6.189.22-electron.0..........................................(...tY......................a........a........aT.......ar.......a........a..............m.D.-.....q....`$.......y.D.1.....e....`$.......D.5.....q....`$.........D.9.....q....`$.........D.=.....q....`$.......Y.D.A.....q....`$.......D.E.....q....`$.......D.I.....q....`$.......}.D.M.....i....`$.......D.Q.....q....`$......ID.U.....q....`$.......D.Y.....q....`$.......D.].....q....`$....(Jb...(L.....@..F^.!..%.`.....(Jb...,P.....@..F^..`.....H...IDa........Db............D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...........................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\version

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6
                                                                                                                                                                                                                                        Entropy (8bit):1.9182958340544896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:XTLUn:En
                                                                                                                                                                                                                                        MD5:AE2106EA876113FD0B975AEDEBAD2F89
                                                                                                                                                                                                                                        SHA1:ADDBF88EEA9506928B8F4665D8103F4AA9FBD070
                                                                                                                                                                                                                                        SHA-256:E21F1B660AA2C8675DBC6486B0D9CCB5EC9CBB988098E9905E2B49B8C1DC94F8
                                                                                                                                                                                                                                        SHA-512:37CD1E08432469D75F4CA939D5B57ED3AFBB4232395D6BE9C6B49652EABA6C4BA8006DA16CE9E988A99E61C7B54BDDE36A375F84A464D9D3D14C105A2385E94A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:26.6.1

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5142528
                                                                                                                                                                                                                                        Entropy (8bit):6.355922756005317
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:J6PkZFjyeDTIEvAvlo6coVQxa8sVr06l1Z+MuXy55KfD5KNt7wpr30sN+05uQKYY:JNZFjYgpOz0ueCCA2EmgCvGRKw
                                                                                                                                                                                                                                        MD5:B7A271574FE36F3134D72FB86DECCA02
                                                                                                                                                                                                                                        SHA1:9C9B26F2C137D0439B938F6D2ED80F830F7D0F2E
                                                                                                                                                                                                                                        SHA-256:DA25A529E78CA6068CB84DAD50E43B054357C887DF434A0E083B266279CC16A0
                                                                                                                                                                                                                                        SHA-512:E45AA72D82883E51CD3C6DFF02C4B2CFEC063B82D53C4620963C80C406302DE8EA5F723DDAF4E084BBCEE2678413150654FA5B979F5035A8870BBF1802CFC14C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....ce.........." ......=.........0P6.......................................O.....+.N...`A..........................................I.~...>.I.P....0O......PM..d...:N..>...@O..}...LI......................KI.(...@.=.@............I.P............................text...O.=.......=................. ..`.rdata..4.....=.......=.............@..@.data...P.....J.......J.............@....pdata...d...PM..f....L.............@..@.00cfg..8.....N.......M.............@..@.gxfg....,....N.......M.............@..@.retplne......O.......M..................tls....Y.....O.......M.............@..._RDATA..\.... O.......M.............@..@.rsrc........0O.......M.............@..@.reloc...}...@O..~....M.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vk_swiftshader_icd.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vulkan-1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):955392
                                                                                                                                                                                                                                        Entropy (8bit):6.604758673715379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:QA9nIy2rMjWPvnaFUNUQp466Z5WoDYsHs6g3P0zAk7Rjnl:Nt2Yj0n7NU766Z5WoDYsHs6g3P0zAk7n
                                                                                                                                                                                                                                        MD5:813EEB7306256D152733E03274364DD4
                                                                                                                                                                                                                                        SHA1:FE23BE85A45D060F05B5CB4F05D9DD2642AAE1E6
                                                                                                                                                                                                                                        SHA-256:DC51D2BE2E03AB812A3CBE11824B7B79F627C0D7C4608E91C0D9095AE92BB693
                                                                                                                                                                                                                                        SHA-512:CCE9CC47ECB51F8F55BFC4F86F849FDAC8A642997C2CFC1F310676C7C1014F7BB814A364630BF528CDB489E0D93654631A908C44181BF22B5BD5A60D5118764C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....ce.........." ................................................................g.....`A........................................0...<!..l...P...............Lq...V...>......T...............................(...@...@............................................text...V........................... ..`.rdata..4...........................@..@.data....M....... ..................@....pdata..Lq.......r..................@..@.00cfg..8....`......................@..@.gxfg...P(...p...*..................@..@.retplne.............>...................tls.................@..............@..._RDATA..\............B..............@..@.rsrc................D..............@..@.reloc..T............H..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):814440
                                                                                                                                                                                                                                        Entropy (8bit):6.475715690608882
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:DkaJoYf9Z+uUMidkp22We0cRxoJy5DPbTtsqq5dlgM7qcNmP1bGq06ZIEUKth1Ok:BJll87GY2q61llaOZBjKt5qqxG
                                                                                                                                                                                                                                        MD5:3068531529196A5F3C9CB369B8A6A37F
                                                                                                                                                                                                                                        SHA1:2C2B725964CA47F4D627CF323613538CA1DA94D2
                                                                                                                                                                                                                                        SHA-256:688533610FACDD062F37FF95B0FD7D75235C76901C543C4F708CFAA1850D6FAC
                                                                                                                                                                                                                                        SHA-512:7F2D29A46832A9A9634A7F58E2263C9EC74C42CBA60EE12B5BB3654EA9CC5EC8CA28B930BA68F238891CB02CF44F3D7AD600BCA04B5F6389387233601F7276EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lC. ("rs("rs("rscZqr""rscZwr."rscZvr;"rszWvr8"rszWqr""rszWwrv"rscZtr)"rscZsr?"rs("ss."rs.W{r "rs.W.s)"rs(".s)"rs.Wpr)"rsRich("rs........................PE..d...x6.d.........."......\...........(.........@....................................0.....`.................................................T........`..p.......xW..."..hK...p..........p...............................8............p...............................text....Z.......\.................. ..`.rdata...'...p...(...`..............@..@.data....F.......*..................@....pdata..xW.......X..................@..@_RDATA.......P......................@..@.rsrc...p....`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\Dia2Lib.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58000
                                                                                                                                                                                                                                        Entropy (8bit):6.450429603336052
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:2QMT4Q3O9ymyKJcy3Xs3y4rV50sds8SzUwHhaHRKrLy2Ip4PPCxf1mlD0O:rQCye14oGs8SNhaHi/9PAfIIO
                                                                                                                                                                                                                                        MD5:771AE99E62F3F041ABA9014682C931AA
                                                                                                                                                                                                                                        SHA1:96FF034CC69E3F8A2D2FFF736E62401B53033C54
                                                                                                                                                                                                                                        SHA-256:DCCD68E5689B31CE6AA58E86040773EF68CCE34A47241664172CBDBB2351C4BC
                                                                                                                                                                                                                                        SHA-512:6AF6D79729931517E68BBB5EC6FA527B6128A814A89C6B68DE42109064B39FDD33F3155ECCEA3CBD300AD6F270CF6C0C4E063FCEDBD85613131177B37D065F07
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.NZ...........!..................... ........@.. ....................................@.................................P...K........................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........ ......................P .......................................*..E...$....8..5>I....zc.9.]hOy......=.....jz.......cxR.Be.mZ...............8.K......o.(...i...3.%.....PO.F...Jq...DBSJB............v4.0.30319......l....Q..#~..,R..d6..#Strings............#US.........#GUID...........#Blob...........W.........%3............*.......................q...w...#...........$...'.................{.........).....G.....U.....r.............................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):628
                                                                                                                                                                                                                                        Entropy (8bit):4.762181201599217
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:tIDRFK4mAX7RoCUcD+PYCEiiGNGNdg6MhgRoCUcD+PYCzNGNk/nRFKgOhn:Us43XVobmMY9ipNVeobmMY6NXpsgOhn
                                                                                                                                                                                                                                        MD5:789F18ACCA221D7C91DCB6B0FB1F145F
                                                                                                                                                                                                                                        SHA1:204CC55CD64B6B630746F0D71218ECD8D6FF84CE
                                                                                                                                                                                                                                        SHA-256:A5FF0B9A9832B3F5957C9290F83552174B201AEB636964E061273F3A2D502B63
                                                                                                                                                                                                                                        SHA-512:EAE74F326F7D71A228CAE02E4455557AD5CA81E1E28A186BBC4797075D5C79BCB91B5E605AD1D82F3D27E16D0CF172835112FFCED2DC84D15281C0185FA4FA62
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe assembly's progress...The file is located at C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe assembly's progress...The file is located at C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\Microsoft.Diagnostics.FastSerialization.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79504
                                                                                                                                                                                                                                        Entropy (8bit):6.220009040083083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:lG8N6w60T7kWU8EDk26WxvrkJAsSVQ11XVBuBQkjHi/9LfII:lGY6w60T7kWU8EY26WhAAbQ11XVBlkl
                                                                                                                                                                                                                                        MD5:DA77DE075A56F5D84FD0097A28650ADD
                                                                                                                                                                                                                                        SHA1:AF8773B88D44A59088295EDB53E2B11DF1AD448B
                                                                                                                                                                                                                                        SHA-256:316DF4385DB10D7A426C3054007C99E0AD1446AA6E85455D7E7DEDFB6B5D5B5B
                                                                                                                                                                                                                                        SHA-512:6F2E124FCB1534C76D44CCDED3785043F68BB6D643B002EC71668730BDB4E3FB60186F55FBB65F339FAF9478DA253424C8AE646E850D358797A49D3073652D53
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0.................. ... ....... .......................`.......1....`.................................e...O.... ...................:...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........~..P...................8........................................0..(........._,..l(2...i...+...]-..*..X...1..*....*.0..S........./.r...ps3...z~.......+.......2..*..X....i2...`.+..(....,...Y.e],..*..X.. ....2..*..0..!.........Z.. ....6. .....1. ....*.(....*&.j.n\.jX*..0............nZ. d.jX.nZ. dm..*b.H.E...%.x...(4........*....0........................,..-..s5...z*Zri..p......(6...s7...zBr...p~z...(....z6.......(....z"..s8...*^r...p..(9...r...ps:...*:.(;.....}<...*:.{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3072656
                                                                                                                                                                                                                                        Entropy (8bit):5.981049662169802
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:QGPhcAzmc+AzxpCqu6xX/mazyzDS/B6nEL8Esb2X+ThBtQvxqyfMzrvrBrVJ:pWOmczVpCkvmzzDC6nKsbSMQZqy8
                                                                                                                                                                                                                                        MD5:90999F7893D251FDBFEA7D5D9A13DCAE
                                                                                                                                                                                                                                        SHA1:BC2CBFE15456C6C22E8A73964DB6C32F490DCBE8
                                                                                                                                                                                                                                        SHA-256:F8A01AAACD600867AE37C7CD989155BE6729D65A0940813BA4ED0B1462E502DB
                                                                                                                                                                                                                                        SHA-512:AE73BC354B3CF627F6643C740562FEC045B61C872E29B21C468C4D68287BCF92EE70DE9BBFADCFDBB7099944008868EBEFD8E423F43624CDA7D727C00A4EE3AA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ......................../......./...`.....................................O........................:..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......L...L.............................................................{[...*..{\...*V.(].....}[.....}\...*...0..A........u........4.,/(^....{[....{[...o_...,.(`....{\....{\...oa...*.*.*. ... )UU.Z(^....{[...ob...X )UU.Z(`....{\...oc...X*...0..b........r...p......%..{[......%q.........-.&.+.......od....%..{\......%q.........-.&.+.......od....(e...*..{f...*..{g...*V.(].....}f.....}g...*.0..A........u........4.,/(^....{f....{f...o_...,.(`....{g....{g...oa...*.*.*. B.8' )UU.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\Microsoft.Win32.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.984207052315847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nN9VWhX3WrrjP9Z95Xa/rl9qX2Ip4X5wCjdAA1m5wMDBu:NGeHRKrLy2Ip4XCCxf1mlD0
                                                                                                                                                                                                                                        MD5:492C56C6D03D50225215F0FCCB31A2E5
                                                                                                                                                                                                                                        SHA1:B5C872D6D6DA4195D495B1AA55F10FF35CE1245F
                                                                                                                                                                                                                                        SHA-256:64F9B2FB46A353BC5F9AAFB240BD8E6A3B8AB6398B1915563CB6AF7AF256669A
                                                                                                                                                                                                                                        SHA-512:B6238BB5E095F3016DFDC0A667DFCA0B1EC1949F70C98D9C4FF520D42E1C68FC057285425685D4F203A6CE605981F8F8B6DDC9CA572CBF3C1C64F17D01443210
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@..0................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\OSExtensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32256
                                                                                                                                                                                                                                        Entropy (8bit):6.750742199085297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:lap2N4EhmXBk4iHj4o9dY6sHRKrLy2Ip4YTxf1mlA6aZ+:Ep23hmRP4nBsHi/9kfInaI
                                                                                                                                                                                                                                        MD5:3B62657ADB40EF9C4B26C49615A0173C
                                                                                                                                                                                                                                        SHA1:7F207570DE8F34EB93641FD60DE18108C487ECB6
                                                                                                                                                                                                                                        SHA-256:A4C41E535860E92FE2C6DA72D5852868CFD0C1D362C85E293E48AF9ADF1827CC
                                                                                                                                                                                                                                        SHA-512:408B4E904D982A6EE879A7CD5141A4EA89C36862EB240E9842B970AEE7CF13F7B389BF594C55BB9C438D0B4AEEB43E8EBBFBCEAD1591532735A254D9D5F4288A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.#..........." ..0..8.........."V... ...`....... ..............................LV....`..................................U..O....`...............@...>..........8U..8............................................ ............... ..H............text...(6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B.................V......H........,...(...................T......................................:........(....*..0.....................}&......}'..............(.........*...0..A...................}(......})......}*..............(......,..(....(....*N.-..* ..... ...._`*....0...............{7... ..@._,....,[s.......{7...(........(........(.......(.........Y.....1.r...ps....z....(....&.(.....(....*(......{7...(....f_}7........(....*....0..........~..... .........(.......|0... .b)" .a.. .K.. .....%.4.k.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\SQLite.Interop.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1646728
                                                                                                                                                                                                                                        Entropy (8bit):6.550293918842392
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:CKBZFqX8TvXzlaPmAA6rKmEOwksSf0WBA:CK3/z0he
                                                                                                                                                                                                                                        MD5:3EC7CF091E6D6D30EDE3983A7C86756A
                                                                                                                                                                                                                                        SHA1:4E57D4370C2E7397FDE04E1B5821FDFEFC8A1CD6
                                                                                                                                                                                                                                        SHA-256:E2B48CE46D04F95DF87D49BEBC7A4A3275225D9AB27F278AFC4FDDF974FD6406
                                                                                                                                                                                                                                        SHA-512:AD8E1789DB2931FB3C879F62C539CA7DEB9CC9E3D929335CD1171FD164D3AB5C270F2237682E693EFE0F82647012161AD7C0938D2C2BF25928CB5AC20D857FA7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................:... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.AppContext.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.978744934396574
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:YDNxWQFWWrjP9Z95Xa/rl9qX2Ip4z2yTjdAA1m5wMAvru4LTrZIjQ7yyRs:YDNVTHRKrLy2Ip4LTxf1mlA6OZM8s
                                                                                                                                                                                                                                        MD5:979925F3CEF9F0B9ACC19D26E339912B
                                                                                                                                                                                                                                        SHA1:5C04FC85D3BFBDA4ACDEE480F3F9A6F30B25AF5B
                                                                                                                                                                                                                                        SHA-256:A479D89EFC4744AB6B3A91F24F2C63C8A7332786A6B65F87FD7046A101F62C40
                                                                                                                                                                                                                                        SHA-512:29A23B0A669FA20F880F1FB414F49C5A3D80682EBE3D88FED80B6168C61B7EDCDE3DEE17290967E3A34809D3EDD1E555199438FC4C7C53F4DB295BF08A63B729
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ....................................@..................................(..O....@...................>...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Collections.Concurrent.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.042295947879012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Am2igOWnW8rWlrjP9Z95Xa/rl9qX2Ip4+/nTjdAA1m5wMAvru4LTeZIje:gtsHRKrLy2Ip4knTxf1mlA67Zd
                                                                                                                                                                                                                                        MD5:792D0C83FED25753C1DF8F08AD5A5E99
                                                                                                                                                                                                                                        SHA1:027A17662AB34D248388D6E7587BF3F125CAF0EA
                                                                                                                                                                                                                                        SHA-256:87E227E9F7AE7CAEE32625109F4C6D7DC2A7F73FABB07B8FB8C3E04FE549D79E
                                                                                                                                                                                                                                        SHA-512:26CCEE818AFDE2CEA0D6457DA34235D3535806727CBB4F1EF7A58BCBD7B46BF953F3D9211250AA955079CE6D55D0E6107EE4796621D7E4A5F201A3D7A0131550
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..D................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Collections.NonGeneric.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.027720924382012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3napn1iwwPWcGW8rjP9Z95Xa/rl9qX2Ip4QoyCjdAA1m5wMzsPue/:qDusHRKrLy2Ip4QPCxf1mlzze
                                                                                                                                                                                                                                        MD5:EE10259864E9701525FEB46AF8A2D668
                                                                                                                                                                                                                                        SHA1:EC412F80EDF85C5A0D72DE5C5943BCFEE8BC27BE
                                                                                                                                                                                                                                        SHA-256:3757611D8618E2DD166B23793E3D2FD42DE3C717153D265A83783AA70B832960
                                                                                                                                                                                                                                        SHA-512:74FDE33BFBD9F19120AB321325408314232FC6EAAE12DEC915811BE3AF0DD56CF14C896A6CE27AC259B0D21431FEBB75443A115C46047642114FA559E7E0741E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................<.....@.................................p)..O....@..@................:...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Collections.Specialized.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.0308593662962195
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:HHLaEav5aaUa6arWVLWnrjP9Z95Xa/rl9qX2Ip4HXCjdAA1m5wMDBuYQ:mPv5t/NO2HRKrLy2Ip43Cxf1mlD0YQ
                                                                                                                                                                                                                                        MD5:16D2C673AA6AD02E71C5D96C778E7994
                                                                                                                                                                                                                                        SHA1:54A6628F49B0A68B8F7F44C0822F8E072F3888EE
                                                                                                                                                                                                                                        SHA-256:81D9E455790D1093214BCE4058D879616CEF04C2EFF5410E930E496B4126559C
                                                                                                                                                                                                                                        SHA-512:FE5FCFA1E366C3B801C286CF940A75D9486F33DE03FF0CF516028E973F2FE47A7669571D74BA620685E679F4723F68F9FF688731D2562A7E65DBD70623BE0EC9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ...............................b....@..................................)..O....@..P................:...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Collections.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.921371620507193
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J6iIJq56dOuWSKeWErjP9Z95Xa/rl9qX2Ip4K6gYCjdAA1m5wMDBu:XiAMHRKrLy2Ip4K6pCxf1mlD0
                                                                                                                                                                                                                                        MD5:9D3D19EE2BE4AAE01A0A9B0FB4D9E3E9
                                                                                                                                                                                                                                        SHA1:6C9DB4C90C9B88CEF86295F963212A38ECFF3CD9
                                                                                                                                                                                                                                        SHA-256:EA435047D3403FF0E2D6123FF96FD7BFE2021384AD8030AC1D973DB7E916C91F
                                                                                                                                                                                                                                        SHA-512:1AF379AB9452E809E48FA637218B7C64C4988B62A414B0DF2C74C5A7C6B49B7ADB003708C00AFEE4F0195A58D6F170702523840FBF6360660EA5E88F3B8D0A5C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................:...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.ComponentModel.EventBasedAsync.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.974894012448519
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:+nzz+MpSaLWW0+WarjP9Z95Xa/rl9qX2Ip4iCUPlTjdAA1m5wMAvru4LTLZIjt:QpuqHRKrLy2Ip4ibTxf1mlA62Zq
                                                                                                                                                                                                                                        MD5:48F51C415422EC4FE415F81402D73841
                                                                                                                                                                                                                                        SHA1:C6D3443DEFE15AA08722F6B6EFD63AB500A254B1
                                                                                                                                                                                                                                        SHA-256:D67F601AD228DF36C199467BD86EE62B47D18AE57B7A08E13B0502B667D3C187
                                                                                                                                                                                                                                        SHA-512:636EFD35AA0222E30B1C6828C3581A0698F1ACC8D617CF763E0332D75D8EF247686AEB25D73C21B4E42FCF1F5FD576EEC323A480582E244FA3507BD782124B37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ....................................@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.ComponentModel.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.007544012128594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qGhr+YUfyHxsW/HWJrjP9Z95Xa/rl9qX2Ip4BTjdAA1m5wMAvru4LTIZIjay:ZkmcHRKrLy2Ip4BTxf1mlA6xZ7y
                                                                                                                                                                                                                                        MD5:A15F6061F42AF97FFDD51061BCA9C58D
                                                                                                                                                                                                                                        SHA1:A43B2FE6EE0E99DADDBCA6A40AC9B3A02CE3FA6B
                                                                                                                                                                                                                                        SHA-256:CBD238D92430EB86E08D79619F711B0E9EC11715819EF118721E1B981D980A87
                                                                                                                                                                                                                                        SHA-512:C0B2781D16DCF790FB9CDB623EC549A6893E26DF9B4DEB1A4606AB7FF12F31BC36AF4885C14B0EEC00B26ABAD23CBF3A55FE9376B198F0B5F9337C1FBAF265A2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ....................................@.................................<+..O....@..`................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.ComponentModel.TypeConverter.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.936578907474719
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dRE+ruiA5vzWeNWwrjP9Z95Xa/rl9qX2Ip4VgB6CjdAA1m5wM36QNuZL:dS9btHRKrLy2Ip4V+6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:360D42F24B4E08FA056AB58734A4CD36
                                                                                                                                                                                                                                        SHA1:DA6E32A298A749ED5C3FA3E05AC2541E1513DB21
                                                                                                                                                                                                                                        SHA-256:B3527A56EBC1FC120BD9E8F9B0E950A56E2D012DA3AD6976B4B7DBED61D9EC8F
                                                                                                                                                                                                                                        SHA-512:D83B5F80769842B29D7031A542EE8BDE192EA221BEB42E220DD28093C3808FB6CF361B33304D632D571597CBAD8EF339EF22D97FAB5D864ADA1B1D4D0C52D6D9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ...............................f....@................................../..O....@..p................:...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.ComponentModel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.008766161447553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VT+6ywnVvW0LWjrjP9Z95Xa/rl9qX2Ip4IrTjdAA1m5wMAvru4LTOZIjZmt:V99WHRKrLy2Ip4IrTxf1mlA6HZamt
                                                                                                                                                                                                                                        MD5:FA64C77091FC1B02F46CEB1913B7379D
                                                                                                                                                                                                                                        SHA1:F24025CABE1A9DC034186392ED24FF0BF3A495ED
                                                                                                                                                                                                                                        SHA-256:E098965040E3970F28869105CA43DE2E604E2DCA6294339A9D170E0A5DF24D42
                                                                                                                                                                                                                                        SHA-512:13AE6CBA7EB92DCA72BBBA98188B41CD5D58C525F036E5326F5D45D9257DACD65305503A1736380C6C6975616D767628DDF67B94CACA9CD594FAD17B993B8517
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................+....@..................................(..O....@...................>...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Console.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.004123985634671
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JRbzriaXT+WlEW7rjP9Z95Xa/rl9qX2Ip4NjTjdAA1m5wMAvru4LTMZIjvC63:T7ic7HRKrLy2Ip4lTxf1mlA6ZZ963
                                                                                                                                                                                                                                        MD5:86089A16F4C80394C5B404309C6026C0
                                                                                                                                                                                                                                        SHA1:D323D892C114316F838E4ED389BA79F6BD8A3B12
                                                                                                                                                                                                                                        SHA-256:435AF362523ADEDC9A74887C09FF85B6AF5EA3C2EFE87926C175A425313C4CBD
                                                                                                                                                                                                                                        SHA-512:EFB2FFA4F1F8892AD6AD9877BEA147A4ECE5889DD5F28FD87FC6F84CC03E05313CD99AFD8920967A85261E6F09BBBCFE995D4F499C568BF07E9212C44F914195
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ..............................<.....@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Data.Common.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):154112
                                                                                                                                                                                                                                        Entropy (8bit):5.52229117256302
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:tHOdYYWg+GImdMEGK61wb5nx03LBblQ6Ndk66byYSI4Zki+BReD4pK/uYxtl+AHB:gdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+zq
                                                                                                                                                                                                                                        MD5:CD62016404CAC92504889687ABBB13B3
                                                                                                                                                                                                                                        SHA1:C8CFA6AA9D4EE5F203701BEBB78F598F5FBC4C39
                                                                                                                                                                                                                                        SHA-256:DE4D28275A972722AAD7B1C5EC4581665CEF87C6132B9F013530BAC92F70C592
                                                                                                                                                                                                                                        SHA-512:1859D37D46D373C00B1B2DBCE77C8121B47D550AEBE240274F2C29B3870E7F82A18F8AFE1A6A46600DC61F5B6C1D8B8D2158D4EACDD8BDA9CF393159EEAD147D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ....................................@..................................,..O....@...................>...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Data.SQLite.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370320
                                                                                                                                                                                                                                        Entropy (8bit):6.097469567826013
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:WruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmg:VNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeL
                                                                                                                                                                                                                                        MD5:543B9388781D828B95E0952E62ECFC34
                                                                                                                                                                                                                                        SHA1:988750B82F4634BC793AA12E05403DEEC049B7DA
                                                                                                                                                                                                                                        SHA-256:6D1BBFF72AC4163FCA04F27797B1BA1667C37AA45DC3EA7786B0603578DC32A4
                                                                                                                                                                                                                                        SHA-512:97187D01075FC18C1187C99D629B3375F49ABB7225D25CECC8559F783C8D409592DC3687C65FC29F26FBCC831DE2979299499943C0138AA1B635F8D3BF9E7099
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ...............................n....`.....................................O.......$............l...:...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Contracts.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.978601082650283
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DRtRWjYWVrjP9Z95Xa/rl9qX2Ip4RaTjdAA1m5wMAvru4LTLZIj7:LiRHRKrLy2Ip4QTxf1mlA62Z8
                                                                                                                                                                                                                                        MD5:1A56767E8BAB0FA215068240A5C0C251
                                                                                                                                                                                                                                        SHA1:68AAD233EAA3659696120C2A13B7B3A148C52EA2
                                                                                                                                                                                                                                        SHA-256:12E6C5EB0047D97EDA672A6DB5DEB0888174B98974E78FAFB240351090DE4A2A
                                                                                                                                                                                                                                        SHA-512:FCB191A3A416932D5E9A0F549EA5238329369C6514E7E9C9C714154366347518864FDF3CAA3070437C0C715E07F016DEDA6C88FE8E360587F1A5896699AD408F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................ga....@.................................x*..O....@..@................>...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Debug.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.036011842379594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:seWnoWxrjP9Z95Xa/rl9qX2Ip4CEB98TjdAA1m5wMAvru4LTGZIjm9:sn5HRKrLy2Ip4CEf8Txf1mlA63ZJ9
                                                                                                                                                                                                                                        MD5:39030D52ECCFAB9462169249022F465D
                                                                                                                                                                                                                                        SHA1:9DA51C6E644ECFB1F8E7DD559C55D6D014C0588B
                                                                                                                                                                                                                                        SHA-256:85785A739BDDDB73AB9F2CD23CB5AE6B4A01F739CE736783A4C1AFF7B24E5A85
                                                                                                                                                                                                                                        SHA-512:55760420F7293D47E77E76201BAF576B4888EFBFF6B2173006A47B3D9E5D99CEA0E41016F9AACCBDA8B4B6B898BC85AEAC827305DB0B431D2774A9D985509B09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................0....@.................................X)..O....@..$................>...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.FileVersionInfo.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.006824968778004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Y6oWJjW8rjP9Z95Xa/rl9qX2Ip4ApTjdAA1m5wMBq5ul01vfh+c:Y6vDHRKrLy2Ip4WTxf1mlBqsqvR
                                                                                                                                                                                                                                        MD5:F9ADBEBACF225106BA1CEA626A0BC5C6
                                                                                                                                                                                                                                        SHA1:DFD1D956D719095CBC3AFDA71B722903E7EE5369
                                                                                                                                                                                                                                        SHA-256:D821A7EF1C9DA4F63DC8FD7AE01CE70B1DACEA3BB42BA238C0F15539F2F36D2E
                                                                                                                                                                                                                                        SHA-512:62DEC309E9F98CF3A3128186E050AF053D4750F34DE9CAF39BAB5F271C150FF21D964422F1C333361DFBF1F10E850F73DC40441A3B744E3CE2891DA8F404D63C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................4`....@.................................H(..O....@..p................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Process.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.933759249584018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mqk53/hW3fZ+zWbbrjP9Z95Xa/rl9qX2Ip46AVZ1CjdAA1m5wMzsPuj:mqk53MPZHRKrLy2Ip46AJCxf1mlzzj
                                                                                                                                                                                                                                        MD5:763BBEAE9A657ACFB2AAEBDACCCB5784
                                                                                                                                                                                                                                        SHA1:AD757B57673FFD4368AAB937CCFC04F34DAEF13B
                                                                                                                                                                                                                                        SHA-256:6E0949D0892F07EA494C2E9F39DE6EA8C1614ED80B3070EA66D6642B9322EE2D
                                                                                                                                                                                                                                        SHA-512:66CA8C7CDA20C247D361EB8130128B745C970874A7F0BB3B03C505A5DA0CCE87E7661B42883ECC67454BF1EE104CFA5DC6C0ADA6475AE74FB1DE4EB6FD728A7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ..............................u.....@..................................)..O....@..0................:...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.StackTrace.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                                                        Entropy (8bit):6.855678676687748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OFCc4Y4OJWfOWqWWOWirjP9Z95Xa/rl9qX2Ip4CJTjdAA1m5wMBq5ul0Svfh+lWt:eCcyCCHRKrLy2Ip4CJTxf1mlBqsBvOBW
                                                                                                                                                                                                                                        MD5:ACA4AC5F26F5CECDB95AEAC5689FCC05
                                                                                                                                                                                                                                        SHA1:7A73787A55A02FF16514E3EC815FFF9091D8E482
                                                                                                                                                                                                                                        SHA-256:4DF83F6363CF55DCD9B38ED549E0B136FD43AD36111AFAA364E1FAAF89D7C0AC
                                                                                                                                                                                                                                        SHA-512:629F7ABC7D43EA0AAD81A2E0AFBF8072B8EB2F93539337BE6B9FDCA1E36471A6074320BE0226DAEC44CA10841105C1D54B55D5FA36BB142F4F9E980F4EA82FA9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................>...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.TextWriterTraceListener.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.027393084902794
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yAWxMWKrjP9Z95Xa/rl9qX2Ip43lTjdAA1m5wMAvru4LTXZIjV:yvwHRKrLy2Ip41Txf1mlA6+Zw
                                                                                                                                                                                                                                        MD5:EF1B2AABBCFEE45969F540DA71CEFF50
                                                                                                                                                                                                                                        SHA1:7D61CCDF119D7F95CC0A0128A45B945B96738378
                                                                                                                                                                                                                                        SHA-256:EC7FBA909949B623BA739E00E687B80D79BE9F1C6CC7A36F96004618504F6AAC
                                                                                                                                                                                                                                        SHA-512:5AB60A2294C04D2191B5B22D42D8CD2898E05AB39B69AD04A185CC6A33C9327CF4472C68C297F905F27CE561555E87B8A6870D0F9AA813459652348544BB0A7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@...................>...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Tools.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.00802697135113
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CAlcWHaW9rjP9Z95Xa/rl9qX2Ip470oTjdAA1m5wMBq5ul0svfh+A8pu:b9XHRKrLy2Ip4ooTxf1mlBqs/v20
                                                                                                                                                                                                                                        MD5:8ABD5EA47E697C477ADE46806C4C4BF3
                                                                                                                                                                                                                                        SHA1:7AD67F762A6E690CA4454FDB0804A84E4159A741
                                                                                                                                                                                                                                        SHA-256:A003D90106B3AE1A7D6E04F3BC20AE1DAB7EB342B03F9E3B5D9C5CC507414914
                                                                                                                                                                                                                                        SHA-512:32AF2A53814190D6329F3D7F9A1A8C829DC771988EF40BFDF2B5E2E3F4421118884713B0C39C94F6E2FD3CA3EF80BFD6F7AD6C6E23E0323D2311E37CFA455E9A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.TraceSource.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.954525389333393
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:usIZnWlNWNrjP9Z95Xa/rl9qX2Ip4x+lTjdAA1m5wMAvru4LTNzbZIjdE:1UyiHRKrLy2Ip4GTxf1mlA64Z4E
                                                                                                                                                                                                                                        MD5:EBFEC60221C240FF2F2B33F112FEA014
                                                                                                                                                                                                                                        SHA1:9850A8DAFCA426D8FBEE01AFB6AFEC0E2D27ECD1
                                                                                                                                                                                                                                        SHA-256:D5E521B842062BC825E5DF4EC711718B420E459BA1E8CFD788C615901BF9696B
                                                                                                                                                                                                                                        SHA-512:48A553B3117CA2911ABD09DB448063F3D4E786F8517A208B653ED1B5CD4F31B10EF46A713C09E137A9D35AE203F79DA973F50550F1CF1E8C046BE8CA9CF0FEAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ..............................1.....@..................................)..O....@..P................>...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Diagnostics.Tracing.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31232
                                                                                                                                                                                                                                        Entropy (8bit):6.687209756368598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:GQq33333333kX+TBi8FHRKrLy2Ip4ITxf1mlA6f7Zzf:Ju1i8FHi/90fInf7p
                                                                                                                                                                                                                                        MD5:682312A833402F2D407132E9D2215BD8
                                                                                                                                                                                                                                        SHA1:139C007DE6EFBA5D673211A5D82616D64BE6E7F2
                                                                                                                                                                                                                                        SHA-256:299C1FDCBBABF523761CF7591A567DAA6F116DE4775D684A664F30D31AD08911
                                                                                                                                                                                                                                        SHA-512:316C7B28940F8D223666CED22085477949F17D3C6609363DBBF0821E959F12FDAAFF0CFD562DE945F18F1640B700A87DF8C30687BB6E276205FAFFEE9484625B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ...................................@..................................L..O....`..x............<...>..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Drawing.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.008740634214412
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:u28YFlXulWY/W1rjP9Z95Xa/rl9qX2Ip4oe2NTjdAA1m5wMAvru4LTiMZIjTH7:u0q8HRKrLy2Ip4oLNTxf1mlA6mZ8H7
                                                                                                                                                                                                                                        MD5:A6DB195ADB646F05AA767594380DFC1D
                                                                                                                                                                                                                                        SHA1:006689DDCABDD879D70447A34EA1334B33ADFC0F
                                                                                                                                                                                                                                        SHA-256:8D160AF3A6D933B56F705875E2D7B2CDCF4B121B78C1DD8E11B897AF7A4979C2
                                                                                                                                                                                                                                        SHA-512:9C05631B74878EAAE4C986567308F9963AFCED6220D918C34DA27A79BD25D8CDE3C8492C6BA275563E3277B6E15E5524FDB157D62FC5B26B57670869083B4C59
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................f.....@..................................(..O....@.. ................>...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Dynamic.Runtime.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.9176080347073805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UuMLcdQ5MW9MWcrjP9Z95Xa/rl9qX2Ip4IDmTjdAA1m5wMAvru4LTEZIj0s:ZOcSpmHRKrLy2Ip43Txf1mlA6VZ3s
                                                                                                                                                                                                                                        MD5:6D52E868AB8D5D896D2B34F2324D3912
                                                                                                                                                                                                                                        SHA1:9AE22458D2EB81022174C3A16D94FFA9161A641F
                                                                                                                                                                                                                                        SHA-256:60361634D7F67DE07A9073598671D202E9EFD829429666BFA4C936563187777E
                                                                                                                                                                                                                                        SHA-512:83DA81F4BAC14E1643508765CBF7CB222F37FBA36526D60A972358F187E90F4962CAB5F1A83F6FF49F742140B16C5E4236B1B2A0334208A613842D32A0CA6AA9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ...............................E....@..................................+..O....@...................>...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Globalization.Calendars.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.979331656555997
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KZ7RqXWDRqlRqj0RqFW9rjP9Z95Xa/rl9qX2Ip4CSuTjdAA1m5wMAvru4LTAZIjP:K9qKqjqjuqCHRKrLy2Ip4CSuTxf1mlAV
                                                                                                                                                                                                                                        MD5:3398DE072478B410EDC1AD3E328F6561
                                                                                                                                                                                                                                        SHA1:BF6C0ED75D46381DB214957B974E8226EFF57D2D
                                                                                                                                                                                                                                        SHA-256:2DED1A05A4B4E289A19187FC96B90C3987EF86CC10B590376462D492131FC490
                                                                                                                                                                                                                                        SHA-512:07EE3479DFAD2683207A1DCF00BDA5EF43D4545ED22FF7F80A2A6644AD332B4C5DE81C976F5CB2111BB26996BFFF30BD9EFE33F77FDA3CF9A4CBDE871959C750
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ....................................@.................................X*..O....@..P................>...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Globalization.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24720
                                                                                                                                                                                                                                        Entropy (8bit):6.791971497516804
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8vMhF2SzNzwu/Nlju6HRKrLy2Ip4OCxf1mlzzE6:8vMhaKTHi/9rfIPE
                                                                                                                                                                                                                                        MD5:48510914EF8C8C8A20DFCD2AA769B164
                                                                                                                                                                                                                                        SHA1:72629A00729E1F9546C13F4362C66AAF8C841AF9
                                                                                                                                                                                                                                        SHA-256:81FD0E624E822B0C95DF603325EEB7A7ACE7E04D10D575667F3C44F4EB456E7A
                                                                                                                                                                                                                                        SHA-512:029B9747486CF3C624CB2179A211EB7914C2AAA00359220652869B6848DEADE94894DC3446DF3C5C1FEEE93E894CAB6BD92CF42A8597D1E9BA2D587FCE8D9785
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...:...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Globalization.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.039009488547633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:oZ4RLWdRfRJ0RZWdrjP9Z95Xa/rl9qX2Ip40TjdAA1m5wMAvru4LTfNIZIj8h:oZK0pJuOHRKrLy2Ip40Txf1mlA6cNIZr
                                                                                                                                                                                                                                        MD5:1DE0EFFEA5081B9745DFA8418FCC934E
                                                                                                                                                                                                                                        SHA1:5C12AA1392C44103DA9266137E1A602894AD4B32
                                                                                                                                                                                                                                        SHA-256:E2149ACDF31CCD396730D2FD232F103A944307C9348119EF7D18D5B2BBD3499D
                                                                                                                                                                                                                                        SHA-512:4BA943B48A884DFB500EC6ED09844F9067BF110189754EB50A6260CF1630F363CB5DAE7A3404B53D487F80C0960E2E80F8E5449B53B4D3F2B91C3C2F253DE3AB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................h....@..................................)..O....@...................>...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.Compression.ZipFile.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.967890189655318
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kYWsmWYrjP9Z95Xa/rl9qX2Ip4JTjdAA1m5wMAvru4LTmZIjh0:k2gHRKrLy2Ip4JTxf1mlA6LZM0
                                                                                                                                                                                                                                        MD5:23F56878BDDC8C8CEEC3AD07D0C89FB9
                                                                                                                                                                                                                                        SHA1:932B93203E6936067293CE48154D99DDF0A05BFD
                                                                                                                                                                                                                                        SHA-256:52216915A70BBA9DF457552E46ADDCF4EDFD5489929210EC8B01552A2EE384C2
                                                                                                                                                                                                                                        SHA-512:95571DD03388126C04428A911DA5B1081398A20F84CCFAC78B159C6F17DC6832EC3E9298DAEC25D1674CEC2C16DDEDB03E219AF984DAB498A8973580F07C7B87
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ....................................@..................................'..O....@..@................>...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.Compression.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109712
                                                                                                                                                                                                                                        Entropy (8bit):6.440388342659836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ovc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXbHi/9HfIP:wgk1tiLMYiDFvxqrWDWNoJX5
                                                                                                                                                                                                                                        MD5:9AA1E845DA38257FF1C418A41E7674BC
                                                                                                                                                                                                                                        SHA1:5C27458B364343CC78658E19D552947DA2ED6007
                                                                                                                                                                                                                                        SHA-256:556B30116823FD919415156137F4A7AB04AC317E599ED5647FFF9C8D892596FB
                                                                                                                                                                                                                                        SHA-512:19631E0736DAD754C19480F99BB7823E25602AD2ED576B62063822CE88A29050504AD28BFA61FA39B4ECC763CBCD68FE64F6E8AB993BCF736361ABF0C144E2B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................=.....@.................................5W..O....................r...:...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.DriveInfo.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012269943025893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BKcuz1W1cWFrjP9Z95Xa/rl9qX2Ip4uowTjdAA1m5wMAvru4LT7ZIjiDNt:bu8NHRKrLy2Ip4CTxf1mlA6OZn7
                                                                                                                                                                                                                                        MD5:6C03876D161F9CAD9BAD77F7247585DD
                                                                                                                                                                                                                                        SHA1:820121DCB6CC3CC05E14511796AA07E3352EDD45
                                                                                                                                                                                                                                        SHA-256:446E7BDCE29E103FC2D3C227F07FCEBB51F521EC928E38D63F949A3B92EB199C
                                                                                                                                                                                                                                        SHA-512:DAFD08673968493BC0A5371BA87466BD7512F782B1774C6139F82B9ACC376BA7EC46E376686B18021E27DD57CB90A6AD0EA7287CC86B98BDB0EADCD62C4353F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015596217362603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tJ+SWikW2rjP9Z95Xa/rl9qX2Ip4TTjdAA1m5wMAvru4LT8ZIjSO:r+eoHRKrLy2Ip4TTxf1mlA61ZjO
                                                                                                                                                                                                                                        MD5:B586826CED650BC66C94F93A323D8E8F
                                                                                                                                                                                                                                        SHA1:36F2F3A82790685AA95B6B11A612C2CD62EA9D5F
                                                                                                                                                                                                                                        SHA-256:4880A7167BBFE901C3583091B974CB226783B20AB8727DAC51EAB935314B692E
                                                                                                                                                                                                                                        SHA-512:B2D0CA5EF973DE567419F750C547CFF7C4FC5CF69DE24CBE4545D2F7965331212EECD85BE0CF73F3E8F46B6B4B4AAC8E8DC5F0ADA114C49A9C2753E03DD6C207
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................}.....@..................................(..O....@..P................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.Watcher.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.045009892938906
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3AWzgWsxrjP9Z95Xa/rl9qX2Ip4ub+TjdAA1m5wMBq5ul0Ivfh+pS:3tuHRKrLy2Ip4uKTxf1mlBqsrv9
                                                                                                                                                                                                                                        MD5:974FE1E400F46AD556BF2CB96A0B3B39
                                                                                                                                                                                                                                        SHA1:E542A749C0ADAF80DB25D9ABE7C0DD2DF20A8817
                                                                                                                                                                                                                                        SHA-256:C0FE74081933567A56395F344E2333FF7BCAABD1DBA41DA6CC6A4A16373D7906
                                                                                                                                                                                                                                        SHA-512:28374864F465631D12264D40078CB7C88A3B4832CE33E008490188DF8102E715D1833FB444520C50759C646A074383F95FCD59F629847D1612D530CC5D1426D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................#.....@.................................p)..O....@..@................>...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.FileSystem.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.018571772835123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GBLRWbYWmrjP9Z95Xa/rl9qX2Ip4mTjdAA1m5wMAvru4LTEZIjd:GB2EHRKrLy2Ip4mTxf1mlA69ZW
                                                                                                                                                                                                                                        MD5:C4BF31F3F089FB4CFF61848A7E368E40
                                                                                                                                                                                                                                        SHA1:ABC6D15FDF0BAF685CB46AEE067E4B84065450B6
                                                                                                                                                                                                                                        SHA-256:2862B8B12EA41602C4F5FDC4E74B3534DF35D13154F4E4BFD25C2F1ADE5F44E4
                                                                                                                                                                                                                                        SHA-512:42C2EE70270999423895E66FF0C0736B8004FD9C820D2801C4B7D462F06C274C2DDC919ED68DDFFD23B0B89D541DF9CBCE088D5564249A8C9D2B8F51F2E28A82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................].....@..................................)..O....@...................>...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.IsolatedStorage.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.005836250911921
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KHW4/WG+rjP9Z95Xa/rl9qX2Ip4lUlTjdAA1m5wMBq5ul0Hvfh+kq:KrrWHRKrLy2Ip4ClTxf1mlBqssvjq
                                                                                                                                                                                                                                        MD5:371578A79C29BB383005971BA4644675
                                                                                                                                                                                                                                        SHA1:C5E6EBBA9A3464C023FBF836474DEA05157D9EC8
                                                                                                                                                                                                                                        SHA-256:6DC48CC35F8BACB18039C37C39B1C379DFD6FA5BCC77B9575C9DE8187ED4A3F1
                                                                                                                                                                                                                                        SHA-512:0D589AF9490FA5D1DB519956AE3E2DD6C55B65C138A83366C679197BA270ADCB1D463ACAB680069AD9289680EC74650DC28E8C173CDC6536897E1587524FD41F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... .............................../....@..................................(..O....@.. ................>...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.MemoryMappedFiles.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.041976655197995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bvk7hWmCWJrjP9Z95Xa/rl9qX2Ip4bTjdAA1m5wMBq5ul0Pmvfh+a0a:bs7/7HRKrLy2Ip4bTxf1mlBqs5vn
                                                                                                                                                                                                                                        MD5:7D2951DCB6B1172FA1EB015C208701D9
                                                                                                                                                                                                                                        SHA1:D55575258E967E28EB81BA5154BFFADF8FA4163A
                                                                                                                                                                                                                                        SHA-256:5DC1FDADF06103A5F26F43A4F1F39012A22E3CA38E1001ACBF2AEE4E80F0BE3B
                                                                                                                                                                                                                                        SHA-512:C0483B359E4239D50BE2CC8FEBAEB54E426F57A15F69F9A2DDC062BA92CC1E5973B04FEBBD4167C87312B2714441F42A5CD1FFADCC5058B8FE2EF5F626A82AFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................)Y....@.................................h)..O....@..0................>...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.Pipes.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.022018859408551
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SGMWCUWfrjP9Z95Xa/rl9qX2Ip4ZTjdAA1m5wMAvru4LTYDZIjk:S3rHRKrLy2Ip4ZTxf1mlA6nDZz
                                                                                                                                                                                                                                        MD5:CD03BB46CE2E0A96102B3D2FAA92CFBC
                                                                                                                                                                                                                                        SHA1:66497E909BA7F72E1A4C2B7CC8C7AF7A6558E5CE
                                                                                                                                                                                                                                        SHA-256:498302110BFC203FAF1670D5EF04FD79D2EDEBFE907AD1E6674A6A85EE56989C
                                                                                                                                                                                                                                        SHA-512:077C25BD1D1C49ECF9890A87E4D150A269CAD53759D53BF7E3023B08CE1E75770EE4BF09EC5041D17230D33AD346A424E345A37D48DB7F73738F9E138D75A0C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................&9....@.................................@)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.UnmanagedMemoryStream.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.994997816444603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OBhwI7WSQWxrjP9Z95Xa/rl9qX2Ip4wgC6CjdAA1m5wM36QNuZL5c:ODwIBJHRKrLy2Ip4w6Cxf1ml36QgZFc
                                                                                                                                                                                                                                        MD5:567B31ABAA1476CDA6FB631FCBCA7EA8
                                                                                                                                                                                                                                        SHA1:A78FF09D358000BE3EC04EC6EF504A90C3A726B5
                                                                                                                                                                                                                                        SHA-256:F71CC788961A41E5E6B15D1400E064AAA9C3DD4D7EAA032758215388ADF57756
                                                                                                                                                                                                                                        SHA-512:A50EDB73A3732729C479087E1681AC882A64E081E9936D09387F239F2FA9E2DCBFF77610F8123B5E07CF173E24770CFC011F048BBA7A4A8DE549E656C21D4CCD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................:...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.IO.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.018735616462396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SyvPRW4lWfrjP9Z95Xa/rl9qX2Ip4qTjdAA1m5wMAvru4LTLZIjJ:339cHRKrLy2Ip4qTxf1mlA66Zi
                                                                                                                                                                                                                                        MD5:5058626C8519E190CFF67C918AFE0A4E
                                                                                                                                                                                                                                        SHA1:87D2F203F86AC99022334AC0244D1DD47D400A09
                                                                                                                                                                                                                                        SHA-256:486B5A0E6E47E92F89BE6F694B2B0F285B1C0367BC4CF8CB27FF821F3AC0EBCB
                                                                                                                                                                                                                                        SHA-512:EB4E8AACFDBA139C80C3A20582089495A4AA82E00483A91E7F1F82D80ABE694C3CE0B352945E4DE341838017746FA83BD41C2BAEE28575DD701F83D71B1D4CA4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................3.....@..................................)..O....@...................>...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Linq.Expressions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.975680937062165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:S6RW6eWSrjP9Z95Xa/rl9qX2Ip4h8TjdAA1m5wMBq5ul0Wvfh+2a6P0:S67iHRKrLy2Ip4eTxf1mlBqslv3a1
                                                                                                                                                                                                                                        MD5:D239BA595AAADB0EA18B5987221AE091
                                                                                                                                                                                                                                        SHA1:44564DDC01DD0D8E4FEBB12B3232F646D3C06A7A
                                                                                                                                                                                                                                        SHA-256:CDDF808A755A9DCE7C9622C9EFC7A5C4E218CB191CBCF0FCF1B1FF5618AF0917
                                                                                                                                                                                                                                        SHA-512:27F9229021832CE386B795C8A438A4057E29AB90D1817012A192D6FBFFB75A3C882508E40711DECF9F6C7C1D54D57A42D522A31BD81C9E9D85E6B3BFB1077305
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ..............................?Z....@..................................-..O....@...................>...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Linq.Parallel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.014555464183901
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eSUP9W70W1rjP9Z95Xa/rl9qX2Ip4zRFTjdAA1m5wMBq5ul0Ivfh+hm7:3UeNHRKrLy2Ip4XTxf1mlBqsHvZ
                                                                                                                                                                                                                                        MD5:A8460A5894B72975C63FB6D32F9D0C8D
                                                                                                                                                                                                                                        SHA1:0DD34691B7482E5EA6EC4A0087EDE169A0212B24
                                                                                                                                                                                                                                        SHA-256:14638F6195F5D6A617AC5C3B37C172FD1CD0E028D4F80160DCE2BC25E265CB50
                                                                                                                                                                                                                                        SHA-512:BFC9CF48649335AAE291B14C8FD8E8FCF971937C849651429B84B1042C16A646FB805BFECE101215AF612DC3B8926BD93DEC1F22D1A258F05147C6614F447BD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Linq.Queryable.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992849598041938
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:X8yg07W0/WhrjP9Z95Xa/rl9qX2Ip4Ob6CjdAA1m5wM36QNuZLU:XBHcHRKrLy2Ip4e6Cxf1ml36QgZY
                                                                                                                                                                                                                                        MD5:9B2AFCE22829448E52919ADC97FA0F75
                                                                                                                                                                                                                                        SHA1:4378B914393E30DCD67BCCB9F28FD956EF56DEB4
                                                                                                                                                                                                                                        SHA-256:306C43B5F695726D63BC347417F5189F7392719C788B953E4D9576925DAE4CDB
                                                                                                                                                                                                                                        SHA-512:40C27A9B0836BC74851890C3D633C4D1EE588F99DD19580A71C5FC6DB4A535F06FE5D4BD57C8E499E65982668C929C245A9D17C009F405AB347589375D4E8EC6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................T.....@..................................(..O....@...................:...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Linq.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.984362208373399
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fe1WmRW6rjP9Z95Xa/rl9qX2Ip406TjdAA1m5wMAvru4LTwZIjjy:fejLHRKrLy2Ip47Txf1mlA6RZSy
                                                                                                                                                                                                                                        MD5:75197142BEB82E4E45074F809B4AC1ED
                                                                                                                                                                                                                                        SHA1:D359EC1D8084898FB77CDEE07031E952648D3285
                                                                                                                                                                                                                                        SHA-256:70B9D7B943C5BBB511A3943368411EC0969E55913FDB7639E35100EB0B993A49
                                                                                                                                                                                                                                        SHA-512:B4064F5E9A06F754748F28826F4F71D0484FFBBBC3D9D1FF2864C1DF4BCB2C317F874853C68985992FE83D2273A3553C4A1DAF4AF507976E8F5702706617A79D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................1....@.................................p(..O....@...................>...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.Http.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):198144
                                                                                                                                                                                                                                        Entropy (8bit):6.164369117328881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgtH:cW60VcTvakcXcApOu
                                                                                                                                                                                                                                        MD5:8DC59D67663004627D8B2D0746533249
                                                                                                                                                                                                                                        SHA1:27F2D020233099882332945AA1E706DD412805EC
                                                                                                                                                                                                                                        SHA-256:62FB650E6211E74DF8D9EFAF2F5F36BCBECA0E8551C3CC3AF757FB4103725993
                                                                                                                                                                                                                                        SHA-512:8ED5FB6F9103A572C5CA22CFCC39CDD1017DAE827091EA7A4D2E5C406DC43D281DD2DE76C13B5FFF588C749BD82961FBFDA0A6001F5C8205A27D2E086C9BAF89
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ...........@.....................................O.......h................>........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.NameResolution.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.980312715919581
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M6ZWYLW6rjP9Z95Xa/rl9qX2Ip4q31vy86CjdAA1m5wM36QNuZL5d8tY:M6l1HRKrLy2Ip4q3Jy86Cxf1ml36QgZf
                                                                                                                                                                                                                                        MD5:C19A4B2BEF8202293066556D39DDAF88
                                                                                                                                                                                                                                        SHA1:2CA6DCC8CC585FB282EBA89BC38B8B901181C9CD
                                                                                                                                                                                                                                        SHA-256:68628C824A222943C2BDDE8D7089E3F41FB9673CB711510297F2A8A78493BF58
                                                                                                                                                                                                                                        SHA-512:46D8FF9B0D1EDAAE45F32671A5961310ECEF445EEFAF08D153C10F5F417D5260269D95BFDD928C419661A146D92FBCFF7C4A4750BE3369D37D2E70891A1F6216
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................-.....@.................................T(..O....@.. ................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.NetworkInformation.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.954621838798846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k1W1WMQWArjP9Z95Xa/rl9qX2Ip4/CTjdAA1m5wMBq5ul0yvfh+l0O:H1yHRKrLy2Ip4/CTxf1mlBqsdvC
                                                                                                                                                                                                                                        MD5:E45BECF9266A273DF70331171A822EF9
                                                                                                                                                                                                                                        SHA1:4BC48FD9BFC184691F15EDC47EB412D13895B7BB
                                                                                                                                                                                                                                        SHA-256:4632590F6231C37250549C2BDB5D8C8FD1A7881E12AA7777BA07A9B443F1793E
                                                                                                                                                                                                                                        SHA-512:35269AECA1663F3DC4EFDA33BD713888FC7AB86C35D8E14D1C870E60F93A7B2EC104E1085FB27330450981F966201EE9FE7010C1F9A3510F76DFB0E8BB16B92A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ....................................@..................................,..O....@..@................>...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.Ping.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.992639582476022
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BdSWSKWprjP9Z95Xa/rl9qX2Ip4wgTjdAA1m5wMAvru4LTCZIjtmUu:zOTHRKrLy2Ip4wgTxf1mlA6zZYpu
                                                                                                                                                                                                                                        MD5:11E4FE99627FCB3B157FB92D8D931F6C
                                                                                                                                                                                                                                        SHA1:214512E4FE71666C1C10D52969B89BA341F7C66C
                                                                                                                                                                                                                                        SHA-256:22D17B01651A7047AA52C7A6202299305F523E4394790CF058B87D7AB8A173DE
                                                                                                                                                                                                                                        SHA-512:FDBEFFBC5E9C4752AD1D8BC93B06521BD44AE14A235D31514A92426D874E7BB770B4BD4BAEBE4D8BCBC21696AEA1243DA7C381820C91A700CBA1FE3E409FF7C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................=.....@..................................(..O....@...................>...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.926380492711681
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PJEYA2WkIWVrjP9Z95Xa/rl9qX2Ip4VTjdAA1m5wMBq5ul0Avfh+r:PyYA8dHRKrLy2Ip4VTxf1mlBqsvvO
                                                                                                                                                                                                                                        MD5:B5E82B2D3167150A283BAEDF6635585C
                                                                                                                                                                                                                                        SHA1:A0B8D612E07D3D5357F2BC253E2394CA7CC62EF8
                                                                                                                                                                                                                                        SHA-256:1C4D07DF98A1C096B4F3B64F4C06A545A0099CCACB0CFC615AE78FD213327632
                                                                                                                                                                                                                                        SHA-512:A45E6D6DB25C9A52BE27FAEBB7D6FFDC0B3B6BE3F782696345F2F05830447F5251481B306BF98CFE3B6DB8C18E4F7A67F4EAE678DDDE52F68F7D42A2AE85920D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ..............................:.....@................................. ,..O....@...................>...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.Requests.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.011172629188287
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:RJGWe4WdrjP9Z95Xa/rl9qX2Ip4tCCjdAA1m5wMzsPuK:Pm9HRKrLy2Ip4ECxf1mlzzK
                                                                                                                                                                                                                                        MD5:6784F9869E44E7B12ACF609B6EC7D9F0
                                                                                                                                                                                                                                        SHA1:121D7AC450832A5FF2161CEB4C1C053047AF61A5
                                                                                                                                                                                                                                        SHA-256:FBC98FBC3C67210115F69C8EA7685FC4DF6090499EFD4F26B2C3D8A359515026
                                                                                                                                                                                                                                        SHA-512:1DE77CE14B71655031DC158DCA06E798F17B8CE094C9245E2AF92B05A01F771D0A359317BC8518A241F2CF0AEC0BC712167B66EF5C0F5DE7C266808E6188DE7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................0)..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.Security.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.956721913718706
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VdW1w3WesWRrjP9Z95Xa/rl9qX2Ip48jBMTjdAA1m5wMBq5ul05vfh+y:C1wxZHRKrLy2Ip48aTxf1mlBqsCvj
                                                                                                                                                                                                                                        MD5:11ECCC72C540BFB8569C41480DAEA7C5
                                                                                                                                                                                                                                        SHA1:3A1647D47975E818E71744A715682A836A7565C3
                                                                                                                                                                                                                                        SHA-256:16C9F88A141863D12DCBF5F7DE604DEE8852ED026E23956EED4D9758828DCADB
                                                                                                                                                                                                                                        SHA-512:008DA3D459D3F0BE8BD2D967BDC19BF03311712CF1F4A6636F28A84DA08D3EA2894024FAEF411932237E30AB4438CD695855A5BEB7567B8B1E898407CF646EC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ..............................T.....@.................................,*..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.Sockets.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.767850843576942
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Cyp12Bhkg3qnV/spMHRKrLy2Ip4mTxf1mlA6kZC:p12zkg3qV/spMHi/9GfInkE
                                                                                                                                                                                                                                        MD5:6C96760E10DD343BE96551945F9E8BAB
                                                                                                                                                                                                                                        SHA1:4A9EDD9D9DA52158CA3792D01DA3B2FE8FB4B918
                                                                                                                                                                                                                                        SHA-256:894929F99C214FA1748D163F8349D2A8D16901890C1DB7407D447E0A9E954CC6
                                                                                                                                                                                                                                        SHA-512:6084D7D66F1AB858C1910917455F3CC3486C773EB31BEAA309A9E1DF78BF1AA0120C5B50F005DEB2A4142F27DFDD0EC47C407105833EE95A0311FA888CB170CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ...............................c....@.................................gI..O....`...............8...>...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.WebHeaderCollection.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.013405463565456
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FHPAW1bWjrjP9Z95Xa/rl9qX2Ip4INETjdAA1m5wMAvru4LTYZIjVC7ggg:xrWHRKrLy2Ip4IKTxf1mlA6pZY4G
                                                                                                                                                                                                                                        MD5:7231EED833F6496EB34442B4AB87904C
                                                                                                                                                                                                                                        SHA1:BAD09DCA990E86CABDC82869639A7574501CA148
                                                                                                                                                                                                                                        SHA-256:9B0071C13569C3982F0A5CA91EC511D97DDCFAF807D2383E8EDDDC259FA44D07
                                                                                                                                                                                                                                        SHA-512:7FDFFE9FEFDCFF90279A004302408C245A620C13F812209F14BFFF07F5835AD496B8A1773A9048D4FA41A8D57381CF5D37021760B01B809848188027D797D88C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................v....@..................................(..O....@..P................>...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.WebSockets.Client.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.994636032353121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ZNoqWD7WPrjP9Z95Xa/rl9qX2Ip4TeCjdAA1m5wMzsPu0or:ZNofOHRKrLy2Ip4iCxf1mlzzhr
                                                                                                                                                                                                                                        MD5:D6CC536E7AAD5F67830F0AD3B761A503
                                                                                                                                                                                                                                        SHA1:0D6F5D6DBCBB20BE3C94094DE5C93ED7752F1595
                                                                                                                                                                                                                                        SHA-256:CC6D8CDB7C37C39EBDEC1D494A0BC88B468BBB8B4F82B755052E816E553C5A2E
                                                                                                                                                                                                                                        SHA-512:EB3C327C22C1E8DA8838D37DE4D740D2BB4248ECCCDF63CEFB87CBBC8C69385F77758220BDEFF484C48F72C663E44525CB75A7B7D0C53B6D45B1D7C4488A8C39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................|(..O....@..@................:...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Net.WebSockets.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                                        Entropy (8bit):7.009270974622172
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FGETSAWUEWarjP9Z95Xa/rl9qX2Ip4RtoCjdAA1m5wMt+uKz2MDug2O:pT1QHRKrLy2Ip4noCxf1mltdKzNp
                                                                                                                                                                                                                                        MD5:D75F5F80E910C80B204717F9B95E745B
                                                                                                                                                                                                                                        SHA1:C597C5807DB40BB50FDBB93FEE780A5AE7C2426C
                                                                                                                                                                                                                                        SHA-256:627B337EBE82028FA425063807AACBECA00A3457EC1DE1FBD7667663B7048DF6
                                                                                                                                                                                                                                        SHA-512:347A0E007343B106509CE7469E0E724FD6B2B0CCACE90432971BD5119B98EE65B8640F9CB134330D3D6ADDAC3F6AE4D0D4154B456293BC6CF3FDD59500350DB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@..................x=...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.ObjectModel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.9987016230024715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zcDagtDApWSKJW4rjP9Z95Xa/rl9qX2Ip4GTjdAA1m5wMT9YMWuuwSmNA5DO9:zPKBtHRKrLy2Ip4GTxf1mlTAwRN+o
                                                                                                                                                                                                                                        MD5:A603D98CF998417CE64C4539CDCA24AE
                                                                                                                                                                                                                                        SHA1:11A696FED63167B0B315EA77573BBFD65E01DFB6
                                                                                                                                                                                                                                        SHA-256:B919535D20819F90BD2C6A03BC9E962E56025F9C921A2266FF415E91D12723B6
                                                                                                                                                                                                                                        SHA-512:4190C9B267A5726D5E84D3EFFDD2B15A06794B1DB707B1C9619DED057880B9DE77C67F300E198E5B82A4D2EABBAAF14DA8CE020235D708777F465D8DA1082990
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................>...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Reflection.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.011374618700231
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sIWD4WWrjP9Z95Xa/rl9qX2Ip4zTjdAA1m5wMBq5ul0lvfh+0e:s18HRKrLy2Ip4zTxf1mlBqsWv2
                                                                                                                                                                                                                                        MD5:DD82DBBC223607A8AED7BA3516860A85
                                                                                                                                                                                                                                        SHA1:AEA2F102D1A003138742C9671BED3161922B8DD7
                                                                                                                                                                                                                                        SHA-256:FA8B5C160F798C9151F2A8DC2E4DB8FCF8EDF156EEE30B14197C11116E4D7917
                                                                                                                                                                                                                                        SHA-512:B0CDE160BF04A33A053C13E2DFB316C1D4C7E8B280F47646C3B60B3113A4A5BE7404F56BB4740FADEBA2401332E86C59DC314E9028C734FCBA44B42800002F06
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..@................>...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Reflection.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.940990584600268
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JMWzQWQrjP9Z95Xa/rl9qX2Ip4oooeCjdAA1m5wMzsPu:J5aHRKrLy2Ip4o+Cxf1mlzz
                                                                                                                                                                                                                                        MD5:7546D722FF86F3FABE21891C4912153D
                                                                                                                                                                                                                                        SHA1:B32377E75979E2FA1990590E9106CA99B9C552FF
                                                                                                                                                                                                                                        SHA-256:D2B775EFDC8BC0B9766A151B1AF1A6DCB9951D9123CB119ECE2E8C835897A4EA
                                                                                                                                                                                                                                        SHA-512:F337C1A2FD5AE062F686E7B0580F539B1F5B8F4E1F94B857CD3E0E07B14FCBAE0A64B39494D7D8E1544C7407AF66D3DFD879B49DEEF77DCFE30C6500F94421F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ..............................!.....@..................................)..O....@..@................:...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Reflection.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21888
                                                                                                                                                                                                                                        Entropy (8bit):6.900382977940602
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VxDHKWAMW6rjP9Z95Xa/rl9qX2Ip4eACjdAA1m5wMt+uKEK2MDug2:bD8UHRKrLy2Ip4eACxf1mltdKEKN
                                                                                                                                                                                                                                        MD5:B0E03F24261F0A5911BAEBF2DAC4F261
                                                                                                                                                                                                                                        SHA1:9E8DD1297F73F7537E4585317BAD2BBAE66CCBA9
                                                                                                                                                                                                                                        SHA-256:77D7DF7E179AB2780D0DB5C25DACF1998AD1A30DAD779DBE46CCDEE1072BF1A1
                                                                                                                                                                                                                                        SHA-512:B30C5881C22D90FACF29C855D92CB40EF5DC283A40C57556F27B5CA3AF4613E576E3F668DAE6C5D7DE646ADB8AE4508EF6B247C343DB37E29E7BBE23FFD473A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................&....@................................. ,..O....@...................=...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Resources.Reader.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.988188886324482
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BLNBEW6pWTrjP9Z95Xa/rl9qX2Ip45CjdAA1m5wMt+uK562MDug2Eq:BbMMHRKrLy2Ip45Cxf1mltdK56NP
                                                                                                                                                                                                                                        MD5:4056B9B941A27EA3DB441088E2B73108
                                                                                                                                                                                                                                        SHA1:373CF0B09BD1FBF716C7BE234DFA99A341AB4626
                                                                                                                                                                                                                                        SHA-256:E180BDF8C805A85F86BEDED3A9FA37E7CF7D2E281A0FF87E2143604BCA1D82A7
                                                                                                                                                                                                                                        SHA-512:3FAD3AAEA333A0301B3F88FB7E667CA24CFE8BAA23B40F2076794F268ECDD8E92301CCC3717CB1D1E154BCA60BF0199D1F0832EF6FDA06AA799C904524EAB0D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ............................../.....@.................................D(..O....@...................=...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Resources.ResourceManager.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.010082222669093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:TKkHKW/tWmrjP9Z95Xa/rl9qX2Ip4VlKCjdAA1m5wMzsPuy8:2ujHRKrLy2Ip4rKCxf1mlzzy8
                                                                                                                                                                                                                                        MD5:95CAB5C70CA547404FC228753B5248F5
                                                                                                                                                                                                                                        SHA1:CA80094BE3458609EC72EE53A77883EB3CBEDA74
                                                                                                                                                                                                                                        SHA-256:10BAC8F44ED75AC497BC392EE2CB7457455C59C3BC7064C101B346BB6F8CE095
                                                                                                                                                                                                                                        SHA-512:86826B4B7EFD21ACCD5C052621A3D3C13444CEEFC603125F808C6626ECBCCEFF2085364A788742D0643D358ED7DC5D9D9D0830F29789D658EA0E9EBDD514FF18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................4.....@..................................(..O....@..`................:...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Resources.Writer.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.977617239092562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ALnfIWqrWXrjP9Z95Xa/rl9qX2Ip4tyCjdAA1m5wMzsPukwZjNtY:ADf4GHRKrLy2Ip4oCxf1mlzzxj
                                                                                                                                                                                                                                        MD5:2280ED9104EB833B7EF3B5F96C322AEE
                                                                                                                                                                                                                                        SHA1:5E542572BDC4005660462968E4B50D3695DF58F7
                                                                                                                                                                                                                                        SHA-256:2B3E85B40E98C93C58A9E0C6EAD47EB8C1A2A59CBE62D85220D0D94D517E4C5A
                                                                                                                                                                                                                                        SHA-512:8CC31D50F5C35706706D8E372CC4D46CE6C673E16B15DB1BC1B4A5D870333800582C0BD854792C05EB7AB468B6AA943EE475C6ABCE5971786C0635C0CF22C63C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.CompilerServices.Unsafe.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22672
                                                                                                                                                                                                                                        Entropy (8bit):6.814455866031959
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6qTO1PdhW1YWxvfrjP9Z95Xa/rl9qX2Ip4tACjdAA1m5wMzsPuz/4o0:6q6PSztHRKrLy2Ip4aCxf1mlzzzQo0
                                                                                                                                                                                                                                        MD5:FD44D69516412D1AC6D32F47F5C4BF3D
                                                                                                                                                                                                                                        SHA1:08A77249796ABF70C8DC3C8B11AC490577EF6B28
                                                                                                                                                                                                                                        SHA-256:2945E07168DD5856D36BA869BF12F91D0C2B7B5E9F4ED88E5163216FAE594C42
                                                                                                                                                                                                                                        SHA-512:06B15C163A8AD8A68A4DF40A8B9B75D9CDDF39E92EDFA61ACD5A33C43197D9DBEAA2B2D0B9E5120F09D0CBA708537E21D53A276A7E4653FF8AEBC92D45805B2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..[...........!.................1... ...@....@.. ..............................X.....@..................................1..K....@...................:...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ........................................|......<...rp....O..Ih.VvI..a,...%...(..@...7.v..v..N..x.6.._.....H^c~s_...]..Q@.,n.H(..CN..Q..<...%N`H..MV}%'x;.A.1..E..^.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.CompilerServices.VisualC.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.969946391198759
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Fna8WK1WbrjP9Z95Xa/rl9qX2Ip4FlCjdAA1m5wMt+uKb2MDug2E:Fna0gHRKrLy2Ip4DCxf1mltdKbNL
                                                                                                                                                                                                                                        MD5:130792957623ABA4B9A6699398314AA9
                                                                                                                                                                                                                                        SHA1:75D44C66FDF0D887553F788F1175666D03CA9950
                                                                                                                                                                                                                                        SHA-256:0AADE7D9F0C7E98884466AC2AF829227DC14BA469B2C7E55D9C2190B0578E34B
                                                                                                                                                                                                                                        SHA-512:4A8ADEFA5495B6DA1A451881FE089EF781C98E99A239378772FACE4D6A17CDB31E517557C6D6A731A35B3FA83E2DD89C12A08E645B6B3F20620978657FD30F38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ....................................@..................................*..O....@...................=...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.939048706998203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kBSWITWPrjP9Z95Xa/rl9qX2Ip4qCjdAA1m5wMt+uKE2MDug2:k6OHRKrLy2Ip4qCxf1mltdKEN
                                                                                                                                                                                                                                        MD5:007612D7CD9AB2F476488862FEE6DDF7
                                                                                                                                                                                                                                        SHA1:7A0EFA45E52FFA944876E9AFE7BBACC7A84FE8D8
                                                                                                                                                                                                                                        SHA-256:F24229E4F09D602B6681D51C30EB7A75FC01FAA83225885903B65A6114E359CB
                                                                                                                                                                                                                                        SHA-512:1B22132423E81EB15685D3BEACDBCDEFED6F6DAF12825F70E85FC07D51044B295B0BB3B32CB5903CF60704689BABC325EF368DBA42424AEB408FF54C241E7C44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ....................................@..................................)..O....@.. ................=...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.Handles.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.011676585489165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:188cIIWNoW4rjP9Z95Xa/rl9qX2Ip4X/4CjdAA1m5wMDBuvX:19cUmHRKrLy2Ip4wCxf1mlD0vX
                                                                                                                                                                                                                                        MD5:CFB008C51A954851C991442F9672BDCE
                                                                                                                                                                                                                                        SHA1:3200F25CB1CBEA3D0DA2DBD2F80324B6438E8FBF
                                                                                                                                                                                                                                        SHA-256:E79A0DAAB8BF70A360213FB3F3272BFA980B56EC40EBE0E66A7D06E2986FDB37
                                                                                                                                                                                                                                        SHA-512:3666CD8B94CCF6FB0CCD2C2A299415229E253278D2AF8FB90D7334B3E80003766C5AA7EAB450B845348B4993DA4FCCA4EECE0F8F8A49BFBCF4B5B206DBB8C4F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................'.....@..................................)..O....@...................:...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.InteropServices.RuntimeInformation.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27280
                                                                                                                                                                                                                                        Entropy (8bit):6.771047348828758
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ErmoFmWdOpHRKrLy2Ip4wyNCxf1mlD0L:EaEFdOpHi/9L6fIIL
                                                                                                                                                                                                                                        MD5:9776D5F2CC7EB70D9F884683D7EEF5CC
                                                                                                                                                                                                                                        SHA1:598977D0FF922A1DF4794E89052E95FDF841EF0D
                                                                                                                                                                                                                                        SHA-256:71E20EA248C9E4BA3969EF99475978B93CACB3902BAD0AE856197D6C5B5805B9
                                                                                                                                                                                                                                        SHA-512:86887EAE9BB93E1332FD94BCF98FBA2BB18C5C3BB671F87C3746ED97DEACCF58C2109DB0B3C9141563F33AADB482300A6534ACD6FDEB562E1EEB409418A45C10
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................7.....@.................................PE..O....`..x............0...:...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.InteropServices.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23184
                                                                                                                                                                                                                                        Entropy (8bit):6.842912642172639
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsP:FOAghbsDCyVnVc3p/i2fBVlAO/BRU+pX
                                                                                                                                                                                                                                        MD5:16737B9D9DBA4E2D85B9C98379E3D04A
                                                                                                                                                                                                                                        SHA1:4BF9E51BFE7BA6993A2D4A590B4A7872EA650DF1
                                                                                                                                                                                                                                        SHA-256:25DC1EDED1EB569B6A423896506C13474E2732118B3F3BEE1D1DCE4A76EA5A4F
                                                                                                                                                                                                                                        SHA-512:2446915FEA03CC008EEB996735403CAE9ACA12DA23211EFE802F882115F60C3FA68D46690E40FF83B092F758800E2800D5F47A2A8B523DC53286E29B863EC6BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ...............................g....@................................. 5..O....@..P............ ...:...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.Numerics.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.996432897343726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:u7W6RWhrjP9Z95Xa/rl9qX2Ip4XTjdAA1m5wMT9YMWuuwcNA5DCUCT:u5CHRKrLy2Ip4XTxf1mlTAwcN+GUA
                                                                                                                                                                                                                                        MD5:686EED1A62C5D0790DF8E4BB44FC7F7B
                                                                                                                                                                                                                                        SHA1:4DC98B4B3B3215ACF736737C74931BF97B9F3586
                                                                                                                                                                                                                                        SHA-256:8E9A766F5C6B7F67562E33AE7E8EF753049C09DD669E8CC40EB94887FDB23B94
                                                                                                                                                                                                                                        SHA-512:7270831B80389F0ED6D4F7F0A865106DE83B94018CB20FC84EBF56CACC37C0A1B023D9A90BADE1F9A8000A00316AE5236AE0FEAB901C2313613A1C33207F9411
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................|.....@.................................T(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Formatters.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.042668418966383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7I5HeWFwTBsWerjP9Z95Xa/rl9qX2Ip4VLZCjdAA1m5wMzsPuI:7I5HFwTBUHRKrLy2Ip4XCxf1mlzz
                                                                                                                                                                                                                                        MD5:90D3BEE58A0AA90CEFDEF09FE7D98576
                                                                                                                                                                                                                                        SHA1:34C517B1CB91281CBAB1253624BB9EE23984E96C
                                                                                                                                                                                                                                        SHA-256:CE53C0656DE14AB215AEAF436CF85CB056A89E8CFA5D3EE727444C80ED6DE8F7
                                                                                                                                                                                                                                        SHA-512:6E432D68B80AA461077617EA093A817C9A4412C3E81E77307C96BD1122DA2759899F2D9C649F502A1CD0EA3CE7F0B1E2974370077F2DA3C0F3C9CEDD61F4C6B7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................\....@.................................|)..O....@...................:...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Json.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.017159903856617
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2AJpVWbfkBnWprjP9Z95Xa/rl9qX2Ip4wO6CjdAA1m5wMDBu/:2AJpWfkBUHRKrLy2Ip4wlCxf1mlD0
                                                                                                                                                                                                                                        MD5:36D959C16C2B02B04D2EA24CCE6752D2
                                                                                                                                                                                                                                        SHA1:039F9E9DD22BC55A3CB941E8BF0C1A9BF7A07B2C
                                                                                                                                                                                                                                        SHA-256:FA4B7BB60E6F8113FB04E7B14632ABCF302C8D2A356F290BE1014BAAE61E4408
                                                                                                                                                                                                                                        SHA-512:DCBC4F4F0097EE52CC3933B70907AD7297C897B1AE2958624001D62A647B24FE9DF6D3BD6432A87737F74D13DF8A0AF3D1DDE7D75CE06EB9720593F63B891540
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ....................................@..................................(..O....@..`................:...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25744
                                                                                                                                                                                                                                        Entropy (8bit):6.721365603948899
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:v1dyAqgQBfqyTBxHRKrLy2Ip4AzCxf1mlzzlZ:NdK1LHi/9AsfIPl
                                                                                                                                                                                                                                        MD5:8D2D51E700D8F12730189C49EB521595
                                                                                                                                                                                                                                        SHA1:B10D09CB5DC37F189151EE9294FF1A0B227117CA
                                                                                                                                                                                                                                        SHA-256:73555D3D6F3A7C735ECBE7B5B2C71CAE7E67B9D3020DCB1E3FBAC976E6310763
                                                                                                                                                                                                                                        SHA-512:9BF1FEF67B08F9331A976DD9DC0CC453333208AEA20EA213BDF50309B246CD587EABCBA10B39905FFA00CA2A3EC092914BAB4E9105AE293320A52802AE60478C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................W.....@..................................8..O....@..8............*...:...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.Serialization.Xml.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.8634763704059285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWIrjP9Z95Xa/rl9qX2Ip4qLTjdAAV:csPMQMI8COYyi4oBNw4tB4HRKrLy2IpR
                                                                                                                                                                                                                                        MD5:0FDA1C1123E1440735B8CBF796A0FF90
                                                                                                                                                                                                                                        SHA1:A41A480D7ACF146E1E772090A097BF84F8A37D4B
                                                                                                                                                                                                                                        SHA-256:568AE987E24F0494BB782F24BA19E43391A835877C48B6E6DF32B7F9D46AA465
                                                                                                                                                                                                                                        SHA-512:F8AED32FFBCC9C43F08DBBE1B89D2E14FF5443E0A4BC340E8A846AF6C19ADFC468CB99D301520FFD8BE6FAE1B37943265955E4109BD788C8D8DF008F5E1E3B37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ...............................M....@..................................3..O....@..............."...>...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Runtime.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28296
                                                                                                                                                                                                                                        Entropy (8bit):6.535649241097432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4bhigwLAuZtM66g/Id7WVXW8rjP9Z95Xa/rl9qX2Ip4hCjdAA1m5wMDBu96:4bhzkKsHHRKrLy2Ip4hCxf1mlD096
                                                                                                                                                                                                                                        MD5:4358C0FB7A3830CB3C0F65734D54E5F3
                                                                                                                                                                                                                                        SHA1:FE56EEA28B06C67B6532923978BE76A6C9E937BC
                                                                                                                                                                                                                                        SHA-256:CE5AB73A3EE94E0D0A4A1F894885A5D7822386615A2E0DB08D4E09688C0CE306
                                                                                                                                                                                                                                        SHA-512:61BA825633E6319B6C13FB449607156DDEABC9D9627356999752D2E0966D0383581A707A75BA081DDEECA146FEEAC2AC448B9E8A25C5C9410FE09D74ADAE637D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ....................................@..................................G..O....`...............4...:...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.Claims.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.01018265988071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bUcX6W9aWGrjP9Z95Xa/rl9qX2Ip43KvCjdAA1m5wMt+uKW2MDug2uS:bUchqHRKrLy2Ip43KvCxf1mltdKWNq
                                                                                                                                                                                                                                        MD5:B5CD3546FB5660E318C478AE5702BF40
                                                                                                                                                                                                                                        SHA1:DB237901029B10313A378683FFDDCB2984295A1D
                                                                                                                                                                                                                                        SHA-256:C867C08AF648A1D7978CFEC4D19FF22A939BE213684B3E688A2C6B1945533092
                                                                                                                                                                                                                                        SHA-512:46351689E7B16788DD331FAB0FA22DF47FC781BED8FEE89798B0DA27DCB27959F536B2A7D2F11F281D85AC63B9D63251E03C8E39C34B83F1E87F6C2EBFCD983A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................=...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Algorithms.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46464
                                                                                                                                                                                                                                        Entropy (8bit):6.164766431431803
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aoBj7kS+8mjvHTeaWKs0Sd4eeaHRKrLy2Ip48TCxf1mltdK3N0:5Pmb9WKs0PeeaHi/9/fI/K3i
                                                                                                                                                                                                                                        MD5:66281C77E5AB5C7F86A5F917B88E30F7
                                                                                                                                                                                                                                        SHA1:3DCE110B186BBF31D7BF1C64C94F7D979027206D
                                                                                                                                                                                                                                        SHA-256:1D209584D163008919CD0BA26146C9591BB91592FA1EBA51B54A3B6213C9FABF
                                                                                                                                                                                                                                        SHA-512:0624C0A44F2D076FF772F8ED47C559C7AD55D0BCD909CC195819220E1E4549EB93D741C098173BDB0187B69F317AF693855C63E28910616E23450F46FBF3FBC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x...=........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Csp.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.028815476254108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yTI2pWPzW9rjP9Z95Xa/rl9qX2Ip4KTPCjdAA1m5wMt+uKb2MDug246:yE3cHRKrLy2Ip4uPCxf1mltdKbNo
                                                                                                                                                                                                                                        MD5:DF4B7A795571B55CE86F74A1C08249BC
                                                                                                                                                                                                                                        SHA1:9C8A478BE482094EB3AD4543E0239635A5F5A581
                                                                                                                                                                                                                                        SHA-256:496BE8AD65B5EEA31BDEDDC4284990D14988A9DA7CC9B19EEBDEBD034FF53022
                                                                                                                                                                                                                                        SHA-512:5910A7AEA09BDB2F3D6AFFEE9134ECEDAAEAC182F16E715FDC1FE9E890448DD938DDC9065AD36C7E6D852662FB62A5ACF83834BD125F6AB22F8D944A901AC6F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................nz....@..................................)..O....@..`................=...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Encoding.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043203018042703
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ucezoy4W04WoFrjP9Z95Xa/rl9qX2Ip4sQ8TjdAA1m5wMT9YMWuuwCNA5DFpk:uBzoy+KHRKrLy2Ip4sQ8Txf1mlTAwCNP
                                                                                                                                                                                                                                        MD5:1E2909FF20B8D95495308530A1A13676
                                                                                                                                                                                                                                        SHA1:3B72EEEE7D42BE66AC3BB7C1E4622A0DE2EE86B6
                                                                                                                                                                                                                                        SHA-256:C2714DFE9E5C9ABF062FF2F74E4671A7104962BCC707668537927F6290E6D00F
                                                                                                                                                                                                                                        SHA-512:96C5617BCCA5F39E92174337C3D03637FE56F2572DCDD7BA945CCA441AC5377C1CA87597524D0E52050EAF647BF1AA4ED26EACF1B06B1321C5C89E31DB5EF706
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ..............................p.....@.................................,)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.961404899955368
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JH/JWKpWFrjP9Z95Xa/rl9qX2Ip4xsxTjdAA1m5wMT9YMWuuwUNA5DQITB:JH/jOHRKrLy2Ip4exTxf1mlTAwUN+0M
                                                                                                                                                                                                                                        MD5:BC8A91C10FD4A5429AC54A015921A4C4
                                                                                                                                                                                                                                        SHA1:A85B915FFB5104CEBDE7D1D26FD646F09629CC44
                                                                                                                                                                                                                                        SHA-256:CDDA0D36EEC0BB62393ED72FA43D1BD5C241B2222E052AFDD070007B4B04ABF9
                                                                                                                                                                                                                                        SHA-512:270D7AD50775FA2FE50DF06C204562E61D323011828B534887F0EB83ED7BA20768B9964205C4121A9EC97F1A4F97C42B9E3BB6222202A308D1CC1BAF0613FB26
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ....................................@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.Cryptography.X509Certificates.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.900106811884281
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sTjbocNsWMhWbrjP9Z95Xa/rl9qX2Ip4uux6CjdAA1m5wM36QNuZLL5:AboYyAHRKrLy2Ip4u46Cxf1ml36QgZH5
                                                                                                                                                                                                                                        MD5:A471FF1F9125DE39B50573F7803AF769
                                                                                                                                                                                                                                        SHA1:75F39916F239075C34470A2BB730FFE9DE14438A
                                                                                                                                                                                                                                        SHA-256:9647FE75BB47364CEA56B78828840E8752482A7D83BB369771681B5E3810387C
                                                                                                                                                                                                                                        SHA-512:8209F8FFC6DE5830092876360F6A4DC0107EC8748808ABB49FC09DE73B78B5D028A0A26CACF921D85349532160643F0907CFABC8967DF12F55DB861CF75E310F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ..............................k.....@..................................-..O....@...................:...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.Principal.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.9886717572167285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ISKiWIhW5rjP9Z95Xa/rl9qX2Ip40Z+566CjdAA1m5wM36QNuZLX3:ISK8iHRKrLy2Ip40ZA66Cxf1ml36QgZ7
                                                                                                                                                                                                                                        MD5:540D04AA9B9CA639DFA78EB6BC11E195
                                                                                                                                                                                                                                        SHA1:78530FA7D8A68F67145DC2B98604E871AD411228
                                                                                                                                                                                                                                        SHA-256:C882A29AAB3E323719D129D9E75FB878DB909A3F2AB76D65C5696459B01FE90B
                                                                                                                                                                                                                                        SHA-512:18DAF10638A899552B80AFEC035EA0BDC03CA65963336896002AC415826C5C1004D5C7617599338DE50F9266D6AC75117C1B8A2606E88A28B3B488C878F176DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................t(..O....@.. ................:...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Security.SecureString.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.952579369169005
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M0KbZWApWmWTpWNrjP9Z95Xa/rl9qX2Ip4DTnTjdAA1m5wMT9YMWuuwVNA5DyOI4:DKRyiHRKrLy2Ip4DTnTxf1mlTAwVN+uQ
                                                                                                                                                                                                                                        MD5:C22EFC2F987821406E7F39E6432DBDF5
                                                                                                                                                                                                                                        SHA1:BC2CD24C4578EE3E7BDBE524D7703583F1D4B70E
                                                                                                                                                                                                                                        SHA-256:11C03D5D29516D82FCFC512777AE49D9B5594FC48F399CC5198D21C251F8B9D3
                                                                                                                                                                                                                                        SHA-512:2AAD2733729E58BF4D7A7EFA8B8B5B97ACA49C453C9272CAF7E85474731CB0EA29E8BE04DE47F22CCD3458AAF25FE70D7504C8DE916682941CF14AFB600C056B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ....................................@.................................>)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Text.Encoding.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.01078174815367
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xb1nWCXWzrjP9Z95Xa/rl9qX2Ip4yCjdAA1m5wMDBupe:17yHRKrLy2Ip4yCxf1mlD0pe
                                                                                                                                                                                                                                        MD5:5177EDC078028D8E88FA55A3960328F2
                                                                                                                                                                                                                                        SHA1:19D84FDFF5B3D1164A7AF7CD53B1DD7A285A3224
                                                                                                                                                                                                                                        SHA-256:320A063AA8FF50E6684BAEA892F023AF5DD7B4B33B1E3ACEBD5E47DD1F778D97
                                                                                                                                                                                                                                        SHA-512:F83871D0BE1F5A598A2E9A88DD4FCB648FBA2997DDA981150827F02331929D50BC067F4543A9FD476384919AD3302E0A7858BC2C93181B27CF2D4E73D9B94A2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................Ky....@..................................(..O....@..T................:...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Text.Encoding.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.933857173145757
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:YxyW7TW4rjP9Z95Xa/rl9qX2Ip4HjCjdAA1m5wMDBuS4:+fHHRKrLy2Ip4DCxf1mlD0S4
                                                                                                                                                                                                                                        MD5:E92883D9D3772678F18EBCACF8DE60C1
                                                                                                                                                                                                                                        SHA1:E12BB87179A5F5C3E78C8A883C430C9E53A5B464
                                                                                                                                                                                                                                        SHA-256:7ED94887C9F14C1032147C9EAF993EDF9B5F40532A888A889E1E6A1AF353B842
                                                                                                                                                                                                                                        SHA-512:8AC6D6D20D2F2CE74E1AF5CA157E381CD4507605C5D0DB92829654CC07A5BB37684609212EF3D7CA7B5D77FDBCD085E0E9E873EFFFE497726B5FB41E94F25910
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...................................@..................................)..O....@...................:...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Text.RegularExpressions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043584942077097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fd6Rb32WVzW5rjP9Z95Xa/rl9qX2Ip43chTjdAA1m5wMT9YMWuuwmNA5Dk:fERb3dkHRKrLy2Ip43chTxf1mlTAwmNp
                                                                                                                                                                                                                                        MD5:A9822B47A1E850BF593CB61B4B0DA6A5
                                                                                                                                                                                                                                        SHA1:443308B64C9BD1B24DEF286F5D118B5D4D46A59F
                                                                                                                                                                                                                                        SHA-256:0E276865A2877403DD7C8DF94F9AA7CA15A5EE49A3FC7A9A866B9CAB7E1198F8
                                                                                                                                                                                                                                        SHA-512:930D3CC22411665E36A789000A5F45679E1E9CD5D9BC07863DFE777C7A7A9CF36932AF79D8FFFDB2A01C2EC3B2F609EDA6D3AD96EEEF0684B3C1AA399638BB42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..P................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Threading.Overlapped.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36496
                                                                                                                                                                                                                                        Entropy (8bit):6.692065690331391
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ou5I+sqOylryry8qqIfUc7a5AHRKrLy2Ip4d6Cxf1ml36QgZx:oYIVBpry8qqIfUcm5AHi/9xfI5g
                                                                                                                                                                                                                                        MD5:928FFE2B02C8C07B69B235D52C179EB1
                                                                                                                                                                                                                                        SHA1:766DDE57768588CCAA43602E57B0F46E1608AB82
                                                                                                                                                                                                                                        SHA-256:71C1DD3E2683D124B65237376FB4DF2D6FFD85079038FAAB827C281DA69A6D69
                                                                                                                                                                                                                                        SHA-512:2E2EAA3AD7F167E6E412DC9AC04B49409FA4F297710DC4A1CF9BAC152C7561CCC31D99E0DDFF5CA423298F0A69F0D59F55B6AF34251D7279F910BC179DDF99F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ...................................@..................................c..O.......x............T...:...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Threading.Tasks.Parallel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20880
                                                                                                                                                                                                                                        Entropy (8bit):7.0167424902341216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xvn4HREpWiQWdrjP9Z95Xa/rl9qX2Ip4TFqjdAA1m5wMcJcouCPiK0z:uShHRKrLy2Ip4xqxf1mlcJqCPm
                                                                                                                                                                                                                                        MD5:0F8E8070A4B0B55480AB85A85EB22B9D
                                                                                                                                                                                                                                        SHA1:B60E58FD0ECED6BFDB7CF2441EAE88EE6A6FAEAB
                                                                                                                                                                                                                                        SHA-256:E72C6D3A7E9E23C0D6332AA4CDB8140E127A7913484E8FFB6CCD384491BC51D9
                                                                                                                                                                                                                                        SHA-512:903731D067496952B5582A5839491B36C90A9BB21E50BB70130288D4AFB50628A1A0D4AB9DAE7F0121E9A14C923A4D98B4B02E31E0985BA85A0042983853F879
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..P................=...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Threading.Tasks.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.925388301948598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M8MjKb47T3UCcqFMkJ59WdtWhrjP9Z95Xa/rl9qX2Ip4PJCDCjdAA1m5wMDBu/:9MjKb4vcGdOmHRKrLy2Ip4PyCxf1mlD+
                                                                                                                                                                                                                                        MD5:B09E7D715D06FEBF8F0731AF593B2151
                                                                                                                                                                                                                                        SHA1:16966B4503352D387EECDBD358CB77ABF55960B9
                                                                                                                                                                                                                                        SHA-256:767041162E62EB43DEAAB00F6D4E79890C15D7D3B2150CABD48948B51D0D37EF
                                                                                                                                                                                                                                        SHA-512:CC60BA9571F1BC3EF4604C15864A6A27EC87DA519E0F636CF9B21F1200E0D06D84A76331196EAABBC5BFCCBC43E8BFCA8FCC31105639C0E849CD94C0AD9C38F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...................................@.................................`,..O....@...................:...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Threading.Thread.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.001945686038119
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fzyNXd4+BW6FWbrjP9Z95Xa/rl9qX2Ip4j93MCjdAA1m5wMDBuh:ezMHRKrLy2Ip4qCxf1mlD0
                                                                                                                                                                                                                                        MD5:209FFB98068B9A091F03DE3EA4A02A83
                                                                                                                                                                                                                                        SHA1:CB7DD764550163D9F8D156CF9565CC1071CF05DA
                                                                                                                                                                                                                                        SHA-256:5961BFBC94256103198F867E0F0A22A2EA2039B572F81FE8B75168DD7225EBBD
                                                                                                                                                                                                                                        SHA-512:4FBB9DF6CA43D582B18E28F8F0C10C1189E59FDFB18F87FEE24E49E8BA446AFEDE56F409F9A49B09A7C127CE54051384F8335217E2844B3A9108AAD9CF20C472
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................I....@..................................(..O....@...................:...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Threading.ThreadPool.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012131761847572
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pvs2Q3HKJNrWWRWErjP9Z95Xa/rl9qX2Ip4Jy714TjdAA1m5wMBq5ul09vfh+JVI:puMRHRKrLy2Ip4JI4Txf1mlBqsqv5
                                                                                                                                                                                                                                        MD5:A32EADC37E0A1ED37FEC41FC2E045CFD
                                                                                                                                                                                                                                        SHA1:4BA3FFE3A6FA3DA342CE83F5AEF5CBAC86D2311E
                                                                                                                                                                                                                                        SHA-256:2039B9EC93FA1251E5DA3E1A2B96B8F3450B01C44413EEFBDD4BC455274FE354
                                                                                                                                                                                                                                        SHA-512:5F158EE1C682E0670CCAF2A7FC44693492A9D2A46A73E5BADCA3B2999F19B08F89C8CD210E3C0665FFFDB1527ECF2D125FB4CC07F9B6BA34BDC9CD1EACA50B51
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................p.....@..................................(..O....@..4................>...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Threading.Timer.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.9924618472479105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xFz0Q6gcqRhcsMWdMWDrjP9Z95Xa/rl9qX2Ip4/bVTjdAA1m5wMT9YMWuuwmNA5k:xFz1c6THRKrLy2Ip4DVTxf1mlTAwmN+k
                                                                                                                                                                                                                                        MD5:3A428C73A353ED7509FBFB4942604D72
                                                                                                                                                                                                                                        SHA1:D807D591C8257C0FC1EC8F4FAFD403447A164C22
                                                                                                                                                                                                                                        SHA-256:74CF34024678952427D238FBF286E1D3A53C81E4ED3F8FBB6651356A3D1A8D01
                                                                                                                                                                                                                                        SHA-512:4D0E9F3E7C11727260AD2628CC42274698474E45EF2AD63FF98938E90230F4ABBD3BF4A95A647443A24CFB63377FB6EB69F1A06F7E832FD36EDDB49079AE2845
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................L(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Threading.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.912168734049125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:z6xWA3W4aW/NWUrjP9Z95Xa/rl9qX2Ip4bTjdAA1m5wMQhKuVd4m5vZqIcNOE:zaBJHRKrLy2Ip4bTxf1mlQh5Vd4m5ExT
                                                                                                                                                                                                                                        MD5:DA0A017A7B27E4E070FC451B78509F12
                                                                                                                                                                                                                                        SHA1:770C7BBDD3579F4C0C4A7E0747A2CCC0C3F5F740
                                                                                                                                                                                                                                        SHA-256:7DC2B072A5431B0CBF5F7DF8B19E0A4CAFC43ACDDD3EBA0F8E77D3B87161FC6A
                                                                                                                                                                                                                                        SHA-512:49AE7C5849A2ED81A32FDD06DCCC78556AA2F695BDD4062F9C090330C49B0698178B68B5DF1268280A3C5D7DC158E3FCABB3C2F7A7D64B4EAE0747B217BADAB0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.ValueTuple.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):78848
                                                                                                                                                                                                                                        Entropy (8bit):6.068451904343695
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:QIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh79xHi/96m:QIuAaGbeGq5rKASI0ICh9fG/
                                                                                                                                                                                                                                        MD5:497DBE1C655A103B64BF60DD1B9742DA
                                                                                                                                                                                                                                        SHA1:739CAA4AA085FE23B4CFD24CCFF12D9578EDEB5A
                                                                                                                                                                                                                                        SHA-256:C80225BBCF11FBF421DE9169191C2316C96B9E5858C0B2749C53EEEA8993148E
                                                                                                                                                                                                                                        SHA-512:093C06FB355BC5CD8148332689C183F80732960D88647D0A75E3CEE234A2B83C55235F100D23748B8BA6748736DEC5D8A465593642EB92EDE4EC1F214EC84A84
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............~.... ... ....... .......................`......Ja....@.................................,...O.... ..x................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B................`.......H.......................d.......t.......................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o...........o ...........o!........*...o"..........o#..........o$...........o%...........o&........*....0..L.........o'..........o(..........o)...........o*...........o+...........o,........*.0..Y.........o-..........o...........o/...........o0...........o1...........o2...........o3.... ...*....0..k.........o4....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Xml.ReaderWriter.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21400
                                                                                                                                                                                                                                        Entropy (8bit):6.994018550233344
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2r97WquWzrjP9Z95Xa/rl9qX2Ip4o9mqjdAA1m5wMRv3cquhqjlLBd:2RJBHRKrLy2Ip4Hqxf1mlRv3cZhqj
                                                                                                                                                                                                                                        MD5:E2143D1AA04BCC81A1079CC3D502C85F
                                                                                                                                                                                                                                        SHA1:60D8889978337C74D9CDB209EC50DFFC79796C68
                                                                                                                                                                                                                                        SHA-256:AB28A9025F8537F3ADC4673F5D9DA769C688AD14DBBFF9C2022B99264C360A05
                                                                                                                                                                                                                                        SHA-512:0FAC48EA0651D638416019540EAE37C349C4DB25BB2075C13C855B60A4524DC51E001B23A0559ED56CCC81FED9141E4FB6D8E5AEFD1D00DEB9EBA29AC3567FDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... .............................../....@.................................\+..O....@...................=...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Xml.XDocument.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.966463595778793
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J16eWLDWxrjP9Z95Xa/rl9qX2Ip4XTjdAA1m5wMBq5ul04vfh+Yg2:L6LgHRKrLy2Ip4XTxf1mlBqs3v7L
                                                                                                                                                                                                                                        MD5:6A2A6B51A7FA9D5D06FA735E70E40BF0
                                                                                                                                                                                                                                        SHA1:C5BE68952FE78208F1A8E306A556E96C4B190C93
                                                                                                                                                                                                                                        SHA-256:A08770C6344602101FC611FED68F71579FD06CB7823ED8FEEBC511B1D1AE4150
                                                                                                                                                                                                                                        SHA-512:C341134693BCAF3F13979AA5DE59508ED64E1AA3674572FEAD41E20320BCA8FFFC27BED3EA1874AB898E540B5CFCE016DDD1A3B520A55D3E16A7EBCAE65F1AF6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@...................>...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Xml.XPath.XDocument.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.952372708304721
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:D8G4YC2W+wW8WpwWJrjP9Z95Xa/rl9qX2Ip43dTjdAA1m5wMBq5ul01vfh+Z92:gGZ5JHRKrLy2Ip43dTxf1mlBqsOv8Q
                                                                                                                                                                                                                                        MD5:CD4894F1E77B8A9EDEDF5CD9775001CD
                                                                                                                                                                                                                                        SHA1:B3CE1EA8BD191F5CC34512D832A3A2D9EDB51811
                                                                                                                                                                                                                                        SHA-256:E9BC548E0052F85BD3D2E640987905404E2FE27F8A31D90648192937A4E9E4D1
                                                                                                                                                                                                                                        SHA-512:A5D8B5E9B66F3967C2192180938658B44CAA29B4D83E84D39B104A8DE8951B922A545712BAD0265E607E5EBBEDDD09A7FA837E13A893592FC370C25FEE604189
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ..............................k.....@.................................z+..O....@..x................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Xml.XPath.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.0376762989157
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:D6ziqTEkGWvRWZrjP9Z95Xa/rl9qX2Ip48JETjdAA1m5wMQhKuVdAm5vZczsoJ:DYT1eHRKrLy2Ip48WTxf1mlQh5VdAm5E
                                                                                                                                                                                                                                        MD5:00BBE6D832B673963EE8BC6404CBB1DB
                                                                                                                                                                                                                                        SHA1:05E1CBBF4D9774EF62A61BAB601F2EDA1E72DA0F
                                                                                                                                                                                                                                        SHA-256:3BF178AA6FDC46926C574D3F307B30EBE87D4481C7400EF527E1BD0D4DF7DF91
                                                                                                                                                                                                                                        SHA-512:4C20639B211264009A83BE85D28CDF21A553DB3E2BFDE04EB716C9C1C082D37E23E95E197BFF0C0019429A44C22997CC6AAC44A72D4371D2E82BD6A56B1FE176
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................TJ....@..................................)..O....@...................>...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Xml.XmlDocument.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.975166502138063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0Uv7c7iWNCWjrjP9Z95Xa/rl9qX2Ip4TTjdAA1m5wMAvru4LTXZIjNJ:0M7c1tHRKrLy2Ip4TTxf1mlA6KZ8
                                                                                                                                                                                                                                        MD5:2F66F0F5AD5EF1F67F0D6096BF10A553
                                                                                                                                                                                                                                        SHA1:8AE3D7E780EC9177073D618F28D5DE7A1211CFE0
                                                                                                                                                                                                                                        SHA-256:FD46E5FA1C263C127BF8386A53D457A2E1619AD15A79EC0DB6CC956D5925CDD0
                                                                                                                                                                                                                                        SHA-512:26E0788910E6417919306F47C3A1590177A3F0403EE28EC869280D94B8839A2EE1401C41EEBA33555405C99ECE686785337BBB3EDC73F8D34E703F5F9D079806
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................>...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\System.Xml.XmlSerializer.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21392
                                                                                                                                                                                                                                        Entropy (8bit):6.998832177906868
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iSWnRWLrjP9Z95Xa/rl9qX2Ip4EeqjdAA1m5wMRv3cquhWjlLo:izcHRKrLy2Ip4xqxf1mlRv3cZhWjW
                                                                                                                                                                                                                                        MD5:BEC0755730B206089B82B42109DC0A6A
                                                                                                                                                                                                                                        SHA1:57FB2797D73991F48A5ED1211BED5B7AECE85803
                                                                                                                                                                                                                                        SHA-256:071AC56D8E9A64A1C1E32DCD0880C5E328BE47050DE776323BEF6F70FA0AC487
                                                                                                                                                                                                                                        SHA-512:936F3DDA594D4421A61B12C58C4A0AAF4FAC3A9EF8DA7131FBF763461D5C74C991DEED5A2F21063B40A6978CDF72D470604D95D421EF1AF38185C80FEB74633C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ..............................%.....@.................................L+..O....@..$................=...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\TraceReloggerLib.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23040
                                                                                                                                                                                                                                        Entropy (8bit):6.947773246140973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aoMeAKyr1jSC6rrjP9Z95Xa/rl9qX2Ip4STjdAA1m5wMBq5ul0Rvfh+q:aoMbKK1OBpHRKrLy2Ip4STxf1mlBqs+f
                                                                                                                                                                                                                                        MD5:4CD2BE5105CD5E9AF7D4BFFF40F99B6F
                                                                                                                                                                                                                                        SHA1:B0B83308D8007A7B1FD9EFB4D28373B532C713A2
                                                                                                                                                                                                                                        SHA-256:2A9D8653F09B4FBA3A39E03FECB6C2D1747813D8051C0F9060EE81B62C082DAF
                                                                                                                                                                                                                                        SHA-512:329CB6AEBA3DFAB79806075D0C1255CD53EA8A2D8566F2E3A16ECC3C04D3301702485D292DE30E3D262A282E64B00CE56950A13AEBB3CDB7AFC8F906E4881F88
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.NZ...........!.................2... ...@....@.. ...............................~....@..................................1..S....@...................>...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........ ......................P .......................................t..Ar..(9...8.7.Y*(...x.R.[#.e..3.A.8]...a?..o...W..%...,U.8Rn...^..?N ...0....f..X...G.P..Z.X.....ih.Du.UPxSh.............BSJB............v4.0.30319......l...h...#~......d...#Strings....8.......#US.@.......#GUID...P.......#Blob...........W.........%3................)..."...'.........................................p.........).....L.....d.....r............................................... .....5...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\Uninstall.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96000
                                                                                                                                                                                                                                        Entropy (8bit):6.9811464858641346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:OsuNLvSFVVeozLpPu0jgbWjjWcJorX/wC/wPqaWVxEdHi/9NfIc30fP:O1NjcVVnLpPun8jvqPw5fXPH
                                                                                                                                                                                                                                        MD5:5D58234A8024444C73B39CEBB62BD3BD
                                                                                                                                                                                                                                        SHA1:0667616E58B31F72FE95EA59B6092D68B747B014
                                                                                                                                                                                                                                        SHA-256:400C678A095C17DE027DD6A878267A23CD14BF7428FA9CEF106B9E846FFCA346
                                                                                                                                                                                                                                        SHA-512:2DBEEB5628EDAA3C7BC2D0104B07CE16E39FE27027E823C4F645A603C447C4D67CCC4EF43DE4CA28D946BEAF18B9FC96666464F58694E17CD6969AF7D91498C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L....Oa.................f...*.......4............@..........................p............@..............................................m...........9...>...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata...P...............................rsrc....m.......n..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\amd64\KernelTraceControl.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):234496
                                                                                                                                                                                                                                        Entropy (8bit):6.308803769130203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:+X5gE72vcK8s7pTxEl7Onygi9wDO4z4WSYB0JuPrOAjT//P2jVFU10xNA:+XX20y7HNz14RU0J/AL2bUqA
                                                                                                                                                                                                                                        MD5:BF3E4DEEBA78482CF19018DD55751642
                                                                                                                                                                                                                                        SHA1:9166B4449953624995004544326CBDACDE285E77
                                                                                                                                                                                                                                        SHA-256:E172168748E0A2E7B2582F3E941E7262A366D8B292B6C2FDA3B6ABDA3DF1A455
                                                                                                                                                                                                                                        SHA-512:D012A20926A6EE5DD54227CEA9EA0E51CF2A40DFCDC4146E99482A8747E18BAFD615C4CCC72373A47D050062CAF5EC7744BC174EF0DEE104E329AF631F3702D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>..jz..9z..9z..9.$b9y..9.$a9w..9z..9...9.$|9i..9.$}9{..9.$d9l..9.$`9|..9.$~9{..9.$c9{..9Richz..9........................PE..d....S.V.........." .....l...........H....................................................`A........................................ %.......%...............P.......V...>..........p...8........................... ........................$..@....................text...5k.......l.................. ..`.rdata...............p..............@..@.data........@.......*..............@....pdata.......P.......,..............@..@.didat.......p.......J..............@....rsrc................L..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\amd64\msdia140.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1692048
                                                                                                                                                                                                                                        Entropy (8bit):6.326801866800496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:x+8Gg7kWyJnk8kvXfX+WquRLvbKG5pkKMV2Dzbcn3P88/UTlXe:x+bWE+TvTRLv/y2DzbcnU8/UTw
                                                                                                                                                                                                                                        MD5:B0B902CF5B6F147211370A7BC97765B4
                                                                                                                                                                                                                                        SHA1:1993129A785CB3C99F80A948D2FA75DA454D4E85
                                                                                                                                                                                                                                        SHA-256:9418B43B8F26DEF716E15EC9138C49AE4DF08306F9D1FF4C65455F2A729715EF
                                                                                                                                                                                                                                        SHA-512:E556BFD25A6B6AB9E1FFEA82CB5D4813B4BFE8CF90C77EC154D6295AD257625FE431A303185F3CAC5271583881F500869478CD6AD6268D938C9F35ACEE7B4E69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:..si..si..si.3.i..siS.rh..si..wh..si..ph..si..vh..siS.wh..siS.ph..siS.vh.si.3.i..si..ri".siS.{h..siS.sh..siS.i..siS.qh..siRich..si........PE..d....8.^.........." .................b.......................................0......}.....`A....................................................<.......x................=.......H......8...............................0...............p............................text...~........................... ..`.rdata..\...........................@..@.data...(........b..................@....pdata...............,..............@..@.didat...............8..............@..._RDATA...............:..............@..@.rsrc...x............<..............@..@.reloc...H.......J...J..............@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\amd64\msvcp140.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):589824
                                                                                                                                                                                                                                        Entropy (8bit):6.46320033169136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ut8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3HC:uCMm9pyp35bQEKZm+jWodEExi
                                                                                                                                                                                                                                        MD5:6BA8C51379494D612E4EF69550A6CE8C
                                                                                                                                                                                                                                        SHA1:2D642A9FA5C9435E43D009C8734E0FDE44327C29
                                                                                                                                                                                                                                        SHA-256:F832E41CC246B1037289D731804D2207837E8B8D0385F357B1A7592E94308932
                                                                                                                                                                                                                                        SHA-512:2426DD48264F6C0189C5A840B6F11DC877C9096472A50C267EF52125A39011DA8D4D755572CCC71B77D6701359A7364C95BB3473E2BE49C2FA32EA861E81A389
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n...*...*...*.....w.(...#...<...*......./.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;.......>......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\amd64\vcruntime140.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):99984
                                                                                                                                                                                                                                        Entropy (8bit):6.5538732748545305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Xy6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bnHi/9vfII:XlXfRXqQw+PHLrCZh9xecbStV
                                                                                                                                                                                                                                        MD5:6430909108F315614AB8C02265ECF041
                                                                                                                                                                                                                                        SHA1:7BD0CF29CB2D17E730170F8264CCAF90ECB662D4
                                                                                                                                                                                                                                        SHA-256:27DD79BD367559A0DE592D33B015F7204A9C4483192BFAACDEC9DE07BF460FF2
                                                                                                                                                                                                                                        SHA-512:A1313FB85EC019AADF1BB449FA333B998D1813D54A037CAC06F9CC37A50F6C70D8F41B434AFCD51A7B97BAC43C7F291DE5111C2D787352207A6160D4FF9234BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... ................................................P....`A........................................`1..4....9.......p.......P.......L...:..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\amd64\vcruntime140_1.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):43520
                                                                                                                                                                                                                                        Entropy (8bit):6.64690620367382
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8JnUUV7xPg4RdPvv1DHkhh+JHRKrLy2Ip4eTxf1mlA6qZe:8aY7XN7I+JHi/9+fInqM
                                                                                                                                                                                                                                        MD5:3382104CEE2BE75491991D2631EC056A
                                                                                                                                                                                                                                        SHA1:8DC3AF340121BBFDC69CA2E04388CBD1E37DB5EC
                                                                                                                                                                                                                                        SHA-256:40147F671339275AAF711388EEEB5F8F313864DEE717E099116085A57286CAA4
                                                                                                                                                                                                                                        SHA-512:EE613917FF5CD539E4B1526BE1CF48A6C478F0D72291865CC1167AA508DCAF017EE22226C1494D69CCD3513E9F4761C345BE8C5DAAE6B40B1C79CDC71D450C64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..j...j...j....l.h....y..h...cq..a...j...[....y..o....y..m....y..p....y..k....y|.k....y..k...Richj...................PE..d...Q8.^.........." .....:...4......pA....................................................`A........................................Pk.......k..x....................l...>......8...(b..T............................b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\netstandard.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97424
                                                                                                                                                                                                                                        Entropy (8bit):5.617357157968208
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:x2Ec05j4eAH64rh5fSt5T9nFcI94W0Hi/9efII:glK4eA7mDmWJ
                                                                                                                                                                                                                                        MD5:D316F297D51844DB28FC96A847ACC05B
                                                                                                                                                                                                                                        SHA1:2A046FC6DEFE22033A76F2F6B18112738CBDD5C4
                                                                                                                                                                                                                                        SHA-256:057FF7A5BBDAA0BDD437D68FC9E0534CD0DFB42EB70DFE87AB864DC8EDB086A9
                                                                                                                                                                                                                                        SHA-512:C1DAC8920B7DB1B6AA13639DB223C4AA02594F7EB57810891C615B850A3C8CA4ADD9C5BF64B8AA8C28EE1528B3018945C72F850305BA8223577EAB498AF5E1ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................u....@..................................U..O....`..,............B...:........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsAtom.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):177152
                                                                                                                                                                                                                                        Entropy (8bit):6.55862728173861
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:oSHreWE0uOeOyqN8ROsKQsN3gVTAg3mZtrOYDf1gwBvDO:fLeWEPOyqNnys+K1trOOSx
                                                                                                                                                                                                                                        MD5:27C1AC30C9AE3BD7665FB4648AC2648E
                                                                                                                                                                                                                                        SHA1:B07C7A939CA2ED27F3491835CEC2B5F4BAC9B25E
                                                                                                                                                                                                                                        SHA-256:86D05E66E4AC5DBC46BA6270E8A57B5D12E2E31D58A4ECE1BA95F3F381F6CCBF
                                                                                                                                                                                                                                        SHA-512:BD21AFE8BD5243934DF9CF0B04310DBFAB100F76AD17EEF7CA39D2D3C6FDCD9D071BEDBC947C52FD58457F1460715BE65E44B5D441864E2C82BBCF3B84D2C5CD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.............!..0..l..........>.... ........@.. ....................................`.....................................K.......T............v...>........................................................... ............... ..H............text...Dj... ...l.................. ..`.rsrc...T............n..............@..@.reloc...............t..............@..B................ .......H.......Hi..l................~..&........................................(....(....*:+.(Ar.[.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.z.....0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*Ad......G.......Y...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEDRLib.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1648784
                                                                                                                                                                                                                                        Entropy (8bit):7.665089270086584
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:YHRJ4hTCfcsbCQUVu1B/NwOBsG/F7vL6E7wFGk3OwdKZa1zBwSUnn3KNEIq5ZXta:E+TbsbGVWvBB/ROEA3FIUninM1q5
                                                                                                                                                                                                                                        MD5:3E7DD0248ABCB1B24AB54ED6E09E15FE
                                                                                                                                                                                                                                        SHA1:3513AE79BADEE569D8C6E0B459851C60FEA08F27
                                                                                                                                                                                                                                        SHA-256:765F56F16FA3E15069DD882A59BFD755CA14B123A287E0841596D3EC371AFFC5
                                                                                                                                                                                                                                        SHA-512:07816CAA3E2E62F10D40462B373D06567F8C012999D145BC0815A0DB3FE460F023EBBAC5254EE71073FDE5680BF721EDC75A9343B1105C00F4B31B3C991D0253
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j.............. ..0.................. ....@...... .......................@............`...@......@............... ............................... ...................:..........^................................................................ ..H............text........ ...................... ..`.rsrc........ ......................@..@........................................H.......................B...............................................(....(....*:+.(...P.(....*..0.............*AL..........K.......@...........8...t.......;...............T...................*....0.............*AL..........I.......;...............z...4...;...........f.../................0.............*AL......p...F.......^...................I...;...............Y...................*....0.............*AL......l...D.......;.......................;...........2...9...k............0..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):633
                                                                                                                                                                                                                                        Entropy (8bit):4.870692213653989
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:qLLnCp8CQJomf6CVLUAjXnC9xkKxkgYCsx/nCp8CQJomf6Cj:qLrpLF6cL1jXIxkKxklCsxpLF66
                                                                                                                                                                                                                                        MD5:6895E7CE1A11E92604B53B2F6503564E
                                                                                                                                                                                                                                        SHA1:6A69C00679D2AFDAF56FE50D50D6036CCB1E570F
                                                                                                                                                                                                                                        SHA-256:3C609771F2C736A7CE540FEC633886378426F30F0EF4B51C20B57D46E201F177
                                                                                                                                                                                                                                        SHA-512:314D74972EF00635EDFC82406B4514D7806E26CEC36DA9B617036DF0E0C2448A9250B0239AF33129E11A9A49455AAB00407619BA56EA808B4539549FD86715A2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.Installing assembly 'C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe.. logfile = C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog..Installing service rsEDRSvc.....Service rsEDRSvc has been successfully installed...Creating EventLog source rsEDRSvc in log Application.....Committing assembly 'C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe.. logfile = C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7466
                                                                                                                                                                                                                                        Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                        MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                        SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                        SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                        SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):163328
                                                                                                                                                                                                                                        Entropy (8bit):6.264821948719024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qeD9b8uzpNi8br556FpwsdxcNfBBFaS8o92WnTbEZBtQ3rvXeX:qeD184NijpTsNfBBF392WcBQC
                                                                                                                                                                                                                                        MD5:6B03DAEF1CAA676A0BC6E13B4BC8F89B
                                                                                                                                                                                                                                        SHA1:3985879BA05C56C0FA1839B569EA4643731A052C
                                                                                                                                                                                                                                        SHA-256:DF2B1F19DBCF4E1787AD625AE73D844B129D126661861971F8E13E794646906A
                                                                                                                                                                                                                                        SHA-512:741517162EC051D199CD69ED768D6FFE48C75ADBE1CCC06BE1272FE4C6A2C45B64414E84673B036B2BB85CF7B49175107AA03627ED216CDD2E79D47027A73166
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a.|...............0..6............... ....@...... ....................................`...@......@............... ...............................`...............@...>...........U............................................................... ..H............text....5... ...6.................. ..`.rsrc........`.......8..............@..@........................................H.......................(....:..+U.......................................(....(....*:+.(vlpI.(....*..0.............*........GU.J.....0.............*........LZ.E.....0.............*......K..f.............J.....0.............*.................0.............*.(....(....*....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..........+.(X...8........E........8....(....8.....(...........s....o.... 3...8........E6......."...................3.............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEngine.Core.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):334336
                                                                                                                                                                                                                                        Entropy (8bit):7.162095871589973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UUkuU/9vnxhTmdaXlumDgLhhgV+AhV30ZwI+3U:tg9vn+dSBDahgEADu/
                                                                                                                                                                                                                                        MD5:C2538DD971AA2D4F2E863695FB4C585E
                                                                                                                                                                                                                                        SHA1:46B1814C5155DD5148DE7EB06D58B7AE2E5CD6AD
                                                                                                                                                                                                                                        SHA-256:D1781B732CDE702764A8007F76EE8CA0B464C4F4EA30A6E0C67AB562C9F509DC
                                                                                                                                                                                                                                        SHA-512:8587B2141F8A14235B9058EEA876A4202152AC79505B68C5CCEDF21265EC86CF732E769365F4CAE95E9C8B31C49DBCD48D302A8D2D1928E69B78D9B07866DA1C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...npA............!..0.............N.... ........@.. .......................@......p.....`.....................................K.......h................>... ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...h...........................@..@.reloc....... ......................@..B................0.......H............/..............'...4........................................(....(....*.0.............*AL..........K..._...;...................,...;...........]...V...................*....0.............*AL..........I.../...;...............j.......@...........8.......W............0.............*AL..........K...g...;...............p...%...Y...........;...b...................*....0.............*AL......Y...D.......c...................f...@...........d...L................0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEngine.JSON.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):139264
                                                                                                                                                                                                                                        Entropy (8bit):6.18944717645377
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:f2DD4JcSb+rfzHr+fWPu0yHHFx9EqJvhSYNBcFFlngCTltxeR8LmsvDiHi/9nfIt:QP++X9W0gFx9B9N+FFhgCThLms7knt
                                                                                                                                                                                                                                        MD5:747A3CBD0A2B77BE3CF507BCD4DF1BDA
                                                                                                                                                                                                                                        SHA1:565EC03E0DC06B00C09E3890ADACA584871EB180
                                                                                                                                                                                                                                        SHA-256:263BC382848CBAE80BD641AA0654A23971E2887E07BC1D6F4182DAFF84C501C0
                                                                                                                                                                                                                                        SHA-512:661C6CD0CD4290C2D27669291A9CCD746C6E57A90CC753BE06DD9D55012F16119CEBE0E7D24352400FC21E5626D41AF79ABBC92A72245EA1AB5E6F3C368C31FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2............!..0.................. ........@.. .......................@............`.................................@...K.......h................>... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc....... ......................@..B................p.......H........_...o..........d....%..q........................................(g...(....*:+.(8L`@.(]...*.....*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*.................0.............*....................*.......*.......*....0.............*....*....0.............*........1E.......0.............*......&.Sy......B(g...( ...(!...*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*...B(g...(]

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEngine.Loggers.Application.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):146432
                                                                                                                                                                                                                                        Entropy (8bit):6.2745753496402985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qmFLQiVm1Ie2cDQHOhsK21h8iFT9Z6avH6SCZlmm:zQwm1IeSHOeKmmOC5
                                                                                                                                                                                                                                        MD5:2487994259AE9E8166F22FE39790C671
                                                                                                                                                                                                                                        SHA1:09E1D13605AACCFC0F6EF3858AA53AE0135746B6
                                                                                                                                                                                                                                        SHA-256:4AD77036EEFF9E015C1E6FE1886A465845ADDBDB56AAF5ADAC238AD1CCB91AD3
                                                                                                                                                                                                                                        SHA-512:9A1C3D6A94C954C093547134F621ED69C897C08E3305409FDF3FB17ADC960A17EC03066005AAB16ECDA7F89A55B31FD1006EFA54E5C8C59375BEF05639937F59
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.I............!..0.................. ... ....@.. .......................`...........`.................................`...K.... ...................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......pc...w..........$...q5...........................................(q...(....*:+.(..d>.(g...*..0.............*.0.............*........g..;.....0.............*.................0.............*.................0.............*.................0.............*........**.......0.............*.................0.............*........**.......0.............*.................0.............*........**.......0.............*.................0.............*........ff.......0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsEngine.Utilities.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2261504
                                                                                                                                                                                                                                        Entropy (8bit):7.596639757213537
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wdm0hCMOJwV1isz+0DxhCHPpdiiobYCI8:w45HWgszsKQ8
                                                                                                                                                                                                                                        MD5:0E5519F6202594F1990CC0F623B43DEC
                                                                                                                                                                                                                                        SHA1:7845F116F5AA74F89A2AB1A9C0AE746E54250FAA
                                                                                                                                                                                                                                        SHA-256:6793F731558A2123E8031E511E9FCF680FB391604383E78C6FB29F132E0E75A0
                                                                                                                                                                                                                                        SHA-512:09139A5EE60309483219EEFA0C7C18659ACF7002B27993B5172BE19AABD7CE51013348AAEC2971F42C84517312A5BD3E318D94784C069AFDAFDFB19ABA088200
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..:"..........X".. ...`"...@.. ........................"......."...`..................................X".K....`"..............D"..>...."....._X".............................................. ............... ..H............text....9".. ...:"................. ..`.rsrc........`"......<".............@..@.reloc........"......B".............@..B.................X".....H........L...h..............Jg...W"......................................(....(....*.0.............*AL......_...K.......@................... ...@...........]...V...................*....0.............*AL..........D...-...;...............j.......;...........8.......W............0.............*AL..........K...Z...;...............p.......@...........[...P...................*....0.............*AL..........D...X...Y.......................;...........h...m................0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\rsJSON.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):222208
                                                                                                                                                                                                                                        Entropy (8bit):6.786565578522807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qT4Ahf0UCXbEb89D4KT+/vi+55uHr3Yv+rDi8TV5l1mVb3OFZj:qTfLsbEKDY/3K3YkzTV5lkK/
                                                                                                                                                                                                                                        MD5:C6F7D6A83C38E3BA04C8CEA017B5BF56
                                                                                                                                                                                                                                        SHA1:4447ED64AD603FC438B9D2C67DC9DA6D33D01E3A
                                                                                                                                                                                                                                        SHA-256:69F0E9B57759CB06D79F6121311E768A87BEA1972344D7FBB6852B48D9FBCFE4
                                                                                                                                                                                                                                        SHA-512:3CA8067CA1E1F969B389E0EAC6D88CB1E8489E32CDBDCD778D8415DA58EBC15961D5A2878C4E8CC4F0BD84B7D2692CBD0D794D37FE6CFE8CE8BDFD0F7C7C31C2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...uM.............!..0.............N;... ...@....@.. ....................................`..................................;..K....@..D............&...>...`.......:............................................... ............... ..H............text...T.... ...................... ..`.rsrc...D....@......................@..@.reloc.......`.......$..............@..B................0;......H........~...............S......7:.......................................(....(....*.0.............*A...........)...1...:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*....0.............*....*.......*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EDR\x64\SQLite.Interop.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1647616
                                                                                                                                                                                                                                        Entropy (8bit):6.5512299586037255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:IKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB2:IK3/z0hY
                                                                                                                                                                                                                                        MD5:221FB15A1D7C97DE76335176E6E44203
                                                                                                                                                                                                                                        SHA1:D73D7308497BC30471BD3ACA93868C7BAB9FF9DC
                                                                                                                                                                                                                                        SHA-256:BD91F6FD71B802815D563065AC0B43527D4CDF726E9BCCF98C52338A8067E181
                                                                                                                                                                                                                                        SHA-512:0B0AFF2B0B1D03C9006C8E2C06BB0F46F4CFE9FD003BE1744CA1ADFE8FB0357BA86A2E3D17476166BE31C5BD9B70CF975CC31A2745956A8D50D8D083516FAE7C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................>... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\KernelTraceControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):265728
                                                                                                                                                                                                                                        Entropy (8bit):6.227072664660365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DJxCYKhMXJw5eSpmpi4F1Lvvt+S/77gQQgfUFOlkBsTdUM3J/qyPUQrmqMlw2aFG:DJxJK/dpOfr37g1QOe5qWlr0lwbG
                                                                                                                                                                                                                                        MD5:51117CE7C1A4BC9A60F614A7EE35FA6A
                                                                                                                                                                                                                                        SHA1:8B2582DDC2F4D70014C5012A811352C31A054B05
                                                                                                                                                                                                                                        SHA-256:45F09D1BFBDC7D513D371E0DE290097F2142CBA513F77EF11CD4BAA9A2797FE4
                                                                                                                                                                                                                                        SHA-512:B3FB5047036FA03359F8ABB9CCA6C228D87D0C8F560CC9A294D13ABBC61B84019F6E1FFA35AAC44A243AA6D5965C84CF8D5DEFBC521F3544479B0BFA38D377E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.lO.......................H...................................................................Rich............................PE..d...Bz^..........." ......................................................... .......V....`A........................................@...................x................>...........(..T...............................8....................}..@....................text............................... ..`.rdata..............................@..@.data...`'..........................@....pdata..............................@..@.didat..@...........................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\msdia140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3490816
                                                                                                                                                                                                                                        Entropy (8bit):6.326124434789562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:jF+5PLDsbg5+e9VvR/hzH01zzEbMx+5vqDLBOmUAmPNb63oJmoJS9MeK3XqRZ:GDPfpz24ME5nbqogp9h
                                                                                                                                                                                                                                        MD5:37A7A31A4A28C4FB13878C67FF114C08
                                                                                                                                                                                                                                        SHA1:9726DD9EBDB5203581FFBC67AE21814172E72D7F
                                                                                                                                                                                                                                        SHA-256:8E5EED1FB13D790F061F45125D9F13135C46F7E4614874B4A2A23ED7FB6F2851
                                                                                                                                                                                                                                        SHA-512:55FAF413A434406A91E6313AFDBCBB48A50DB0CC85687B90DA38A76D14008F655FF63AD72DCB1FC5DFB755CD3400418E99A7886C86E429117812BF5BAF6209A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ^..N...N...N...M...N...J...N...K...N...J...N...M...N...K...N...O...N...O...N...F...N...N...N......N...L...N.Rich..N.........PE..d...@TA..........." ...$..*.........P.........................................6.....eL5...`A........................................@.1.....<.1.(....@4.X....03.0.....5..>...`5.....()0.T....................*0.(....,.@.............*.......1......................hexpthkp........................... ..`.text.....*.. ....*................. ..`.rdata...c....*..d....*.............@..@.data...$.... 2..r....1.............@....pdata..l....03......`2.............@..@.didat..`.... 4......N3.............@....a64xrm.@....04......P3.............@..@.rsrc...X....@4......R3.............@..@.reloc.......`5......n4.............@..B........................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ARM64\rsYara-ARM64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1768448
                                                                                                                                                                                                                                        Entropy (8bit):6.608015764873274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:NFh+6066jUNguhPGJQAJQfxilwTebiPcFvX:vgEaUNguhPGJQAJQUldbiPcF/
                                                                                                                                                                                                                                        MD5:4845895C33EF465D7E87C299F777E108
                                                                                                                                                                                                                                        SHA1:90E7917C79733E469C34B59275DB667A78AB0AD9
                                                                                                                                                                                                                                        SHA-256:E8D15C16D106660E7B100B8F2CF471E80407422A91A22A1D04F88103559E7AD9
                                                                                                                                                                                                                                        SHA-512:96EA20296791696234BFA2AA2D53D1CDB79A2EA5460F3F0CF7AFF94AB99C037D30F6258F609A62689BF14977823C427448D0342483FD46B47A720490F7BE1338
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......,%._hD..hD..hD..#<..jD..#<...D..#<..~D..hD..iD..n.h.iD..n..wD..n..|D..n..fD..hD...D..#<..cD.....lF.....ID.....iD.....iD....j.iD..hD..iD.....iD..RichhD..........................PE..d.....e.........." ...&.t..........h........................................P............`......................................... ...t.......x.......X....`..0x.......>.......R......................................@...............h............................text....r.......t.................. ..`.rdata..~C.......D...x..............@..@.data....r..........................@....pdata..0x...`...z..................@..@.rsrc...X............d..............@..@.reloc...R.......T...j..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2624144
                                                                                                                                                                                                                                        Entropy (8bit):5.839297070317323
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:TSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:rxodumo6Lr
                                                                                                                                                                                                                                        MD5:B18CA30F651CFFF347CBEB8BAB938014
                                                                                                                                                                                                                                        SHA1:238373F463B31BA04F5C42A0B4926E1E199E7E36
                                                                                                                                                                                                                                        SHA-256:D21186E6BA5DD62BD873F544215E78EEBF7536ADBF787BD103E694A10D07E1E8
                                                                                                                                                                                                                                        SHA-512:990EFD9AA0AC93E612193CC8E653E0B614003099C3DBF5B8971406D090D0FFBD4D73CC537633DC3BF115F662DDD9B496992356FB19A588B7BAE830170131BEFA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.._...........!......'.. ........'.. ....'...@.. ........................(.......(.....................................d.'.W.....'.`.............'..:....'...................................................... ............... ..H............text....'.. ....'................. ..`.rsrc...`.....'.......'.............@..@.reloc........'.......'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Dia2Lib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58880
                                                                                                                                                                                                                                        Entropy (8bit):6.4695031247599255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:iQMT4Q3O9ymyKJcy3Xs3y4rV50sds8SzUwHhTHRKrLy2Ip4ruTxf1mlA6hZ68:HQCye14oGs8SNhTHi/9rufInhc8
                                                                                                                                                                                                                                        MD5:50BA6B3FDBCEDF339C9E7097B8714294
                                                                                                                                                                                                                                        SHA1:012D4E83B2B698903EEC0C1D608033389797A225
                                                                                                                                                                                                                                        SHA-256:E2940DDCCB2427DAA5996BAF3FAC1A50B01D59DD42D49A7D2889F12773B87384
                                                                                                                                                                                                                                        SHA-512:C930FF79972D927F332CF3C3E7641176883211854253102C92FE96BB3D909A5ABBCF2A89B5FC1324C4E262F9E6BA49B4D83BD73DF4DB2BD37D615073FA1B1F0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.NZ...........!..................... ........@.. ...............................k....@.................................P...K........................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........ ......................P .......................................*..E...$....8..5>I....zc.9.]hOy......=.....jz.......cxR.Be.mZ...............8.K......o.(...i...3.%.....PO.F...Jq...DBSJB............v4.0.30319......l....Q..#~..,R..d6..#Strings............#US.........#GUID...........#Blob...........W.........%3............*.......................q...w...#...........$...'.................{.........).....G.....U.....r.............................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Dia2Lib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58000
                                                                                                                                                                                                                                        Entropy (8bit):6.450429603336052
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:2QMT4Q3O9ymyKJcy3Xs3y4rV50sds8SzUwHhaHRKrLy2Ip4PPCxf1mlD0O:rQCye14oGs8SNhaHi/9PAfIIO
                                                                                                                                                                                                                                        MD5:771AE99E62F3F041ABA9014682C931AA
                                                                                                                                                                                                                                        SHA1:96FF034CC69E3F8A2D2FFF736E62401B53033C54
                                                                                                                                                                                                                                        SHA-256:DCCD68E5689B31CE6AA58E86040773EF68CCE34A47241664172CBDBB2351C4BC
                                                                                                                                                                                                                                        SHA-512:6AF6D79729931517E68BBB5EC6FA527B6128A814A89C6B68DE42109064B39FDD33F3155ECCEA3CBD300AD6F270CF6C0C4E063FCEDBD85613131177B37D065F07
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.NZ...........!..................... ........@.. ....................................@.................................P...K........................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........ ......................P .......................................*..E...$....8..5>I....zc.9.]hOy......=.....jz.......cxR.Be.mZ...............8.K......o.(...i...3.%.....PO.F...Jq...DBSJB............v4.0.30319......l....Q..#~..,R..d6..#Strings............#US.........#GUID...........#Blob...........W.........%3............*.......................q...w...#...........$...'.................{.........).....G.....U.....r.............................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.FastSerialization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79504
                                                                                                                                                                                                                                        Entropy (8bit):6.220009040083083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:lG8N6w60T7kWU8EDk26WxvrkJAsSVQ11XVBuBQkjHi/9LfII:lGY6w60T7kWU8EY26WhAAbQ11XVBlkl
                                                                                                                                                                                                                                        MD5:DA77DE075A56F5D84FD0097A28650ADD
                                                                                                                                                                                                                                        SHA1:AF8773B88D44A59088295EDB53E2B11DF1AD448B
                                                                                                                                                                                                                                        SHA-256:316DF4385DB10D7A426C3054007C99E0AD1446AA6E85455D7E7DEDFB6B5D5B5B
                                                                                                                                                                                                                                        SHA-512:6F2E124FCB1534C76D44CCDED3785043F68BB6D643B002EC71668730BDB4E3FB60186F55FBB65F339FAF9478DA253424C8AE646E850D358797A49D3073652D53
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0.................. ... ....... .......................`.......1....`.................................e...O.... ...................:...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........~..P...................8........................................0..(........._,..l(2...i...+...]-..*..X...1..*....*.0..S........./.r...ps3...z~.......+.......2..*..X....i2...`.+..(....,...Y.e],..*..X.. ....2..*..0..!.........Z.. ....6. .....1. ....*.(....*&.j.n\.jX*..0............nZ. d.jX.nZ. dm..*b.H.E...%.x...(4........*....0........................,..-..s5...z*Zri..p......(6...s7...zBr...p~z...(....z6.......(....z"..s8...*^r...p..(9...r...ps:...*:.(;.....}<...*:.{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3072656
                                                                                                                                                                                                                                        Entropy (8bit):5.981049662169802
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:QGPhcAzmc+AzxpCqu6xX/mazyzDS/B6nEL8Esb2X+ThBtQvxqyfMzrvrBrVJ:pWOmczVpCkvmzzDC6nKsbSMQZqy8
                                                                                                                                                                                                                                        MD5:90999F7893D251FDBFEA7D5D9A13DCAE
                                                                                                                                                                                                                                        SHA1:BC2CBFE15456C6C22E8A73964DB6C32F490DCBE8
                                                                                                                                                                                                                                        SHA-256:F8A01AAACD600867AE37C7CD989155BE6729D65A0940813BA4ED0B1462E502DB
                                                                                                                                                                                                                                        SHA-512:AE73BC354B3CF627F6643C740562FEC045B61C872E29B21C468C4D68287BCF92EE70DE9BBFADCFDBB7099944008868EBEFD8E423F43624CDA7D727C00A4EE3AA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ......................../......./...`.....................................O........................:..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......L...L.............................................................{[...*..{\...*V.(].....}[.....}\...*...0..A........u........4.,/(^....{[....{[...o_...,.(`....{\....{\...oa...*.*.*. ... )UU.Z(^....{[...ob...X )UU.Z(`....{\...oc...X*...0..b........r...p......%..{[......%q.........-.&.+.......od....%..{\......%q.........-.&.+.......od....(e...*..{f...*..{g...*V.(].....}f.....}g...*.0..A........u........4.,/(^....{f....{f...o_...,.(`....{g....{g...oa...*.*.*. B.8' )UU.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.984207052315847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nN9VWhX3WrrjP9Z95Xa/rl9qX2Ip4X5wCjdAA1m5wMDBu:NGeHRKrLy2Ip4XCCxf1mlD0
                                                                                                                                                                                                                                        MD5:492C56C6D03D50225215F0FCCB31A2E5
                                                                                                                                                                                                                                        SHA1:B5C872D6D6DA4195D495B1AA55F10FF35CE1245F
                                                                                                                                                                                                                                        SHA-256:64F9B2FB46A353BC5F9AAFB240BD8E6A3B8AB6398B1915563CB6AF7AF256669A
                                                                                                                                                                                                                                        SHA-512:B6238BB5E095F3016DFDC0A667DFCA0B1EC1949F70C98D9C4FF520D42E1C68FC057285425685D4F203A6CE605981F8F8B6DDC9CA572CBF3C1C64F17D01443210
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@..0................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\OSExtensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32256
                                                                                                                                                                                                                                        Entropy (8bit):6.750742199085297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:lap2N4EhmXBk4iHj4o9dY6sHRKrLy2Ip4YTxf1mlA6aZ+:Ep23hmRP4nBsHi/9kfInaI
                                                                                                                                                                                                                                        MD5:3B62657ADB40EF9C4B26C49615A0173C
                                                                                                                                                                                                                                        SHA1:7F207570DE8F34EB93641FD60DE18108C487ECB6
                                                                                                                                                                                                                                        SHA-256:A4C41E535860E92FE2C6DA72D5852868CFD0C1D362C85E293E48AF9ADF1827CC
                                                                                                                                                                                                                                        SHA-512:408B4E904D982A6EE879A7CD5141A4EA89C36862EB240E9842B970AEE7CF13F7B389BF594C55BB9C438D0B4AEEB43E8EBBFBCEAD1591532735A254D9D5F4288A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.#..........." ..0..8.........."V... ...`....... ..............................LV....`..................................U..O....`...............@...>..........8U..8............................................ ............... ..H............text...(6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B.................V......H........,...(...................T......................................:........(....*..0.....................}&......}'..............(.........*...0..A...................}(......})......}*..............(......,..(....(....*N.-..* ..... ...._`*....0...............{7... ..@._,....,[s.......{7...(........(........(.......(.........Y.....1.r...ps....z....(....&.(.....(....*(......{7...(....f_}7........(....*....0..........~..... .........(.......|0... .b)" .a.. .K.. .....%.4.k.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1646728
                                                                                                                                                                                                                                        Entropy (8bit):6.550293918842392
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:CKBZFqX8TvXzlaPmAA6rKmEOwksSf0WBA:CK3/z0he
                                                                                                                                                                                                                                        MD5:3EC7CF091E6D6D30EDE3983A7C86756A
                                                                                                                                                                                                                                        SHA1:4E57D4370C2E7397FDE04E1B5821FDFEFC8A1CD6
                                                                                                                                                                                                                                        SHA-256:E2B48CE46D04F95DF87D49BEBC7A4A3275225D9AB27F278AFC4FDDF974FD6406
                                                                                                                                                                                                                                        SHA-512:AD8E1789DB2931FB3C879F62C539CA7DEB9CC9E3D929335CD1171FD164D3AB5C270F2237682E693EFE0F82647012161AD7C0938D2C2BF25928CB5AC20D857FA7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................:... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.AppContext.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.978744934396574
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:YDNxWQFWWrjP9Z95Xa/rl9qX2Ip4z2yTjdAA1m5wMAvru4LTrZIjQ7yyRs:YDNVTHRKrLy2Ip4LTxf1mlA6OZM8s
                                                                                                                                                                                                                                        MD5:979925F3CEF9F0B9ACC19D26E339912B
                                                                                                                                                                                                                                        SHA1:5C04FC85D3BFBDA4ACDEE480F3F9A6F30B25AF5B
                                                                                                                                                                                                                                        SHA-256:A479D89EFC4744AB6B3A91F24F2C63C8A7332786A6B65F87FD7046A101F62C40
                                                                                                                                                                                                                                        SHA-512:29A23B0A669FA20F880F1FB414F49C5A3D80682EBE3D88FED80B6168C61B7EDCDE3DEE17290967E3A34809D3EDD1E555199438FC4C7C53F4DB295BF08A63B729
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ....................................@..................................(..O....@...................>...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.042295947879012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Am2igOWnW8rWlrjP9Z95Xa/rl9qX2Ip4+/nTjdAA1m5wMAvru4LTeZIje:gtsHRKrLy2Ip4knTxf1mlA67Zd
                                                                                                                                                                                                                                        MD5:792D0C83FED25753C1DF8F08AD5A5E99
                                                                                                                                                                                                                                        SHA1:027A17662AB34D248388D6E7587BF3F125CAF0EA
                                                                                                                                                                                                                                        SHA-256:87E227E9F7AE7CAEE32625109F4C6D7DC2A7F73FABB07B8FB8C3E04FE549D79E
                                                                                                                                                                                                                                        SHA-512:26CCEE818AFDE2CEA0D6457DA34235D3535806727CBB4F1EF7A58BCBD7B46BF953F3D9211250AA955079CE6D55D0E6107EE4796621D7E4A5F201A3D7A0131550
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..D................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.027720924382012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3napn1iwwPWcGW8rjP9Z95Xa/rl9qX2Ip4QoyCjdAA1m5wMzsPue/:qDusHRKrLy2Ip4QPCxf1mlzze
                                                                                                                                                                                                                                        MD5:EE10259864E9701525FEB46AF8A2D668
                                                                                                                                                                                                                                        SHA1:EC412F80EDF85C5A0D72DE5C5943BCFEE8BC27BE
                                                                                                                                                                                                                                        SHA-256:3757611D8618E2DD166B23793E3D2FD42DE3C717153D265A83783AA70B832960
                                                                                                                                                                                                                                        SHA-512:74FDE33BFBD9F19120AB321325408314232FC6EAAE12DEC915811BE3AF0DD56CF14C896A6CE27AC259B0D21431FEBB75443A115C46047642114FA559E7E0741E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................<.....@.................................p)..O....@..@................:...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Collections.Specialized.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.0308593662962195
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:HHLaEav5aaUa6arWVLWnrjP9Z95Xa/rl9qX2Ip4HXCjdAA1m5wMDBuYQ:mPv5t/NO2HRKrLy2Ip43Cxf1mlD0YQ
                                                                                                                                                                                                                                        MD5:16D2C673AA6AD02E71C5D96C778E7994
                                                                                                                                                                                                                                        SHA1:54A6628F49B0A68B8F7F44C0822F8E072F3888EE
                                                                                                                                                                                                                                        SHA-256:81D9E455790D1093214BCE4058D879616CEF04C2EFF5410E930E496B4126559C
                                                                                                                                                                                                                                        SHA-512:FE5FCFA1E366C3B801C286CF940A75D9486F33DE03FF0CF516028E973F2FE47A7669571D74BA620685E679F4723F68F9FF688731D2562A7E65DBD70623BE0EC9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ...............................b....@..................................)..O....@..P................:...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Collections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.921371620507193
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J6iIJq56dOuWSKeWErjP9Z95Xa/rl9qX2Ip4K6gYCjdAA1m5wMDBu:XiAMHRKrLy2Ip4K6pCxf1mlD0
                                                                                                                                                                                                                                        MD5:9D3D19EE2BE4AAE01A0A9B0FB4D9E3E9
                                                                                                                                                                                                                                        SHA1:6C9DB4C90C9B88CEF86295F963212A38ECFF3CD9
                                                                                                                                                                                                                                        SHA-256:EA435047D3403FF0E2D6123FF96FD7BFE2021384AD8030AC1D973DB7E916C91F
                                                                                                                                                                                                                                        SHA-512:1AF379AB9452E809E48FA637218B7C64C4988B62A414B0DF2C74C5A7C6B49B7ADB003708C00AFEE4F0195A58D6F170702523840FBF6360660EA5E88F3B8D0A5C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................:...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.974894012448519
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:+nzz+MpSaLWW0+WarjP9Z95Xa/rl9qX2Ip4iCUPlTjdAA1m5wMAvru4LTLZIjt:QpuqHRKrLy2Ip4ibTxf1mlA62Zq
                                                                                                                                                                                                                                        MD5:48F51C415422EC4FE415F81402D73841
                                                                                                                                                                                                                                        SHA1:C6D3443DEFE15AA08722F6B6EFD63AB500A254B1
                                                                                                                                                                                                                                        SHA-256:D67F601AD228DF36C199467BD86EE62B47D18AE57B7A08E13B0502B667D3C187
                                                                                                                                                                                                                                        SHA-512:636EFD35AA0222E30B1C6828C3581A0698F1ACC8D617CF763E0332D75D8EF247686AEB25D73C21B4E42FCF1F5FD576EEC323A480582E244FA3507BD782124B37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ....................................@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.007544012128594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qGhr+YUfyHxsW/HWJrjP9Z95Xa/rl9qX2Ip4BTjdAA1m5wMAvru4LTIZIjay:ZkmcHRKrLy2Ip4BTxf1mlA6xZ7y
                                                                                                                                                                                                                                        MD5:A15F6061F42AF97FFDD51061BCA9C58D
                                                                                                                                                                                                                                        SHA1:A43B2FE6EE0E99DADDBCA6A40AC9B3A02CE3FA6B
                                                                                                                                                                                                                                        SHA-256:CBD238D92430EB86E08D79619F711B0E9EC11715819EF118721E1B981D980A87
                                                                                                                                                                                                                                        SHA-512:C0B2781D16DCF790FB9CDB623EC549A6893E26DF9B4DEB1A4606AB7FF12F31BC36AF4885C14B0EEC00B26ABAD23CBF3A55FE9376B198F0B5F9337C1FBAF265A2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ....................................@.................................<+..O....@..`................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.936578907474719
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dRE+ruiA5vzWeNWwrjP9Z95Xa/rl9qX2Ip4VgB6CjdAA1m5wM36QNuZL:dS9btHRKrLy2Ip4V+6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:360D42F24B4E08FA056AB58734A4CD36
                                                                                                                                                                                                                                        SHA1:DA6E32A298A749ED5C3FA3E05AC2541E1513DB21
                                                                                                                                                                                                                                        SHA-256:B3527A56EBC1FC120BD9E8F9B0E950A56E2D012DA3AD6976B4B7DBED61D9EC8F
                                                                                                                                                                                                                                        SHA-512:D83B5F80769842B29D7031A542EE8BDE192EA221BEB42E220DD28093C3808FB6CF361B33304D632D571597CBAD8EF339EF22D97FAB5D864ADA1B1D4D0C52D6D9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ...............................f....@................................../..O....@..p................:...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ComponentModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.008766161447553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VT+6ywnVvW0LWjrjP9Z95Xa/rl9qX2Ip4IrTjdAA1m5wMAvru4LTOZIjZmt:V99WHRKrLy2Ip4IrTxf1mlA6HZamt
                                                                                                                                                                                                                                        MD5:FA64C77091FC1B02F46CEB1913B7379D
                                                                                                                                                                                                                                        SHA1:F24025CABE1A9DC034186392ED24FF0BF3A495ED
                                                                                                                                                                                                                                        SHA-256:E098965040E3970F28869105CA43DE2E604E2DCA6294339A9D170E0A5DF24D42
                                                                                                                                                                                                                                        SHA-512:13AE6CBA7EB92DCA72BBBA98188B41CD5D58C525F036E5326F5D45D9257DACD65305503A1736380C6C6975616D767628DDF67B94CACA9CD594FAD17B993B8517
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................+....@..................................(..O....@...................>...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Console.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.004123985634671
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JRbzriaXT+WlEW7rjP9Z95Xa/rl9qX2Ip4NjTjdAA1m5wMAvru4LTMZIjvC63:T7ic7HRKrLy2Ip4lTxf1mlA6ZZ963
                                                                                                                                                                                                                                        MD5:86089A16F4C80394C5B404309C6026C0
                                                                                                                                                                                                                                        SHA1:D323D892C114316F838E4ED389BA79F6BD8A3B12
                                                                                                                                                                                                                                        SHA-256:435AF362523ADEDC9A74887C09FF85B6AF5EA3C2EFE87926C175A425313C4CBD
                                                                                                                                                                                                                                        SHA-512:EFB2FFA4F1F8892AD6AD9877BEA147A4ECE5889DD5F28FD87FC6F84CC03E05313CD99AFD8920967A85261E6F09BBBCFE995D4F499C568BF07E9212C44F914195
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ..............................<.....@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Data.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):154112
                                                                                                                                                                                                                                        Entropy (8bit):5.52229117256302
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:tHOdYYWg+GImdMEGK61wb5nx03LBblQ6Ndk66byYSI4Zki+BReD4pK/uYxtl+AHB:gdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+zq
                                                                                                                                                                                                                                        MD5:CD62016404CAC92504889687ABBB13B3
                                                                                                                                                                                                                                        SHA1:C8CFA6AA9D4EE5F203701BEBB78F598F5FBC4C39
                                                                                                                                                                                                                                        SHA-256:DE4D28275A972722AAD7B1C5EC4581665CEF87C6132B9F013530BAC92F70C592
                                                                                                                                                                                                                                        SHA-512:1859D37D46D373C00B1B2DBCE77C8121B47D550AEBE240274F2C29B3870E7F82A18F8AFE1A6A46600DC61F5B6C1D8B8D2158D4EACDD8BDA9CF393159EEAD147D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ....................................@..................................,..O....@...................>...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370320
                                                                                                                                                                                                                                        Entropy (8bit):6.097469567826013
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:WruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmg:VNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeL
                                                                                                                                                                                                                                        MD5:543B9388781D828B95E0952E62ECFC34
                                                                                                                                                                                                                                        SHA1:988750B82F4634BC793AA12E05403DEEC049B7DA
                                                                                                                                                                                                                                        SHA-256:6D1BBFF72AC4163FCA04F27797B1BA1667C37AA45DC3EA7786B0603578DC32A4
                                                                                                                                                                                                                                        SHA-512:97187D01075FC18C1187C99D629B3375F49ABB7225D25CECC8559F783C8D409592DC3687C65FC29F26FBCC831DE2979299499943C0138AA1B635F8D3BF9E7099
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ...............................n....`.....................................O.......$............l...:...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.978601082650283
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DRtRWjYWVrjP9Z95Xa/rl9qX2Ip4RaTjdAA1m5wMAvru4LTLZIj7:LiRHRKrLy2Ip4QTxf1mlA62Z8
                                                                                                                                                                                                                                        MD5:1A56767E8BAB0FA215068240A5C0C251
                                                                                                                                                                                                                                        SHA1:68AAD233EAA3659696120C2A13B7B3A148C52EA2
                                                                                                                                                                                                                                        SHA-256:12E6C5EB0047D97EDA672A6DB5DEB0888174B98974E78FAFB240351090DE4A2A
                                                                                                                                                                                                                                        SHA-512:FCB191A3A416932D5E9A0F549EA5238329369C6514E7E9C9C714154366347518864FDF3CAA3070437C0C715E07F016DEDA6C88FE8E360587F1A5896699AD408F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................ga....@.................................x*..O....@..@................>...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.036011842379594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:seWnoWxrjP9Z95Xa/rl9qX2Ip4CEB98TjdAA1m5wMAvru4LTGZIjm9:sn5HRKrLy2Ip4CEf8Txf1mlA63ZJ9
                                                                                                                                                                                                                                        MD5:39030D52ECCFAB9462169249022F465D
                                                                                                                                                                                                                                        SHA1:9DA51C6E644ECFB1F8E7DD559C55D6D014C0588B
                                                                                                                                                                                                                                        SHA-256:85785A739BDDDB73AB9F2CD23CB5AE6B4A01F739CE736783A4C1AFF7B24E5A85
                                                                                                                                                                                                                                        SHA-512:55760420F7293D47E77E76201BAF576B4888EFBFF6B2173006A47B3D9E5D99CEA0E41016F9AACCBDA8B4B6B898BC85AEAC827305DB0B431D2774A9D985509B09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................0....@.................................X)..O....@..$................>...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.006824968778004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Y6oWJjW8rjP9Z95Xa/rl9qX2Ip4ApTjdAA1m5wMBq5ul01vfh+c:Y6vDHRKrLy2Ip4WTxf1mlBqsqvR
                                                                                                                                                                                                                                        MD5:F9ADBEBACF225106BA1CEA626A0BC5C6
                                                                                                                                                                                                                                        SHA1:DFD1D956D719095CBC3AFDA71B722903E7EE5369
                                                                                                                                                                                                                                        SHA-256:D821A7EF1C9DA4F63DC8FD7AE01CE70B1DACEA3BB42BA238C0F15539F2F36D2E
                                                                                                                                                                                                                                        SHA-512:62DEC309E9F98CF3A3128186E050AF053D4750F34DE9CAF39BAB5F271C150FF21D964422F1C333361DFBF1F10E850F73DC40441A3B744E3CE2891DA8F404D63C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................4`....@.................................H(..O....@..p................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.933759249584018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mqk53/hW3fZ+zWbbrjP9Z95Xa/rl9qX2Ip46AVZ1CjdAA1m5wMzsPuj:mqk53MPZHRKrLy2Ip46AJCxf1mlzzj
                                                                                                                                                                                                                                        MD5:763BBEAE9A657ACFB2AAEBDACCCB5784
                                                                                                                                                                                                                                        SHA1:AD757B57673FFD4368AAB937CCFC04F34DAEF13B
                                                                                                                                                                                                                                        SHA-256:6E0949D0892F07EA494C2E9F39DE6EA8C1614ED80B3070EA66D6642B9322EE2D
                                                                                                                                                                                                                                        SHA-512:66CA8C7CDA20C247D361EB8130128B745C970874A7F0BB3B03C505A5DA0CCE87E7661B42883ECC67454BF1EE104CFA5DC6C0ADA6475AE74FB1DE4EB6FD728A7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ..............................u.....@..................................)..O....@..0................:...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                                                        Entropy (8bit):6.855678676687748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OFCc4Y4OJWfOWqWWOWirjP9Z95Xa/rl9qX2Ip4CJTjdAA1m5wMBq5ul0Svfh+lWt:eCcyCCHRKrLy2Ip4CJTxf1mlBqsBvOBW
                                                                                                                                                                                                                                        MD5:ACA4AC5F26F5CECDB95AEAC5689FCC05
                                                                                                                                                                                                                                        SHA1:7A73787A55A02FF16514E3EC815FFF9091D8E482
                                                                                                                                                                                                                                        SHA-256:4DF83F6363CF55DCD9B38ED549E0B136FD43AD36111AFAA364E1FAAF89D7C0AC
                                                                                                                                                                                                                                        SHA-512:629F7ABC7D43EA0AAD81A2E0AFBF8072B8EB2F93539337BE6B9FDCA1E36471A6074320BE0226DAEC44CA10841105C1D54B55D5FA36BB142F4F9E980F4EA82FA9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................>...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.027393084902794
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yAWxMWKrjP9Z95Xa/rl9qX2Ip43lTjdAA1m5wMAvru4LTXZIjV:yvwHRKrLy2Ip41Txf1mlA6+Zw
                                                                                                                                                                                                                                        MD5:EF1B2AABBCFEE45969F540DA71CEFF50
                                                                                                                                                                                                                                        SHA1:7D61CCDF119D7F95CC0A0128A45B945B96738378
                                                                                                                                                                                                                                        SHA-256:EC7FBA909949B623BA739E00E687B80D79BE9F1C6CC7A36F96004618504F6AAC
                                                                                                                                                                                                                                        SHA-512:5AB60A2294C04D2191B5B22D42D8CD2898E05AB39B69AD04A185CC6A33C9327CF4472C68C297F905F27CE561555E87B8A6870D0F9AA813459652348544BB0A7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@...................>...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.00802697135113
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CAlcWHaW9rjP9Z95Xa/rl9qX2Ip470oTjdAA1m5wMBq5ul0svfh+A8pu:b9XHRKrLy2Ip4ooTxf1mlBqs/v20
                                                                                                                                                                                                                                        MD5:8ABD5EA47E697C477ADE46806C4C4BF3
                                                                                                                                                                                                                                        SHA1:7AD67F762A6E690CA4454FDB0804A84E4159A741
                                                                                                                                                                                                                                        SHA-256:A003D90106B3AE1A7D6E04F3BC20AE1DAB7EB342B03F9E3B5D9C5CC507414914
                                                                                                                                                                                                                                        SHA-512:32AF2A53814190D6329F3D7F9A1A8C829DC771988EF40BFDF2B5E2E3F4421118884713B0C39C94F6E2FD3CA3EF80BFD6F7AD6C6E23E0323D2311E37CFA455E9A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.954525389333393
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:usIZnWlNWNrjP9Z95Xa/rl9qX2Ip4x+lTjdAA1m5wMAvru4LTNzbZIjdE:1UyiHRKrLy2Ip4GTxf1mlA64Z4E
                                                                                                                                                                                                                                        MD5:EBFEC60221C240FF2F2B33F112FEA014
                                                                                                                                                                                                                                        SHA1:9850A8DAFCA426D8FBEE01AFB6AFEC0E2D27ECD1
                                                                                                                                                                                                                                        SHA-256:D5E521B842062BC825E5DF4EC711718B420E459BA1E8CFD788C615901BF9696B
                                                                                                                                                                                                                                        SHA-512:48A553B3117CA2911ABD09DB448063F3D4E786F8517A208B653ED1B5CD4F31B10EF46A713C09E137A9D35AE203F79DA973F50550F1CF1E8C046BE8CA9CF0FEAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ..............................1.....@..................................)..O....@..P................>...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31232
                                                                                                                                                                                                                                        Entropy (8bit):6.687209756368598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:GQq33333333kX+TBi8FHRKrLy2Ip4ITxf1mlA6f7Zzf:Ju1i8FHi/90fInf7p
                                                                                                                                                                                                                                        MD5:682312A833402F2D407132E9D2215BD8
                                                                                                                                                                                                                                        SHA1:139C007DE6EFBA5D673211A5D82616D64BE6E7F2
                                                                                                                                                                                                                                        SHA-256:299C1FDCBBABF523761CF7591A567DAA6F116DE4775D684A664F30D31AD08911
                                                                                                                                                                                                                                        SHA-512:316C7B28940F8D223666CED22085477949F17D3C6609363DBBF0821E959F12FDAAFF0CFD562DE945F18F1640B700A87DF8C30687BB6E276205FAFFEE9484625B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ...................................@..................................L..O....`..x............<...>..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.008740634214412
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:u28YFlXulWY/W1rjP9Z95Xa/rl9qX2Ip4oe2NTjdAA1m5wMAvru4LTiMZIjTH7:u0q8HRKrLy2Ip4oLNTxf1mlA6mZ8H7
                                                                                                                                                                                                                                        MD5:A6DB195ADB646F05AA767594380DFC1D
                                                                                                                                                                                                                                        SHA1:006689DDCABDD879D70447A34EA1334B33ADFC0F
                                                                                                                                                                                                                                        SHA-256:8D160AF3A6D933B56F705875E2D7B2CDCF4B121B78C1DD8E11B897AF7A4979C2
                                                                                                                                                                                                                                        SHA-512:9C05631B74878EAAE4C986567308F9963AFCED6220D918C34DA27A79BD25D8CDE3C8492C6BA275563E3277B6E15E5524FDB157D62FC5B26B57670869083B4C59
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................f.....@..................................(..O....@.. ................>...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.9176080347073805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UuMLcdQ5MW9MWcrjP9Z95Xa/rl9qX2Ip4IDmTjdAA1m5wMAvru4LTEZIj0s:ZOcSpmHRKrLy2Ip43Txf1mlA6VZ3s
                                                                                                                                                                                                                                        MD5:6D52E868AB8D5D896D2B34F2324D3912
                                                                                                                                                                                                                                        SHA1:9AE22458D2EB81022174C3A16D94FFA9161A641F
                                                                                                                                                                                                                                        SHA-256:60361634D7F67DE07A9073598671D202E9EFD829429666BFA4C936563187777E
                                                                                                                                                                                                                                        SHA-512:83DA81F4BAC14E1643508765CBF7CB222F37FBA36526D60A972358F187E90F4962CAB5F1A83F6FF49F742140B16C5E4236B1B2A0334208A613842D32A0CA6AA9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ...............................E....@..................................+..O....@...................>...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.979331656555997
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KZ7RqXWDRqlRqj0RqFW9rjP9Z95Xa/rl9qX2Ip4CSuTjdAA1m5wMAvru4LTAZIjP:K9qKqjqjuqCHRKrLy2Ip4CSuTxf1mlAV
                                                                                                                                                                                                                                        MD5:3398DE072478B410EDC1AD3E328F6561
                                                                                                                                                                                                                                        SHA1:BF6C0ED75D46381DB214957B974E8226EFF57D2D
                                                                                                                                                                                                                                        SHA-256:2DED1A05A4B4E289A19187FC96B90C3987EF86CC10B590376462D492131FC490
                                                                                                                                                                                                                                        SHA-512:07EE3479DFAD2683207A1DCF00BDA5EF43D4545ED22FF7F80A2A6644AD332B4C5DE81C976F5CB2111BB26996BFFF30BD9EFE33F77FDA3CF9A4CBDE871959C750
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ....................................@.................................X*..O....@..P................>...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24720
                                                                                                                                                                                                                                        Entropy (8bit):6.791971497516804
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8vMhF2SzNzwu/Nlju6HRKrLy2Ip4OCxf1mlzzE6:8vMhaKTHi/9rfIPE
                                                                                                                                                                                                                                        MD5:48510914EF8C8C8A20DFCD2AA769B164
                                                                                                                                                                                                                                        SHA1:72629A00729E1F9546C13F4362C66AAF8C841AF9
                                                                                                                                                                                                                                        SHA-256:81FD0E624E822B0C95DF603325EEB7A7ACE7E04D10D575667F3C44F4EB456E7A
                                                                                                                                                                                                                                        SHA-512:029B9747486CF3C624CB2179A211EB7914C2AAA00359220652869B6848DEADE94894DC3446DF3C5C1FEEE93E894CAB6BD92CF42A8597D1E9BA2D587FCE8D9785
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...:...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Globalization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.039009488547633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:oZ4RLWdRfRJ0RZWdrjP9Z95Xa/rl9qX2Ip40TjdAA1m5wMAvru4LTfNIZIj8h:oZK0pJuOHRKrLy2Ip40Txf1mlA6cNIZr
                                                                                                                                                                                                                                        MD5:1DE0EFFEA5081B9745DFA8418FCC934E
                                                                                                                                                                                                                                        SHA1:5C12AA1392C44103DA9266137E1A602894AD4B32
                                                                                                                                                                                                                                        SHA-256:E2149ACDF31CCD396730D2FD232F103A944307C9348119EF7D18D5B2BBD3499D
                                                                                                                                                                                                                                        SHA-512:4BA943B48A884DFB500EC6ED09844F9067BF110189754EB50A6260CF1630F363CB5DAE7A3404B53D487F80C0960E2E80F8E5449B53B4D3F2B91C3C2F253DE3AB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................h....@..................................)..O....@...................>...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.967890189655318
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kYWsmWYrjP9Z95Xa/rl9qX2Ip4JTjdAA1m5wMAvru4LTmZIjh0:k2gHRKrLy2Ip4JTxf1mlA6LZM0
                                                                                                                                                                                                                                        MD5:23F56878BDDC8C8CEEC3AD07D0C89FB9
                                                                                                                                                                                                                                        SHA1:932B93203E6936067293CE48154D99DDF0A05BFD
                                                                                                                                                                                                                                        SHA-256:52216915A70BBA9DF457552E46ADDCF4EDFD5489929210EC8B01552A2EE384C2
                                                                                                                                                                                                                                        SHA-512:95571DD03388126C04428A911DA5B1081398A20F84CCFAC78B159C6F17DC6832EC3E9298DAEC25D1674CEC2C16DDEDB03E219AF984DAB498A8973580F07C7B87
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ....................................@..................................'..O....@..@................>...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.Compression.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109712
                                                                                                                                                                                                                                        Entropy (8bit):6.440388342659836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ovc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXbHi/9HfIP:wgk1tiLMYiDFvxqrWDWNoJX5
                                                                                                                                                                                                                                        MD5:9AA1E845DA38257FF1C418A41E7674BC
                                                                                                                                                                                                                                        SHA1:5C27458B364343CC78658E19D552947DA2ED6007
                                                                                                                                                                                                                                        SHA-256:556B30116823FD919415156137F4A7AB04AC317E599ED5647FFF9C8D892596FB
                                                                                                                                                                                                                                        SHA-512:19631E0736DAD754C19480F99BB7823E25602AD2ED576B62063822CE88A29050504AD28BFA61FA39B4ECC763CBCD68FE64F6E8AB993BCF736361ABF0C144E2B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................=.....@.................................5W..O....................r...:...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012269943025893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BKcuz1W1cWFrjP9Z95Xa/rl9qX2Ip4uowTjdAA1m5wMAvru4LT7ZIjiDNt:bu8NHRKrLy2Ip4CTxf1mlA6OZn7
                                                                                                                                                                                                                                        MD5:6C03876D161F9CAD9BAD77F7247585DD
                                                                                                                                                                                                                                        SHA1:820121DCB6CC3CC05E14511796AA07E3352EDD45
                                                                                                                                                                                                                                        SHA-256:446E7BDCE29E103FC2D3C227F07FCEBB51F521EC928E38D63F949A3B92EB199C
                                                                                                                                                                                                                                        SHA-512:DAFD08673968493BC0A5371BA87466BD7512F782B1774C6139F82B9ACC376BA7EC46E376686B18021E27DD57CB90A6AD0EA7287CC86B98BDB0EADCD62C4353F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015596217362603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tJ+SWikW2rjP9Z95Xa/rl9qX2Ip4TTjdAA1m5wMAvru4LT8ZIjSO:r+eoHRKrLy2Ip4TTxf1mlA61ZjO
                                                                                                                                                                                                                                        MD5:B586826CED650BC66C94F93A323D8E8F
                                                                                                                                                                                                                                        SHA1:36F2F3A82790685AA95B6B11A612C2CD62EA9D5F
                                                                                                                                                                                                                                        SHA-256:4880A7167BBFE901C3583091B974CB226783B20AB8727DAC51EAB935314B692E
                                                                                                                                                                                                                                        SHA-512:B2D0CA5EF973DE567419F750C547CFF7C4FC5CF69DE24CBE4545D2F7965331212EECD85BE0CF73F3E8F46B6B4B4AAC8E8DC5F0ADA114C49A9C2753E03DD6C207
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................}.....@..................................(..O....@..P................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.045009892938906
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3AWzgWsxrjP9Z95Xa/rl9qX2Ip4ub+TjdAA1m5wMBq5ul0Ivfh+pS:3tuHRKrLy2Ip4uKTxf1mlBqsrv9
                                                                                                                                                                                                                                        MD5:974FE1E400F46AD556BF2CB96A0B3B39
                                                                                                                                                                                                                                        SHA1:E542A749C0ADAF80DB25D9ABE7C0DD2DF20A8817
                                                                                                                                                                                                                                        SHA-256:C0FE74081933567A56395F344E2333FF7BCAABD1DBA41DA6CC6A4A16373D7906
                                                                                                                                                                                                                                        SHA-512:28374864F465631D12264D40078CB7C88A3B4832CE33E008490188DF8102E715D1833FB444520C50759C646A074383F95FCD59F629847D1612D530CC5D1426D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................#.....@.................................p)..O....@..@................>...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.FileSystem.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.018571772835123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GBLRWbYWmrjP9Z95Xa/rl9qX2Ip4mTjdAA1m5wMAvru4LTEZIjd:GB2EHRKrLy2Ip4mTxf1mlA69ZW
                                                                                                                                                                                                                                        MD5:C4BF31F3F089FB4CFF61848A7E368E40
                                                                                                                                                                                                                                        SHA1:ABC6D15FDF0BAF685CB46AEE067E4B84065450B6
                                                                                                                                                                                                                                        SHA-256:2862B8B12EA41602C4F5FDC4E74B3534DF35D13154F4E4BFD25C2F1ADE5F44E4
                                                                                                                                                                                                                                        SHA-512:42C2EE70270999423895E66FF0C0736B8004FD9C820D2801C4B7D462F06C274C2DDC919ED68DDFFD23B0B89D541DF9CBCE088D5564249A8C9D2B8F51F2E28A82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................].....@..................................)..O....@...................>...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.005836250911921
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KHW4/WG+rjP9Z95Xa/rl9qX2Ip4lUlTjdAA1m5wMBq5ul0Hvfh+kq:KrrWHRKrLy2Ip4ClTxf1mlBqssvjq
                                                                                                                                                                                                                                        MD5:371578A79C29BB383005971BA4644675
                                                                                                                                                                                                                                        SHA1:C5E6EBBA9A3464C023FBF836474DEA05157D9EC8
                                                                                                                                                                                                                                        SHA-256:6DC48CC35F8BACB18039C37C39B1C379DFD6FA5BCC77B9575C9DE8187ED4A3F1
                                                                                                                                                                                                                                        SHA-512:0D589AF9490FA5D1DB519956AE3E2DD6C55B65C138A83366C679197BA270ADCB1D463ACAB680069AD9289680EC74650DC28E8C173CDC6536897E1587524FD41F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... .............................../....@..................................(..O....@.. ................>...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.041976655197995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bvk7hWmCWJrjP9Z95Xa/rl9qX2Ip4bTjdAA1m5wMBq5ul0Pmvfh+a0a:bs7/7HRKrLy2Ip4bTxf1mlBqs5vn
                                                                                                                                                                                                                                        MD5:7D2951DCB6B1172FA1EB015C208701D9
                                                                                                                                                                                                                                        SHA1:D55575258E967E28EB81BA5154BFFADF8FA4163A
                                                                                                                                                                                                                                        SHA-256:5DC1FDADF06103A5F26F43A4F1F39012A22E3CA38E1001ACBF2AEE4E80F0BE3B
                                                                                                                                                                                                                                        SHA-512:C0483B359E4239D50BE2CC8FEBAEB54E426F57A15F69F9A2DDC062BA92CC1E5973B04FEBBD4167C87312B2714441F42A5CD1FFADCC5058B8FE2EF5F626A82AFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................)Y....@.................................h)..O....@..0................>...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.Pipes.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.022018859408551
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SGMWCUWfrjP9Z95Xa/rl9qX2Ip4ZTjdAA1m5wMAvru4LTYDZIjk:S3rHRKrLy2Ip4ZTxf1mlA6nDZz
                                                                                                                                                                                                                                        MD5:CD03BB46CE2E0A96102B3D2FAA92CFBC
                                                                                                                                                                                                                                        SHA1:66497E909BA7F72E1A4C2B7CC8C7AF7A6558E5CE
                                                                                                                                                                                                                                        SHA-256:498302110BFC203FAF1670D5EF04FD79D2EDEBFE907AD1E6674A6A85EE56989C
                                                                                                                                                                                                                                        SHA-512:077C25BD1D1C49ECF9890A87E4D150A269CAD53759D53BF7E3023B08CE1E75770EE4BF09EC5041D17230D33AD346A424E345A37D48DB7F73738F9E138D75A0C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................&9....@.................................@)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.994997816444603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OBhwI7WSQWxrjP9Z95Xa/rl9qX2Ip4wgC6CjdAA1m5wM36QNuZL5c:ODwIBJHRKrLy2Ip4w6Cxf1ml36QgZFc
                                                                                                                                                                                                                                        MD5:567B31ABAA1476CDA6FB631FCBCA7EA8
                                                                                                                                                                                                                                        SHA1:A78FF09D358000BE3EC04EC6EF504A90C3A726B5
                                                                                                                                                                                                                                        SHA-256:F71CC788961A41E5E6B15D1400E064AAA9C3DD4D7EAA032758215388ADF57756
                                                                                                                                                                                                                                        SHA-512:A50EDB73A3732729C479087E1681AC882A64E081E9936D09387F239F2FA9E2DCBFF77610F8123B5E07CF173E24770CFC011F048BBA7A4A8DE549E656C21D4CCD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................:...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.IO.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.018735616462396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SyvPRW4lWfrjP9Z95Xa/rl9qX2Ip4qTjdAA1m5wMAvru4LTLZIjJ:339cHRKrLy2Ip4qTxf1mlA66Zi
                                                                                                                                                                                                                                        MD5:5058626C8519E190CFF67C918AFE0A4E
                                                                                                                                                                                                                                        SHA1:87D2F203F86AC99022334AC0244D1DD47D400A09
                                                                                                                                                                                                                                        SHA-256:486B5A0E6E47E92F89BE6F694B2B0F285B1C0367BC4CF8CB27FF821F3AC0EBCB
                                                                                                                                                                                                                                        SHA-512:EB4E8AACFDBA139C80C3A20582089495A4AA82E00483A91E7F1F82D80ABE694C3CE0B352945E4DE341838017746FA83BD41C2BAEE28575DD701F83D71B1D4CA4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................3.....@..................................)..O....@...................>...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Linq.Expressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.975680937062165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:S6RW6eWSrjP9Z95Xa/rl9qX2Ip4h8TjdAA1m5wMBq5ul0Wvfh+2a6P0:S67iHRKrLy2Ip4eTxf1mlBqslv3a1
                                                                                                                                                                                                                                        MD5:D239BA595AAADB0EA18B5987221AE091
                                                                                                                                                                                                                                        SHA1:44564DDC01DD0D8E4FEBB12B3232F646D3C06A7A
                                                                                                                                                                                                                                        SHA-256:CDDF808A755A9DCE7C9622C9EFC7A5C4E218CB191CBCF0FCF1B1FF5618AF0917
                                                                                                                                                                                                                                        SHA-512:27F9229021832CE386B795C8A438A4057E29AB90D1817012A192D6FBFFB75A3C882508E40711DECF9F6C7C1D54D57A42D522A31BD81C9E9D85E6B3BFB1077305
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ..............................?Z....@..................................-..O....@...................>...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Linq.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.014555464183901
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eSUP9W70W1rjP9Z95Xa/rl9qX2Ip4zRFTjdAA1m5wMBq5ul0Ivfh+hm7:3UeNHRKrLy2Ip4XTxf1mlBqsHvZ
                                                                                                                                                                                                                                        MD5:A8460A5894B72975C63FB6D32F9D0C8D
                                                                                                                                                                                                                                        SHA1:0DD34691B7482E5EA6EC4A0087EDE169A0212B24
                                                                                                                                                                                                                                        SHA-256:14638F6195F5D6A617AC5C3B37C172FD1CD0E028D4F80160DCE2BC25E265CB50
                                                                                                                                                                                                                                        SHA-512:BFC9CF48649335AAE291B14C8FD8E8FCF971937C849651429B84B1042C16A646FB805BFECE101215AF612DC3B8926BD93DEC1F22D1A258F05147C6614F447BD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Linq.Queryable.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992849598041938
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:X8yg07W0/WhrjP9Z95Xa/rl9qX2Ip4Ob6CjdAA1m5wM36QNuZLU:XBHcHRKrLy2Ip4e6Cxf1ml36QgZY
                                                                                                                                                                                                                                        MD5:9B2AFCE22829448E52919ADC97FA0F75
                                                                                                                                                                                                                                        SHA1:4378B914393E30DCD67BCCB9F28FD956EF56DEB4
                                                                                                                                                                                                                                        SHA-256:306C43B5F695726D63BC347417F5189F7392719C788B953E4D9576925DAE4CDB
                                                                                                                                                                                                                                        SHA-512:40C27A9B0836BC74851890C3D633C4D1EE588F99DD19580A71C5FC6DB4A535F06FE5D4BD57C8E499E65982668C929C245A9D17C009F405AB347589375D4E8EC6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................T.....@..................................(..O....@...................:...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.984362208373399
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fe1WmRW6rjP9Z95Xa/rl9qX2Ip406TjdAA1m5wMAvru4LTwZIjjy:fejLHRKrLy2Ip47Txf1mlA6RZSy
                                                                                                                                                                                                                                        MD5:75197142BEB82E4E45074F809B4AC1ED
                                                                                                                                                                                                                                        SHA1:D359EC1D8084898FB77CDEE07031E952648D3285
                                                                                                                                                                                                                                        SHA-256:70B9D7B943C5BBB511A3943368411EC0969E55913FDB7639E35100EB0B993A49
                                                                                                                                                                                                                                        SHA-512:B4064F5E9A06F754748F28826F4F71D0484FFBBBC3D9D1FF2864C1DF4BCB2C317F874853C68985992FE83D2273A3553C4A1DAF4AF507976E8F5702706617A79D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................1....@.................................p(..O....@...................>...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Http.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):198144
                                                                                                                                                                                                                                        Entropy (8bit):6.164369117328881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgtH:cW60VcTvakcXcApOu
                                                                                                                                                                                                                                        MD5:8DC59D67663004627D8B2D0746533249
                                                                                                                                                                                                                                        SHA1:27F2D020233099882332945AA1E706DD412805EC
                                                                                                                                                                                                                                        SHA-256:62FB650E6211E74DF8D9EFAF2F5F36BCBECA0E8551C3CC3AF757FB4103725993
                                                                                                                                                                                                                                        SHA-512:8ED5FB6F9103A572C5CA22CFCC39CDD1017DAE827091EA7A4D2E5C406DC43D281DD2DE76C13B5FFF588C749BD82961FBFDA0A6001F5C8205A27D2E086C9BAF89
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ...........@.....................................O.......h................>........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.NameResolution.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.980312715919581
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M6ZWYLW6rjP9Z95Xa/rl9qX2Ip4q31vy86CjdAA1m5wM36QNuZL5d8tY:M6l1HRKrLy2Ip4q3Jy86Cxf1ml36QgZf
                                                                                                                                                                                                                                        MD5:C19A4B2BEF8202293066556D39DDAF88
                                                                                                                                                                                                                                        SHA1:2CA6DCC8CC585FB282EBA89BC38B8B901181C9CD
                                                                                                                                                                                                                                        SHA-256:68628C824A222943C2BDDE8D7089E3F41FB9673CB711510297F2A8A78493BF58
                                                                                                                                                                                                                                        SHA-512:46D8FF9B0D1EDAAE45F32671A5961310ECEF445EEFAF08D153C10F5F417D5260269D95BFDD928C419661A146D92FBCFF7C4A4750BE3369D37D2E70891A1F6216
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................-.....@.................................T(..O....@.. ................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.954621838798846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k1W1WMQWArjP9Z95Xa/rl9qX2Ip4/CTjdAA1m5wMBq5ul0yvfh+l0O:H1yHRKrLy2Ip4/CTxf1mlBqsdvC
                                                                                                                                                                                                                                        MD5:E45BECF9266A273DF70331171A822EF9
                                                                                                                                                                                                                                        SHA1:4BC48FD9BFC184691F15EDC47EB412D13895B7BB
                                                                                                                                                                                                                                        SHA-256:4632590F6231C37250549C2BDB5D8C8FD1A7881E12AA7777BA07A9B443F1793E
                                                                                                                                                                                                                                        SHA-512:35269AECA1663F3DC4EFDA33BD713888FC7AB86C35D8E14D1C870E60F93A7B2EC104E1085FB27330450981F966201EE9FE7010C1F9A3510F76DFB0E8BB16B92A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ....................................@..................................,..O....@..@................>...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Ping.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.992639582476022
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BdSWSKWprjP9Z95Xa/rl9qX2Ip4wgTjdAA1m5wMAvru4LTCZIjtmUu:zOTHRKrLy2Ip4wgTxf1mlA6zZYpu
                                                                                                                                                                                                                                        MD5:11E4FE99627FCB3B157FB92D8D931F6C
                                                                                                                                                                                                                                        SHA1:214512E4FE71666C1C10D52969B89BA341F7C66C
                                                                                                                                                                                                                                        SHA-256:22D17B01651A7047AA52C7A6202299305F523E4394790CF058B87D7AB8A173DE
                                                                                                                                                                                                                                        SHA-512:FDBEFFBC5E9C4752AD1D8BC93B06521BD44AE14A235D31514A92426D874E7BB770B4BD4BAEBE4D8BCBC21696AEA1243DA7C381820C91A700CBA1FE3E409FF7C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................=.....@..................................(..O....@...................>...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.926380492711681
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PJEYA2WkIWVrjP9Z95Xa/rl9qX2Ip4VTjdAA1m5wMBq5ul0Avfh+r:PyYA8dHRKrLy2Ip4VTxf1mlBqsvvO
                                                                                                                                                                                                                                        MD5:B5E82B2D3167150A283BAEDF6635585C
                                                                                                                                                                                                                                        SHA1:A0B8D612E07D3D5357F2BC253E2394CA7CC62EF8
                                                                                                                                                                                                                                        SHA-256:1C4D07DF98A1C096B4F3B64F4C06A545A0099CCACB0CFC615AE78FD213327632
                                                                                                                                                                                                                                        SHA-512:A45E6D6DB25C9A52BE27FAEBB7D6FFDC0B3B6BE3F782696345F2F05830447F5251481B306BF98CFE3B6DB8C18E4F7A67F4EAE678DDDE52F68F7D42A2AE85920D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ..............................:.....@................................. ,..O....@...................>...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Requests.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.011172629188287
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:RJGWe4WdrjP9Z95Xa/rl9qX2Ip4tCCjdAA1m5wMzsPuK:Pm9HRKrLy2Ip4ECxf1mlzzK
                                                                                                                                                                                                                                        MD5:6784F9869E44E7B12ACF609B6EC7D9F0
                                                                                                                                                                                                                                        SHA1:121D7AC450832A5FF2161CEB4C1C053047AF61A5
                                                                                                                                                                                                                                        SHA-256:FBC98FBC3C67210115F69C8EA7685FC4DF6090499EFD4F26B2C3D8A359515026
                                                                                                                                                                                                                                        SHA-512:1DE77CE14B71655031DC158DCA06E798F17B8CE094C9245E2AF92B05A01F771D0A359317BC8518A241F2CF0AEC0BC712167B66EF5C0F5DE7C266808E6188DE7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................0)..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Security.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.956721913718706
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VdW1w3WesWRrjP9Z95Xa/rl9qX2Ip48jBMTjdAA1m5wMBq5ul05vfh+y:C1wxZHRKrLy2Ip48aTxf1mlBqsCvj
                                                                                                                                                                                                                                        MD5:11ECCC72C540BFB8569C41480DAEA7C5
                                                                                                                                                                                                                                        SHA1:3A1647D47975E818E71744A715682A836A7565C3
                                                                                                                                                                                                                                        SHA-256:16C9F88A141863D12DCBF5F7DE604DEE8852ED026E23956EED4D9758828DCADB
                                                                                                                                                                                                                                        SHA-512:008DA3D459D3F0BE8BD2D967BDC19BF03311712CF1F4A6636F28A84DA08D3EA2894024FAEF411932237E30AB4438CD695855A5BEB7567B8B1E898407CF646EC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ..............................T.....@.................................,*..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.Sockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.767850843576942
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Cyp12Bhkg3qnV/spMHRKrLy2Ip4mTxf1mlA6kZC:p12zkg3qV/spMHi/9GfInkE
                                                                                                                                                                                                                                        MD5:6C96760E10DD343BE96551945F9E8BAB
                                                                                                                                                                                                                                        SHA1:4A9EDD9D9DA52158CA3792D01DA3B2FE8FB4B918
                                                                                                                                                                                                                                        SHA-256:894929F99C214FA1748D163F8349D2A8D16901890C1DB7407D447E0A9E954CC6
                                                                                                                                                                                                                                        SHA-512:6084D7D66F1AB858C1910917455F3CC3486C773EB31BEAA309A9E1DF78BF1AA0120C5B50F005DEB2A4142F27DFDD0EC47C407105833EE95A0311FA888CB170CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ...............................c....@.................................gI..O....`...............8...>...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.013405463565456
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FHPAW1bWjrjP9Z95Xa/rl9qX2Ip4INETjdAA1m5wMAvru4LTYZIjVC7ggg:xrWHRKrLy2Ip4IKTxf1mlA6pZY4G
                                                                                                                                                                                                                                        MD5:7231EED833F6496EB34442B4AB87904C
                                                                                                                                                                                                                                        SHA1:BAD09DCA990E86CABDC82869639A7574501CA148
                                                                                                                                                                                                                                        SHA-256:9B0071C13569C3982F0A5CA91EC511D97DDCFAF807D2383E8EDDDC259FA44D07
                                                                                                                                                                                                                                        SHA-512:7FDFFE9FEFDCFF90279A004302408C245A620C13F812209F14BFFF07F5835AD496B8A1773A9048D4FA41A8D57381CF5D37021760B01B809848188027D797D88C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................v....@..................................(..O....@..P................>...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.994636032353121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ZNoqWD7WPrjP9Z95Xa/rl9qX2Ip4TeCjdAA1m5wMzsPu0or:ZNofOHRKrLy2Ip4iCxf1mlzzhr
                                                                                                                                                                                                                                        MD5:D6CC536E7AAD5F67830F0AD3B761A503
                                                                                                                                                                                                                                        SHA1:0D6F5D6DBCBB20BE3C94094DE5C93ED7752F1595
                                                                                                                                                                                                                                        SHA-256:CC6D8CDB7C37C39EBDEC1D494A0BC88B468BBB8B4F82B755052E816E553C5A2E
                                                                                                                                                                                                                                        SHA-512:EB3C327C22C1E8DA8838D37DE4D740D2BB4248ECCCDF63CEFB87CBBC8C69385F77758220BDEFF484C48F72C663E44525CB75A7B7D0C53B6D45B1D7C4488A8C39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................|(..O....@..@................:...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Net.WebSockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                                        Entropy (8bit):7.009270974622172
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FGETSAWUEWarjP9Z95Xa/rl9qX2Ip4RtoCjdAA1m5wMt+uKz2MDug2O:pT1QHRKrLy2Ip4noCxf1mltdKzNp
                                                                                                                                                                                                                                        MD5:D75F5F80E910C80B204717F9B95E745B
                                                                                                                                                                                                                                        SHA1:C597C5807DB40BB50FDBB93FEE780A5AE7C2426C
                                                                                                                                                                                                                                        SHA-256:627B337EBE82028FA425063807AACBECA00A3457EC1DE1FBD7667663B7048DF6
                                                                                                                                                                                                                                        SHA-512:347A0E007343B106509CE7469E0E724FD6B2B0CCACE90432971BD5119B98EE65B8640F9CB134330D3D6ADDAC3F6AE4D0D4154B456293BC6CF3FDD59500350DB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@..................x=...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ObjectModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.9987016230024715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zcDagtDApWSKJW4rjP9Z95Xa/rl9qX2Ip4GTjdAA1m5wMT9YMWuuwSmNA5DO9:zPKBtHRKrLy2Ip4GTxf1mlTAwRN+o
                                                                                                                                                                                                                                        MD5:A603D98CF998417CE64C4539CDCA24AE
                                                                                                                                                                                                                                        SHA1:11A696FED63167B0B315EA77573BBFD65E01DFB6
                                                                                                                                                                                                                                        SHA-256:B919535D20819F90BD2C6A03BC9E962E56025F9C921A2266FF415E91D12723B6
                                                                                                                                                                                                                                        SHA-512:4190C9B267A5726D5E84D3EFFDD2B15A06794B1DB707B1C9619DED057880B9DE77C67F300E198E5B82A4D2EABBAAF14DA8CE020235D708777F465D8DA1082990
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................>...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.011374618700231
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sIWD4WWrjP9Z95Xa/rl9qX2Ip4zTjdAA1m5wMBq5ul0lvfh+0e:s18HRKrLy2Ip4zTxf1mlBqsWv2
                                                                                                                                                                                                                                        MD5:DD82DBBC223607A8AED7BA3516860A85
                                                                                                                                                                                                                                        SHA1:AEA2F102D1A003138742C9671BED3161922B8DD7
                                                                                                                                                                                                                                        SHA-256:FA8B5C160F798C9151F2A8DC2E4DB8FCF8EDF156EEE30B14197C11116E4D7917
                                                                                                                                                                                                                                        SHA-512:B0CDE160BF04A33A053C13E2DFB316C1D4C7E8B280F47646C3B60B3113A4A5BE7404F56BB4740FADEBA2401332E86C59DC314E9028C734FCBA44B42800002F06
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..@................>...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.940990584600268
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JMWzQWQrjP9Z95Xa/rl9qX2Ip4oooeCjdAA1m5wMzsPu:J5aHRKrLy2Ip4o+Cxf1mlzz
                                                                                                                                                                                                                                        MD5:7546D722FF86F3FABE21891C4912153D
                                                                                                                                                                                                                                        SHA1:B32377E75979E2FA1990590E9106CA99B9C552FF
                                                                                                                                                                                                                                        SHA-256:D2B775EFDC8BC0B9766A151B1AF1A6DCB9951D9123CB119ECE2E8C835897A4EA
                                                                                                                                                                                                                                        SHA-512:F337C1A2FD5AE062F686E7B0580F539B1F5B8F4E1F94B857CD3E0E07B14FCBAE0A64B39494D7D8E1544C7407AF66D3DFD879B49DEEF77DCFE30C6500F94421F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ..............................!.....@..................................)..O....@..@................:...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Reflection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21888
                                                                                                                                                                                                                                        Entropy (8bit):6.900382977940602
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VxDHKWAMW6rjP9Z95Xa/rl9qX2Ip4eACjdAA1m5wMt+uKEK2MDug2:bD8UHRKrLy2Ip4eACxf1mltdKEKN
                                                                                                                                                                                                                                        MD5:B0E03F24261F0A5911BAEBF2DAC4F261
                                                                                                                                                                                                                                        SHA1:9E8DD1297F73F7537E4585317BAD2BBAE66CCBA9
                                                                                                                                                                                                                                        SHA-256:77D7DF7E179AB2780D0DB5C25DACF1998AD1A30DAD779DBE46CCDEE1072BF1A1
                                                                                                                                                                                                                                        SHA-512:B30C5881C22D90FACF29C855D92CB40EF5DC283A40C57556F27B5CA3AF4613E576E3F668DAE6C5D7DE646ADB8AE4508EF6B247C343DB37E29E7BBE23FFD473A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................&....@................................. ,..O....@...................=...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Resources.Reader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.988188886324482
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BLNBEW6pWTrjP9Z95Xa/rl9qX2Ip45CjdAA1m5wMt+uK562MDug2Eq:BbMMHRKrLy2Ip45Cxf1mltdK56NP
                                                                                                                                                                                                                                        MD5:4056B9B941A27EA3DB441088E2B73108
                                                                                                                                                                                                                                        SHA1:373CF0B09BD1FBF716C7BE234DFA99A341AB4626
                                                                                                                                                                                                                                        SHA-256:E180BDF8C805A85F86BEDED3A9FA37E7CF7D2E281A0FF87E2143604BCA1D82A7
                                                                                                                                                                                                                                        SHA-512:3FAD3AAEA333A0301B3F88FB7E667CA24CFE8BAA23B40F2076794F268ECDD8E92301CCC3717CB1D1E154BCA60BF0199D1F0832EF6FDA06AA799C904524EAB0D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ............................../.....@.................................D(..O....@...................=...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.010082222669093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:TKkHKW/tWmrjP9Z95Xa/rl9qX2Ip4VlKCjdAA1m5wMzsPuy8:2ujHRKrLy2Ip4rKCxf1mlzzy8
                                                                                                                                                                                                                                        MD5:95CAB5C70CA547404FC228753B5248F5
                                                                                                                                                                                                                                        SHA1:CA80094BE3458609EC72EE53A77883EB3CBEDA74
                                                                                                                                                                                                                                        SHA-256:10BAC8F44ED75AC497BC392EE2CB7457455C59C3BC7064C101B346BB6F8CE095
                                                                                                                                                                                                                                        SHA-512:86826B4B7EFD21ACCD5C052621A3D3C13444CEEFC603125F808C6626ECBCCEFF2085364A788742D0643D358ED7DC5D9D9D0830F29789D658EA0E9EBDD514FF18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................4.....@..................................(..O....@..`................:...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Resources.Writer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.977617239092562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ALnfIWqrWXrjP9Z95Xa/rl9qX2Ip4tyCjdAA1m5wMzsPukwZjNtY:ADf4GHRKrLy2Ip4oCxf1mlzzxj
                                                                                                                                                                                                                                        MD5:2280ED9104EB833B7EF3B5F96C322AEE
                                                                                                                                                                                                                                        SHA1:5E542572BDC4005660462968E4B50D3695DF58F7
                                                                                                                                                                                                                                        SHA-256:2B3E85B40E98C93C58A9E0C6EAD47EB8C1A2A59CBE62D85220D0D94D517E4C5A
                                                                                                                                                                                                                                        SHA-512:8CC31D50F5C35706706D8E372CC4D46CE6C673E16B15DB1BC1B4A5D870333800582C0BD854792C05EB7AB468B6AA943EE475C6ABCE5971786C0635C0CF22C63C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22672
                                                                                                                                                                                                                                        Entropy (8bit):6.814455866031959
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6qTO1PdhW1YWxvfrjP9Z95Xa/rl9qX2Ip4tACjdAA1m5wMzsPuz/4o0:6q6PSztHRKrLy2Ip4aCxf1mlzzzQo0
                                                                                                                                                                                                                                        MD5:FD44D69516412D1AC6D32F47F5C4BF3D
                                                                                                                                                                                                                                        SHA1:08A77249796ABF70C8DC3C8B11AC490577EF6B28
                                                                                                                                                                                                                                        SHA-256:2945E07168DD5856D36BA869BF12F91D0C2B7B5E9F4ED88E5163216FAE594C42
                                                                                                                                                                                                                                        SHA-512:06B15C163A8AD8A68A4DF40A8B9B75D9CDDF39E92EDFA61ACD5A33C43197D9DBEAA2B2D0B9E5120F09D0CBA708537E21D53A276A7E4653FF8AEBC92D45805B2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..[...........!.................1... ...@....@.. ..............................X.....@..................................1..K....@...................:...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ........................................|......<...rp....O..Ih.VvI..a,...%...(..@...7.v..v..N..x.6.._.....H^c~s_...]..Q@.,n.H(..CN..Q..<...%N`H..MV}%'x;.A.1..E..^.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.969946391198759
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Fna8WK1WbrjP9Z95Xa/rl9qX2Ip4FlCjdAA1m5wMt+uKb2MDug2E:Fna0gHRKrLy2Ip4DCxf1mltdKbNL
                                                                                                                                                                                                                                        MD5:130792957623ABA4B9A6699398314AA9
                                                                                                                                                                                                                                        SHA1:75D44C66FDF0D887553F788F1175666D03CA9950
                                                                                                                                                                                                                                        SHA-256:0AADE7D9F0C7E98884466AC2AF829227DC14BA469B2C7E55D9C2190B0578E34B
                                                                                                                                                                                                                                        SHA-512:4A8ADEFA5495B6DA1A451881FE089EF781C98E99A239378772FACE4D6A17CDB31E517557C6D6A731A35B3FA83E2DD89C12A08E645B6B3F20620978657FD30F38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ....................................@..................................*..O....@...................=...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.939048706998203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kBSWITWPrjP9Z95Xa/rl9qX2Ip4qCjdAA1m5wMt+uKE2MDug2:k6OHRKrLy2Ip4qCxf1mltdKEN
                                                                                                                                                                                                                                        MD5:007612D7CD9AB2F476488862FEE6DDF7
                                                                                                                                                                                                                                        SHA1:7A0EFA45E52FFA944876E9AFE7BBACC7A84FE8D8
                                                                                                                                                                                                                                        SHA-256:F24229E4F09D602B6681D51C30EB7A75FC01FAA83225885903B65A6114E359CB
                                                                                                                                                                                                                                        SHA-512:1B22132423E81EB15685D3BEACDBCDEFED6F6DAF12825F70E85FC07D51044B295B0BB3B32CB5903CF60704689BABC325EF368DBA42424AEB408FF54C241E7C44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ....................................@..................................)..O....@.. ................=...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Handles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.011676585489165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:188cIIWNoW4rjP9Z95Xa/rl9qX2Ip4X/4CjdAA1m5wMDBuvX:19cUmHRKrLy2Ip4wCxf1mlD0vX
                                                                                                                                                                                                                                        MD5:CFB008C51A954851C991442F9672BDCE
                                                                                                                                                                                                                                        SHA1:3200F25CB1CBEA3D0DA2DBD2F80324B6438E8FBF
                                                                                                                                                                                                                                        SHA-256:E79A0DAAB8BF70A360213FB3F3272BFA980B56EC40EBE0E66A7D06E2986FDB37
                                                                                                                                                                                                                                        SHA-512:3666CD8B94CCF6FB0CCD2C2A299415229E253278D2AF8FB90D7334B3E80003766C5AA7EAB450B845348B4993DA4FCCA4EECE0F8F8A49BFBCF4B5B206DBB8C4F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................'.....@..................................)..O....@...................:...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27280
                                                                                                                                                                                                                                        Entropy (8bit):6.771047348828758
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ErmoFmWdOpHRKrLy2Ip4wyNCxf1mlD0L:EaEFdOpHi/9L6fIIL
                                                                                                                                                                                                                                        MD5:9776D5F2CC7EB70D9F884683D7EEF5CC
                                                                                                                                                                                                                                        SHA1:598977D0FF922A1DF4794E89052E95FDF841EF0D
                                                                                                                                                                                                                                        SHA-256:71E20EA248C9E4BA3969EF99475978B93CACB3902BAD0AE856197D6C5B5805B9
                                                                                                                                                                                                                                        SHA-512:86887EAE9BB93E1332FD94BCF98FBA2BB18C5C3BB671F87C3746ED97DEACCF58C2109DB0B3C9141563F33AADB482300A6534ACD6FDEB562E1EEB409418A45C10
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................7.....@.................................PE..O....`..x............0...:...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23184
                                                                                                                                                                                                                                        Entropy (8bit):6.842912642172639
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsP:FOAghbsDCyVnVc3p/i2fBVlAO/BRU+pX
                                                                                                                                                                                                                                        MD5:16737B9D9DBA4E2D85B9C98379E3D04A
                                                                                                                                                                                                                                        SHA1:4BF9E51BFE7BA6993A2D4A590B4A7872EA650DF1
                                                                                                                                                                                                                                        SHA-256:25DC1EDED1EB569B6A423896506C13474E2732118B3F3BEE1D1DCE4A76EA5A4F
                                                                                                                                                                                                                                        SHA-512:2446915FEA03CC008EEB996735403CAE9ACA12DA23211EFE802F882115F60C3FA68D46690E40FF83B092F758800E2800D5F47A2A8B523DC53286E29B863EC6BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ...............................g....@................................. 5..O....@..P............ ...:...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.996432897343726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:u7W6RWhrjP9Z95Xa/rl9qX2Ip4XTjdAA1m5wMT9YMWuuwcNA5DCUCT:u5CHRKrLy2Ip4XTxf1mlTAwcN+GUA
                                                                                                                                                                                                                                        MD5:686EED1A62C5D0790DF8E4BB44FC7F7B
                                                                                                                                                                                                                                        SHA1:4DC98B4B3B3215ACF736737C74931BF97B9F3586
                                                                                                                                                                                                                                        SHA-256:8E9A766F5C6B7F67562E33AE7E8EF753049C09DD669E8CC40EB94887FDB23B94
                                                                                                                                                                                                                                        SHA-512:7270831B80389F0ED6D4F7F0A865106DE83B94018CB20FC84EBF56CACC37C0A1B023D9A90BADE1F9A8000A00316AE5236AE0FEAB901C2313613A1C33207F9411
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................|.....@.................................T(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.042668418966383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7I5HeWFwTBsWerjP9Z95Xa/rl9qX2Ip4VLZCjdAA1m5wMzsPuI:7I5HFwTBUHRKrLy2Ip4XCxf1mlzz
                                                                                                                                                                                                                                        MD5:90D3BEE58A0AA90CEFDEF09FE7D98576
                                                                                                                                                                                                                                        SHA1:34C517B1CB91281CBAB1253624BB9EE23984E96C
                                                                                                                                                                                                                                        SHA-256:CE53C0656DE14AB215AEAF436CF85CB056A89E8CFA5D3EE727444C80ED6DE8F7
                                                                                                                                                                                                                                        SHA-512:6E432D68B80AA461077617EA093A817C9A4412C3E81E77307C96BD1122DA2759899F2D9C649F502A1CD0EA3CE7F0B1E2974370077F2DA3C0F3C9CEDD61F4C6B7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................\....@.................................|)..O....@...................:...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.017159903856617
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2AJpVWbfkBnWprjP9Z95Xa/rl9qX2Ip4wO6CjdAA1m5wMDBu/:2AJpWfkBUHRKrLy2Ip4wlCxf1mlD0
                                                                                                                                                                                                                                        MD5:36D959C16C2B02B04D2EA24CCE6752D2
                                                                                                                                                                                                                                        SHA1:039F9E9DD22BC55A3CB941E8BF0C1A9BF7A07B2C
                                                                                                                                                                                                                                        SHA-256:FA4B7BB60E6F8113FB04E7B14632ABCF302C8D2A356F290BE1014BAAE61E4408
                                                                                                                                                                                                                                        SHA-512:DCBC4F4F0097EE52CC3933B70907AD7297C897B1AE2958624001D62A647B24FE9DF6D3BD6432A87737F74D13DF8A0AF3D1DDE7D75CE06EB9720593F63B891540
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ....................................@..................................(..O....@..`................:...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25744
                                                                                                                                                                                                                                        Entropy (8bit):6.721365603948899
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:v1dyAqgQBfqyTBxHRKrLy2Ip4AzCxf1mlzzlZ:NdK1LHi/9AsfIPl
                                                                                                                                                                                                                                        MD5:8D2D51E700D8F12730189C49EB521595
                                                                                                                                                                                                                                        SHA1:B10D09CB5DC37F189151EE9294FF1A0B227117CA
                                                                                                                                                                                                                                        SHA-256:73555D3D6F3A7C735ECBE7B5B2C71CAE7E67B9D3020DCB1E3FBAC976E6310763
                                                                                                                                                                                                                                        SHA-512:9BF1FEF67B08F9331A976DD9DC0CC453333208AEA20EA213BDF50309B246CD587EABCBA10B39905FFA00CA2A3EC092914BAB4E9105AE293320A52802AE60478C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................W.....@..................................8..O....@..8............*...:...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.8634763704059285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWIrjP9Z95Xa/rl9qX2Ip4qLTjdAAV:csPMQMI8COYyi4oBNw4tB4HRKrLy2IpR
                                                                                                                                                                                                                                        MD5:0FDA1C1123E1440735B8CBF796A0FF90
                                                                                                                                                                                                                                        SHA1:A41A480D7ACF146E1E772090A097BF84F8A37D4B
                                                                                                                                                                                                                                        SHA-256:568AE987E24F0494BB782F24BA19E43391A835877C48B6E6DF32B7F9D46AA465
                                                                                                                                                                                                                                        SHA-512:F8AED32FFBCC9C43F08DBBE1B89D2E14FF5443E0A4BC340E8A846AF6C19ADFC468CB99D301520FFD8BE6FAE1B37943265955E4109BD788C8D8DF008F5E1E3B37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ...............................M....@..................................3..O....@..............."...>...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28296
                                                                                                                                                                                                                                        Entropy (8bit):6.535649241097432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4bhigwLAuZtM66g/Id7WVXW8rjP9Z95Xa/rl9qX2Ip4hCjdAA1m5wMDBu96:4bhzkKsHHRKrLy2Ip4hCxf1mlD096
                                                                                                                                                                                                                                        MD5:4358C0FB7A3830CB3C0F65734D54E5F3
                                                                                                                                                                                                                                        SHA1:FE56EEA28B06C67B6532923978BE76A6C9E937BC
                                                                                                                                                                                                                                        SHA-256:CE5AB73A3EE94E0D0A4A1F894885A5D7822386615A2E0DB08D4E09688C0CE306
                                                                                                                                                                                                                                        SHA-512:61BA825633E6319B6C13FB449607156DDEABC9D9627356999752D2E0966D0383581A707A75BA081DDEECA146FEEAC2AC448B9E8A25C5C9410FE09D74ADAE637D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ....................................@..................................G..O....`...............4...:...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Claims.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.01018265988071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bUcX6W9aWGrjP9Z95Xa/rl9qX2Ip43KvCjdAA1m5wMt+uKW2MDug2uS:bUchqHRKrLy2Ip43KvCxf1mltdKWNq
                                                                                                                                                                                                                                        MD5:B5CD3546FB5660E318C478AE5702BF40
                                                                                                                                                                                                                                        SHA1:DB237901029B10313A378683FFDDCB2984295A1D
                                                                                                                                                                                                                                        SHA-256:C867C08AF648A1D7978CFEC4D19FF22A939BE213684B3E688A2C6B1945533092
                                                                                                                                                                                                                                        SHA-512:46351689E7B16788DD331FAB0FA22DF47FC781BED8FEE89798B0DA27DCB27959F536B2A7D2F11F281D85AC63B9D63251E03C8E39C34B83F1E87F6C2EBFCD983A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................=...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46464
                                                                                                                                                                                                                                        Entropy (8bit):6.164766431431803
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aoBj7kS+8mjvHTeaWKs0Sd4eeaHRKrLy2Ip48TCxf1mltdK3N0:5Pmb9WKs0PeeaHi/9/fI/K3i
                                                                                                                                                                                                                                        MD5:66281C77E5AB5C7F86A5F917B88E30F7
                                                                                                                                                                                                                                        SHA1:3DCE110B186BBF31D7BF1C64C94F7D979027206D
                                                                                                                                                                                                                                        SHA-256:1D209584D163008919CD0BA26146C9591BB91592FA1EBA51B54A3B6213C9FABF
                                                                                                                                                                                                                                        SHA-512:0624C0A44F2D076FF772F8ED47C559C7AD55D0BCD909CC195819220E1E4549EB93D741C098173BDB0187B69F317AF693855C63E28910616E23450F46FBF3FBC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x...=........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.028815476254108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yTI2pWPzW9rjP9Z95Xa/rl9qX2Ip4KTPCjdAA1m5wMt+uKb2MDug246:yE3cHRKrLy2Ip4uPCxf1mltdKbNo
                                                                                                                                                                                                                                        MD5:DF4B7A795571B55CE86F74A1C08249BC
                                                                                                                                                                                                                                        SHA1:9C8A478BE482094EB3AD4543E0239635A5F5A581
                                                                                                                                                                                                                                        SHA-256:496BE8AD65B5EEA31BDEDDC4284990D14988A9DA7CC9B19EEBDEBD034FF53022
                                                                                                                                                                                                                                        SHA-512:5910A7AEA09BDB2F3D6AFFEE9134ECEDAAEAC182F16E715FDC1FE9E890448DD938DDC9065AD36C7E6D852662FB62A5ACF83834BD125F6AB22F8D944A901AC6F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................nz....@..................................)..O....@..`................=...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043203018042703
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ucezoy4W04WoFrjP9Z95Xa/rl9qX2Ip4sQ8TjdAA1m5wMT9YMWuuwCNA5DFpk:uBzoy+KHRKrLy2Ip4sQ8Txf1mlTAwCNP
                                                                                                                                                                                                                                        MD5:1E2909FF20B8D95495308530A1A13676
                                                                                                                                                                                                                                        SHA1:3B72EEEE7D42BE66AC3BB7C1E4622A0DE2EE86B6
                                                                                                                                                                                                                                        SHA-256:C2714DFE9E5C9ABF062FF2F74E4671A7104962BCC707668537927F6290E6D00F
                                                                                                                                                                                                                                        SHA-512:96C5617BCCA5F39E92174337C3D03637FE56F2572DCDD7BA945CCA441AC5377C1CA87597524D0E52050EAF647BF1AA4ED26EACF1B06B1321C5C89E31DB5EF706
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ..............................p.....@.................................,)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.961404899955368
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JH/JWKpWFrjP9Z95Xa/rl9qX2Ip4xsxTjdAA1m5wMT9YMWuuwUNA5DQITB:JH/jOHRKrLy2Ip4exTxf1mlTAwUN+0M
                                                                                                                                                                                                                                        MD5:BC8A91C10FD4A5429AC54A015921A4C4
                                                                                                                                                                                                                                        SHA1:A85B915FFB5104CEBDE7D1D26FD646F09629CC44
                                                                                                                                                                                                                                        SHA-256:CDDA0D36EEC0BB62393ED72FA43D1BD5C241B2222E052AFDD070007B4B04ABF9
                                                                                                                                                                                                                                        SHA-512:270D7AD50775FA2FE50DF06C204562E61D323011828B534887F0EB83ED7BA20768B9964205C4121A9EC97F1A4F97C42B9E3BB6222202A308D1CC1BAF0613FB26
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ....................................@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.900106811884281
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sTjbocNsWMhWbrjP9Z95Xa/rl9qX2Ip4uux6CjdAA1m5wM36QNuZLL5:AboYyAHRKrLy2Ip4u46Cxf1ml36QgZH5
                                                                                                                                                                                                                                        MD5:A471FF1F9125DE39B50573F7803AF769
                                                                                                                                                                                                                                        SHA1:75F39916F239075C34470A2BB730FFE9DE14438A
                                                                                                                                                                                                                                        SHA-256:9647FE75BB47364CEA56B78828840E8752482A7D83BB369771681B5E3810387C
                                                                                                                                                                                                                                        SHA-512:8209F8FFC6DE5830092876360F6A4DC0107EC8748808ABB49FC09DE73B78B5D028A0A26CACF921D85349532160643F0907CFABC8967DF12F55DB861CF75E310F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ..............................k.....@..................................-..O....@...................:...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.Principal.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.9886717572167285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ISKiWIhW5rjP9Z95Xa/rl9qX2Ip40Z+566CjdAA1m5wM36QNuZLX3:ISK8iHRKrLy2Ip40ZA66Cxf1ml36QgZ7
                                                                                                                                                                                                                                        MD5:540D04AA9B9CA639DFA78EB6BC11E195
                                                                                                                                                                                                                                        SHA1:78530FA7D8A68F67145DC2B98604E871AD411228
                                                                                                                                                                                                                                        SHA-256:C882A29AAB3E323719D129D9E75FB878DB909A3F2AB76D65C5696459B01FE90B
                                                                                                                                                                                                                                        SHA-512:18DAF10638A899552B80AFEC035EA0BDC03CA65963336896002AC415826C5C1004D5C7617599338DE50F9266D6AC75117C1B8A2606E88A28B3B488C878F176DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................t(..O....@.. ................:...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Security.SecureString.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.952579369169005
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M0KbZWApWmWTpWNrjP9Z95Xa/rl9qX2Ip4DTnTjdAA1m5wMT9YMWuuwVNA5DyOI4:DKRyiHRKrLy2Ip4DTnTxf1mlTAwVN+uQ
                                                                                                                                                                                                                                        MD5:C22EFC2F987821406E7F39E6432DBDF5
                                                                                                                                                                                                                                        SHA1:BC2CD24C4578EE3E7BDBE524D7703583F1D4B70E
                                                                                                                                                                                                                                        SHA-256:11C03D5D29516D82FCFC512777AE49D9B5594FC48F399CC5198D21C251F8B9D3
                                                                                                                                                                                                                                        SHA-512:2AAD2733729E58BF4D7A7EFA8B8B5B97ACA49C453C9272CAF7E85474731CB0EA29E8BE04DE47F22CCD3458AAF25FE70D7504C8DE916682941CF14AFB600C056B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ....................................@.................................>)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.01078174815367
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xb1nWCXWzrjP9Z95Xa/rl9qX2Ip4yCjdAA1m5wMDBupe:17yHRKrLy2Ip4yCxf1mlD0pe
                                                                                                                                                                                                                                        MD5:5177EDC078028D8E88FA55A3960328F2
                                                                                                                                                                                                                                        SHA1:19D84FDFF5B3D1164A7AF7CD53B1DD7A285A3224
                                                                                                                                                                                                                                        SHA-256:320A063AA8FF50E6684BAEA892F023AF5DD7B4B33B1E3ACEBD5E47DD1F778D97
                                                                                                                                                                                                                                        SHA-512:F83871D0BE1F5A598A2E9A88DD4FCB648FBA2997DDA981150827F02331929D50BC067F4543A9FD476384919AD3302E0A7858BC2C93181B27CF2D4E73D9B94A2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................Ky....@..................................(..O....@..T................:...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Text.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.933857173145757
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:YxyW7TW4rjP9Z95Xa/rl9qX2Ip4HjCjdAA1m5wMDBuS4:+fHHRKrLy2Ip4DCxf1mlD0S4
                                                                                                                                                                                                                                        MD5:E92883D9D3772678F18EBCACF8DE60C1
                                                                                                                                                                                                                                        SHA1:E12BB87179A5F5C3E78C8A883C430C9E53A5B464
                                                                                                                                                                                                                                        SHA-256:7ED94887C9F14C1032147C9EAF993EDF9B5F40532A888A889E1E6A1AF353B842
                                                                                                                                                                                                                                        SHA-512:8AC6D6D20D2F2CE74E1AF5CA157E381CD4507605C5D0DB92829654CC07A5BB37684609212EF3D7CA7B5D77FDBCD085E0E9E873EFFFE497726B5FB41E94F25910
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...................................@..................................)..O....@...................:...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043584942077097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fd6Rb32WVzW5rjP9Z95Xa/rl9qX2Ip43chTjdAA1m5wMT9YMWuuwmNA5Dk:fERb3dkHRKrLy2Ip43chTxf1mlTAwmNp
                                                                                                                                                                                                                                        MD5:A9822B47A1E850BF593CB61B4B0DA6A5
                                                                                                                                                                                                                                        SHA1:443308B64C9BD1B24DEF286F5D118B5D4D46A59F
                                                                                                                                                                                                                                        SHA-256:0E276865A2877403DD7C8DF94F9AA7CA15A5EE49A3FC7A9A866B9CAB7E1198F8
                                                                                                                                                                                                                                        SHA-512:930D3CC22411665E36A789000A5F45679E1E9CD5D9BC07863DFE777C7A7A9CF36932AF79D8FFFDB2A01C2EC3B2F609EDA6D3AD96EEEF0684B3C1AA399638BB42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..P................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36496
                                                                                                                                                                                                                                        Entropy (8bit):6.692065690331391
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ou5I+sqOylryry8qqIfUc7a5AHRKrLy2Ip4d6Cxf1ml36QgZx:oYIVBpry8qqIfUcm5AHi/9xfI5g
                                                                                                                                                                                                                                        MD5:928FFE2B02C8C07B69B235D52C179EB1
                                                                                                                                                                                                                                        SHA1:766DDE57768588CCAA43602E57B0F46E1608AB82
                                                                                                                                                                                                                                        SHA-256:71C1DD3E2683D124B65237376FB4DF2D6FFD85079038FAAB827C281DA69A6D69
                                                                                                                                                                                                                                        SHA-512:2E2EAA3AD7F167E6E412DC9AC04B49409FA4F297710DC4A1CF9BAC152C7561CCC31D99E0DDFF5CA423298F0A69F0D59F55B6AF34251D7279F910BC179DDF99F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ...................................@..................................c..O.......x............T...:...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20880
                                                                                                                                                                                                                                        Entropy (8bit):7.0167424902341216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xvn4HREpWiQWdrjP9Z95Xa/rl9qX2Ip4TFqjdAA1m5wMcJcouCPiK0z:uShHRKrLy2Ip4xqxf1mlcJqCPm
                                                                                                                                                                                                                                        MD5:0F8E8070A4B0B55480AB85A85EB22B9D
                                                                                                                                                                                                                                        SHA1:B60E58FD0ECED6BFDB7CF2441EAE88EE6A6FAEAB
                                                                                                                                                                                                                                        SHA-256:E72C6D3A7E9E23C0D6332AA4CDB8140E127A7913484E8FFB6CCD384491BC51D9
                                                                                                                                                                                                                                        SHA-512:903731D067496952B5582A5839491B36C90A9BB21E50BB70130288D4AFB50628A1A0D4AB9DAE7F0121E9A14C923A4D98B4B02E31E0985BA85A0042983853F879
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..P................=...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.Tasks.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.925388301948598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M8MjKb47T3UCcqFMkJ59WdtWhrjP9Z95Xa/rl9qX2Ip4PJCDCjdAA1m5wMDBu/:9MjKb4vcGdOmHRKrLy2Ip4PyCxf1mlD+
                                                                                                                                                                                                                                        MD5:B09E7D715D06FEBF8F0731AF593B2151
                                                                                                                                                                                                                                        SHA1:16966B4503352D387EECDBD358CB77ABF55960B9
                                                                                                                                                                                                                                        SHA-256:767041162E62EB43DEAAB00F6D4E79890C15D7D3B2150CABD48948B51D0D37EF
                                                                                                                                                                                                                                        SHA-512:CC60BA9571F1BC3EF4604C15864A6A27EC87DA519E0F636CF9B21F1200E0D06D84A76331196EAABBC5BFCCBC43E8BFCA8FCC31105639C0E849CD94C0AD9C38F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...................................@.................................`,..O....@...................:...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.Thread.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.001945686038119
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fzyNXd4+BW6FWbrjP9Z95Xa/rl9qX2Ip4j93MCjdAA1m5wMDBuh:ezMHRKrLy2Ip4qCxf1mlD0
                                                                                                                                                                                                                                        MD5:209FFB98068B9A091F03DE3EA4A02A83
                                                                                                                                                                                                                                        SHA1:CB7DD764550163D9F8D156CF9565CC1071CF05DA
                                                                                                                                                                                                                                        SHA-256:5961BFBC94256103198F867E0F0A22A2EA2039B572F81FE8B75168DD7225EBBD
                                                                                                                                                                                                                                        SHA-512:4FBB9DF6CA43D582B18E28F8F0C10C1189E59FDFB18F87FEE24E49E8BA446AFEDE56F409F9A49B09A7C127CE54051384F8335217E2844B3A9108AAD9CF20C472
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................I....@..................................(..O....@...................:...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012131761847572
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pvs2Q3HKJNrWWRWErjP9Z95Xa/rl9qX2Ip4Jy714TjdAA1m5wMBq5ul09vfh+JVI:puMRHRKrLy2Ip4JI4Txf1mlBqsqv5
                                                                                                                                                                                                                                        MD5:A32EADC37E0A1ED37FEC41FC2E045CFD
                                                                                                                                                                                                                                        SHA1:4BA3FFE3A6FA3DA342CE83F5AEF5CBAC86D2311E
                                                                                                                                                                                                                                        SHA-256:2039B9EC93FA1251E5DA3E1A2B96B8F3450B01C44413EEFBDD4BC455274FE354
                                                                                                                                                                                                                                        SHA-512:5F158EE1C682E0670CCAF2A7FC44693492A9D2A46A73E5BADCA3B2999F19B08F89C8CD210E3C0665FFFDB1527ECF2D125FB4CC07F9B6BA34BDC9CD1EACA50B51
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................p.....@..................................(..O....@..4................>...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.Timer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.9924618472479105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xFz0Q6gcqRhcsMWdMWDrjP9Z95Xa/rl9qX2Ip4/bVTjdAA1m5wMT9YMWuuwmNA5k:xFz1c6THRKrLy2Ip4DVTxf1mlTAwmN+k
                                                                                                                                                                                                                                        MD5:3A428C73A353ED7509FBFB4942604D72
                                                                                                                                                                                                                                        SHA1:D807D591C8257C0FC1EC8F4FAFD403447A164C22
                                                                                                                                                                                                                                        SHA-256:74CF34024678952427D238FBF286E1D3A53C81E4ED3F8FBB6651356A3D1A8D01
                                                                                                                                                                                                                                        SHA-512:4D0E9F3E7C11727260AD2628CC42274698474E45EF2AD63FF98938E90230F4ABBD3BF4A95A647443A24CFB63377FB6EB69F1A06F7E832FD36EDDB49079AE2845
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................L(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Threading.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.912168734049125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:z6xWA3W4aW/NWUrjP9Z95Xa/rl9qX2Ip4bTjdAA1m5wMQhKuVd4m5vZqIcNOE:zaBJHRKrLy2Ip4bTxf1mlQh5Vd4m5ExT
                                                                                                                                                                                                                                        MD5:DA0A017A7B27E4E070FC451B78509F12
                                                                                                                                                                                                                                        SHA1:770C7BBDD3579F4C0C4A7E0747A2CCC0C3F5F740
                                                                                                                                                                                                                                        SHA-256:7DC2B072A5431B0CBF5F7DF8B19E0A4CAFC43ACDDD3EBA0F8E77D3B87161FC6A
                                                                                                                                                                                                                                        SHA-512:49AE7C5849A2ED81A32FDD06DCCC78556AA2F695BDD4062F9C090330C49B0698178B68B5DF1268280A3C5D7DC158E3FCABB3C2F7A7D64B4EAE0747B217BADAB0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):78848
                                                                                                                                                                                                                                        Entropy (8bit):6.068451904343695
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:QIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh79xHi/96m:QIuAaGbeGq5rKASI0ICh9fG/
                                                                                                                                                                                                                                        MD5:497DBE1C655A103B64BF60DD1B9742DA
                                                                                                                                                                                                                                        SHA1:739CAA4AA085FE23B4CFD24CCFF12D9578EDEB5A
                                                                                                                                                                                                                                        SHA-256:C80225BBCF11FBF421DE9169191C2316C96B9E5858C0B2749C53EEEA8993148E
                                                                                                                                                                                                                                        SHA-512:093C06FB355BC5CD8148332689C183F80732960D88647D0A75E3CEE234A2B83C55235F100D23748B8BA6748736DEC5D8A465593642EB92EDE4EC1F214EC84A84
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............~.... ... ....... .......................`......Ja....@.................................,...O.... ..x................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B................`.......H.......................d.......t.......................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o...........o ...........o!........*...o"..........o#..........o$...........o%...........o&........*....0..L.........o'..........o(..........o)...........o*...........o+...........o,........*.0..Y.........o-..........o...........o/...........o0...........o1...........o2...........o3.... ...*....0..k.........o4....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21400
                                                                                                                                                                                                                                        Entropy (8bit):6.994018550233344
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2r97WquWzrjP9Z95Xa/rl9qX2Ip4o9mqjdAA1m5wMRv3cquhqjlLBd:2RJBHRKrLy2Ip4Hqxf1mlRv3cZhqj
                                                                                                                                                                                                                                        MD5:E2143D1AA04BCC81A1079CC3D502C85F
                                                                                                                                                                                                                                        SHA1:60D8889978337C74D9CDB209EC50DFFC79796C68
                                                                                                                                                                                                                                        SHA-256:AB28A9025F8537F3ADC4673F5D9DA769C688AD14DBBFF9C2022B99264C360A05
                                                                                                                                                                                                                                        SHA-512:0FAC48EA0651D638416019540EAE37C349C4DB25BB2075C13C855B60A4524DC51E001B23A0559ED56CCC81FED9141E4FB6D8E5AEFD1D00DEB9EBA29AC3567FDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... .............................../....@.................................\+..O....@...................=...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.966463595778793
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J16eWLDWxrjP9Z95Xa/rl9qX2Ip4XTjdAA1m5wMBq5ul04vfh+Yg2:L6LgHRKrLy2Ip4XTxf1mlBqs3v7L
                                                                                                                                                                                                                                        MD5:6A2A6B51A7FA9D5D06FA735E70E40BF0
                                                                                                                                                                                                                                        SHA1:C5BE68952FE78208F1A8E306A556E96C4B190C93
                                                                                                                                                                                                                                        SHA-256:A08770C6344602101FC611FED68F71579FD06CB7823ED8FEEBC511B1D1AE4150
                                                                                                                                                                                                                                        SHA-512:C341134693BCAF3F13979AA5DE59508ED64E1AA3674572FEAD41E20320BCA8FFFC27BED3EA1874AB898E540B5CFCE016DDD1A3B520A55D3E16A7EBCAE65F1AF6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@...................>...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.952372708304721
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:D8G4YC2W+wW8WpwWJrjP9Z95Xa/rl9qX2Ip43dTjdAA1m5wMBq5ul01vfh+Z92:gGZ5JHRKrLy2Ip43dTxf1mlBqsOv8Q
                                                                                                                                                                                                                                        MD5:CD4894F1E77B8A9EDEDF5CD9775001CD
                                                                                                                                                                                                                                        SHA1:B3CE1EA8BD191F5CC34512D832A3A2D9EDB51811
                                                                                                                                                                                                                                        SHA-256:E9BC548E0052F85BD3D2E640987905404E2FE27F8A31D90648192937A4E9E4D1
                                                                                                                                                                                                                                        SHA-512:A5D8B5E9B66F3967C2192180938658B44CAA29B4D83E84D39B104A8DE8951B922A545712BAD0265E607E5EBBEDDD09A7FA837E13A893592FC370C25FEE604189
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ..............................k.....@.................................z+..O....@..x................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XPath.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.0376762989157
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:D6ziqTEkGWvRWZrjP9Z95Xa/rl9qX2Ip48JETjdAA1m5wMQhKuVdAm5vZczsoJ:DYT1eHRKrLy2Ip48WTxf1mlQh5VdAm5E
                                                                                                                                                                                                                                        MD5:00BBE6D832B673963EE8BC6404CBB1DB
                                                                                                                                                                                                                                        SHA1:05E1CBBF4D9774EF62A61BAB601F2EDA1E72DA0F
                                                                                                                                                                                                                                        SHA-256:3BF178AA6FDC46926C574D3F307B30EBE87D4481C7400EF527E1BD0D4DF7DF91
                                                                                                                                                                                                                                        SHA-512:4C20639B211264009A83BE85D28CDF21A553DB3E2BFDE04EB716C9C1C082D37E23E95E197BFF0C0019429A44C22997CC6AAC44A72D4371D2E82BD6A56B1FE176
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................TJ....@..................................)..O....@...................>...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.975166502138063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0Uv7c7iWNCWjrjP9Z95Xa/rl9qX2Ip4TTjdAA1m5wMAvru4LTXZIjNJ:0M7c1tHRKrLy2Ip4TTxf1mlA6KZ8
                                                                                                                                                                                                                                        MD5:2F66F0F5AD5EF1F67F0D6096BF10A553
                                                                                                                                                                                                                                        SHA1:8AE3D7E780EC9177073D618F28D5DE7A1211CFE0
                                                                                                                                                                                                                                        SHA-256:FD46E5FA1C263C127BF8386A53D457A2E1619AD15A79EC0DB6CC956D5925CDD0
                                                                                                                                                                                                                                        SHA-512:26E0788910E6417919306F47C3A1590177A3F0403EE28EC869280D94B8839A2EE1401C41EEBA33555405C99ECE686785337BBB3EDC73F8D34E703F5F9D079806
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................>...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21392
                                                                                                                                                                                                                                        Entropy (8bit):6.998832177906868
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iSWnRWLrjP9Z95Xa/rl9qX2Ip4EeqjdAA1m5wMRv3cquhWjlLo:izcHRKrLy2Ip4xqxf1mlRv3cZhWjW
                                                                                                                                                                                                                                        MD5:BEC0755730B206089B82B42109DC0A6A
                                                                                                                                                                                                                                        SHA1:57FB2797D73991F48A5ED1211BED5B7AECE85803
                                                                                                                                                                                                                                        SHA-256:071AC56D8E9A64A1C1E32DCD0880C5E328BE47050DE776323BEF6F70FA0AC487
                                                                                                                                                                                                                                        SHA-512:936F3DDA594D4421A61B12C58C4A0AAF4FAC3A9EF8DA7131FBF763461D5C74C991DEED5A2F21063B40A6978CDF72D470604D95D421EF1AF38185C80FEB74633C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ..............................%.....@.................................L+..O....@..$................=...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\TraceReloggerLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23040
                                                                                                                                                                                                                                        Entropy (8bit):6.947773246140973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aoMeAKyr1jSC6rrjP9Z95Xa/rl9qX2Ip4STjdAA1m5wMBq5ul0Rvfh+q:aoMbKK1OBpHRKrLy2Ip4STxf1mlBqs+f
                                                                                                                                                                                                                                        MD5:4CD2BE5105CD5E9AF7D4BFFF40F99B6F
                                                                                                                                                                                                                                        SHA1:B0B83308D8007A7B1FD9EFB4D28373B532C713A2
                                                                                                                                                                                                                                        SHA-256:2A9D8653F09B4FBA3A39E03FECB6C2D1747813D8051C0F9060EE81B62C082DAF
                                                                                                                                                                                                                                        SHA-512:329CB6AEBA3DFAB79806075D0C1255CD53EA8A2D8566F2E3A16ECC3C04D3301702485D292DE30E3D262A282E64B00CE56950A13AEBB3CDB7AFC8F906E4881F88
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.NZ...........!.................2... ...@....@.. ...............................~....@..................................1..S....@...................>...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........ ......................P .......................................t..Ar..(9...8.7.Y*(...x.R.[#.e..3.A.8]...a?..o...W..%...,U.8Rn...^..?N ...0....f..X...G.P..Z.X.....ih.Du.UPxSh.............BSJB............v4.0.30319......l...h...#~......d...#Strings....8.......#US.@.......#GUID...P.......#Blob...........W.........%3................)..."...'.........................................p.........).....L.....d.....r............................................... .....5...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\Uninstall.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96000
                                                                                                                                                                                                                                        Entropy (8bit):6.9811464858641346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:OsuNLvSFVVeozLpPu0jgbWjjWcJorX/wC/wPqaWVxEdHi/9NfIc30fP:O1NjcVVnLpPun8jvqPw5fXPH
                                                                                                                                                                                                                                        MD5:5D58234A8024444C73B39CEBB62BD3BD
                                                                                                                                                                                                                                        SHA1:0667616E58B31F72FE95EA59B6092D68B747B014
                                                                                                                                                                                                                                        SHA-256:400C678A095C17DE027DD6A878267A23CD14BF7428FA9CEF106B9E846FFCA346
                                                                                                                                                                                                                                        SHA-512:2DBEEB5628EDAA3C7BC2D0104B07CE16E39FE27027E823C4F645A603C447C4D67CCC4EF43DE4CA28D946BEAF18B9FC96666464F58694E17CD6969AF7D91498C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L....Oa.................f...*.......4............@..........................p............@..............................................m...........9...>...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata...P...............................rsrc....m.......n..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\KernelTraceControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):234496
                                                                                                                                                                                                                                        Entropy (8bit):6.308803769130203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:+X5gE72vcK8s7pTxEl7Onygi9wDO4z4WSYB0JuPrOAjT//P2jVFU10xNA:+XX20y7HNz14RU0J/AL2bUqA
                                                                                                                                                                                                                                        MD5:BF3E4DEEBA78482CF19018DD55751642
                                                                                                                                                                                                                                        SHA1:9166B4449953624995004544326CBDACDE285E77
                                                                                                                                                                                                                                        SHA-256:E172168748E0A2E7B2582F3E941E7262A366D8B292B6C2FDA3B6ABDA3DF1A455
                                                                                                                                                                                                                                        SHA-512:D012A20926A6EE5DD54227CEA9EA0E51CF2A40DFCDC4146E99482A8747E18BAFD615C4CCC72373A47D050062CAF5EC7744BC174EF0DEE104E329AF631F3702D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>..jz..9z..9z..9.$b9y..9.$a9w..9z..9...9.$|9i..9.$}9{..9.$d9l..9.$`9|..9.$~9{..9.$c9{..9Richz..9........................PE..d....S.V.........." .....l...........H....................................................`A........................................ %.......%...............P.......V...>..........p...8........................... ........................$..@....................text...5k.......l.................. ..`.rdata...............p..............@..@.data........@.......*..............@....pdata.......P.......,..............@..@.didat.......p.......J..............@....rsrc................L..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\msdia140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1692048
                                                                                                                                                                                                                                        Entropy (8bit):6.326801866800496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:x+8Gg7kWyJnk8kvXfX+WquRLvbKG5pkKMV2Dzbcn3P88/UTlXe:x+bWE+TvTRLv/y2DzbcnU8/UTw
                                                                                                                                                                                                                                        MD5:B0B902CF5B6F147211370A7BC97765B4
                                                                                                                                                                                                                                        SHA1:1993129A785CB3C99F80A948D2FA75DA454D4E85
                                                                                                                                                                                                                                        SHA-256:9418B43B8F26DEF716E15EC9138C49AE4DF08306F9D1FF4C65455F2A729715EF
                                                                                                                                                                                                                                        SHA-512:E556BFD25A6B6AB9E1FFEA82CB5D4813B4BFE8CF90C77EC154D6295AD257625FE431A303185F3CAC5271583881F500869478CD6AD6268D938C9F35ACEE7B4E69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:..si..si..si.3.i..siS.rh..si..wh..si..ph..si..vh..siS.wh..siS.ph..siS.vh.si.3.i..si..ri".siS.{h..siS.sh..siS.i..siS.qh..siRich..si........PE..d....8.^.........." .................b.......................................0......}.....`A....................................................<.......x................=.......H......8...............................0...............p............................text...~........................... ..`.rdata..\...........................@..@.data...(........b..................@....pdata...............,..............@..@.didat...............8..............@..._RDATA...............:..............@..@.rsrc...x............<..............@..@.reloc...H.......J...J..............@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\msvcp140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):589824
                                                                                                                                                                                                                                        Entropy (8bit):6.46320033169136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ut8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3HC:uCMm9pyp35bQEKZm+jWodEExi
                                                                                                                                                                                                                                        MD5:6BA8C51379494D612E4EF69550A6CE8C
                                                                                                                                                                                                                                        SHA1:2D642A9FA5C9435E43D009C8734E0FDE44327C29
                                                                                                                                                                                                                                        SHA-256:F832E41CC246B1037289D731804D2207837E8B8D0385F357B1A7592E94308932
                                                                                                                                                                                                                                        SHA-512:2426DD48264F6C0189C5A840B6F11DC877C9096472A50C267EF52125A39011DA8D4D755572CCC71B77D6701359A7364C95BB3473E2BE49C2FA32EA861E81A389
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n...*...*...*.....w.(...#...<...*......./.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;.......>......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\vcruntime140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):99984
                                                                                                                                                                                                                                        Entropy (8bit):6.5538732748545305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Xy6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bnHi/9vfII:XlXfRXqQw+PHLrCZh9xecbStV
                                                                                                                                                                                                                                        MD5:6430909108F315614AB8C02265ECF041
                                                                                                                                                                                                                                        SHA1:7BD0CF29CB2D17E730170F8264CCAF90ECB662D4
                                                                                                                                                                                                                                        SHA-256:27DD79BD367559A0DE592D33B015F7204A9C4483192BFAACDEC9DE07BF460FF2
                                                                                                                                                                                                                                        SHA-512:A1313FB85EC019AADF1BB449FA333B998D1813D54A037CAC06F9CC37A50F6C70D8F41B434AFCD51A7B97BAC43C7F291DE5111C2D787352207A6160D4FF9234BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... ................................................P....`A........................................`1..4....9.......p.......P.......L...:..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\amd64\vcruntime140_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):43520
                                                                                                                                                                                                                                        Entropy (8bit):6.64690620367382
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8JnUUV7xPg4RdPvv1DHkhh+JHRKrLy2Ip4eTxf1mlA6qZe:8aY7XN7I+JHi/9+fInqM
                                                                                                                                                                                                                                        MD5:3382104CEE2BE75491991D2631EC056A
                                                                                                                                                                                                                                        SHA1:8DC3AF340121BBFDC69CA2E04388CBD1E37DB5EC
                                                                                                                                                                                                                                        SHA-256:40147F671339275AAF711388EEEB5F8F313864DEE717E099116085A57286CAA4
                                                                                                                                                                                                                                        SHA-512:EE613917FF5CD539E4B1526BE1CF48A6C478F0D72291865CC1167AA508DCAF017EE22226C1494D69CCD3513E9F4761C345BE8C5DAAE6B40B1C79CDC71D450C64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..j...j...j....l.h....y..h...cq..a...j...[....y..o....y..m....y..p....y..k....y|.k....y..k...Richj...................PE..d...Q8.^.........." .....:...4......pA....................................................`A........................................Pk.......k..x....................l...>......8...(b..T............................b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\netstandard.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97424
                                                                                                                                                                                                                                        Entropy (8bit):5.617357157968208
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:x2Ec05j4eAH64rh5fSt5T9nFcI94W0Hi/9efII:glK4eA7mDmWJ
                                                                                                                                                                                                                                        MD5:D316F297D51844DB28FC96A847ACC05B
                                                                                                                                                                                                                                        SHA1:2A046FC6DEFE22033A76F2F6B18112738CBDD5C4
                                                                                                                                                                                                                                        SHA-256:057FF7A5BBDAA0BDD437D68FC9E0534CD0DFB42EB70DFE87AB864DC8EDB086A9
                                                                                                                                                                                                                                        SHA-512:C1DAC8920B7DB1B6AA13639DB223C4AA02594F7EB57810891C615B850A3C8CA4ADD9C5BF64B8AA8C28EE1528B3018945C72F850305BA8223577EAB498AF5E1ED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................u....@..................................U..O....`..,............B...:........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):177152
                                                                                                                                                                                                                                        Entropy (8bit):6.55862728173861
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:oSHreWE0uOeOyqN8ROsKQsN3gVTAg3mZtrOYDf1gwBvDO:fLeWEPOyqNnys+K1trOOSx
                                                                                                                                                                                                                                        MD5:27C1AC30C9AE3BD7665FB4648AC2648E
                                                                                                                                                                                                                                        SHA1:B07C7A939CA2ED27F3491835CEC2B5F4BAC9B25E
                                                                                                                                                                                                                                        SHA-256:86D05E66E4AC5DBC46BA6270E8A57B5D12E2E31D58A4ECE1BA95F3F381F6CCBF
                                                                                                                                                                                                                                        SHA-512:BD21AFE8BD5243934DF9CF0B04310DBFAB100F76AD17EEF7CA39D2D3C6FDCD9D071BEDBC947C52FD58457F1460715BE65E44B5D441864E2C82BBCF3B84D2C5CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.............!..0..l..........>.... ........@.. ....................................`.....................................K.......T............v...>........................................................... ............... ..H............text...Dj... ...l.................. ..`.rsrc...T............n..............@..@.reloc...............t..............@..B................ .......H.......Hi..l................~..&........................................(....(....*:+.(Ar.[.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.z.....0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*Ad......G.......Y...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1648784
                                                                                                                                                                                                                                        Entropy (8bit):7.665089270086584
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:YHRJ4hTCfcsbCQUVu1B/NwOBsG/F7vL6E7wFGk3OwdKZa1zBwSUnn3KNEIq5ZXta:E+TbsbGVWvBB/ROEA3FIUninM1q5
                                                                                                                                                                                                                                        MD5:3E7DD0248ABCB1B24AB54ED6E09E15FE
                                                                                                                                                                                                                                        SHA1:3513AE79BADEE569D8C6E0B459851C60FEA08F27
                                                                                                                                                                                                                                        SHA-256:765F56F16FA3E15069DD882A59BFD755CA14B123A287E0841596D3EC371AFFC5
                                                                                                                                                                                                                                        SHA-512:07816CAA3E2E62F10D40462B373D06567F8C012999D145BC0815A0DB3FE460F023EBBAC5254EE71073FDE5680BF721EDC75A9343B1105C00F4B31B3C991D0253
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRLib.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j.............. ..0.................. ....@...... .......................@............`...@......@............... ............................... ...................:..........^................................................................ ..H............text........ ...................... ..`.rsrc........ ......................@..@........................................H.......................B...............................................(....(....*:+.(...P.(....*..0.............*AL..........K.......@...........8...t.......;...............T...................*....0.............*AL..........I.......;...............z...4...;...........f.../................0.............*AL......p...F.......^...................I...;...............Y...................*....0.............*AL......l...D.......;.......................;...........2...9...k............0..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):163328
                                                                                                                                                                                                                                        Entropy (8bit):6.264821948719024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qeD9b8uzpNi8br556FpwsdxcNfBBFaS8o92WnTbEZBtQ3rvXeX:qeD184NijpTsNfBBF392WcBQC
                                                                                                                                                                                                                                        MD5:6B03DAEF1CAA676A0BC6E13B4BC8F89B
                                                                                                                                                                                                                                        SHA1:3985879BA05C56C0FA1839B569EA4643731A052C
                                                                                                                                                                                                                                        SHA-256:DF2B1F19DBCF4E1787AD625AE73D844B129D126661861971F8E13E794646906A
                                                                                                                                                                                                                                        SHA-512:741517162EC051D199CD69ED768D6FFE48C75ADBE1CCC06BE1272FE4C6A2C45B64414E84673B036B2BB85CF7B49175107AA03627ED216CDD2E79D47027A73166
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEDRSvc.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a.|...............0..6............... ....@...... ....................................`...@......@............... ...............................`...............@...>...........U............................................................... ..H............text....5... ...6.................. ..`.rsrc........`.......8..............@..@........................................H.......................(....:..+U.......................................(....(....*:+.(vlpI.(....*..0.............*........GU.J.....0.............*........LZ.E.....0.............*......K..f.............J.....0.............*.................0.............*.(....(....*....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..........+.(X...8........E........8....(....8.....(...........s....o.... 3...8........E6......."...................3.............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):334336
                                                                                                                                                                                                                                        Entropy (8bit):7.162095871589973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UUkuU/9vnxhTmdaXlumDgLhhgV+AhV30ZwI+3U:tg9vn+dSBDahgEADu/
                                                                                                                                                                                                                                        MD5:C2538DD971AA2D4F2E863695FB4C585E
                                                                                                                                                                                                                                        SHA1:46B1814C5155DD5148DE7EB06D58B7AE2E5CD6AD
                                                                                                                                                                                                                                        SHA-256:D1781B732CDE702764A8007F76EE8CA0B464C4F4EA30A6E0C67AB562C9F509DC
                                                                                                                                                                                                                                        SHA-512:8587B2141F8A14235B9058EEA876A4202152AC79505B68C5CCEDF21265EC86CF732E769365F4CAE95E9C8B31C49DBCD48D302A8D2D1928E69B78D9B07866DA1C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...npA............!..0.............N.... ........@.. .......................@......p.....`.....................................K.......h................>... ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...h...........................@..@.reloc....... ......................@..B................0.......H............/..............'...4........................................(....(....*.0.............*AL..........K..._...;...................,...;...........]...V...................*....0.............*AL..........I.../...;...............j.......@...........8.......W............0.............*AL..........K...g...;...............p...%...Y...........;...b...................*....0.............*AL......Y...D.......c...................f...@...........d...L................0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.JSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):139264
                                                                                                                                                                                                                                        Entropy (8bit):6.18944717645377
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:f2DD4JcSb+rfzHr+fWPu0yHHFx9EqJvhSYNBcFFlngCTltxeR8LmsvDiHi/9nfIt:QP++X9W0gFx9B9N+FFhgCThLms7knt
                                                                                                                                                                                                                                        MD5:747A3CBD0A2B77BE3CF507BCD4DF1BDA
                                                                                                                                                                                                                                        SHA1:565EC03E0DC06B00C09E3890ADACA584871EB180
                                                                                                                                                                                                                                        SHA-256:263BC382848CBAE80BD641AA0654A23971E2887E07BC1D6F4182DAFF84C501C0
                                                                                                                                                                                                                                        SHA-512:661C6CD0CD4290C2D27669291A9CCD746C6E57A90CC753BE06DD9D55012F16119CEBE0E7D24352400FC21E5626D41AF79ABBC92A72245EA1AB5E6F3C368C31FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.JSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2............!..0.................. ........@.. .......................@............`.................................@...K.......h................>... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc....... ......................@..B................p.......H........_...o..........d....%..q........................................(g...(....*:+.(8L`@.(]...*.....*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*.................0.............*....................*.......*.......*....0.............*....*....0.............*........1E.......0.............*......&.Sy......B(g...( ...(!...*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*...B(g...(]

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):146432
                                                                                                                                                                                                                                        Entropy (8bit):6.2745753496402985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qmFLQiVm1Ie2cDQHOhsK21h8iFT9Z6avH6SCZlmm:zQwm1IeSHOeKmmOC5
                                                                                                                                                                                                                                        MD5:2487994259AE9E8166F22FE39790C671
                                                                                                                                                                                                                                        SHA1:09E1D13605AACCFC0F6EF3858AA53AE0135746B6
                                                                                                                                                                                                                                        SHA-256:4AD77036EEFF9E015C1E6FE1886A465845ADDBDB56AAF5ADAC238AD1CCB91AD3
                                                                                                                                                                                                                                        SHA-512:9A1C3D6A94C954C093547134F621ED69C897C08E3305409FDF3FB17ADC960A17EC03066005AAB16ECDA7F89A55B31FD1006EFA54E5C8C59375BEF05639937F59
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Loggers.Application.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.I............!..0.................. ... ....@.. .......................`...........`.................................`...K.... ...................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......pc...w..........$...q5...........................................(q...(....*:+.(..d>.(g...*..0.............*.0.............*........g..;.....0.............*.................0.............*.................0.............*.................0.............*........**.......0.............*.................0.............*........**.......0.............*.................0.............*........**.......0.............*.................0.............*........ff.......0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2261504
                                                                                                                                                                                                                                        Entropy (8bit):7.596639757213537
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wdm0hCMOJwV1isz+0DxhCHPpdiiobYCI8:w45HWgszsKQ8
                                                                                                                                                                                                                                        MD5:0E5519F6202594F1990CC0F623B43DEC
                                                                                                                                                                                                                                        SHA1:7845F116F5AA74F89A2AB1A9C0AE746E54250FAA
                                                                                                                                                                                                                                        SHA-256:6793F731558A2123E8031E511E9FCF680FB391604383E78C6FB29F132E0E75A0
                                                                                                                                                                                                                                        SHA-512:09139A5EE60309483219EEFA0C7C18659ACF7002B27993B5172BE19AABD7CE51013348AAEC2971F42C84517312A5BD3E318D94784C069AFDAFDFB19ABA088200
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..:"..........X".. ...`"...@.. ........................"......."...`..................................X".K....`"..............D"..>...."....._X".............................................. ............... ..H............text....9".. ...:"................. ..`.rsrc........`"......<".............@..@.reloc........"......B".............@..B.................X".....H........L...h..............Jg...W"......................................(....(....*.0.............*AL......_...K.......@................... ...@...........]...V...................*....0.............*AL..........D...-...;...............j.......;...........8.......W............0.............*AL..........K...Z...;...............p.......@...........[...P...................*....0.............*AL..........D...X...Y.......................;...........h...m................0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):222208
                                                                                                                                                                                                                                        Entropy (8bit):6.786565578522807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qT4Ahf0UCXbEb89D4KT+/vi+55uHr3Yv+rDi8TV5l1mVb3OFZj:qTfLsbEKDY/3K3YkzTV5lkK/
                                                                                                                                                                                                                                        MD5:C6F7D6A83C38E3BA04C8CEA017B5BF56
                                                                                                                                                                                                                                        SHA1:4447ED64AD603FC438B9D2C67DC9DA6D33D01E3A
                                                                                                                                                                                                                                        SHA-256:69F0E9B57759CB06D79F6121311E768A87BEA1972344D7FBB6852B48D9FBCFE4
                                                                                                                                                                                                                                        SHA-512:3CA8067CA1E1F969B389E0EAC6D88CB1E8489E32CDBDCD778D8415DA58EBC15961D5A2878C4E8CC4F0BD84B7D2692CBD0D794D37FE6CFE8CE8BDFD0F7C7C31C2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...uM.............!..0.............N;... ...@....@.. ....................................`..................................;..K....@..D............&...>...`.......:............................................... ............... ..H............text...T.... ...................... ..`.rsrc...D....@......................@..@.reloc.......`.......$..............@..B................0;......H........~...............S......7:.......................................(....(....*.0.............*A...........)...1...:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*....0.............*....*.......*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\EDR\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1647616
                                                                                                                                                                                                                                        Entropy (8bit):6.5512299586037255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:IKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB2:IK3/z0hY
                                                                                                                                                                                                                                        MD5:221FB15A1D7C97DE76335176E6E44203
                                                                                                                                                                                                                                        SHA1:D73D7308497BC30471BD3ACA93868C7BAB9FF9DC
                                                                                                                                                                                                                                        SHA-256:BD91F6FD71B802815D563065AC0B43527D4CDF726E9BCCF98C52338A8067E181
                                                                                                                                                                                                                                        SHA-512:0B0AFF2B0B1D03C9006C8E2C06BB0F46F4CFE9FD003BE1744CA1ADFE8FB0357BA86A2E3D17476166BE31C5BD9B70CF975CC31A2745956A8D50D8D083516FAE7C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................>... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\InstallerLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):342528
                                                                                                                                                                                                                                        Entropy (8bit):6.319695730516836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Bc4hrbRETiqEVVtrSiitN4J4RVk87Uo0zEWEpnSAJVGN937taTVD7zsih7Kn9s0T:uMnqEVtmLtRRVB7UoQI80zsihmn9dZ
                                                                                                                                                                                                                                        MD5:135353974CBEBF94B8BC48D682F8F5D8
                                                                                                                                                                                                                                        SHA1:0D8911EFA7759516FC80961EC42ED6E15764CEB8
                                                                                                                                                                                                                                        SHA-256:3DA6DB19E909805066BB41B1674B76B9B1946E99AEFDEE3EF96A0EE73B9914C1
                                                                                                                                                                                                                                        SHA-512:1896E77B05162F9624ECC2139866186260B1ADFB6A1918F04F9696DDE2E7B5B4C2FB64533C20ABC44EA0BC42AFED692381CFF956A458B1FB420E5B490F26F998
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\InstallerLib.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....yY............!..0.............N.... ... ....@.. .......................`......Fm....`.....................................K.... ..|................>...@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...|.... ......................@....reloc.......@......................@..B................0.......H........,.. 4...........`..Z...3........................................*..B(w...(....(....*.....(l...*..(....*....*..................{J...9......(.... .H.. ....a~D...{#...a(q...(....~....%:....&~......B...s....%.....(...+....(....9).....(.... 4K.V ..54a~D...{-...a(q...(....... .... ..va .U8Ca~D...{<...a(q.....(......r...p..s....o......(.... .M_. .t_.a~D...{7...a(q...(.......(.... .. i..VY 9..Aa~D...{....a(q...(.......(.... .q{.e ...^a~D...{c...a(q...(...... ...ze ...a~D

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Bcl.HashCode.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.760851730168963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:4v6lknrJ93rkPKCHRKrLy2Ip4ZxTxf1mlA6AZr:9m33lCHi/9ZjfInAh
                                                                                                                                                                                                                                        MD5:ACB3B8B030A178D204A6C32414CB16F0
                                                                                                                                                                                                                                        SHA1:C7D1703BE7C2B6F0F327A4353C08285E3171567C
                                                                                                                                                                                                                                        SHA-256:19A884B8D348DBE3D90816052193A24D83B01FB1BD5D6540FC25EF1CC6993A8E
                                                                                                                                                                                                                                        SHA-512:6F7C05555319F3EC1C97DD4A7BDE0F6A42B992386BD8B717CEEA2A911F816DF70E5FC4B8873AB93D74A1D1D38AC7708B3D067D37BEE40F5AEA4C29A44E65A97E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E.&..........." ..0..............M... ...`....... ...............................+....`.................................jM..O....`...............8...>...........L..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H........,..|...........0J......HL........................................(....*^.(.......!...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..6.......(....-.(.......!......o.......(.....(.......,..o.....*...........+........(....*.0..............(.....*..0..4.............-..+.........o.....(.......X...(......(......*.0..U.............-..+.........o...........-..+.........o.....(.......X...(.......(......(......*....0..w.............-..+.........o...........-..+.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Diagnostics.FastSerialization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):80896
                                                                                                                                                                                                                                        Entropy (8bit):6.2332467019367135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:uGQVC/QSnsZIHMkJAsSQQ11pJXWmWHi/9wfInX2:uGkC/QXI/A6Q11pJXXpm
                                                                                                                                                                                                                                        MD5:CF1EDCCF60725C2F4BA3C1B87D8ED683
                                                                                                                                                                                                                                        SHA1:C1EB3691E4058A0FCFB2D5F27C515DD1D4199E4A
                                                                                                                                                                                                                                        SHA-256:5503DD2AB5C36751E2752FA790E73CC60A273872FA30FC6D2680C7D7377A8902
                                                                                                                                                                                                                                        SHA-512:13B7035AE83B4075150C41B8ABEF9463EE74F0C022AF1536C50CD990695C86768B93362E61D27981D9804D78B1D7AD8D0D075411FC54AA54B6028A03A9D940F1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3A..........." ..0.................. ... ....... .......................`......\R....`.................................W...O.... ...................>...@......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......................................................................0..(........._,..l(2...i...+...]-..*..X...1..*....*.0..S........./.r...ps3...z~.......+.......2..*..X....i2...`.+..(....,...Y.e],..*..X.. ....2..*..0..!.........Z.. ....6. .....1. ....*.(....*&.j.n\.jX*..0............nZ. d.jX.nZ. dm..*b.H.F...%.|...(4........*....0........................,..-..s5...z*Zri..p......(6...s7...zBr...p~~...(....z6.......(....z"..s8...*^r...p..(9...r...ps:...*:.(;.....}<...*:.{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Diagnostics.Tracing.TraceEvent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3168256
                                                                                                                                                                                                                                        Entropy (8bit):5.997335561761779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:82D77md4XviutkNNnh9k/kCC0Ps6MrwMvAcZU28MHAmXyFlDH3n9:3D7y4qutkNlICUTMHlXyv9
                                                                                                                                                                                                                                        MD5:6E70D569E1A4A1D8DFE4884286643C95
                                                                                                                                                                                                                                        SHA1:A90A5BF9D736FA595FEA49CDD5B4A644E1ED8A7D
                                                                                                                                                                                                                                        SHA-256:4DD85290401BD1F59BDF9157A74D0DEFF03755D1A0DBCC6E1DF214B618E64287
                                                                                                                                                                                                                                        SHA-512:7ED8E219DC80507300131CA0808BE5EA3EDD5E4966FB67DB3860A9CD48792AF15EAD9BE50C730A73B3323EBDD43832C0B033F546BAFD8CCAAD46D1401DFFCF39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........." ..0...0.........*/0.. ...@0...... ........................0......\0...`...................................0.O....@0...............0..>...`0......-0.T............................................ ............... ..H............text...0.0.. ....0................. ..`.rsrc........@0.......0.............@..@.reloc.......`0.......0.............@..B................./0.....H........j......................\-0.......................................{_...*..{`...*V.(a.....}_.....}`...*...0..A........u........4.,/(b....{_....{_...oc...,.(d....{`....{`...oe...*.*.*. ... )UU.Z(b....{_...of...X )UU.Z(d....{`...og...X*...0..b........r...p......%..{_......%q.........-.&.+.......oh....%..{`......%q.........-.&.+.......oh....(i...*..{j...*..{k...*V.(a.....}j.....}k...*.0..A........u........4.,/(b....{j....{j...oc...,.(d....{k....{k...oe...*.*.*. B.8' )UU.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.999968626712184
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UN9VWhX3WwrjP9Z95Xa/rl9qX2Ip4jcTjdAA1m5wMT9YMWuuwsNA5DuQ/f:4GrHRKrLy2Ip4jcTxf1mlTAwsN+iQH
                                                                                                                                                                                                                                        MD5:9BF3077927261B22D370B5B3CA57D038
                                                                                                                                                                                                                                        SHA1:B17769BE1674A4E2714E739B2563D300144C904D
                                                                                                                                                                                                                                        SHA-256:3FD59AA9EB5F647528F1E6B44320CA7DF4A29C45C3632A3D568BBA6BA6518E55
                                                                                                                                                                                                                                        SHA-512:414AC4A704EE5E776F5F35361A497FD43B564B0FA8E8D38462BE8AA159B9588DF63F2005C8C62B51D871DB6550BFB6B42E1E806C58785CEB0A7560382CDC3151
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................CD....@.................................T(..O....@..0................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31232
                                                                                                                                                                                                                                        Entropy (8bit):6.545145822499441
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:biE9HCViR9ymljiqHRKrLy2Ip4WjTxf1mlA6mRZmV:G0CViR9ymljiqHi/9IfInmRA
                                                                                                                                                                                                                                        MD5:B8BC5CFB09FC20C3AAC34B61F938FDA8
                                                                                                                                                                                                                                        SHA1:4317695A609106D4BCCDA3413ADE56871079CB7E
                                                                                                                                                                                                                                        SHA-256:6EFB32D2EB38B0226CB930BBCA3C6D421D1A425EECD843D2F72DE85610C09E26
                                                                                                                                                                                                                                        SHA-512:D2169F1280C45C6389285D9D8D17C4AA61C202C512EEC27BC7E105DD11C7231099407B7F6EF9F94C55F9D4330C1F79D10032289DCA05A07BF82EC41D228C00FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..,..........6K... ...`....... ....................................@..................................J..O....`..(............<...>..........8J............................................... ............... ..H............text...<+... ...,.................. ..`.rsrc...(....`......................@..@.reloc...............:..............@..B.................K......H........"..x...........8<.......I......................................j~....%-.&("...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r?..p.(....*2rg..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r7..p.(....*2r_..p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):349696
                                                                                                                                                                                                                                        Entropy (8bit):6.202386229973413
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:81sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfD:81sSmRIt/xhtsOju1DH5NXnIKAcW
                                                                                                                                                                                                                                        MD5:312DDE0440242AC225AADF3C1F72DA30
                                                                                                                                                                                                                                        SHA1:DF1F5B38F76A1661380EAF660936FF8721A16E34
                                                                                                                                                                                                                                        SHA-256:1908B436373C8813C21D777124E715363D0AB7EDBE8238AE71C6FD6F24C95B69
                                                                                                                                                                                                                                        SHA-512:21A7C48004313A254BA928B4CD238C2C5AB33B70C4016E82BF29561A882AD2F3D8067E2CF014E0EC815736594ACB7F10DE40C7CF7B38B284DBC11D2D235C1F34
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ..............................{.....`.................................0-..O....@...................>...`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\NAudio.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):529408
                                                                                                                                                                                                                                        Entropy (8bit):6.092519311604388
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:hnfnRe200wJT4WQ+NOStYVlJHMGwH7fug:1DIrQ+NOS2HMGwHT/
                                                                                                                                                                                                                                        MD5:C7EB00862B2ACF71D32CB1CDF6E02581
                                                                                                                                                                                                                                        SHA1:3C6E5B0AE8EBA473FE0E5DB17ADC98AC2B5F276C
                                                                                                                                                                                                                                        SHA-256:AA4BAFD2B0D064BAA00996DCECFBCB4C0C118F7534CECE4AF9B137ECB42B3268
                                                                                                                                                                                                                                        SHA-512:A753137140B6CBC9040BE95F07C5DC3681747FD82FDA48535E09E10F2ADCACD64932E2F635B6A78A89E7C199DF26039A11A8186165BE6D657B2E0F9D35EE2F77
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q............" ..0.................. ........... .......................@...........@.................................1...O........................>... ......d...T............................................ ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................e.......H........i...[............................................................{<...*..{=...*V.(>.....}<.....}=...*...0..;........u(.....,/(?....{<....{<...o@...,.(A....{=....{=...oB...*.*. ... )UU.Z(?....{<...oC...X )UU.Z(A....{=...oD...X*.0..X........r...p......%..{<........+...-.&.+...+...oE....%..{=........,...-.&.+...,...oE....(F...*r...(....(G.....}......}....*JrG..p.......(H...*2.,...s....z*..{....*N.,...i./...s......*N.,...i./...l......*....0..............+....,..*..X....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1647616
                                                                                                                                                                                                                                        Entropy (8bit):6.551177299884059
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:HKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB/:HK3/z0hZ
                                                                                                                                                                                                                                        MD5:D208CAB80627C09A9E7E69FF31FE95F7
                                                                                                                                                                                                                                        SHA1:A36E96E21AD21638046BC9820E07724E8A202CCE
                                                                                                                                                                                                                                        SHA-256:29842A886DC678A7CAFF5F741FFF20E9825E064144BA09CA3BBD47E09EA7CFCE
                                                                                                                                                                                                                                        SHA-512:1CAF5E430AD5E295C5BD4EEF698E44025F826FE1E70079C1AE214885A8962D3170E3465494AB24B36365CC1CF25AF9C6F6EF5A3409BF6B4C8CFA1C8A1877F154
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................>... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\SecurityProductInformation.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):112
                                                                                                                                                                                                                                        Entropy (8bit):4.9372191821953795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:LBQBIGqr2igRUGLsW7/ZA783dEcsAVCXoA0Ayn:1U2rwRUGZA783dAAVCXoA7y
                                                                                                                                                                                                                                        MD5:AA76741FF18EEF8DADD607315B86815D
                                                                                                                                                                                                                                        SHA1:F71E92F4ABDC7DC7FBEAF8583A8415A83948F2DA
                                                                                                                                                                                                                                        SHA-256:3F8B58A5E9F78367AC1F366488004B409BC1526439D1C3FAA344A95BCA445D32
                                                                                                                                                                                                                                        SHA-512:7FBE625D421AD9A6DFB1AF1956CC4B65320385E05B1013054922E17AFCF990857B8996EED02E2497F978CFAF07460D7EC9487B070BB1287074DD3DA4A5055164
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[Products] ..Name=Reason Cybersecurity ..Version=3.5.0 ..Company=Reason Software Company, Inc ..Upgrade=FALSE ..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\Signatures.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2022592
                                                                                                                                                                                                                                        Entropy (8bit):5.999974579136952
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:+dK+qRAhQZWnHFRGGbk0kLHYCFOEx3BMHAE4d/R0l7lRmRj5/Kz3PYez2OQJBmx0:eKYdRxknOEx352P57PFj1xVYNcXsn
                                                                                                                                                                                                                                        MD5:FB84325FD7362B5634C4DE62B3A2C001
                                                                                                                                                                                                                                        SHA1:EBB54EC78A071CE47A1C86F47903D56D77B34CF7
                                                                                                                                                                                                                                        SHA-256:23BDCCB16E5900857C621B67C779B2A49179ACA564EEAF1E74FD10C4EB1651EF
                                                                                                                                                                                                                                        SHA-512:D59933302521C9B3EEAD330A38577FAF1DF0378AA926690C6001186D495ABE4FC470BF578BC9DEABD82E26D7B1F8ED446957494122BD65047456C657DC9BADE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:LtAADqVO7UZPm5M2i6U0Ut+519EhIs7fDC28Wl1pQ3a5caHSrw+Gx5gPpgKjm6512l6HKUBJcXQoHbNGYOCA49Q3BTXE41yS8brQXEozdrMJ/QdDxGcC56TGJwEI91lQyrkOtRfocRkRscRbJGGAiyLm3qgIwtTxwz1Jjb4Pecxp6sC2gikNX1FsfN9m6z1LyQNZnfcuQ/6nD0PPsgLRx3rKTfu8eICM9LWsz2LcMcH5EgncDPPlUBccIAOoNxcwirnig5V7fYkq5PCmIeJV/foKrhkvtj2sNYOZMBtbUvSWsEGn6a6TOU/Piv2Sl43XCYBaSV+MbZD2Fa7N4XNtgSjNH8CbppSZk5+xCm2MtTAwzdHIONHn1L8zBeGZwdAbocx7Qon0DNvHkJmVNpIMiH03GwfpOb7+a7jO6UjzphzFDZTTetf0odM6bxJE5mmTkX8tHVeJZDsSRtH/kxPrlWwaJ/GDcy18HIbQYhCSoTZ7U2D0D6O+3vJNh/gXcd1/hA9EWe8sZr9+92Z7fQPHW0W1X9gXdbysOmQ53nZiTGa2LVaen84GWnaQmiNuAr8KeAYqKQLpTCHHt8HnwIB+EKPHbi5fTgHNK+5QnHZnexdkrlNEG8iJhoHPW5yMNGtxKY2j6SHQVMPeRC7IyRSSfHZjarSYlrbAwmLjM9omyK9uScT2ZUWhDXLAB5t1g/C+YFWFKgCi/fZM9BZZd6gBosg+t/ajXVDxgq4JXCDTGuarqflQgnAhx9f4UizVRedmiupelpZ7OYPPKxRHxRUXxFaijSPvFqUNjwVHEiq1D2CWLAiq1EmGZBvW5DXozhpi/Ibsj9v1rVkmO365wPql2zKxSwA41CV/ezqtyB2v9YoEFEhD5ovN6/RgP/chRBlu617VTprMUa0OiPA6jkDPVwo+H1iSLxJVFAUW7SgkDPwAmu5aL88lIJz74HBh6gEKsS/qYtzEJHt34OdPBAf+FcrmWK4rQ9vzpdNjNDmX

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.AppContext.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.978537519188193
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/DNxWQFWWrjP9Z95Xa/rl9qX2Ip4z2TTjdAA1m5wMT9YMWuuwlNA5DdD:/DNVTHRKrLy2Ip42Txf1mlTAwlN+p
                                                                                                                                                                                                                                        MD5:2DFF1B9CA7F8F5306847F4E9A3B6986A
                                                                                                                                                                                                                                        SHA1:0972B9A567C63F8D9A9DAA5E53F05B6C9A2DB5D0
                                                                                                                                                                                                                                        SHA-256:606611B5159500AC591813A658540F59A147C66100F622AD8B44A5540E573FE7
                                                                                                                                                                                                                                        SHA-512:8E9EBEFE85B0000BF6ACB1ADE4A42832D61E56675386351A6CCA8B65E711B29091A6985DA9D92D1FC316B6BCE2ADC1742518FD8053673C153EFC2005317DB308
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ...................................@..................................(..O....@...................>...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038714011015616
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9m2igOWnW8rWGrjP9Z95Xa/rl9qX2Ip4i/jTjdAA1m5wMT9YMWuuwkNA5D6v:lthHRKrLy2Ip4AjTxf1mlTAwkN+o
                                                                                                                                                                                                                                        MD5:7AC4FDFD4937947B05A24FBC521B3F94
                                                                                                                                                                                                                                        SHA1:684BA6B2AE151A48CEA3838B8AB13D44A988757B
                                                                                                                                                                                                                                        SHA-256:3356CCEC48B70923560CAE1FC92A8778CB22089D1B955AC691B6BF49C1A682B4
                                                                                                                                                                                                                                        SHA-512:B0D9D93C81268C33EBDEC4D50220A2014D950BE17D50382248051E4E38756DFDB04A26762B87AF03A7344FB2C8646A4B76919073BCE0D61935F226471B5ECD4A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ............................../.....@.................................t)..O....@..D................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038869248646308
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dnapn1iwwPWcGWHrjP9Z95Xa/rl9qX2Ip48qTjdAA1m5wMT9YMWuuwWNA5DT:EDuFHRKrLy2Ip48qTxf1mlTAwWN+v
                                                                                                                                                                                                                                        MD5:DE4F6EEF2E6CA33D0ADFAC45FD34103B
                                                                                                                                                                                                                                        SHA1:FFA22597139DE334AC0E4DA91B13067E1B6AC391
                                                                                                                                                                                                                                        SHA-256:90A0E014766A51776A99260E21268A320B30C4024AF276FB0FB25414A15559D5
                                                                                                                                                                                                                                        SHA-512:2FD3B491675B3BB4349251D1113992D098AF61C1055EAFFBA33AE939720FA2EA9A60FFD755AFE5F55CBF4F8358BB97AD32605F66698614215E8CD87E3AD3C964
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................iw....@.................................p)..O....@..@................>...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Collections.Specialized.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.038266147487603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aHLaEav5aaUa6arWVLWNrjP9Z95Xa/rl9qX2Ip4CCjdAA1m5wMt+uKn2MDug26U:rPv5t/NOEHRKrLy2Ip4CCxf1mltdKnNb
                                                                                                                                                                                                                                        MD5:73590CA143A8BDB34145D491F3D146FC
                                                                                                                                                                                                                                        SHA1:0F1EF5093DFF48D9B0FC0A8E3351D151AA87F0AD
                                                                                                                                                                                                                                        SHA-256:B090BAF1A8A5CAC4835F3DE5D60B8B98C550349915E9FBE360605CD143C68777
                                                                                                                                                                                                                                        SHA-512:28678930E560D79FD34C31FF5F58BDAC53012BB8D5F2E7DC750E119C0DA12B5FCA830C0ACBEA5FA800B2D5534AB4850FEB11EECEFAADED1691B4AE2FC62C3639
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................`.....@..................................)..O....@..P................=...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Collections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.9403371462839605
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:56iIJq56dOuWSKeWHrjP9Z95Xa/rl9qX2Ip4e6LTjdAA1m5wMQhKuVdJm5vZYaG:niA9HRKrLy2Ip4e6LTxf1mlQh5VdJm5G
                                                                                                                                                                                                                                        MD5:3787FD49F76887523CA6EE358EFE211B
                                                                                                                                                                                                                                        SHA1:39CC297E1CB3A02608C9A687FA063DFC37124AE4
                                                                                                                                                                                                                                        SHA-256:E8A46F40D416E1636F067C621C69FA64C959915AA59922F3FFFE61C349FC0BF5
                                                                                                                                                                                                                                        SHA-512:C6F4EEEA71C55BA5C5A77248539FC5D454953BB2A58A8553677419EAC5B9BC7F5CFF5E53EBD89126BCE16BA6372BE833A43BC7D2AE242AE62DB57FF39F83AD39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ..............................g.....@..................................*..O....@...................>...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.969557757793759
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:onzz+MpSaLWW0+W3rjP9Z95Xa/rl9qX2Ip4aCU9CjdAA1m5wMt+uKu2MDug2Ecf:mpuNHRKrLy2Ip4a3Cxf1mltdKuN
                                                                                                                                                                                                                                        MD5:205CFCD6412BD6E73B6D76AB425FEE45
                                                                                                                                                                                                                                        SHA1:1F81DD9DC0794C7C700894A76DC409A1EC734228
                                                                                                                                                                                                                                        SHA-256:9DB96E9B00B7D4761890BADC3CA6988C882CA98C67693FC9C969603B07F5C912
                                                                                                                                                                                                                                        SHA-512:60277DC31CE4C6ED9543CC3284F7640B79B84D033478A2C6D01E79E292A424CD17DB8AC9D8023661A3E21E6931D543BAA8954BADA8540D04B05B35C16587BDCE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ...............................!....@..................................)..O....@...................=...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):7.003252995869171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0Ghr+YUfyHxsW/HWIrjP9Z95Xa/rl9qX2Ip43CjdAA1m5wMt+uKj2MDug23:DkmDHRKrLy2Ip43Cxf1mltdKjN
                                                                                                                                                                                                                                        MD5:FAAE39EA5667034ACA5FE9695F7842AF
                                                                                                                                                                                                                                        SHA1:D14F68156029D6A69CB831AD5935DDC08F3C7B1D
                                                                                                                                                                                                                                        SHA-256:C5DE6F3CA7476F1EB517A24C96CC4D654CEEA3F5679946A8887CF48F10A603DF
                                                                                                                                                                                                                                        SHA-512:15117974C027B03CBD81B07CEE0330336247D48D696187A1CA10A48FBC71F696DB58C4C1C326CC805B668A21697AD3CC81C196749C388E37125FF783E4B11189
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ..............................a?....@.................................<+..O....@..`................=...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22400
                                                                                                                                                                                                                                        Entropy (8bit):6.946606868220202
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sRE+ruiA5vzWeNWqrjP9Z95Xa/rl9qX2Ip4BtCjdAA1m5wMt+uKz2MDug27Q:sS9bHHRKrLy2Ip4BtCxf1mltdKzNy
                                                                                                                                                                                                                                        MD5:32EDB888088E971503F899257BDF5C3E
                                                                                                                                                                                                                                        SHA1:E8A3AFAAC560318591A9DA9E64258F2C1F2B93DA
                                                                                                                                                                                                                                        SHA-256:F07FDB5720B64DFC55FD49742F041D07BFB9C006167E12DD68033077F6FFB529
                                                                                                                                                                                                                                        SHA-512:DF68B9FE96B68A2B138DCD482470369AD902792CA6CC97FE16EFA61D517E85E0A612213CB79B809D7527CF5C87792E7D41871589173C0A4BCF0AD915D0B084BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ....................................@................................../..O....@..p................=...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ComponentModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992218618555366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dT+6ywnVvW0LWYrjP9Z95Xa/rl9qX2Ip4sk6CjdAA1m5wMzsPu:d99DHRKrLy2Ip4sjCxf1mlzz
                                                                                                                                                                                                                                        MD5:AD599C4F1182F117CB2EFFD67B81FE00
                                                                                                                                                                                                                                        SHA1:72DE534F8AD7DDAAC63AF05CCE5F09118F002718
                                                                                                                                                                                                                                        SHA-256:A2F1BB86811D01DD872DC22C1791C906C8761EB9E277E16F67CCEBC34525E558
                                                                                                                                                                                                                                        SHA-512:E78D3614EA65F507C6882EDCE51FE6BA7435C3AFBC70D26A6787620F5205AD8DFC39268350D87A874832BFD6D7ECEB36BCD67005B05E5D47D766C6AEDEA45ACE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................>.....@..................................(..O....@...................:...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Console.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.9972717627617875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LRbzriaXT+WlEW6rjP9Z95Xa/rl9qX2Ip40CjdAA1m5wMt+uKb2MDug2K:N7icoHRKrLy2Ip40Cxf1mltdKbN
                                                                                                                                                                                                                                        MD5:D04BAB647A4535646AF7907572D2F416
                                                                                                                                                                                                                                        SHA1:29D08751EF6296F3CD817A85D7FA8734B90E5452
                                                                                                                                                                                                                                        SHA-256:AA607E257803A266057CD3A3231BF28656164636753A73153FD69AD374E52B79
                                                                                                                                                                                                                                        SHA-512:1A4E4A00BCBC81CA473C2F7C58E4D059B763C3BEE88837FD9CB419E34F552307BFEC08DB57C35E0A91C1998792A311CF0DF4DE9D91097FF2D66D17985BA93307
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ....................................@..................................(..O....@...................=...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Data.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153984
                                                                                                                                                                                                                                        Entropy (8bit):5.51941877191699
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rHOdYYWg+GImdMEGK61wb5nx03LBblQ6Ndk66byYSI4Zki+BReD4pK/uYxtl+DH1:KdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+Q
                                                                                                                                                                                                                                        MD5:38AE6C349E82C48143368F320E9D3334
                                                                                                                                                                                                                                        SHA1:FEAFB1B6F68B2B2B4BADCD26E955392132EC0598
                                                                                                                                                                                                                                        SHA-256:C6689E8B6D972E3F3B8C8D553D3297013280FCD254CE67A253F8C5599D6251C0
                                                                                                                                                                                                                                        SHA-512:4244F1A46E867D69165555CCADBAFC802F2CAF911E64F817D86444307625CB71B4055DBDB343B74F027A050A2E0F5D2BA5DBFF5238CDAD6239EB45129E4EF9C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ..............................d.....@..................................,..O....@...................=...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370320
                                                                                                                                                                                                                                        Entropy (8bit):6.097287838038304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:1ruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmg:oNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeL
                                                                                                                                                                                                                                        MD5:0ABD891534524A6F338A47D9FB607809
                                                                                                                                                                                                                                        SHA1:5DFD01F659AC840B59B98108E5ABE7519CA29E59
                                                                                                                                                                                                                                        SHA-256:69BACBBCC9F64B4A3A5E4AC155306139410740776780856C6F268B4778EC8672
                                                                                                                                                                                                                                        SHA-512:D2F5316282F874F9B132829209326B9A6C5CC85EA953EFD9828B076D38F65CBC6A0CADA901C6E53FA90072774C6C2087F242616481354C569F4E3F2981325D7F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ..............................n@....`.....................................O.......$............l...:...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.97137335485154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mRtRWjYWQrjP9Z95Xa/rl9qX2Ip4p5CjdAA1m5wMt+uKp2MDug2:QiqHRKrLy2Ip4TCxf1mltdKpN
                                                                                                                                                                                                                                        MD5:46C3A5D639EA85E10F9D1586D4A5DEF9
                                                                                                                                                                                                                                        SHA1:AE021C65C29185807DEFD8704BBDE13A5C0CCE79
                                                                                                                                                                                                                                        SHA-256:D5E78C7417B778A2225FB1AA518D32714E12974B5B9B51177A27DC8AD811F850
                                                                                                                                                                                                                                        SHA-512:E5412FE8BBD065D819CD20D3C5EFCDAD9672479D9DBD0E2F52C13AEADEE1BA0FBBBA6056D577F263BF8CA8F8119A8F8A5A65C2E99E1F3ED9ECB9EBF571555CBB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ....................................@.................................x*..O....@..@................=...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038357471463953
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hjeWnoWxrjP9Z95Xa/rl9qX2Ip4CEB9MTjdAA1m5wMAvru4LTgZIjhIEOnD:hjn5HRKrLy2Ip4CEfMTxf1mlA6tZgOD
                                                                                                                                                                                                                                        MD5:D04EE873D87F1CF5695D31F86CBA4278
                                                                                                                                                                                                                                        SHA1:73AEC30B5428C3F0E10CD9B98FF4C19A2190CAAB
                                                                                                                                                                                                                                        SHA-256:83F8910AE3F0D1B95AAD265A42AF82012BBE88476842B71F768D3EB5ED0D2316
                                                                                                                                                                                                                                        SHA-512:18D8A69AFE3DCE5074907ABFE81D09C7D9B880D53F912CF19848AC5C4F54F134B75FFB491392EA97A0B240CBAA06402A4CABDA809BD105CF8CCF375EC172ADB3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................X)..O....@..$................>...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.001464127739083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:x6oWJjWtrjP9Z95Xa/rl9qX2Ip4SCjdAA1m5wMt+uKt2MDug2X:x6v0HRKrLy2Ip4SCxf1mltdKtNm
                                                                                                                                                                                                                                        MD5:47510476D42A1E6DD5F9E6CFA8E9D6D8
                                                                                                                                                                                                                                        SHA1:376574A12D975EF0D78F99ADA722D5B11059E712
                                                                                                                                                                                                                                        SHA-256:70E554C0E1D4C4EC7016BA649E141AE58594D413D5A1D90B5AC754A3F44D5B55
                                                                                                                                                                                                                                        SHA-512:9FC00B095BA4A60E0EAB56E6812F35CBCE2D668F409917DE3CE4055A010AC9D8D911F2417421B8F2EADAFF77098E14BBF6FC340795E795A6A87164D3B22D99CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................(.....@.................................H(..O....@..p................=...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.945463408943383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Cqk53/hW3fZ+zWVbrjP9Z95Xa/rl9qX2Ip4WAVgCjdAA1m5wMt+uKU2MDug2:Cqk53M5ZHRKrLy2Ip4WAyCxf1mltdKUN
                                                                                                                                                                                                                                        MD5:4CFB2E34693018E465658F779B0BDDE6
                                                                                                                                                                                                                                        SHA1:2CD83A865FF0BF72F12117BD175231AEC50BF700
                                                                                                                                                                                                                                        SHA-256:0B92293628B413CF914D6E7AD16D6976C307C115EB0B101B2BC9A966C3CF6516
                                                                                                                                                                                                                                        SHA-512:166CB361C2E0AB7E5F570B11EB11AB89888758FD552942D21E5C2A73D94A46308F27DC16A585AC8FE9B410C3D96AEBCF5AD454EE7EDF014F8DE848B2C4D6413C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ..............................D.....@..................................)..O....@..0................=...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                                                        Entropy (8bit):6.855660382428409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MFCc4Y4OJWfOWqWWOWdrjP9Z95Xa/rl9qX2Ip4+FTjdAA1m5wMAvru4LTWZIjBsp:ICcyCzHRKrLy2Ip4+FTxf1mlA6PZHp
                                                                                                                                                                                                                                        MD5:798570CC1DB66CC342FA38F275D75D4F
                                                                                                                                                                                                                                        SHA1:819D8F7806C26ECCF670D593AB9660285ACC8FC9
                                                                                                                                                                                                                                        SHA-256:E823C5C674318872ADFD5F9E5FBB83965E7F5030ADF24292D7EEFF5E53184606
                                                                                                                                                                                                                                        SHA-512:175005A2D32C2BA628108484CF1E63DCD23EBEEDAB2B500E08F75EC5276D3AE9F7AB62DF2FC3EE15F4657E9F3B2927FB0B5CE21A5482DBEF750EBD7DC09F2CCE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................>...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.016242383612687
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nAWxMWQrjP9Z95Xa/rl9qX2Ip4L/nCjdAA1m5wMt+uK5v2MDug2:nv6HRKrLy2Ip47Cxf1mltdK5vN
                                                                                                                                                                                                                                        MD5:08E3E0F118B430982B94ED6ABB25382B
                                                                                                                                                                                                                                        SHA1:406F98E588A9F7EECEC07792B851C452B52E1B75
                                                                                                                                                                                                                                        SHA-256:C3E6DDACB8D0B505BFE81CF063FD9843DC7173AAD30C9E6DE3D46F9CB8771DA4
                                                                                                                                                                                                                                        SHA-512:D921C2E8DB77B9A1ECE0A59412A9D4199076886AF88710B53CF9D68DDD6DEE8EB0AB6748860EDD62A1588D7EC7CF5F7978A6E858179A29AAA52C4A5DA52506A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................`....@..................................(..O....@...................=...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):6.995066534914386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:8AlcWHaWZrjP9Z95Xa/rl9qX2Ip4jlRCjdAA1m5wMzsPugRt:19jHRKrLy2Ip4BRCxf1mlzzgRt
                                                                                                                                                                                                                                        MD5:278F5B46B1C9E6109A65CA5FBE594A89
                                                                                                                                                                                                                                        SHA1:E6648323BA045947C0411419F621E83BD7D223E8
                                                                                                                                                                                                                                        SHA-256:F18350E20E583009BE9D758EBC998158BF4BAD6E68D4B19CBADEC6898156C36F
                                                                                                                                                                                                                                        SHA-512:346B0E93EB8F15B78A3BD3995A8C708041BEA40EF6925DEA2898D6339A2C426E7A298CE618F6E068CA20F1D50659393E6F93261256BE7E6EC3995BB6806EE309
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................n.....@..................................(..O....@.. ................:...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.947354078253707
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9lIZnWlNWErjP9Z95Xa/rl9qX2Ip4pX9CjdAA1m5wMt+uKE2MDug2:TUyVHRKrLy2Ip4jCxf1mltdKEN
                                                                                                                                                                                                                                        MD5:4A8846936A8E09232C82977B877A9B20
                                                                                                                                                                                                                                        SHA1:7FE242D157DC0B3D0627CC94390C90CF44B09D8D
                                                                                                                                                                                                                                        SHA-256:E8D49993C6FD98CE6B356D9EF3F8866214D08F900899453A254015A8D4069333
                                                                                                                                                                                                                                        SHA-512:7AF5B55A38A7A93558DD7BC4B15CEA22AC9639148FDA5E9F50335C2F5A98A24A39DBCCB3BB09D13066CF2F4077F1159A03402608FFD24319FFF73C22976FB4D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ....................................@..................................)..O....@..P................=...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30344
                                                                                                                                                                                                                                        Entropy (8bit):6.663317009056621
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:eQq33333333kX+TBi8xHRKrLy2Ip4JCxf1mlzzd:xu1i8xHi/9efIPd
                                                                                                                                                                                                                                        MD5:D1DA0724F22A4FBCB7758EB7EF38696A
                                                                                                                                                                                                                                        SHA1:0E798048BE830BF25431469FDE0BE7EC4F487AF0
                                                                                                                                                                                                                                        SHA-256:666841D9F5BC6AE09A49DD1489CED8AFB992BE962A86FC59C4FA0D1B371FF9D0
                                                                                                                                                                                                                                        SHA-512:F88EF2B992DA027257D73D75A124F20BA94A09DB95211DEA42E22D3FF43B3CB2039EE7B1060357B9ECA08483866D76106D26D5F09AAE04D526F40F6E022574D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<...:..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.DirectoryServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):114832
                                                                                                                                                                                                                                        Entropy (8bit):6.2259167984140324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:j781mqR5JriAGnUKh17T6glQ6xBIwNSB:vu5wAGnUM1ZzPIwN
                                                                                                                                                                                                                                        MD5:8464F5D99D9A00AC125A48F656867B61
                                                                                                                                                                                                                                        SHA1:011DCBF2DB20C8A67E552FAC80C49208F17BA80C
                                                                                                                                                                                                                                        SHA-256:5F755B209F31B531796CAF3FAE5CB018E402A3431E51F5C56A482F10CFF2148C
                                                                                                                                                                                                                                        SHA-512:B114379487EC341B13F2F5A0B7F1BE00A59C4151CB4F58A414BD2396CD3821D66D020C8EBA6160EEDBDD4D5FAEE3DA0FC21E865AD7CC89AA1EFC67A3104D4CFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....W.........." ..0..|..........j.... .........c. ....................................`.....................................O.......h................:........................................................... ............... ..H............text....{... ...|.................. ..`.rsrc...h............~..............@..@.reloc..............................@..B................L.......H........&...................j...................................................................0...........0...........0...........0...........0...........0...............0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.993611820038077
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J28YFlXulWY/WKrjP9Z95Xa/rl9qX2Ip4Ee2XLCjdAA1m5wMzsPuHi:J0qRHRKrLy2Ip4EL7Cxf1mlzzHi
                                                                                                                                                                                                                                        MD5:C26D67F215E17C4173AD7725DE4A9130
                                                                                                                                                                                                                                        SHA1:C65379A9B92ED71511EA5F7E2393BC0D00ABBE15
                                                                                                                                                                                                                                        SHA-256:3DD500CA615786015FEBCB9A7B6F2BEC1C19D24FB90AAF810831D772FA18F959
                                                                                                                                                                                                                                        SHA-512:3C7F5C1F66873A5112E5262FE514B7FC5F3397B18EA27A66FEF2DA9351AED081F8B7548F5128859B8F566689D6AEA14C1920D12DA0B638C6CCDA2A0950D529C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................:...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.895040972202649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VuMLcdQ5MW9MWfrjP9Z95Xa/rl9qX2Ip48DS/CjdAA1m5wMzsPu:EOcSpzHRKrLy2Ip4LCxf1mlzz
                                                                                                                                                                                                                                        MD5:79D4D3FEF35DE357C3E9B0DA22230BD7
                                                                                                                                                                                                                                        SHA1:130063A58B3CCCD4EC889D8C0347E7521E8DC160
                                                                                                                                                                                                                                        SHA-256:8485B02BC0A877B2719652935FE4B81F83B05EBB7444CF373D35153A0936C32B
                                                                                                                                                                                                                                        SHA-512:7144EFF5D1311B03BE4D5A713399FC8B726ED896A5B624704E249781530F20EFE08880CC855A718EAF2E7BCD03C5920FE09E87C444D676367AA11DA20971807B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ..............................h.....@..................................+..O....@...................:...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.961688394250093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VZ7RqXWDRqlRqj0RqFWOrjP9Z95Xa/rl9qX2Ip42STjCjdAA1m5wMzsPuo:z9qKqjqjuq/HRKrLy2Ip42SPCxf1mlzU
                                                                                                                                                                                                                                        MD5:368EF630398E8653410CEA57695551EA
                                                                                                                                                                                                                                        SHA1:0D20730CCE83B5DFB7B22821E44C81FDB5411630
                                                                                                                                                                                                                                        SHA-256:C68B619757B9F5B7662F4E93A242E1A4181EFAAE4365DB394DE97C5C9731BB04
                                                                                                                                                                                                                                        SHA-512:1CD4963673C882E64E0D4E80A155790EFFEAAC4B298A3DFAF20F3C65759FCA3C68CD40D83AF6751A8BE68E8D5594BCFD2F910727BD49B3C06F9F8AE3E125EECA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ...............................S....@.................................X*..O....@..P................:...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25472
                                                                                                                                                                                                                                        Entropy (8bit):6.806988625442559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:3vMhF2SzNzwu/NljuQHRKrLy2Ip4wCxf1mltdK1N:3vMhaKRHi/9BfI/K1
                                                                                                                                                                                                                                        MD5:998B608546A2129C7A0A6250E23BDA86
                                                                                                                                                                                                                                        SHA1:BF519F3A049F7FD131486E17592FAE69E80718A0
                                                                                                                                                                                                                                        SHA-256:2CC4C989B76BC93251881273E8274D0D5F4B3FEEA67F04A69FFC707539AF41C9
                                                                                                                                                                                                                                        SHA-512:9CF2F2955B35D5DE925903FCED9F1DD9995CFD721B47FD15DD724065856F0D628838CE1CB296C1300B820E6DBFD74870CE919A972DD0B1A1413ADB99A8757408
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...=...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Globalization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.025957682532363
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EZ4RLWdRfRJ0RZW1rjP9Z95Xa/rl9qX2Ip43CjdAA1m5wMzsPuREx:EZK0pJumHRKrLy2Ip43Cxf1mlzzRW
                                                                                                                                                                                                                                        MD5:9E68EF9807635098495C4691027E2894
                                                                                                                                                                                                                                        SHA1:A51F0061A74A95F80E75DB502A76842C4C6B6FB7
                                                                                                                                                                                                                                        SHA-256:A88DD60478376843166145F91ED97D4BC1047ADE4769BAB4EBB7E14570117A3C
                                                                                                                                                                                                                                        SHA-512:31A98EE8EC3D6C1F55AE55E7B90E71AA3B1B42CD5CFB1ACB9DE9109D7FA166E1ECFD505DFE14E7A03839B57858274972887A0370A916A38975EDD29564A5058C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@...................:...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.961301734790314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4YWsmWVrjP9Z95Xa/rl9qX2Ip4hv9CjdAA1m5wMt+uKQ2MDug2:42DHRKrLy2Ip4h1Cxf1mltdKQN
                                                                                                                                                                                                                                        MD5:36F75710F33734896D90F65CAD7C2AD9
                                                                                                                                                                                                                                        SHA1:44F39226CDD1F55F1E5AFB13ACC1C24CC88E8AEC
                                                                                                                                                                                                                                        SHA-256:40F80C59D227234209E372CF13B68CB68F1DD60903BBF2AD402086174E62645B
                                                                                                                                                                                                                                        SHA-512:69161D15DBD399DBF0F5F1C2BCB20C4518B37F5E13A06C2B7F0C8AA97306946F83DFB1FDCCB59018FFE6CC4BEC11C67B00151601C5047CC3BF29A0DC19947802
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ....................................@..................................'..O....@..@................=...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.Compression.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):110464
                                                                                                                                                                                                                                        Entropy (8bit):6.4473067267179065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:7vc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXlHi/9ZfI/KYX:bgk1tiLMYiDFvxqrWDWNoJXZ
                                                                                                                                                                                                                                        MD5:DAF3E5DD2EE18B843AA7AE7EA626707F
                                                                                                                                                                                                                                        SHA1:415F56AB834B4C6154B508929AB45869C08C8153
                                                                                                                                                                                                                                        SHA-256:F061FE1B914A06B26B286E0CF240504E906F3A2E84C1568B5155C9595B0F4C2C
                                                                                                                                                                                                                                        SHA-512:E7AAEDA753427CE2BB5744FCCA75B54FA9DD5194BC4455A6B2782845DCE3AEC674155A141AB836E2AABD043117FEAAD0E5A92F006A196B6763A27DDA06373C61
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ....................................@.................................5W..O....................r...=...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.004024120526974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:gKcuz1W1cWcrjP9Z95Xa/rl9qX2Ip4Wo2CjdAA1m5wMt+uKf2MDug2bK:wu8CHRKrLy2Ip4oCxf1mltdKfNJ
                                                                                                                                                                                                                                        MD5:AAB985F9BAF075B8FEF0A285437B1C2C
                                                                                                                                                                                                                                        SHA1:B6F26238DE84C30244BABCEEE9E5C23B4957B1BE
                                                                                                                                                                                                                                        SHA-256:6EF4FB27066AA0F4B84E94912F1B4E39F2FB6DEDCB46CE9BFF8F07C9B7B452CB
                                                                                                                                                                                                                                        SHA-512:A737B55AA4F4B670B418A87BF7AA75C59600DE61CB56A5BACF6FB84AA120D866AEEDDB6448719C486CD03D2CD7F47FD8B08710A72E864BDF440D6F4691806F09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................I....@..................................(..O....@..P................=...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015928217476137
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:1+SWikW2rjP9Z95Xa/rl9qX2Ip4yTjdAA1m5wMBq5ul0Wevfh+C2:1+eoHRKrLy2Ip4yTxf1mlBqsCvJ2
                                                                                                                                                                                                                                        MD5:E73A79701E00DFDE3FCBC7BE60AB6031
                                                                                                                                                                                                                                        SHA1:1B3966632B3292C7DE09A6496AD7AA5A41068245
                                                                                                                                                                                                                                        SHA-256:073592FE8FBADEAFD388CB9327C462C953C2D844F252B170B87A4150AFC92263
                                                                                                                                                                                                                                        SHA-512:BCEF67565C355549131942FFE4F808508D301E395EC127C5E68C3B944A34C2FE5EA8F3FAC15536BA11BDFC5A7A81FE4E6B8984B60FF3FE9BFA8A7C0D31ED2DDA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.033515096452303
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GAWzgWJxrjP9Z95Xa/rl9qX2Ip4SbJnCjdAA1m5wMzsPu:GtLHRKrLy2Ip4SRCxf1mlzz
                                                                                                                                                                                                                                        MD5:16FE78EDC4C2B0435ABBD8B57BFF1683
                                                                                                                                                                                                                                        SHA1:E9E1797801F0CDEAC79520795F3405774599F4E8
                                                                                                                                                                                                                                        SHA-256:D87BAA2359DB3584B098ABD3D376B2E7B00DF21FD2408DED9F5CC4195B27D5E5
                                                                                                                                                                                                                                        SHA-512:2B13B83707E43C8553EAE1056DCDBB433ECE88A1E9F92910E00448F502B2AEA3B361A4350520CF8F6CFD73967152013EDA3237617BE110C5F6818E96B34F68FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................p)..O....@..@................:...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.FileSystem.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.010993463774131
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UBLRWbYWfrjP9Z95Xa/rl9qX2Ip4JCjdAA1m5wMt+uKd2MDug2l:UB2XHRKrLy2Ip4JCxf1mltdKdN
                                                                                                                                                                                                                                        MD5:627658C98D56F21BA4B4869528DF47D0
                                                                                                                                                                                                                                        SHA1:B1BFD69286D77C5C39D90A06DB1AF4C9724A4735
                                                                                                                                                                                                                                        SHA-256:DC09C0286397AD1A567F5C45ED279C2B2F68BD9775CBD20638A388D848BA8C4B
                                                                                                                                                                                                                                        SHA-512:86D2C7E69C99D62EBDD40DD60AE50E8F622277803266056C246E2E8EF4EA1086846BB96879533F6425CB3C1ED671B1783CEBF298CCFC0817259FCBFA6616B3C3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................h.....@..................................)..O....@...................=...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992158648190345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:XHW4/Wh+rjP9Z95Xa/rl9qX2Ip4Bh3ZCjdAA1m5wMzsPu8z:XrEWHRKrLy2Ip4vZCxf1mlzz8
                                                                                                                                                                                                                                        MD5:4D5FC69F7C0B4A69AC7DEDCBACDEE8B7
                                                                                                                                                                                                                                        SHA1:D239969D823374B41C5A0B2C51620E559C4351AC
                                                                                                                                                                                                                                        SHA-256:F86BC2D92EFDF25991B67D96572581FEB3985880ADAD2C10556B550A10295ED2
                                                                                                                                                                                                                                        SHA-512:E4D29A2085968A6CEFEF7BCB5D25D6F18DBD238D406C5F9B9DB447C6C0DA79A14335118C0AAD6AE012133543B25F882D9DAFB4AA1FFDDEB51192472930257EF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................Zi....@..................................(..O....@.. ................:...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.044497037369271
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Ovk7hWmCWJrjP9Z95Xa/rl9qX2Ip4jTjdAA1m5wMAvru4LTuZIjOz:Os7/7HRKrLy2Ip4jTxf1mlA6vZ5z
                                                                                                                                                                                                                                        MD5:12CF683B4FC3D703092F203EAD04168A
                                                                                                                                                                                                                                        SHA1:830F120CB51BE0536E04D3D4A5E5495621EB06BD
                                                                                                                                                                                                                                        SHA-256:8A3C25B70BC1F5C9481E6D1F9E1F22E7FC3CEFCFEA5FA156258720063551BC37
                                                                                                                                                                                                                                        SHA-512:C87BB035026A50256F7DA00EF144D6F6201519ADAA82809F388A18A12A2EB357586108088E25A84587D314250536BD54446E8438F6F18DB18842F83F793D4112
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................h)..O....@..0................>...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.Pipes.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.006094828452657
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dGMWCUW4rjP9Z95Xa/rl9qX2Ip4N+CjdAA1m5wMzsPuT:d36HRKrLy2Ip4kCxf1mlzzT
                                                                                                                                                                                                                                        MD5:14E892A0E1F04DD40F0BF129EFB0D170
                                                                                                                                                                                                                                        SHA1:5A79D45A7748065D9EF2ECE5E19E919625A34450
                                                                                                                                                                                                                                        SHA-256:A394584966884F781A52C0EBD04AFCC76B3B9B64B3E271E25EB645D272A6EBF5
                                                                                                                                                                                                                                        SHA-512:642DF58022D04794AF4ADF8C11E24D037E96A338BC4C587076DFDFFED7E7D8B4AFB319236A28BD1127FA2D5026705724C045E56FA801DDAD42480A56991F5947
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................,.....@.................................@)..O....@...................:...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20888
                                                                                                                                                                                                                                        Entropy (8bit):7.0015647853208876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cBhwI7WSQWzrjP9Z95Xa/rl9qX2Ip40JqjdAA1m5wMRv3cquhqjlLb:cDwIBjHRKrLy2Ip4uqxf1mlRv3cZhqj
                                                                                                                                                                                                                                        MD5:D44D5DD154CAD3B1C6B9ABB5DF068DDD
                                                                                                                                                                                                                                        SHA1:81969B84137CC13E83D58ABC70341B05D1FADA1C
                                                                                                                                                                                                                                        SHA-256:8667D8765649E1F7BF3DDB72A3C1BD69D21B797D42BEBBC472C1DEACD8353C6A
                                                                                                                                                                                                                                        SHA-512:B30C1F8BA6872E477978321BEB0B3AED75E78F3DE96878EE1A315E236952D68F44C25328AE415C9CE092561E0E35DA9A2398BA3586B3B0697E497B46E8F19D1F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................=...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.IO.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                                        Entropy (8bit):7.0141346287170565
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6yvPRW4lWtrjP9Z95Xa/rl9qX2Ip4OCjdAA1m5wMt+uKZ2MDug2E:/39yHRKrLy2Ip4OCxf1mltdKZNX
                                                                                                                                                                                                                                        MD5:9FF070C6EB7760F09DB611BD2F5B318A
                                                                                                                                                                                                                                        SHA1:6F481AF69D8A7BD589C1BCA7CF3E4D60AFDB6E56
                                                                                                                                                                                                                                        SHA-256:35770C71A9F9FB00A1670FC84C4F2F3F8EC4D9B916B989797AC2617D12A9B234
                                                                                                                                                                                                                                        SHA-512:5AF364BB4016F9283287F3F4FDB7B672338A750AA50828FF5366CFB5726CC9658465C1B0405500EBFE4803F26A53960DAAA2D9F171072F809546F12C22FBB10A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................v....@..................................)..O....@..................x=...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Linq.Expressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.974962300073246
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:96RW6eWSrjP9Z95Xa/rl9qX2Ip4hUTjdAA1m5wMBq5ul0fvfh+7sA:967iHRKrLy2Ip4mTxf1mlBqs4v7A
                                                                                                                                                                                                                                        MD5:8785C40B625CB1CA0EA659E020A7E6E7
                                                                                                                                                                                                                                        SHA1:4D3F0F5D090C0A0C203F5768029C527533475263
                                                                                                                                                                                                                                        SHA-256:7788B97CEEC5516732CA7D9B28811510406834C7C2CD61B61FE43218806C2B08
                                                                                                                                                                                                                                        SHA-512:64D1F2BECFDA8D4CC7E272BD31D3ADB8BC305A8765E20F8BE92F96E540EE84F3BDDBB0E1F4533640FCAE3C42E83B994E33F0B249593810246F9EC8A1199DA9C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ...............................0....@..................................-..O....@...................>...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Linq.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.014336643161851
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xSUP9W70W1rjP9Z95Xa/rl9qX2Ip4zRQTjdAA1m5wMBq5ul0dvfh+Q2eE:4UeNHRKrLy2Ip46Txf1mlBqsSvkr
                                                                                                                                                                                                                                        MD5:C0D9607847BAA5B0CCAA5665B1EA0CE6
                                                                                                                                                                                                                                        SHA1:F10332D5D80917CAA332291B9995AC3435FFB268
                                                                                                                                                                                                                                        SHA-256:358F5A8DC2E4D95D833E07425624450700157AC0193B43DEC899363777A2CBDF
                                                                                                                                                                                                                                        SHA-512:BAD4B3FBCDF7D675790BAC05A66AF1D3E8954370E9C40491C3693EDB069788ECE42D22CD1962E74DAD6D44CB32EFA6BDE7D7C1CA36C7549D5BB4EBE6853FF080
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................V....@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Linq.Queryable.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.009137368657855
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:38yg07W0/W+rjP9Z95Xa/rl9qX2Ip4YTjdAA1m5wMBq5ul0svfh+5w:3BHZHRKrLy2Ip4YTxf1mlBqsfvr
                                                                                                                                                                                                                                        MD5:497A902D35AB8232116EE89D21E38D66
                                                                                                                                                                                                                                        SHA1:C4822D2D2B4B4C4F42AA8476C1B079CBE826D0AC
                                                                                                                                                                                                                                        SHA-256:89CC50C586627CBA755433C5F5553523EEBD098CC62390CF7DA3B01488301603
                                                                                                                                                                                                                                        SHA-512:2E7B6C5AC6F3B5B1D66E42BE50CBC1E0892D0802B5ACFB56FC4B9CC9722792AB16E192B395CC4936E5AA2C1C6E9E25C3997F2A3FEFE736141B77AFE0BF3B6906
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................(....@..................................(..O....@...................>...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.976370301041513
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:We1WmRW/rjP9Z95Xa/rl9qX2Ip4cqCjdAA1m5wMt+uKz2MDug2W+:WejkHRKrLy2Ip4NCxf1mltdKzN
                                                                                                                                                                                                                                        MD5:B559A8455E4270263625C155F0686265
                                                                                                                                                                                                                                        SHA1:67931AF4D0813B6827FBCA1944632E2771CF606E
                                                                                                                                                                                                                                        SHA-256:FB0B1D70F997EAB63CAA50A41CB3E164456DDB26C17547E1C874C881CFC156CA
                                                                                                                                                                                                                                        SHA-512:125BD456B80904A7CD4DA64B516FC2DDF1DAB1912984BD91E3101BDCE9EEBDE6B31BE644999BC2BF83604DEA1033D6D6B7B2588A013B3B55F7CE705B575175A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................1r....@.................................p(..O....@...................=...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Http.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):198144
                                                                                                                                                                                                                                        Entropy (8bit):6.163642467505993
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgNy:cW60VcTvakcXcApOL
                                                                                                                                                                                                                                        MD5:A6305F8C82C0CCF2D0BE25887BCC625F
                                                                                                                                                                                                                                        SHA1:BEEC702FCDA79322193BA4207F82924ACA0BB364
                                                                                                                                                                                                                                        SHA-256:9A1ABA67CD581E40A4DAA2BCA86276F5568608D011D0D2070BB83D76F80E4E77
                                                                                                                                                                                                                                        SHA-512:281FCFDB90E45DE12CA91EDBF9BADA4FCEA64F1416C37840F2C5D7F1AD55B14BAF23EB8C7124475A027AC7715FB9828249DAEF8F4E6519D12C801F49166199BC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ......P ....@.....................................O.......h................>........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.NameResolution.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.983124585784105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:g6ZWYLW6rjP9Z95Xa/rl9qX2Ip4q31vcCjdAA1m5wMzsPu9:g6l1HRKrLy2Ip4q3JcCxf1mlzz
                                                                                                                                                                                                                                        MD5:BC3F5D6D722774A570B3A1DE58E2EBBC
                                                                                                                                                                                                                                        SHA1:C579AEBDFDF288064705CBC2F1AD178E258AF039
                                                                                                                                                                                                                                        SHA-256:BC53C02FA05BCBBB8144E6D9B8AC036362332EED3B67A6FDA073C2D015D86701
                                                                                                                                                                                                                                        SHA-512:ABFE28100E4603F6C48AEB9C8E7F8D2C6559B533E566DED65A69B489C96D275A0137AB29CF43718972323E763B98B77273D30A8E1C6D64654859F03E9CE6766D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................R....@.................................T(..O....@.. ................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.940990717284523
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:A1W1WMQWvrjP9Z95Xa/rl9qX2Ip4zq7CjdAA1m5wMzsPuG:b17HRKrLy2Ip4zsCxf1mlzz
                                                                                                                                                                                                                                        MD5:360717B2996F9A21186CB6C6333015CE
                                                                                                                                                                                                                                        SHA1:D0EFE923ECAC3D152F0B34EBC693EC85D7A13092
                                                                                                                                                                                                                                        SHA-256:A13B2B226C3153B81D12DBC33A9966030D9330069FDDC9A474D35408AA452E7D
                                                                                                                                                                                                                                        SHA-512:CA010E618AB0EEFFB38D825A66FE90521EBABDDD8A91E8F04EE512D43C9910E84BE74FB759F64484D42B2E343BACAC33903F3BBCB0A51CC45125D1430B2C02B5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ...............................G....@..................................,..O....@..@................:...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Ping.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.9839807358827395
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LdSWSKWIrjP9Z95Xa/rl9qX2Ip4YOCjdAA1m5wMt+uK42MDug22:ROcHRKrLy2Ip4YOCxf1mltdK4N
                                                                                                                                                                                                                                        MD5:A96BEA342F91D186767C7A03BC6D3A65
                                                                                                                                                                                                                                        SHA1:716D819F7DA2893C5265836EC11BE33951413F29
                                                                                                                                                                                                                                        SHA-256:0E7B4A7119FD0E19DB10BD9E3C9B7BC76486BDC88C5BC24CCE3B0CEAE5AF7EB4
                                                                                                                                                                                                                                        SHA-512:CC6E1CCABCCEFC8513395A5ECC3DBF03F539C6E5DE513283946D0FEF1FDD4789D223CC368F8A64DF38B6943B2165B5E1E7AE96324E515C27CA6C9449B8928C2A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................A.....@..................................(..O....@...................=...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21888
                                                                                                                                                                                                                                        Entropy (8bit):6.917946536927677
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EJEYA2WkIW8rjP9Z95Xa/rl9qX2Ip4/CjdAA1m5wMt+uK82MDug2T:EyYA8CHRKrLy2Ip4/Cxf1mltdK8Nu
                                                                                                                                                                                                                                        MD5:78AE99457050BBE396A1AD9F4369B093
                                                                                                                                                                                                                                        SHA1:35DED67BD7D99FA6E561ECC19BE92E96E4A7C32B
                                                                                                                                                                                                                                        SHA-256:3B0A67438822ABDC4BD07B61CA4E7F089E235885F1F98B72F0A10EFF9F7165A0
                                                                                                                                                                                                                                        SHA-512:0C1808D342F1A9F2E5145A55E02A48487D40A1F97FAA36D6853870310F728461C3D53F178C5E55000F6CCC132180D4F1FB033C814B1ACB1ABFFB5728E45E6A47
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................u....@................................. ,..O....@...................=...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Requests.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.024383643761439
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3JGWe4WKrjP9Z95Xa/rl9qX2Ip4vTjdAA1m5wMBq5ul04vfh+7L:ZmgHRKrLy2Ip4vTxf1mlBqsHvm
                                                                                                                                                                                                                                        MD5:07D1968A9D4796A602BDD87D1DE640DA
                                                                                                                                                                                                                                        SHA1:032E8EB6C6ED8802F444C1A3AF213ABDA6680C2A
                                                                                                                                                                                                                                        SHA-256:FF56F726AD14116AD4760AE1211A916B177B1796CC5CFA9C1AFE53A25DFF0306
                                                                                                                                                                                                                                        SHA-512:0D860913063F11CD5E17F78AFC48B7E11094AA3C5937CC5BF492DD4443A122E293AFACA9C6A4128C8BA6256AC96EEA9C8CD93F11FDA5C6525642F15CCBDBD98D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................B.....@.................................0)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Security.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.949503664344784
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BdW1w3WesWorjP9Z95Xa/rl9qX2Ip4kjBdCjdAA1m5wMt+uKu2MDug2:e1wx2HRKrLy2Ip4k7Cxf1mltdKuN
                                                                                                                                                                                                                                        MD5:67F5D9F0420089641C4A586F67E4AD8E
                                                                                                                                                                                                                                        SHA1:46F305FAD2BC4394E204285D115C99911F0BD2CC
                                                                                                                                                                                                                                        SHA-256:6DE73632E3B5C91C65A8EF22D0DCDEFD5F4D79401D6106AC45EFF9FF62308452
                                                                                                                                                                                                                                        SHA-512:3EEC96DC2D36CAC18BEEF1E84822D25B2F4CD871FA53CC9A7D0919A450BE07D4E50AC1B2BCB76ACFE106D59025AA20311C8A7D3DB4D3F6621140F5030CC4088F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ....................................@.................................,*..O....@...................=...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.Sockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.767793329723504
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Nyp12Bhkg3qnV/sPMHRKrLy2Ip4ATxf1mlBqsQuvEk:y12zkg3qV/sPMHi/9MfIQs/D
                                                                                                                                                                                                                                        MD5:536E8F3C34410C25A83952179FCA8862
                                                                                                                                                                                                                                        SHA1:137C88DCD584D0741994FAA263B47359D10C018B
                                                                                                                                                                                                                                        SHA-256:730C10E5A6ACB38DD0D58B4EC4A296D609392385494EBBC77D064E60833EF99D
                                                                                                                                                                                                                                        SHA-512:96CCC78A577BB063ECCC91562E368C114845F7ED60207E95867DAD75ADD6EC261750D5EC9A2E44521BEE94DEC90D791BC97505C1B4A41835C11669E4A5C8A498
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ..............................`"....@.................................gI..O....`...............8...>...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012312379517373
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yHPAW1bWjrjP9Z95Xa/rl9qX2Ip4IN3TjdAA1m5wMBq5ul0Qvfh+C:qrWHRKrLy2Ip4I9Txf1mlBqsXv7
                                                                                                                                                                                                                                        MD5:093EEEDB8C88A75C6A4EFFC1424552FC
                                                                                                                                                                                                                                        SHA1:91B63883B48FE79F7FDC5276DB4875272EE8A8D3
                                                                                                                                                                                                                                        SHA-256:FAC3EE2E6DD6ABFEBA4043F69AFD6D8761CB96763DE2B4CBA0567E61220E8D21
                                                                                                                                                                                                                                        SHA-512:83BCBFCD0A5E5B0C37C52E25E9B4ED4821670D65FAFAA42F6807B683533BE9110E196C57F1B435A16C2373659BFFF5B1FFF4E11ABDA0C69A0B861AB4D4A9A8BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.990449962762576
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KNoqWD7WPrjP9Z95Xa/rl9qX2Ip4TaCjdAA1m5wMzsPu:KNofOHRKrLy2Ip4mCxf1mlzz
                                                                                                                                                                                                                                        MD5:FCFD3EDDED347FC06BA08FD9A4874E0F
                                                                                                                                                                                                                                        SHA1:8869063AAF7EBB264E3C8D8CEA1933364A9FE8B4
                                                                                                                                                                                                                                        SHA-256:3AC4F6D4D123671D92CCF1C70D594CF0DDDB20D10658E494994D23E686EFC5AB
                                                                                                                                                                                                                                        SHA-512:C6DCC2D0D280320F13E7212B03D672803F2DE684F98153DF9371777D403CDF2E328266858E0A3371E5E7C1572F3E9863AEC07E1C6FBE54841DD45FAE85BCAC55
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................-(....@.................................|(..O....@..@................:...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Net.WebSockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.016070802680104
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cGETSAWUEWIrjP9Z95Xa/rl9qX2Ip4dtaTjdAA1m5wMBq5ul0nvfh+4:ST1CHRKrLy2Ip47aTxf1mlBqs4vt
                                                                                                                                                                                                                                        MD5:48A9F245C1FCD9CD421526374C8FC42A
                                                                                                                                                                                                                                        SHA1:78D5DB17A57F476CD8DA8BE5E9AD8721CFB2638B
                                                                                                                                                                                                                                        SHA-256:C2D8D7D77B50991327DC9940B896306AAAA7A63D682EA708BB48F12EBAB1CE6D
                                                                                                                                                                                                                                        SHA-512:D038949B35F84ACEB6F405FB389820EC3241E712797C82F1E4FAB1E0F5734FF715DF24677ED81F67F5B5A67201ED4AC073D4E9CAB681EAF0EF808A9886560F6F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ObjectModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.985562996876628
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:lcDagtDApWSKJWnrjP9Z95Xa/rl9qX2Ip4FOCjdAA1m5wMzsPu:lPKBAHRKrLy2Ip44Cxf1mlzz
                                                                                                                                                                                                                                        MD5:3B88B9BE220E36D7F8729B488EE4F6DC
                                                                                                                                                                                                                                        SHA1:34BE6187882F312305C45D440BF427CD695013CA
                                                                                                                                                                                                                                        SHA-256:B0C016655C302D3DC25F369D6087D669B2D4EDC05CA48AAF9CBA48EF239DF41F
                                                                                                                                                                                                                                        SHA-512:5F1F48A77F4A46C4BD5275F5466AB24E830C965A80400C7CC314A888D904A90254E335BD9A0F7B08ABD9451DF4CF0E3B2966A99C3EA05C7A8FE3F9F228BED8BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................:...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.004484897309742
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fIWD4WPrjP9Z95Xa/rl9qX2Ip4dCjdAA1m5wMt+uKA2MDug2GwW:f1/HRKrLy2Ip4dCxf1mltdKANP
                                                                                                                                                                                                                                        MD5:1D5F9A52D4F45D8A9410EAEDADBA77EA
                                                                                                                                                                                                                                        SHA1:EB5A23D3842F1BDFC074D9A0D47DBBFD8AA71771
                                                                                                                                                                                                                                        SHA-256:A531CD972442CF7A6C98446EC3CBB607B8F147B2DD762C97B2D4AA397DFEF300
                                                                                                                                                                                                                                        SHA-512:730CE31E52EFAE2882394552F7A8DE774C4E0887764CC0DAE5308F7F18D81D6FE5930106563D7AFCC7232216ABA444ADA618BB4A13FAD75C14D8E364A6C528AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................=....@..................................(..O....@..@................=...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.956883982952257
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iMWzQW3rjP9Z95Xa/rl9qX2Ip4UoOTjdAA1m5wMBq5ul0Vvfh+1f:i57HRKrLy2Ip4UhTxf1mlBqs2vif
                                                                                                                                                                                                                                        MD5:FD2AB5130049284E205256F6D21B4FF9
                                                                                                                                                                                                                                        SHA1:F5BCB68D775ED244205716AA2AF6BFC31C336DFD
                                                                                                                                                                                                                                        SHA-256:45E8FFB0FDF3B114E717333EA544E8438DE146778A7CFF9EEA1E39063E538011
                                                                                                                                                                                                                                        SHA-512:A9998074ED4F8FE09D667DDC2B9E8F15C338E07D2C13098F454C95E54610555C18909E8809820C88D1846FA52B783887C9B39030988945B339ED392729E97725
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ...............................W....@..................................)..O....@..@................>...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Reflection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.907071338300692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wxDHKWAMWHrjP9Z95Xa/rl9qX2Ip4bYTjdAA1m5wMQhKuVdRm5vZf:4D8bHRKrLy2Ip4bYTxf1mlQh5VdRm5t
                                                                                                                                                                                                                                        MD5:8A252F1FB85086D035FAD4B976F84421
                                                                                                                                                                                                                                        SHA1:B2BB9B4CE4B6D25B35091B6765AC080D1779CBC1
                                                                                                                                                                                                                                        SHA-256:BB05FA6215A3B9FD9B2EB0F559FE7A30E944F03F07F7D79CDF4DDD7B57DEEE01
                                                                                                                                                                                                                                        SHA-512:8482D445DE1B26EBEE5E486C36C27B3FDFACC09AED8619F66EFF4106CC717EC393D2DB181891F58A6B696053AE8F5E5402F2B9D62AA5F3E0C3494E10CC850864
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...................................@................................. ,..O....@...................>...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Resources.Reader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.993420993671583
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cLNBEW6pWerjP9Z95Xa/rl9qX2Ip4UTjdAA1m5wMQhKuVdDm5vZyo8:cbMzHRKrLy2Ip4UTxf1mlQh5VdDm5UL
                                                                                                                                                                                                                                        MD5:5353D2CC4393D2DE1EAE1A00B7848BB9
                                                                                                                                                                                                                                        SHA1:017ED99087BCE6A35826FD861E555869D3B1550F
                                                                                                                                                                                                                                        SHA-256:5734A2041DAFC60696583043AD4E5613306C760B9F895F80E58C049AB63B7EB0
                                                                                                                                                                                                                                        SHA-512:A856661DB9B3068B6D64F202B1C9C71A0129658CDD6F25C6E3C219A3CCA63AB20C708ED12B6C0FBD17BF6EB13C27A04F6BB8F74DC22040EA3B6D6DFFC9603F1D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.0244524304384015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CKkHKW/tWNrjP9Z95Xa/rl9qX2Ip4OeTjdAA1m5wMBq5ul0ovfh+YV:XuWHRKrLy2Ip4OeTxf1mlBqs3vN
                                                                                                                                                                                                                                        MD5:26478EDBE547D0DBDDCAC468D8A4FAE1
                                                                                                                                                                                                                                        SHA1:FE1B850C11229BC091E725FE4DB6EC379030AE40
                                                                                                                                                                                                                                        SHA-256:ECE642BD2BB8CE7B18583961C68C1F050DC639C7459581CD4E3C4068B6A67516
                                                                                                                                                                                                                                        SHA-512:E4AFDD796F8CA6FFDF2B57B761C78A872DF6A881C30576F36EF5EAAABB58C26C53E9D1B220BE86B9CBED28ECED2E14BB10CA8BC29403A159466E7C6235207286
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................].....@..................................(..O....@..`................>...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Resources.Writer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.978820551680673
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BLnfIWqrWXrjP9Z95Xa/rl9qX2Ip4tf6CjdAA1m5wM36QNuZLQrQY:BDf4GHRKrLy2Ip4B6Cxf1ml36QgZS
                                                                                                                                                                                                                                        MD5:0DC9CCC1D26214E4A95847F7C6335926
                                                                                                                                                                                                                                        SHA1:A7F4E12DBA444C5EEA2624F7A88F77142AAA74FE
                                                                                                                                                                                                                                        SHA-256:A739636CD6CB162D927E6C203F4BA8E9164E5EB44E1AAD9F045470B61CEE39DF
                                                                                                                                                                                                                                        SHA-512:A3DB6DB5710C985B78F3FF706FAE31C797937A3AE5B50439C7C18A2F222000ECF85686C86B8FECE69593972C6A5E1DA327A200ABD8DC9D3DE5E163143066BFC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................B....@.................................D(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.800053693288702
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eybU8ndrbbT9NWB2WTrjP9Z95Xa/rl9qX2Ip4j/TjdAA1m5wMQhKuVd3gm5vZ2:ey5ndvWZHRKrLy2Ip4LTxf1mlQh5Vdwz
                                                                                                                                                                                                                                        MD5:0F9957AD9E020ABF5F3B4B06E5D6B953
                                                                                                                                                                                                                                        SHA1:AF9BD1B21D22421D6B95C191007267393F9FD8BC
                                                                                                                                                                                                                                        SHA-256:381F5473A17720FBED4F960867E9457C035EE22F76AEEBCEB3DBA60009A0B45E
                                                                                                                                                                                                                                        SHA-512:19611204AC5D1A64D6E8726FCBF83DE84BAE8C6C35980D3EBE2711ADF3B219AA39C887197B1CF8369719AC398AB3CC56AF3F0B831BD79D4ED84A17F025894C79
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ..............................o.....@..................................6..K....@..............."...>...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.976445569058889
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:jna8WK1WWrjP9Z95Xa/rl9qX2Ip48YTjdAA1m5wMQhKuVdygm5vZssqy:jna0/HRKrLy2Ip4PTxf1mlQh5Vdygm5F
                                                                                                                                                                                                                                        MD5:5862163035701C1C8C83E0A00EA0A4EE
                                                                                                                                                                                                                                        SHA1:69C1AFAF61FA70CB70EE4E638B610E2350C88001
                                                                                                                                                                                                                                        SHA-256:2CB315BD1C4E9050C35F6DD253C9C499FB4AACB76593240438B2BC56792E3B92
                                                                                                                                                                                                                                        SHA-512:9DD8FE1B96238310DEA332699BBD062EB89924C37C2DB0FB1B7ED0C7AF9A4627A2B8BFEFD3A608449033F401F191C51F5ADF4170A3AE4120F5A3B718195FC51C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ...............................=....@..................................*..O....@...................>...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.9265541297950595
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4BSWITWprjP9Z95Xa/rl9qX2Ip4Iky6CjdAA1m5wM36QNuZL:46YHRKrLy2Ip4Ly6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:806ACB0354C1DE48BB61DF96E2FAD5D1
                                                                                                                                                                                                                                        SHA1:ACC1AE918D897C8BC3279B6C1F6A96485546AB86
                                                                                                                                                                                                                                        SHA-256:AA84EE4FE186F4CCFBCAFACAE30016A8CF877787C56E05CC6B12D9C228E19831
                                                                                                                                                                                                                                        SHA-512:20872A5896FE19C087E9C374410108BDB3074D7C284C2BF7F0CD09DD207E3FE141B1637152C56C98B1F29178604CB43C2804073588D3E03C8AF89DD64B8B49B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ...............................!....@..................................)..O....@.. ................:...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Handles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.024914500099341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:C88cIIWNoWLrjP9Z95Xa/rl9qX2Ip4z/6TjdAA1m5wMQhKuVdcm5vZ97CU:C9cUbHRKrLy2Ip4GTxf1mlQh5Vdcm5P
                                                                                                                                                                                                                                        MD5:1DF480B3EF676A09D9DD11890C70EE66
                                                                                                                                                                                                                                        SHA1:8E827424C2B2766D71A36742501F4B631C34FD6E
                                                                                                                                                                                                                                        SHA-256:D2C88FE15D78332989A507E36EA1A8A2C4CC8B25BE7500C855E9F76D4991585B
                                                                                                                                                                                                                                        SHA-512:4E3FF3B1C6A2402A69A435D207A33E7D504683E0F8FE7F25D6E31EC04B717495F065FC2DBF513F8DDE7C27B520CA864CC501D24E69C247FE1E4F1D8CC92A252F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................2'....@..................................)..O....@...................>...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28160
                                                                                                                                                                                                                                        Entropy (8bit):6.790350767912065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:crmoFmWdO9HRKrLy2Ip44ODTxf1mlQh5Vdkm5n:caEFdO9Hi/9/BfI+vkGn
                                                                                                                                                                                                                                        MD5:562379760F9E686652297B3180E05C1C
                                                                                                                                                                                                                                        SHA1:24B16EC8CF800C81C789E1F279E64CBC55BAC596
                                                                                                                                                                                                                                        SHA-256:24B63A98A0D136BACDD057DBFD173A95C10EFCF706A71A51942741983C383EC8
                                                                                                                                                                                                                                        SHA-512:C60057EB8D985204E0816A397252668F8CCD5170961DDAE052E67E4EAD43F470780D79D6B7602E35455EDC72DBBCEEEAD50241711B87BC3E1DD0FD328E77609A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................b.....@.................................PE..O....`..x............0...>...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                                                        Entropy (8bit):6.86244677413669
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:O09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsz:3OAghbsDCyVnVc3p/i2fBVlAO/BRU+pF
                                                                                                                                                                                                                                        MD5:4B9E6A397BAF62480D1D642C539982D2
                                                                                                                                                                                                                                        SHA1:EFDBFF45B098CE1A36F08D07D4F70B474FB29B54
                                                                                                                                                                                                                                        SHA-256:A602F22DE6691C1ECDE9CB9A186541A60759B87AC3C1FD281BD5E5FF9CE7D64D
                                                                                                                                                                                                                                        SHA-512:DB65D862A86567262FF79009C08139C280CE0912A015351118151E1AB64E5CD88906954285707AEE38E180EAB9B2DBDA1D53F611334EAB1F078992826EDF6F0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ..............................L6....@................................. 5..O....@..P............ ...>...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.98121423453462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:G7W6RW+rjP9Z95Xa/rl9qX2Ip4+C6CjdAA1m5wM36QNuZLRv:G5rHRKrLy2Ip4z6Cxf1ml36QgZFv
                                                                                                                                                                                                                                        MD5:F030F3E4D0EEE23DF31E5C684BEDAD97
                                                                                                                                                                                                                                        SHA1:322FB4F7CFC4BB2DFADC2F71B1216B2A6F82F0D6
                                                                                                                                                                                                                                        SHA-256:37073DA1F5A20BF1FE1B33CCB42F0B29D32196241BFCF1A3A2A70FD601EDF1F3
                                                                                                                                                                                                                                        SHA-512:0AD034960ABDFF4FBF506DAF87CAABB5DE6F79C0394D019FC05A8A5D90D5828FA938E96868DC7E058E04FA8CCD199DD5CEE7900A03008345F791C6DC70417C0B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................>....@.................................T(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.05428802807611
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qI5HeWFwTBsWNrjP9Z95Xa/rl9qX2Ip4JKTjdAA1m5wMQhKuVd2m5vZL:qI5HFwTBlHRKrLy2Ip48Txf1mlQh5Vdl
                                                                                                                                                                                                                                        MD5:799BBB26B86D38A7F621AF8FFFDD8E01
                                                                                                                                                                                                                                        SHA1:CEC6F288C85E4581CB8876733E3EE6681808F249
                                                                                                                                                                                                                                        SHA-256:E6098F2253327D950B81076337EE0B92667EF6508F41F527372F7FCAB57E36F1
                                                                                                                                                                                                                                        SHA-512:AF67B37AE0BBDB17FB0A798D085630904CD23D0E56FE502E4CDE8B984FCCFCFA1CFD82BD7C8BCD20CE2E316568DFA5C49FE34E73EBC4C5393275D40807237E50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................u....@.................................|)..O....@...................>...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.032938959830146
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iAJpVWbfkBnW6rjP9Z95Xa/rl9qX2Ip4scTjdAA1m5wMBq5ul0zvfh+BzR:iAJpWfkBdHRKrLy2Ip4scTxf1mlBqs8m
                                                                                                                                                                                                                                        MD5:A8FFF498E33FFB86C678046527186133
                                                                                                                                                                                                                                        SHA1:A9749F87CF0F7FA8685EFE1F22DCA999C56E6475
                                                                                                                                                                                                                                        SHA-256:B5303D326DC0D0CA787EF8569AAA6F2EB15A73BC0B901920CCCEB00BFE16567F
                                                                                                                                                                                                                                        SHA-512:57AEED077A4A27CD08AC7221A3A1C3D5B938AE07B6E1A9896339651530B9B438C7A5C61BC7C9ADE8F22AC71938240F91F7B8B44818E2469A11124A29E45D9E1A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ...............................u....@..................................(..O....@..`................>...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26624
                                                                                                                                                                                                                                        Entropy (8bit):6.744878476669213
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:W1dyAqgQBfqyTBQHRKrLy2Ip4kWTxf1mlA6RZy:YdK1WHi/9kWfInRU
                                                                                                                                                                                                                                        MD5:CC2E63CBCBB9960B8D20AB217B6753D8
                                                                                                                                                                                                                                        SHA1:792ACA3B73401780A272EB8F0B2AD242E2057C22
                                                                                                                                                                                                                                        SHA-256:8816399ACCD5340398DFE2825666C0EE95CBD7A10A435BE9BF3F4F0C5C42A845
                                                                                                                                                                                                                                        SHA-512:27FE73E2D221E60B48BA5D3876F685C33C656E1D78CB1B2E44DD90C232621B5CCB32D917261D9824D7D9116BF5E6BF5B551D14B540E6AEAE5CAA4CF3AACAC16D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................o.....@..................................8..O....@..8............*...>...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.862001295533237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWIrjP9Z95Xa/rl9qX2Ip4qyTjdAAs:XsPMQMI8COYyi4oBNw4tB4HRKrLy2IpH
                                                                                                                                                                                                                                        MD5:91F23081484BE9044502E179DFFD0B5B
                                                                                                                                                                                                                                        SHA1:C8767E1515A3B453B7E9EA386CD892B6BB9566CB
                                                                                                                                                                                                                                        SHA-256:CB21115EEC55C3B2998D4E820C0B609535660CCA8B8FFBCBF044CD6A879AB2E5
                                                                                                                                                                                                                                        SHA-512:6E202B60FC061D7C1A5B97ECC69381F902EFF7CFD2E61D4C90050190CADB1D0FA72D3492628F543C5E9BAA43E8B664D407BE3AB11F9E0A9B3C5423639BB4B91B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ..............................,{....@..................................3..O....@..............."...>...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29184
                                                                                                                                                                                                                                        Entropy (8bit):6.563794164270402
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nbhigwLAuZtM66g/Id7WVXW0rjP9Z95Xa/rl9qX2Ip4HTjdAA1m5wMBq5ul0Avf0:nbhzkKs7HRKrLy2Ip4HTxf1mlBqsTvBC
                                                                                                                                                                                                                                        MD5:3D4BB4CA05BA61CF938055E75C74E93B
                                                                                                                                                                                                                                        SHA1:688F6D9B94C76CF251632BB61642CBC4BFD973ED
                                                                                                                                                                                                                                        SHA-256:4C4FD044311E64557A9C5D48C86A92D0B7A6C7A3B36B4657762F9EDC0AD01973
                                                                                                                                                                                                                                        SHA-512:297CCF91CEA0E1DF52490A696413BE638B9C66562C703B18EFAA9803FC903D00A116B4335ADA3C586953E4FF936277FAC077687EA19B260C57F5FB95427A01C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ...................................@..................................G..O....`...............4...>...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.AccessControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38912
                                                                                                                                                                                                                                        Entropy (8bit):6.258801189412649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:yTIrKFsESvNsStEpOqPOmizx1qYDpjhHsH5KDs6L5C4ioDElwr1ZWBky351iQHRa:d6lw1IbiQHi/9VSfIQsCq
                                                                                                                                                                                                                                        MD5:C60DB20B29E88958D9465CF180B78944
                                                                                                                                                                                                                                        SHA1:354F0623DD0FD9868B27758737FC25B96C8E0B97
                                                                                                                                                                                                                                        SHA-256:68DD8B93139014803DC11A5398CCAFB1ABF5450635AB4FA6E5DE7C27098ABAA3
                                                                                                                                                                                                                                        SHA-512:E17EA0E31A2F246C096E7D0CC94A6B20789AD2BB3A39CE28A89DC5A310A044F0595CDD1CDBE3CB25A0BD01864D4016AECF277F637E3AB853C078E8067F723EC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..J..........>h... ........... ..............................& ....@..................................g..O.......h............Z...>..........8g............................................... ............... ..H............text...DH... ...J.................. ..`.rsrc...h............L..............@..@.reloc...............X..............@..B................ h......H........#..8)...........M.......f......................................j~....%-.&(7...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r9..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r3..p.(....*2rk..p.(....*2r...p.(....*2r;..p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Claims.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.002325554132072
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:1UcX6W9aWsrjP9Z95Xa/rl9qX2Ip4LKGY6CjdAA1m5wM36QNuZLin:1UchwHRKrLy2Ip4LKt6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:0347D6FA68EF104062D2F03BD2836C51
                                                                                                                                                                                                                                        SHA1:907FEBC4AA739CCED0AFAD90CB2457335CFB174F
                                                                                                                                                                                                                                        SHA-256:5F5BB112A5ADC3D3999DEB912D8C428EECDAAD68CA3B65FE62492B82655D7A4A
                                                                                                                                                                                                                                        SHA-512:093F240E2C1F8857BB991AF1BE4ED60DCFC9C9D28CF8A660B7822474408436B9D05C0579F8B3644BA1A74876C4D0DB1C0F14DC127637B4C7096B5B168FFAD3A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................:...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                                                                                        Entropy (8bit):6.171207295782074
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:+oBj7kS+8mjvHTeaWKs0Sd4eehHRKrLy2Ip4kOTxf1mlBqsqv/e:FPmb9WKs0PeehHi/9vfIQsqO
                                                                                                                                                                                                                                        MD5:368CDE2C1517D0370689048DFEFBBE01
                                                                                                                                                                                                                                        SHA1:18B56375A8FF8D0B5A51C2EF09154F4F598F4966
                                                                                                                                                                                                                                        SHA-256:D100C10F273171C43BD6A6DB1F08FB8EF7E69D0A65470566EFECAB68AD5EE150
                                                                                                                                                                                                                                        SHA-512:E25E29290F49E71B4291042D255F24FB877D04FB4B56B76249DD6188C601E4201CBDA6EE0205CCD58B84AF26D43B4E7755F2EE62AF5196E83A20025E4F1198D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x...>........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.036231673830498
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:STI2pWPzWkrjP9Z95Xa/rl9qX2Ip4STyTjdAA1m5wMBq5ul0fvfh+7U:SE3zHRKrLy2Ip42yTxf1mlBqskviU
                                                                                                                                                                                                                                        MD5:DE4C7C34DE0EE77E22BE7BD4DCB12EF6
                                                                                                                                                                                                                                        SHA1:F292FAE6FE6443516156BD63CD424CCEE1162F76
                                                                                                                                                                                                                                        SHA-256:6D1B52839B5C28352B4B5DC63D40253BFC9A05C1D93F76042AB2A0F324A5C88F
                                                                                                                                                                                                                                        SHA-512:1D847BE48A9F9370E3CA239314CAD3C20322033C52AA74568F1F2A24A5C4D053510F3F93C53B0CDD0B16400D5D57743527E5E2F376EA52D14809B9C13662060A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................lw....@..................................)..O....@..`................>...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043752496308506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zcezoy4W04WxFrjP9Z95Xa/rl9qX2Ip4wQoTjdAA1m5wMBq5ul0gvfh+9o:zBzoy+fHRKrLy2Ip4wQoTxf1mlBqsbvj
                                                                                                                                                                                                                                        MD5:C706B0668387A2ACF3E8C6E2A11390EF
                                                                                                                                                                                                                                        SHA1:6108CEDFE1301AE1A381AB15D05E6F1ECABC5885
                                                                                                                                                                                                                                        SHA-256:ACC37223E0389865D94131FF72E7E9A81A468A73F5E648E66496E11ADF68D72F
                                                                                                                                                                                                                                        SHA-512:4B880649BFFA7B8DBBE4EA2CE23F2A4D9462518DB1A41C44A2D64CC75D327032FC7A2C4C7159D99BB712E4D0B3B872F5F5B507951A467FED0063D810C1CD7A10
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ....................................@.................................,)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.964569325909888
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DH/JWKpW5rjP9Z95Xa/rl9qX2Ip4psrpTjdAA1m5wMQhKuVdbYm5vZdb:DH/jyHRKrLy2Ip4WtTxf1mlQh5VdMm5
                                                                                                                                                                                                                                        MD5:16F83A3369AFD8F913FD9FBF2BE2E09E
                                                                                                                                                                                                                                        SHA1:DE0D9DF9581050AEEC9F77CAD32D452E021A6A72
                                                                                                                                                                                                                                        SHA-256:29451952BF4887D95F2F34A47EB5F1487B0371B93D14CBBE3AB12634356CC505
                                                                                                                                                                                                                                        SHA-512:68106DF7EF3C8D23FD4C5849DD8575C6CE23821B408BEC175CCE61D5D0A77BC4D1E7B016942117B7BEC588762A9A1CA8A39002F63A5B1160EC20ADB76F391FED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ..............................2N....@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.918646557026692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KTjbocNsWMhWwrjP9Z95Xa/rl9qX2Ip465TjdAA1m5wMQhKuVd4m5vZXVy:aboYyxHRKrLy2Ip465Txf1mlQh5Vd4mY
                                                                                                                                                                                                                                        MD5:053CDE539558C043EF0D98D277A225E4
                                                                                                                                                                                                                                        SHA1:433526427E83F939C8074C326367703A94A5D6B5
                                                                                                                                                                                                                                        SHA-256:923C9B96CC5F054C309816CC90C0A1B2C65E9432B2E38AEE50CCA1557B051FC7
                                                                                                                                                                                                                                        SHA-512:0F3150292BF8BB20D1C106251E8C670AC959C4A42CE84475DF0BF90010BED07D8608561D5F87CBE0045E1572800BC324296E532070770521D0A62B001F234042
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ....................................@..................................-..O....@...................>...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23040
                                                                                                                                                                                                                                        Entropy (8bit):6.890329778208696
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ResTEpq4YiZUlW/AWXIZWWAWXkrjP9Z95Xa/rl9qX2Ip4LF0TjdAA1m5wMAvru4x:FwTiuHRKrLy2Ip4LF0Txf1mlA6XfZ9W
                                                                                                                                                                                                                                        MD5:C5B6F82F05364033B9FD4B5204E34F26
                                                                                                                                                                                                                                        SHA1:9255FEFDDEE9FE6568B91665ADA3C19C3246D480
                                                                                                                                                                                                                                        SHA-256:24DDDE4EB0276C3CB82E3FCC3B5A4EAEA32867004A7D2EC0F885ADAE06A6EA66
                                                                                                                                                                                                                                        SHA-512:9F86A85915E45DFD7D7987AF92A895AD73754C9AD4245040FBE14A3F343C71F7995F7A754E8E3DC6D1A1B3DC4950846D95CCE604679BA3C7D17EADBA6AD07B0D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..............+... ...@....... ....................................@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................T*......................................BSJB............v4.0.30319......l...l...#~..........#Strings............#US.........#GUID...........#Blob............T.........3.........................................._.........-............./...../.........O...........I.....f........................................._.............................y.............................!.....).....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .....&.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.Principal.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.003345288923658
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MSKiWIhW+rjP9Z95Xa/rl9qX2Ip4YZh4TjdAA1m5wMBq5ul0Qvfh+r:MSK8jHRKrLy2Ip4YZh4Txf1mlBqsTvC
                                                                                                                                                                                                                                        MD5:BA49CEC30FB0DB7466AAA605878CDDD1
                                                                                                                                                                                                                                        SHA1:0C7F6967FCB69D76EC8FAEB8CAB1BFEBB1DEF616
                                                                                                                                                                                                                                        SHA-256:45E5B19DFF471EF416B6F46B42AD3FDBE4C58DAB33C1C12D3D0D71982E62CFC5
                                                                                                                                                                                                                                        SHA-512:B10CED8BB341E51A82CB395B072B0960AF5B18BD93E916B1D82373CA74F1028927245204F9B03A461AC08A73B5B61955DBFE15CA87F61A7C8881EBC6494A65BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................:q....@.................................t(..O....@.. ................>...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Security.SecureString.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.952617106985068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:40KbZWApWmWTpWNrjP9Z95Xa/rl9qX2Ip4DThTjdAA1m5wMBq5ul0Nvfh+Vt:nKRyiHRKrLy2Ip4DThTxf1mlBqsqvkt
                                                                                                                                                                                                                                        MD5:24046188160DAD513AD213EEBB9BF585
                                                                                                                                                                                                                                        SHA1:53D4E09F3F739D2A8E5EB59D156A52A7748D106D
                                                                                                                                                                                                                                        SHA-256:B28ED96F3D699D5A6B1B88A3E4E2D855945C8BD9F10EAE62F42A910FE7D31377
                                                                                                                                                                                                                                        SHA-512:5D5462F87D9720FFFB9FBA73DA246C25475F854B65AACDFC27C302570DF3290C3EFE1CEB2A9CF9B02CDA8327B4C7A951117DA08853D5056CBBD341D281856E5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ..............................._....@.................................>)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.025793572253596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yb1nWCXWbrjP9Z95Xa/rl9qX2Ip4fTjdAA1m5wMAvru4LTyZIjWYzF:M7mHRKrLy2Ip4fTxf1mlA6TZfYzF
                                                                                                                                                                                                                                        MD5:4C471F1FA1733D378B9F76125EA13D4D
                                                                                                                                                                                                                                        SHA1:DF3165A865220EA5AF741F7293CC131F6D58A375
                                                                                                                                                                                                                                        SHA-256:714736E69B61DAC9D6C3EF6C7D36AAA8ECAB2D1B02DB018C6FA24E5641AD1424
                                                                                                                                                                                                                                        SHA-512:70A1ED5B34BC2D5ABD955C1B37BA3C6D0C8AB4509E08263FC469BC134946E6188E593BB9E129D735B09F0FA5AB8B2EA3199558E5B0F2F36C7B16549D7808A1C6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................;.....@..................................(..O....@..T................>...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Text.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.950125579722336
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:5NyW7TWXrjP9Z95Xa/rl9qX2Ip4cTjdAA1m5wMBq5ul0uvfh+0PL:vf2HRKrLy2Ip4cTxf1mlBqs1vfL
                                                                                                                                                                                                                                        MD5:D93D4BFA4526FB0C604410F445BA6C83
                                                                                                                                                                                                                                        SHA1:820E6E420D2FE3C97F0B22489EAA95449F6F08B2
                                                                                                                                                                                                                                        SHA-256:35B54B143B778769511843B4C493952F63B5F08F7A5947885B3CCFCB349894F9
                                                                                                                                                                                                                                        SHA-512:2E892D8C05337DD7BC553C29A70462B8548159EBFACB548DEB7120000845792DDA83E4B801D8EDEAD4F20100EFB28C09C5BEA33DE1BD814CE0CA9B494F49ACFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...............................1....@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.044767989073116
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k6Rb32WVzW5rjP9Z95Xa/rl9qX2Ip43cVTjdAA1m5wMQhKuVdUm5vZ4:zRb3dkHRKrLy2Ip43cVTxf1mlQh5VdUZ
                                                                                                                                                                                                                                        MD5:CCC96D3D8E531D7411636B2D3F24E55C
                                                                                                                                                                                                                                        SHA1:57FEE930236DFD4571A68B41657DBA8FF08614B4
                                                                                                                                                                                                                                        SHA-256:7EC1720789541966183A2538BBD46D271333A7B382EDD0A2B142F49BF123A20E
                                                                                                                                                                                                                                        SHA-512:8D9EB4C6F692B856DAA3CA60D1912542F580B1692E8EE31A16641EB026CFB156630B9FECDBFA19F283568AD99CC92D35E26AFA8E8357059FEB186F25468CDEC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................M.....@.................................t)..O....@..P................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36496
                                                                                                                                                                                                                                        Entropy (8bit):6.6902083286878415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:du5I+sqOylryry8qqIfUc7a5AHRKrLy2Ip476Cxf1ml36QgZI5:dYIVBpry8qqIfUcm5AHi/9zfI5gC5
                                                                                                                                                                                                                                        MD5:4D8FD560D264D9D2F9CC360809053DE8
                                                                                                                                                                                                                                        SHA1:20F80B422BF59D580A59514D2F06EB1E00316553
                                                                                                                                                                                                                                        SHA-256:555962091DAE5AABF44DEFCDDE0A2D98CD46E94DDC6C199AADD73DE08DA5B93B
                                                                                                                                                                                                                                        SHA-512:B911AFCA1DC43D010FC8053451DB2104982FC2F7E69CF7FB1D136D1AFAD08BA9D5AB54BD36F11FB4BC7D5117EB699A77145080EC3CA3E8EE51AF2F5B932589F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ...............................P....@..................................c..O.......x............T...:...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.02247507672201
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fvn4HREpWiQW3rjP9Z95Xa/rl9qX2Ip43ETjdAA1m5wMQhKuVdnm5vZWM9:4SXHRKrLy2Ip4UTxf1mlQh5Vdnm5v
                                                                                                                                                                                                                                        MD5:1C6034027DF04E156FF60B0F09A12DAC
                                                                                                                                                                                                                                        SHA1:651400F7A2F86C4C6273D1225C19631049894DCC
                                                                                                                                                                                                                                        SHA-256:358A76309D3D26CAC4C021E8FC5DB847C9D45FE6A1474B0789004E57B9BB3135
                                                                                                                                                                                                                                        SHA-512:2618C604EA80AE5210AAAA4ECFCF12182475252642EA86F709CA8DFF1579909F83E4B342D2471A567674E48C2F2BEB8E9A2241FC1EB4CEA2CFD4C237E7EAC473
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................VX....@..................................(..O....@..P................>...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Tasks.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.946165235196381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:r8MjKb47T3UCcqFMkJ59WdtWurjP9Z95Xa/rl9qX2Ip4jJoTjdAA1m5wMQhKuVd8:wMjKb4vcGdOnHRKrLy2Ip4j2Txf1mlQ0
                                                                                                                                                                                                                                        MD5:FD32901AD58EDA4E8BA9A56187C360B5
                                                                                                                                                                                                                                        SHA1:090398A1AC61FA530596DF1B6C42CA651F698A27
                                                                                                                                                                                                                                        SHA-256:37A4BC0B6C9873F1FA36F1372C0A2AEABA038430D8CB649151626A2CFE5EE972
                                                                                                                                                                                                                                        SHA-512:DFE1101D0B6F56ABE153542B90A2F766E3C420DB7279A77652E560CD8ADD998A56838AEAF170F18E27A2B82A9372F1CD93C9AEF33CA8BBDF241724B7315FCFFC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................4b....@.................................`,..O....@...................>...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Thread.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015976194477571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3zyNXd4+BW6FW8rjP9Z95Xa/rl9qX2Ip4ne3TjdAA1m5wMAvru4LTUZIjP:mzZHRKrLy2Ip4oTxf1mlA6VZk
                                                                                                                                                                                                                                        MD5:939491A792A9A207C16E50C4D76D63D2
                                                                                                                                                                                                                                        SHA1:0CB73A19297E30369703D1A57EC68648B349CD38
                                                                                                                                                                                                                                        SHA-256:3F9461B26DA4236B975BF0DBA56B6E9FECBD333BA0E84AC9DABCE7D7F8968DCE
                                                                                                                                                                                                                                        SHA-512:143E0650F4876996337AA870659955D705DEA24873BD614A43B0D36B558F0D13A43258B071FA71317609E5A61C83C7E588AACD5FE0BB5CA214B2AC0CCE186C93
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):6.999581586913751
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Wvs2Q3HKJNrWWRWkrjP9Z95Xa/rl9qX2Ip4By7mdCjdAA1m5wMzsPuO:WuMRHRKrLy2Ip4B3dCxf1mlzzO
                                                                                                                                                                                                                                        MD5:1F4B2EF214A0E6E0A74D9F7AD997FA55
                                                                                                                                                                                                                                        SHA1:70D9D29C100A5E1DE5A55511FEDB3D320F1336F1
                                                                                                                                                                                                                                        SHA-256:6A37AE19E656D95778D917D68686994C0BF899CF4033646B12CD2476DBEEED2A
                                                                                                                                                                                                                                        SHA-512:2101C4681DD9F915C617215BFB3BE986D203A837D906DA4EA6D49C401B03E5322409FB0EBC6C44E77D812A83F8328F0138F4E2B8097BEAB6232D6AFCBBD65DAE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................!....@..................................(..O....@..4................:...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.Timer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.980722029632896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GFz0Q6gcqRhcsMWdMW0rjP9Z95Xa/rl9qX2Ip4bbkOCjdAA1m5wMzsPu9:GFz1c6KHRKrLy2Ip4HPCxf1mlzz
                                                                                                                                                                                                                                        MD5:69074C045653E6A61DB94CC48F74778C
                                                                                                                                                                                                                                        SHA1:98852A0E6B68AB3E1E28F192E57C1EB77C15B77B
                                                                                                                                                                                                                                        SHA-256:F52AA52FCF186B83B56500B2D50F6B3A72C4DDC9CB6E474CDAAB9FAF5E64EE87
                                                                                                                                                                                                                                        SHA-512:C01A3DB152C3B3DD03C92B126985A70803EB4C349EDDF6B32F90D1E7C0845D6ED57B06BEAF17EC4B4777491BF04D059FEB0D7B0966D05E1C4D757CCE8894D74C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................@.....@.................................L(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Threading.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.910677968918354
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:K6xWA3W4aW/NWUrjP9Z95Xa/rl9qX2Ip4OTjdAA1m5wMQhKuVdAm5vZ9q1:KaBJHRKrLy2Ip4OTxf1mlQh5VdAm56
                                                                                                                                                                                                                                        MD5:418BE29B62A24A1ACA13E31A72415198
                                                                                                                                                                                                                                        SHA1:31BD7839E973C5ACA50AD50AC8E1FD3BCB85994B
                                                                                                                                                                                                                                        SHA-256:4A2D205DCF3607CA4B9723325B94ABDF0E795FEE5AE357B76C6BA47422F642F5
                                                                                                                                                                                                                                        SHA-512:CEB86E3ED47AF6B4C78AA5391E041F24B0C703DA720BE68CB30344C770336CB7148BC1872792445092D3789A0D70655C92669DF7B5720C879E258EFA6DF4065F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................RM....@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):77960
                                                                                                                                                                                                                                        Entropy (8bit):6.069856591381686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:L784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSATHi/9XfI5gs:L7NV8v36tI0XCKAv5h
                                                                                                                                                                                                                                        MD5:062043C4CBF910C829E24CFE5941A9E5
                                                                                                                                                                                                                                        SHA1:88527923E47525DA468EC708D3D4E6FE0F044A0F
                                                                                                                                                                                                                                        SHA-256:BD7B95E588DC552A4092D5CA917E75FCC0643DC00A90C9051DA0B4EB24FFFF71
                                                                                                                                                                                                                                        SHA-512:FC22DE7A246FC6BC56A535F7AAB379D0F46CD4AA5C91DA1F5022BC9DD7736E7EEA049FB5A5778366EEDD2C7D663C03F4A09097FCC7E2925DA5FC51C6D19AAF67
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`....../.....@.....................................O.... ..P................:...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.004031307297091
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mr97WquW+rjP9Z95Xa/rl9qX2Ip4Q9ATjdAA1m5wMQhKuVdqm5vZaj:mRJGHRKrLy2Ip4jTxf1mlQh5Vdqm5Uj
                                                                                                                                                                                                                                        MD5:D92A0F1DDF807D1BCC3EB3E6E166690A
                                                                                                                                                                                                                                        SHA1:CB158BA1F7AEB5CF6EE80E7F31421F4F6E6A91DD
                                                                                                                                                                                                                                        SHA-256:F8C65EBD07C69DA5577515174011E704E362611E6B092E3E0017E6913325DED5
                                                                                                                                                                                                                                        SHA-512:AECB1AC24F60332D763D116E022A848E9F0F2A4F912E46D1D6247C262D83CD5E79E5916AD5AE05AF38C62572EC79958B9D0AADCDD716057229167D9ADB081874
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ..............................t.....@.................................\+..O....@...................>...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.968105530882379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:G16eWLDWxrjP9Z95Xa/rl9qX2Ip4lTjdAA1m5wMQhKuVdem5vZyYB:C6LgHRKrLy2Ip4lTxf1mlQh5Vdem5LB
                                                                                                                                                                                                                                        MD5:60C26F8A9719F7B4FB617429DA9A3158
                                                                                                                                                                                                                                        SHA1:376356D56F21FACAE15172E80C75A5C49122246C
                                                                                                                                                                                                                                        SHA-256:F1BFCBDF1CAC8AF8295EACCB3F8E66218A95F7FFCD2CF8D5EA4AD0CE9C5F9D83
                                                                                                                                                                                                                                        SHA-512:0F5FF0C16C268DB1B7FF0E71D811239F8007126AF21146693457CD6787E976F38F5269908D0B708FFACC105F6D6AFDADB65BF960A0D72023F4EB6600E6DD3963
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@...................>...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.936296264713254
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:c8G4YC2W+wW8WpwW+rjP9Z95Xa/rl9qX2Ip4jdM6CjdAA1m5wM36QNuZL0:/GZ5sHRKrLy2Ip4jq6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:4ACDFE5373BDCAEF6F79F9EB64DDEE1D
                                                                                                                                                                                                                                        SHA1:C090D98D272A627525F9D1166E63A5E2DD799D2E
                                                                                                                                                                                                                                        SHA-256:2ECC2C6B418B04EAFD00F6C2C2278FB13DA6E853194FB56478D315655DF8FBA3
                                                                                                                                                                                                                                        SHA-512:5D740D96FDED5409FD543399D5CFF52D6F9F42FAC1B4CB269E8241921FB7EB5A96A65B273F0F26478C18177D704ACF4BC2FEBFB69A11542709D811B727901811
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ....................................@.................................z+..O....@..x................:...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.XPath.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038633483362159
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:L6ziqTEkGWvRWZrjP9Z95Xa/rl9qX2Ip48JnTjdAA1m5wMBq5ul00vfh+F5:LYT1eHRKrLy2Ip48dTxf1mlBqsjva
                                                                                                                                                                                                                                        MD5:825AD627DBA9F0C3C7A770F696E6947F
                                                                                                                                                                                                                                        SHA1:2066D011588BD747763AA95492DB045BA3096F9A
                                                                                                                                                                                                                                        SHA-256:274BFBE88FDDD305E371DBA66C940BB67B26AC51E5C4CF1F74F72557B375F3E4
                                                                                                                                                                                                                                        SHA-512:DF6A7C5AEE18E9200EA095EA917AA8161A80D6767D2AAEC527471EAEF7905214B64FB2FCA847A642D1C70379D2632A21CAAE6E00B3FF513F6058FEE29A21F456
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................e....@..................................)..O....@...................>...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.975499885006936
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FUv7c7iWNCWjrjP9Z95Xa/rl9qX2Ip4HTjdAA1m5wMBq5ul0Pvfh+8Q:FM7c1tHRKrLy2Ip4HTxf1mlBqssv/Q
                                                                                                                                                                                                                                        MD5:CBACEA8BBF166AED9AAEC25EFD2819A0
                                                                                                                                                                                                                                        SHA1:7E055A8842B4F6FB75C4F5A94FA4F4BEC39146A4
                                                                                                                                                                                                                                        SHA-256:A8C93DE53CBA7166EFC70B2EE73EC6499132C4F4E2E42112FFF1E56231E3D046
                                                                                                                                                                                                                                        SHA-512:7C91480657B086D22B3BAFEC5E1351661FC5F19F4EED06E3D1C9C397B7F7D49AA4F763820B35B344F31A5EEF12D45769B91C1EE725DC7927DD28AD2846170FE4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................>...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.00528420868397
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bSWnRWCrjP9Z95Xa/rl9qX2Ip40KTjdAA1m5wMBq5ul06vfh+2v:bzXHRKrLy2Ip4LTxf1mlBqsBv3
                                                                                                                                                                                                                                        MD5:07EABA4F76B4E982E4D3B7EC268A6DEA
                                                                                                                                                                                                                                        SHA1:75442424E3196F4B3B339079FDC3143D16AE2354
                                                                                                                                                                                                                                        SHA-256:DA38AB286AB29491AD8FD0F34C5CD9A0AC32119A85EB1AB3B313743311CA68CE
                                                                                                                                                                                                                                        SHA-512:019054285EAF91E55CAD4F1323D8DC67901378E21B519522BC8DC1859D7F983EBCD696E6C517E6850B95EDBBABB7037D0F4D8F7970B114B8AC9CB82EC602CD9E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ...............................7....@.................................L+..O....@..$................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\TraceReloggerLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22160
                                                                                                                                                                                                                                        Entropy (8bit):6.932114236344035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eoMeAKyr1jSC6ErjP9Z95Xa/rl9qX2Ip4eR6CjdAA1m5wM36QNuZL3y:eoMbKK1OBMHRKrLy2Ip4Y6Cxf1ml36QC
                                                                                                                                                                                                                                        MD5:55CFC9F443E2D115AFE56DC32B60E523
                                                                                                                                                                                                                                        SHA1:CDEA8BCC2A11BE43C6B13B4AD535620C66B4D5DE
                                                                                                                                                                                                                                        SHA-256:3A0CD656D1AAA8667BA91C36FBED4034A0115423498AA1BD16E678F5083F37D7
                                                                                                                                                                                                                                        SHA-512:250A92485CDE3729DC3CBD2B32924F7CB700817E8B796830520C4EB4BE3DF8C0F7C8E30E083D2B23376EEE5DE5836A6A71105AB685076856A1353010087ED1ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.NZ...........!.................2... ...@....@.. ..............................[.....@..................................1..S....@...................:...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........ ......................P .......................................t..Ar..(9...8.7.Y*(...x.R.[#.e..3.A.8]...a?..o...W..%...,U.8Rn...^..?N ...0....f..X...G.P..Z.X.....ih.Du.UPxSh.............BSJB............v4.0.30319......l...h...#~......d...#Strings....8.......#US.@.......#GUID...P.......#Blob...........W.........%3................)..."...'.........................................p.........).....L.....d.....r............................................... .....5...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\WhiteList.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):377176
                                                                                                                                                                                                                                        Entropy (8bit):5.999945871691186
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:1BDotCsX0mytklk/i2PziH5XiX2huoW9h7dp9Q5FG85I2YYCQLk6j:jWCsDytkxMzUhYhFH/i/eLkA6j
                                                                                                                                                                                                                                        MD5:F2C339446D80393CF12236A064FA5182
                                                                                                                                                                                                                                        SHA1:4274F6487AC9249FD4B49DD5D22EB7CF60A67046
                                                                                                                                                                                                                                        SHA-256:863A22F58523D47B94E1273ECF9E2F280D0715FFC20A46D704993A32F54829BE
                                                                                                                                                                                                                                        SHA-512:E65CF3BBD78AB8DE244E47AEA6BFFE1CCD3B22B32A2260C9BA761D2C1F00A03AED17E6144E271435DC44C1F139AD74743F4F52A6140253B77842DEEDEA4DCF00
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:ECc+ipJzcwkbZhHH6D1ciQjLEdRYh2hxwL6t/gI/aKzFhP0JZ+o5RIJUuC6/SkyIcfEFK5ngKBkQ1fvVMN//LTvf565Sl+AVaap/4k4EptyHPj7I4OILB+ncy7swuiZtl3+1Wp6PX+vCWTGe4GqB4ngQZT9u8DhbT1rCWvkw2WT3Y9DEfpISoufMWf3NoVOzqCIojN21hORpmAQGvoajCOuhLkVo1t05PggD8+Et608IkI7f5XwJOlxQc5UQRikZNMOmJvi1LncghPiSSeM+a5bjR3DuO1jhUPDTVnQODj2RvNHwNZwYBCr64Av8cQT2gKS+Hs5Lui/gpf5xf5fGZuVAm56ioEBqOO9DZGQ/SQahAU1yudisgt5XB0z9efK+b6/EAPVLrUgZ3wHKwOZZtpECfmVrXRxUm5k5pgLlyMRBN2b8I9Wmqf9X+rfv0OhkLYM/yw3xSIo3ge3BOI+h1vmtfYHahQZWoEKC3rTcFRu19M8ii/gCiD7NiTuu1F2z1l/oxXz4XLr2r4QBGSBM19jsFpaaqITyTIEqwRCde7v6PSekbGgg6ZkklM2dC0HKq35eHdDQZni4kMhyqGlFWYudbMpxARQFtI0yEyKCgiF2VALSsHpckoW+JBC77U81je2vYYd1HjbeFBHdjPxYuiL5tVGWfPXvyKbMMPCMhOJCvrQTLusJs8Wxkl4KLJ0whNNdHJrPCTYREEf0K1PhYTJhIoCJcgEcD9FiK4LLBVGwgtFwLNQbFAC1dVI8EaT7c4ajDWdBB6ZwdFyiOsgaVSJIiykb0icL5G8I2mt7KkzCZed+2VY4AS8X5IiERwRolxc946p7jXl5YLwQXCPFJBAqI+z2mC+DK8bMF1/d8mymt0zXXmFuvnusX9R+/VUB27QIHT6iAj66SwD++dVDnut2Dhf9LSuNQTOD6QXDUY+VqquajycJ0iodaqasTCKzYXubGVjq1mOfsPKubp5P5IPqmCQoU/idhouWq58V

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\KernelTraceControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):273920
                                                                                                                                                                                                                                        Entropy (8bit):6.063893530470953
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:jlPLikZqxz9Prt9e1bd6JcAMaLD0qjR0FC4YPHnG:jFmX9e1bd6JcAMq+FpGG
                                                                                                                                                                                                                                        MD5:5F3DD6D4469C25B3100035493E84B287
                                                                                                                                                                                                                                        SHA1:375784997D26D0F30D5BCDB9B37E1C481F0C3D60
                                                                                                                                                                                                                                        SHA-256:04BAAF4E558FC18828E65002CEB130CE0CF79AAED507FB1C5A2ACA5B4A37182F
                                                                                                                                                                                                                                        SHA-512:27C61ECBA96DC53945A0881C29AF457C7DC9EB174D2FE1C854DC26143A80906023D9FFA4504014DA7CFF924F0ED05325158AEAB352F6D63208C1F1D38D822B3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................y................`..y......y......y......y......y......y.@....y.B....y......Rich...................PE..d....5............" .........P......................................................z-....`A.........................................X.......Y..........x................>......$.......p...........................p...8...................pW..@....................text...;........................... ..`.rdata..............................@..@.data... (....... ..................@....pdata........... ..................@..@.didat..@...........................@....rsrc...x...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\amd64\msdia140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1804288
                                                                                                                                                                                                                                        Entropy (8bit):6.342131904971123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:frPHIDLY5h/Ud23lAy7ldZyzjIK3Y9bni0QwURlG3xA44jqfBlMoTVe:fUo/Ud2V17liz29utwURluxN4B
                                                                                                                                                                                                                                        MD5:0D12B6457B990E150388E5906F61C6BB
                                                                                                                                                                                                                                        SHA1:28B8087E023783DDA50C6BAEC351416F68BD5628
                                                                                                                                                                                                                                        SHA-256:214DC7E1C6E93CF7CC902E824E36F091FCF54A90754247F6A221299978AD2E9C
                                                                                                                                                                                                                                        SHA-512:718F162C96D896FFEA6AA3A3AB2FCF6E2054C8D1DBE1FD138B273A86D80A39869041FCAF1B17B6AB5F212A10D55F54F8B10485385B53FA66F7C6F7A5ED6E2A90
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]............K.......K...5...K.......<.......<.......<......K.........../...<.......<.......<.4.....<.......Rich............................PE..d....)?t.........." ...$.....z......`....................................................`A...................................................(....p..X....0.......J...>.......H... ..T.................... ..(....m..@............0......t........................text...L........................... ..`.rdata..zm...0...n..................@..@.data...@........:..................@....pdata.......0......................@..@.didat.......P......................@..._RDATA..\....`......................@..@.rsrc...X....p......................@..@.reloc...H.......J..................@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\evntdrv.xml

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2357
                                                                                                                                                                                                                                        Entropy (8bit):4.908284940509403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:o55s8iPgzK7W96MhM5IVkZJElInU/9ysI1qNA:o550ozK7WFhM5I6eo89ysI1qNA
                                                                                                                                                                                                                                        MD5:2AF5B11A9B5F5B7C2BFEA7A3D7186B85
                                                                                                                                                                                                                                        SHA1:E1F32261FD6D3D4679740B69E923CB053B30CE5F
                                                                                                                                                                                                                                        SHA-256:6953F1DB3172307E77B65295FDE86915E77A0589B6669EB80ADFCDB8056802A6
                                                                                                                                                                                                                                        SHA-512:4BD531D81FE46B1ABE933258C945683D98209E3C83BA3B3A0AB136F6D1A3D22D8731131FD6D11B58D8FD7B642E324C3DB1942BA22E9033CB76302E110E8D01DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version='1.0' encoding='utf-8' standalone='yes'?>....<instrumentationManifest.. xmlns="http://schemas.microsoft.com/win/2004/08/events".. xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events".. xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd">.. <instrumentation>.. <events>.. <provider.. guid="{b5a0bda9-50fe-4d0e-a83d-bae3f58c94d6}".. messageFileName="%SystemRoot%\System32\drivers\rsElam.sys".. name="Reason ELAM Driver".. resourceFileName="%SystemRoot%\System32\drivers\rsElam.sys".. symbol="DriverControlGuid">.. <channels>.. <importChannel.. chid="SYSTEM".. name="System" />.. </channels>.. <templates>.. <template tid="AllEventsTemplate">.. <data name="message" inType="win:UnicodeString" outType="xs:string">..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rsElam.inf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1716
                                                                                                                                                                                                                                        Entropy (8bit):5.230162000430176
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:FhHP8wMlKnfM2nnwrIP5yHvb2/oyzvTB+X:zkDlE0ow2yHvb2XzLB2
                                                                                                                                                                                                                                        MD5:EC813E1F8F193DCE5B07ADA4FEE1D43A
                                                                                                                                                                                                                                        SHA1:9464FB33B041B54E20BC71D4BD67185B255A3809
                                                                                                                                                                                                                                        SHA-256:FDACE7F8EBF8CD4A8CA18A172A604132CC2BCF000083DF69A4B9D54A10DC1BE6
                                                                                                                                                                                                                                        SHA-512:9EE51D25D5F7679C3038F0B77AECF0AC29DE57E4065BCE3105AD21A9D37CF9818F67B2AF32823E781E5D38E360BC249E46979F674BDF1DCE85072ADA4795CC5E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[Version]..Signature = "$Windows NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider = %ManufacturerName%..DriverVer = 04/12/2022,0.0.0.6..CatalogFile = rsElam.cat......[DestinationDirs]..DefaultDestDir = 12....[DefaultInstall.NTamd64]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTamd64.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTamd64]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[DefaultInstall.NTx86]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTx86.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTx86]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[ElamDelReg]..HKLM, "SYSTEM\ControlSet001\Services\rsElam"....[rsElam_Service]..DisplayName = %rsElamDisplayName%..Description = %rsElamDescription%..ServiceType

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rsElam.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19944
                                                                                                                                                                                                                                        Entropy (8bit):6.115904530529
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:L22mPMNY+DHa3eLzeCvUkjWHhELVWQ4aWSWDqF9e+X01k9z3AzsJO4gdHfQhW:L4M1u3LCskJpWe99R9zusZwfQhW
                                                                                                                                                                                                                                        MD5:8129C96D6EBDAEBBE771EE034555BF8F
                                                                                                                                                                                                                                        SHA1:9B41FB541A273086D3EEF0BA4149F88022EFBAFF
                                                                                                                                                                                                                                        SHA-256:8BCC210669BC5931A3A69FC63ED288CB74013A92C84CA0ABA89E3F4E56E3AE51
                                                                                                                                                                                                                                        SHA-512:CCD92987DA4BDA7A0F6386308611AFB7951395158FC6D10A0596B0A0DB4A61DF202120460E2383D2D2F34CBB4D4E33E4F2E091A717D2FC1859ED7F58DB3B7A18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q...q...q...e...r...e...t...q...y...e...p...e...r......p......p......p...Richq...........................PE..d...n.Ub.........."............................@....................................4S.....A.................................................P..<....`..x....@.......(...%...p..$....$..T............................%............... ..P............................text............................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT....^....P...................... ..b.rsrc...x....`......................@..B.reloc..$....p.......&..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\elam\rselam.cat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11062
                                                                                                                                                                                                                                        Entropy (8bit):7.302964587285633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:TohIuPyyJCx0jnyKQvAIFWQFljudcCFaqDu0K9X01k9z3APi5t:000ivAIFR78cCFYj9R9zqSt
                                                                                                                                                                                                                                        MD5:DF4EAED5CF816C9F03DBC95AB74BC8A8
                                                                                                                                                                                                                                        SHA1:CA40FF3D91D3D3D75286EFD1C320CD1DCCB6C3DC
                                                                                                                                                                                                                                        SHA-256:34C442AA2B53F2256108FC54CAD61C820884C8195193CECDA2BCBBE33D05359E
                                                                                                                                                                                                                                        SHA-512:E53F25823A9B875EB67C16888E61566357853CCECDBB287AFCE8637FE08674EFF5EAB825CA687F66838AC6F01A1B0A1CC561F4BA12BCFB756DD20CB8B102BF50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0.+2..*.H........+#0.+....1.0...`.H.e......0.....+.....7......0...0...+.....7.....).#...\J.@.RL.<...220412160200Z0...+.....7.....0..G0.... ....zg.X?w .!.{...`.Mp..~^..n..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ....zg.X?w .!.{...`.Mp..~^..n..0... VG..k..V..P.xg.'......,.......G1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... VG..k..V..P.xg.'......,.......G0........k.+t...1.U4J9.h1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s...0......J.c..t.!?..|.a...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f......10..-0J..+.....7....<0:.&

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\manifest.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):74
                                                                                                                                                                                                                                        Entropy (8bit):4.005190565270453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:3H9ifFQtJdVQWNtNg/IBF+WVlIvDn:3HW2trVfNgKYWyD
                                                                                                                                                                                                                                        MD5:B887FD9A0E3798FD3482667E21561155
                                                                                                                                                                                                                                        SHA1:87188CDC055C857561333942FB24E7F209C51178
                                                                                                                                                                                                                                        SHA-256:F698ED945129085C527E4E79C0475D989DB367EF223F0A6E833AD151E31ED5DA
                                                                                                                                                                                                                                        SHA-512:533AEF3F4E4CB4619881B391388FE465608936A525B18EC6B9A5B0B5F80802CEEE6717B390C178CA71B6D121B5D77B3988C4C695C04047BD4F51DD865E9A1214
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "epp",.. "dependencies": {.. "epp-ui": "5.30.4".. }..}..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\mc.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1102848
                                                                                                                                                                                                                                        Entropy (8bit):7.3551536456680635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:g1F/DU/0v79/tgAOA+dGog4gGxHn2CbEXZndw:WF3TgA5+rxH2CbeG
                                                                                                                                                                                                                                        MD5:C85B6E5CBC8CD0CD668A95378CF2339F
                                                                                                                                                                                                                                        SHA1:A53D71A00A4D1EE74DE71543846DDBEB568B29A1
                                                                                                                                                                                                                                        SHA-256:EF6F5493F21FA5FDAC8B6B669AC6DBC0923E5C7C794F075413F27CA6EBEEB4B1
                                                                                                                                                                                                                                        SHA-512:7067887375C5AA40B1732D648185A0D231B8D87A43B63FB3670DC5099A56C7C7356CCE43DC48CAD6E96C1585FDB2955AFA8A50D3A1C7DF1994E80705F76AAEC2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\mc.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0.................. ........@.. ..............................3.....`.................................P...K.......8................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H........t...<...........................................................(6...(,...*.0.............*.0.............*AL......i.......|...Y...........w...A.......@...........+.......>............0.............*......../B.......0.............*.........8.y.....0.............*AL......`...............................2...................m...{...t...........*....0.............*......D...........D..e.......0.............*.0.............*.0.............*.0.............*.0.............*

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\netstandard.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97424
                                                                                                                                                                                                                                        Entropy (8bit):5.6163370964241635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:C2Ec05j4eAH64rh5fSt5T9nFcI94W0Hi/9ufIP:xlK4eA7mDmWV
                                                                                                                                                                                                                                        MD5:C91FFF17BFA6C8C8ED4E001A8C58BF87
                                                                                                                                                                                                                                        SHA1:4D6D22AF0EB8499E2AC8D349CBAAE9A5C622E4FC
                                                                                                                                                                                                                                        SHA-256:EDF0CEF60BBF8118937606D878FAE05B8EAA9B486EA4B45992029BF5FC07EA36
                                                                                                                                                                                                                                        SHA-512:A1AED700093E42F1E805CD50B314E59125C879F2FC0E7D206F146D84E3335F47868A520CBE60D8BC86837DE63104E1E3B71179A951CB9C750390A6E4F6BC4BBC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................f....@..................................U..O....`..,............B...:........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsAssistant.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1352192
                                                                                                                                                                                                                                        Entropy (8bit):6.5007445296681965
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:CrXxKmWyc6Xwb9/BSWh/7Ds0x1QbD+JRyxpCcLwg4LjXPpS2FV4VFAFh0lhSMXla:CrXxKmWyc6dWh/7DQLpqp/FmVFAcq
                                                                                                                                                                                                                                        MD5:526C976F4BE230C8DEE35360EE51F483
                                                                                                                                                                                                                                        SHA1:DFF228568C2BC51BDE041A679A6DE76151846033
                                                                                                                                                                                                                                        SHA-256:691C72DE6BE0FE2BD90DCCBF9B9E162A3FB7C320D7DF7E82AC09B7BD441C0EC2
                                                                                                                                                                                                                                        SHA-512:A4C09F13C5506BEE016CB161B6A5DFBBCB90AE5FB513A64684710EB644EE2E868E2CCD5E531F2E06B62FC91C7B7FB82ED6B8CC4389BACBBED7B82ADF74621465
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......%...a.c.a.c.a.c.*.`.l.c.*.f..c.*.g.}.c...g.r.c...f..c...`.m.c...`.`.c...f.R.c.*.b.n.c.a.b.e.c.u.j.r.c.u..`.c.a...`.c.u.a.`.c.Richa.c.........................PE..d....M.d.........."....$.......................@....................................N.......................................................|...........h.......t....d...>.......%.....p.......................(.......@............................................text...l........................... ..`.rdata..............................@..@.data....D..........................@....pdata..t...........................@..@_RDATA..\............6..............@..@.rsrc...h............8..............@..@.reloc...%.......&...>..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsAtom.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162816
                                                                                                                                                                                                                                        Entropy (8bit):6.4347197585730385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OX5TgLoWlo6zvLblsvv5Emm16e68QNmTNh3l2AuZejZnjjWr:KOom9Av6RvfltqEZ+r
                                                                                                                                                                                                                                        MD5:044D60780B0C40D3F9B0B5A3FC040948
                                                                                                                                                                                                                                        SHA1:2E16C926F11ED5FAAE22D9AF5D935748C57EC1F8
                                                                                                                                                                                                                                        SHA-256:7493F645BB04092AEE30A47A681494251C79A38A941C9A3D2DEE4293A265F428
                                                                                                                                                                                                                                        SHA-512:7653A0A46E3EB9331E92A09937754302F939100ADBFB283242C25BF0F73F8508D6F7E9D5AA08DBBEFDD14BF682AD7D0D77F4999B3274D329D281E22934C445EA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..4...........R... ...`....@.. ....................................`..................................Q..K....`..T............>...>...........Q............................................... ............... ..H............text...$2... ...4.................. ..`.rsrc...T....`.......6..............@..@.reloc...............<..............@..B.................R......H........g.................1X...Q.......................................(....(....*:+.([.%^.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.u.....0.............*B(....( ...(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsBridge.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):154112
                                                                                                                                                                                                                                        Entropy (8bit):6.1143850196696885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TW6KrX3r/EEgTUSNc24mY5n1sclb2sDzgWGE:TW6MX3gEgTUp6cld/n
                                                                                                                                                                                                                                        MD5:B6984D0E136E087316B339D8AAD2DFD1
                                                                                                                                                                                                                                        SHA1:3B2F7BE133AA525B76AAC9D9049A9730D76237D3
                                                                                                                                                                                                                                        SHA-256:491A021E4F3E5ABDC937C1329E35028CC805F78F84D10398C2DB692E7E2FB43D
                                                                                                                                                                                                                                        SHA-512:781556A889855ED5F7203ED21D3559EB0DCD007F859349DCC1286A0EB05BECD2D841570FD19DFC6941053F2F1A07D65D8E779EF3C55C263DFF459189CEB7123B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsBridge.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q8.............!..0.............N0... ...@....@.. ...............................Z....`..................................0..K....@...................>...`......./............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@....reloc.......`......................@..B................00......H..........................m...5/.......................................*..B(....(....(....*.....(....*..(....*.0..W.......(.... ........8........E........9...|.......................].......8....~....(....8....(....8...........s(........ ....8....(.... ....~....{y...:....& ....8v..........s-........ ........8S...(.... ....~....{]...9>...& ....83...~....(.... ....8....~....(.... ....8...........s#........ ....8....~....(.... ....8....*.......s2........ ....8......*......*...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsBuild.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.903857312303968
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zGK3h8ZRSrjP9Z95Xa/rl9qX2Ip4CIhCjdAA1m5wMDBuZ:6K3h8niHRKrLy2Ip4CECxf1mlD0
                                                                                                                                                                                                                                        MD5:0069E67AF86418ADD8F693EEB86A384D
                                                                                                                                                                                                                                        SHA1:8B6490755B0B78342C192518141BAA08212ED65F
                                                                                                                                                                                                                                        SHA-256:90AFF2D97BEF3BF98A1BD315379094D361194184EE35C6ED2661DBFD65DC619C
                                                                                                                                                                                                                                        SHA-512:AEEBCDBB39737D7FB1A7BB397A4EA9DC2B26F20CCBB131480FFF787087A1CCD5742D3D20D6507CD07CAB63B46808F52DABD5FD4596CFC83A800D19679FA48CE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............."*... ...@....... ...............................`....`..................................)..O....@..x................:...`......0)..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................*......H........ ..|..........................................................."..(....*V.(......}......}....*:.(......}....*..(....*..(....*:.(......}....*:.(......}....*..(....*BSJB............v4.0.30319......l.......#~..l...$...#Strings............#US.........#GUID...........#Blob...........W..........3............................................................$...........|.f.....................D.....x.....]...................y.........<...........d...........Q.................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsClient.Protection.Microphone.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                        Entropy (8bit):6.70434675005567
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:m4wXL42btPdC3h8YcHRKrLy2Ip46Txf1mlBqsnvcY:yDbtMR8YcHi/9yfIQsnj
                                                                                                                                                                                                                                        MD5:107CA49B4915F14FB922F5D5ABEBE845
                                                                                                                                                                                                                                        SHA1:E4EF5C0FD743B9228945E62D00482AC3DA9711A8
                                                                                                                                                                                                                                        SHA-256:F165BC0C4E4622171B2967CFD5C4379473E07D1EF16EA4CA3ECD12C3B3F0EC72
                                                                                                                                                                                                                                        SHA-512:25D51D21801693DFB964A2B554A1DA0CFD232DFA21BEDC8B7D51FEF749C7D32CDD1087906B2FA254FD8A8A433E6FBD7E2C893FE18007F0EFDDFE2EBCF5CFC8ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C..........." ..0..(...........F... ...`....... ....................................`.................................uF..O....`...............2...>...........E..8............................................ ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H........)..(............................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..:.......~....--~..........(....~....-.s............,..(.....~....*...........*......v.s....}.....s....}.....(....*...0...........{....,.*..s#...}.....{...........s4...o.....{......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsClient.Protection.Microphone.dll.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):161
                                                                                                                                                                                                                                        Entropy (8bit):5.010777093927904
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRyAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRyAqDQIm
                                                                                                                                                                                                                                        MD5:DDC25AEFCAE9826CCE1754C2C89E959D
                                                                                                                                                                                                                                        SHA1:36899490B8B0CF36AE8A1477468F3884C0CC9664
                                                                                                                                                                                                                                        SHA-256:F8AD17C37D444521B3905CCBD75EA6CB6E3D2763B16EB56B2E1AA4274173E614
                                                                                                                                                                                                                                        SHA-512:4C52E02E4E6A17FD36714E3769D34BC14675D47BE0322B14F4BBB13268C34DFE647A37DB7DF0DE7D8C31494BF878B597EDF85913E7FB648CB0D993E89FB5D611
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup></configuration>..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsClientSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):673280
                                                                                                                                                                                                                                        Entropy (8bit):6.493909069727573
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:rOguoezLfVAMFgCNS+MvHY/8j+7rmboDhgkEHoNOvPar/z:rOgud/jFgq6Is+7rmbGhcHsg2
                                                                                                                                                                                                                                        MD5:9170244A34CB903FC5DFBE4159DB6F16
                                                                                                                                                                                                                                        SHA1:F70791F187F14DD11B3893CF378E2B2871B40D7D
                                                                                                                                                                                                                                        SHA-256:C843C458A26D98D0AE7A4B280F77AD193225B84882EC98650EBBA7B51B322D44
                                                                                                                                                                                                                                        SHA-512:BC50DB62BAA8FC60469982E0D986E89EA094497C617D4A1C6849403911457E11DFF98E5F2CDD7F9F6453EF3D0363A1DC4664FA38DB83155CF850108706EFF128
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z3.`.R.3.R.3.R.3U*.2.R.3U*.2.R.3U*.2.R.3L'.2.R.3L'.2.R.3L'.2@R.3U*.2.R.3.R.3.R.3.'.2.R.3.'C3.R.3.R+3.R.3.'.2.R.3Rich.R.3........PE..d....GPf.........."......H.....................@.............................`.......z....`..........................................................@..l.......hI.......>...P..........p...........................@...8............`...............................text...~F.......H.................. ..`.rdata..z?...`...@...L..............@..@.data....;..........................@....pdata..hI.......J..................@..@_RDATA.......0......................@..@.rsrc...l....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsDatabase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):175104
                                                                                                                                                                                                                                        Entropy (8bit):6.477895770562103
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:MSa2SASiV7/3JThFoPdXTssFBSKvvvvnPPH6Gi5tPArrYeiYiPKiA15/ph9r6rrP:HjiWbJTPo1XTPPSKvvvvnPPH6Gi5tPAK
                                                                                                                                                                                                                                        MD5:D58DD4CFD84A514AE70E1A72C037A161
                                                                                                                                                                                                                                        SHA1:FD134A72D801261CB6E143A54A868696FCE22474
                                                                                                                                                                                                                                        SHA-256:D9DF5C9CF429C714615770480AA9076D1EC2A25F9D52CBDF6D7300000C3BBC39
                                                                                                                                                                                                                                        SHA-512:2A3A5673DE138B47C969BB8078CF6A95BEEF4A822633A91AD728CB68D6DB8E461D43A739A8546FBBAEE4FD5716E4AF86C131EDC292334CD3F019C9FE2B80C73B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsDatabase.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0..d............... ........@.. ....................................`.................................P...K.......\............n...>........................................................... ............... ..H............text....b... ...d.................. ..`.rsrc...\............f..............@..@.reloc...............l..............@..B........................H........v..<................k...........................................(....(....*:+.([..X.(....*..0.............*....*....0.............*.0.............*......"....Y.....0.............*........VV.Q ....0.............*............ ....0.............*AL......Z.......q...................j...........................................*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*A4..................;...............P...X....... ....0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.API.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254608
                                                                                                                                                                                                                                        Entropy (8bit):6.109726763458205
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:fdsKWU2shBl9Dsj6sUxZwIgC3ZWkd5n5WiSdlJRt:fRpdDsj6fxr5na
                                                                                                                                                                                                                                        MD5:AD6AB7F88A7F20DCFF9364FE3C606EB1
                                                                                                                                                                                                                                        SHA1:F7877ED46BC5E07D0397F5DD268FC5FCC0BE49A6
                                                                                                                                                                                                                                        SHA-256:666DB7971ADD6AEFBF31E599E1784AF2977F714439DBA20B6676CA4DC03DCD4F
                                                                                                                                                                                                                                        SHA-512:EC53720D20AA67A2C272F1C3D738F794CBD78F988B458432772A21CFB73106389954C2C487B85A5ED062CA4385FD4AB84064709C8270C8933DAA52482071C16A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.API.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.API.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ........@.. ...................................`.....................................K.......h................:..........s................................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@....reloc..............................@..B.......................H.......d...............`p...I..........................................*..B(c...(....(....*.....(X...*..(....*....*................8........E....a...\...n.......k...8\...r...p*r...p.. ....~....{....:....& ....8....r...p*.o....:.... ....~....{r...9....& ....8....8....8......*.(+....(,.....8Y.......E........+.......8....s...... ....~....{....9....& ....8.....(/..... ....8........E....:.......................85.....o....(5..... ....8.............i(2...8........E....+...8&.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.Messages.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224256
                                                                                                                                                                                                                                        Entropy (8bit):6.2226977365106215
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:5gieg/fp3Rublq6d4VKl9RQx504T9jP19:eieOfB62VVx5zJ9
                                                                                                                                                                                                                                        MD5:30AECE1972D91CEC63777681926A73B7
                                                                                                                                                                                                                                        SHA1:192550747A794D2054654589068C5BDD23ACE302
                                                                                                                                                                                                                                        SHA-256:CF74774291BFA8F6B6B5EBE54DEFAD51D52E08FC97614558FD4F1CC7FA54855C
                                                                                                                                                                                                                                        SHA-512:BCF64ADD4E1698D3A6E55EE74088C35926A090E6105EA51C430FD63F6072E4A60D34FCF122A950904F4A1CEC0201388A3054665BB7FEE95F160A9E42A149ADB6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.Messages.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.............!..0..$...........B... ...`....@.. ..............................0.....`..................................B..K....`...................>..........8B............................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@....reloc...............,..............@..B.................B......H.......@...X...............+G...A.......................................*..B(V...(....(....*.....(K...*..(....*....*..................(.... ....8....8........E........+...R...x...=...8......}.... ....~....{....:....& ....8.......}.... ....8......}.... ........8......}.... ....~....{....:z...& ....8o...*.......*...............{....s"...*.....*......*B(V...(....(....*.......*.......*....*......*.......*.......*.......*..................a~....{....a(P...s.....(......o....*.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):369664
                                                                                                                                                                                                                                        Entropy (8bit):6.625460113459136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:i0yhs1rgLEr7DBPAqz5x9Sw7UDBvmLUMPHEJnCs11PAVhLvruoQe9PZD6e3Cc5NU:Awhlx9SMc4RPqnBMN9dJD3CcHLI6/Ywe
                                                                                                                                                                                                                                        MD5:AB81BAB4ADFD7DF6DC8F9BF867603E81
                                                                                                                                                                                                                                        SHA1:5B46F2D85B63C3F115AC9BEABE756143B90B5EF9
                                                                                                                                                                                                                                        SHA-256:5FE722B79C37605C713C61FCC530A0A1C42F791584AF5B74CACD9C1DF8720EDC
                                                                                                                                                                                                                                        SHA-512:271952E237C2186083AAB496ECA4909F5EFBEA3D4700C93130BF37ADFC3B4DC6BF57108B2A0E3E9B9290DF552ECC67B22D92DE7FC46F53AEA8DBF7937B366DF9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Client.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.............!..0..\..........~z... ........@.. ...............................5....`.................................0z..K.......t............f...>...........y............................................... ............... ..H............text....Z... ...\.................. ..`.rsrc...t............^..............@....reloc...............d..............@..B................`z......H...........h...........0+..9L..^y.......................................*..B(....(....(....*.....(....*..(....*....*................8........E....1.......^.......[...8,...r...p*r...p.. ....~....{....9....& ....8.....(+....(,..... ....~....{....:....& ....8........E....Y...Z.......8T... B...e .hRfa~....{....a(...........%....(....s...... ....~....{1...:....& ....8.....(-..... ....8........E........>...=...........2...8......(3...(4..... ....~....{....9....& ....8......o....8

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):354304
                                                                                                                                                                                                                                        Entropy (8bit):6.112385200418826
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Mvm33r4BCvAQZn7fboYz+Mbvkqqx0J1aeL22/ISPAyXDiJ6:Mvm33ryC7Z7fkYSMbUxO1d/ISYas6
                                                                                                                                                                                                                                        MD5:FA16D0DC50B77C9F8703B5B36D774107
                                                                                                                                                                                                                                        SHA1:EC426639F3BF3A563491AC53B70BB5EB92E5C314
                                                                                                                                                                                                                                        SHA-256:94AD9F2B387A5E6CBD0F7B2259E37533CA80AAA69BA044DB6A022661EAEB606D
                                                                                                                                                                                                                                        SHA-512:B2E50634A6A7A116C71BB56DC045F29F79ABD5D831ED1AC4A4FB7AB6A452321A814B9877B1C98CC0E185C6B6CAB5BFE3E9435A43F9F4D1FF4D515109779372CD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E=............!..0.. ...........?... ...@....@.. ....................................`..................................>..K....@..h............*...>...`.......>............................................... ............... ..H............text...$.... ... .................. ..`.rsrc...h....@......."..............@....reloc.......`.......(..............@..B.................?......H........s..xE..........\........>.......................................*..B(....(....(....*.....(....*....*................8........E....W.......f...A...K.../...8R....()...:1... ....~h...{....:....& ....8......*8.... ....8....r...p*.(*...9....8....8.... ....8}....(+....(,..... ....~h...{....:....& ....8........E............c...8.....(/..... ....8........E................F...[...Y...8........(3....s...... ....~h...{l...9....& ....8......(4... ....8......o....(6.....8........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Data.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):184320
                                                                                                                                                                                                                                        Entropy (8bit):6.221783549418622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:9bISftpuc0OA1pxW4kNnDZaXNG0Qir2XviGMSFCKq7PcwixGt:9bPlB0OA1SqXNzQLKaQcC
                                                                                                                                                                                                                                        MD5:99692C5CC13EF293197CDE6C912379CA
                                                                                                                                                                                                                                        SHA1:17C504578DCB26E7DF87955362A7EEFB12386555
                                                                                                                                                                                                                                        SHA-256:41950668DB2EB5AB7017484AB74955B664EEDFB543FBD078F6DAE21078EA319E
                                                                                                                                                                                                                                        SHA-512:BDFF8F225933462ECD166359473AD0F0A7A9EE84F92E1EC1B0706AA97257348F134490176E73B6E08E8A586C765C2BE59590135E6F266E076A94B12ED82EF7C5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Data.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.Z............!..0.............n.... ........@.. ..............................8J....`................................. ...K.......h................>.......................................................... ............... ..H............text...t.... ...................... ..`.rsrc...h...........................@....reloc..............................@..B................P.......H........................l..s7..S........................................*..B(....(....(....*.....(....*....*................8........E....w...T........... ...8r...*.........(...+.. ....8........@+...8....~...... ....~....{....:....& ....8........ ....~....{l...:{...& ....8p......(....t...... ....8W........*................E....@...X.......W...8;...~......8`............(...+.. ....~....{....9....& ....8........@(... ........8....*...(....t...... ....8z....... ....~....{s...:b

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Extension.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196096
                                                                                                                                                                                                                                        Entropy (8bit):6.250386192319483
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:UOASlPt5xg7Osb2bPszL5YeYtS8i4cTASYk4IMa6Ldlw:UOASFt5xv0zLxpTvoaF
                                                                                                                                                                                                                                        MD5:A802608C39518F4D5AA0D0ACA476F2F7
                                                                                                                                                                                                                                        SHA1:B67E4ADCE2DE5984818131375A8C0A7239D7AEE1
                                                                                                                                                                                                                                        SHA-256:11374C4265F281819C7DB93B648C8B072D07E0EC599EA203C95C427D5E0CE97E
                                                                                                                                                                                                                                        SHA-512:23AF5CB8AACD5AD060A428185306D57162058CDA1AE52BE576E5BCBA4DFE7901F06D9C0DEED96A7281CCFEBC9DB65C7945B00BD0F6B074DC5EE874FB0533807D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Extension.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@B............!..0.................. ........@.. ....................... ............`.....................................K........................>..........7................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@....reloc..............................@..B........................H............................@...........................................*..B(....(....(....*.......*................... .Q.Ve ".U.a~....{g...a(.... ..S. ....b .!..a~....{m...a(............(..... .B.> .d.?a~....{s...a(.... ...5 .k1.a~....{d...a(....."o.... ....8........E............=.......8......;V... ....8.......(.... ....~....{....:....& ....8.... .... .VZ.a~....{....a(....8&...8.... .... .G(Y &...a~....{....a(..........(....& ....~....{c...:H...& ....8=.........8.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Features.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):141968
                                                                                                                                                                                                                                        Entropy (8bit):6.095571910595917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:q5qgBA2D+nqGVAZvG3hnrTvvvviYPPLG6Gi5tPUrYeiYiPTizo5i0s/KXrrii55G:Sqgy2qq1U3RTvvvviYPPLG6Gi5tPUrYa
                                                                                                                                                                                                                                        MD5:63F68035F2EDE62811EEECF169136E55
                                                                                                                                                                                                                                        SHA1:DBDE8D4BBDCA350080F4701934301C12CD88211F
                                                                                                                                                                                                                                        SHA-256:FFEE7222A6202BF31B2F3058B5003ED0E7A98FD9C5F245B362F64371FF69D497
                                                                                                                                                                                                                                        SHA-512:F3AD7C90B3B48117885778E0721D678CEB47EB7C432FBAB1A60ED6D11AF803EC333822C56ED279C80E9217C64259EBB7EC1CB6F3AC66C28720551C3043E499B2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Features.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V............!..0.................. ... ....@.. .......................`......r.....`.................................`...K.... ...................:...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H.......8m..0...........h...:............................................*..B(U...(....(....*.....(J...*....*................~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~......(...+~....%:....&~......!...s....%.....(...+(...+...9,... ... ....b .wlWa~h...{....a(O....(....8!... 8{.= ...a ..".a~h...{....a(O.....(...& .P. R...Y ...a~h...{....a(O..........*.............(.....0..|.......(U... ........8........E................@...v...0...g...................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Helper.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153088
                                                                                                                                                                                                                                        Entropy (8bit):6.096015765166375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Rar5BdXMvCqqYMpshETiAwnOd5FIE/lSs1veWzn:RatBdcv2ZgRO2Q/n
                                                                                                                                                                                                                                        MD5:FBE815423A8D6D1C06FD83F3CC06E76C
                                                                                                                                                                                                                                        SHA1:F854D1C2F917B7E40435CCB2F5AF46CB887F046A
                                                                                                                                                                                                                                        SHA-256:1720C9D432A5DB0216B12BAFD315E86A6719EE138F3D09C4B91A0214F1281333
                                                                                                                                                                                                                                        SHA-512:C60BD6B8558ADB880778B9E8B2C1A3ACA7F14ED881F5165250596A959BD30CF2048615AD5A8E653706F51733C5D8F7688B1B6317AD34A0FFC3CEAFC1DCC44AEE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Helper.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w..............!..0..............-... ...@....@.. ....................................`.................................@-..K....@..t................>...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc...t....@......................@....reloc.......`......................@..B................p-......H.......T.............. ...a...i,.......................................*..B(_...(T...(....*.....(....*....*................8........E....(... .......T...8#........(.... ....~....{s...:....& ....8........E....=...L.......88...s......... ....~....{....:....& ....8....8.... ....8....~....9....8..........:?...8........E....)...O...8$...8E... ....~....{f...9....& ....8......(.... ....~....{l...:....& ....8..... ....~....{....9....& ....8.......8....~....*~...... ....~....{....9

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Loggers.Application.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):155136
                                                                                                                                                                                                                                        Entropy (8bit):6.100208779846344
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mXXryQmjkr+ff93/q9LrWI1wdfKVwon8IVWDX0IxxRrasF6aDOm:ymj++XNcjwdKVG+Y
                                                                                                                                                                                                                                        MD5:1DB37D2AA8DFAD273BC92B2860B4EFA8
                                                                                                                                                                                                                                        SHA1:CD6AFB90C28905F1592D50013F081A6C45371BD2
                                                                                                                                                                                                                                        SHA-256:BDA4BEEA60EF8FB05073B6CD1DE57B77A4B2E29068411E7128803B90E7359859
                                                                                                                                                                                                                                        SHA-512:78FE5ECE62D36641FA7CDC90D7389D493A8AFFAFE987602AA73AB7FB7EFF65A258B1399B1503DFA30C2463E8AEABD1259D1DD819F9A78D7AA486E048A8EAB066
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V.............!..0..............3... ...@....@.. ...............................'....`..................................3..K....@............... ...>...`......U3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................3......H.......l...p....................2.......................................*..B(y...(....(....*.....(n...*..(....*....*..................s....}....8.....s....}....8.....(.... ....~....{....:....& ....8....8........E............8....*.s....}.... ....~....{....9....& ....8...........*................8........E........<...'...v...P...8....... ....~....{{...9....& ....8....~....9.... ....~....{....:....& ....8....~...... ....~....{U...9|...& ....8q........(.... ....~....{M...:....&

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Loggers.Business.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):202752
                                                                                                                                                                                                                                        Entropy (8bit):6.084395898584841
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:IhI3WaidnUVoKnRV3+ovvBR8OKql4qxoAMrZlhMvxS7BE4YV3vxYzh+jW:oeWagUD+ovvBKg4Y7F3/xA
                                                                                                                                                                                                                                        MD5:5751FC3807356C1857B5B91E7DE45B5D
                                                                                                                                                                                                                                        SHA1:D64906E807DFA80C69C82907395A9660A4AC7FE9
                                                                                                                                                                                                                                        SHA-256:73E2992C703DC532C2205A8956A4E08BA78B3B5D4AED07DB39D7A55547B83E66
                                                                                                                                                                                                                                        SHA-512:BA2FFB30DD22FF0FF743369573D02264154F7AE7DEED16C2D39FC957AFE5FC8020131BA18D621AEF122D498D86109CAD2D9D8A29DB02551610ADF963BA4B0B65
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Loggers.Business.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g;.............!..0.................. ........@.. .......................@............`.....................................K........................>... ......U................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B........................H........... ................/...........................................*..B(....(....(....*.......*................8........E............5..._.......8....r...p*.()...9.... ....~....{....9....& ....8.....((...9.... ....~....{....:....& ....8....8?... ....~....{....:o...& ....8d....(*....(+..... ....~....{....:....& ....8........E............a...8.....(,..... ....~....{....:....& ....8........E....d...)...............X...8_............i(0...8........E....+...8&.....(1... ....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Needle.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):151040
                                                                                                                                                                                                                                        Entropy (8bit):6.110094403881827
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:uszfe8gqYmOuYOfzzyb2Dkji1FQaEOV18GcAw0v+PYaxNu4md:usLe8gqYfgybGKaEAr/WXk
                                                                                                                                                                                                                                        MD5:50A6E9A1962918386B795C23F3D51071
                                                                                                                                                                                                                                        SHA1:678185A86ADC440859F78F54442BAC328A327521
                                                                                                                                                                                                                                        SHA-256:16D0311D1487F6EEA7594FA8D1836434F49BACC7536E7A98960A9C6B9D99C402
                                                                                                                                                                                                                                        SHA-512:830651C72AD83FB7509B78E792406CFBEEA4BF8789D5A13078EBA3428A14AC5E5BD60183C3601CB1C5D610F238FF4FEF7980CBC52E98862E992EB1E2ACE2D349
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Needle.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1..............!..0.............~%... ...@....@.. ...............................C....`.................................0%..K....@..t................>...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc...t....@......................@....reloc.......`......................@..B................`%......H..............................Y$.......................................*..B(q...(....(....*.....(f...*..(....*....*................8........E............O...s...8.... ...U .,.[a~w...{....a(k...s....z. ....~w...{K...:....& ....8....~....*..*8.... ....~w...{....:....& ....8x...(....(....9.... ....8_....~....(.....>.... ....~w...{I...:....& ....8........E....u...<...............8p....i... ........8....8.... ....~w...{....9....& ....8....~....(....{.... ..E ?.HDa~w...{c...a(..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Performance.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):149648
                                                                                                                                                                                                                                        Entropy (8bit):6.105238189284848
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:gVZJLDlibf9fHhD1+/17Fp/XE1wVR2wG1HxY:WJHiZD1+561
                                                                                                                                                                                                                                        MD5:489BF057DCFC83929FA8FE632FA70DCD
                                                                                                                                                                                                                                        SHA1:2EB2FCA6C0FC58590C5618149768D7AAF560F870
                                                                                                                                                                                                                                        SHA-256:B1CFFCCE2079D2FB7AB641F8BBAE7D8844C28B3B6ACC55DC2802D6F97A68436D
                                                                                                                                                                                                                                        SHA-512:EF57E882A05D090964710FFD140E3A1C9D2A7C64EBEB5775B6219BB332E0E635E9D13F74D6242CF0BBBD85EAFF74AF628C1B1C57AA414BF63BDCD81D077A68F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Performance.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....H............!..0..............#... ...@....@.. ....................................`..................................#..K....@...................:...`......Y#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................#......H.......H~..............P........".......................................*..B(}...(r...(....*.......*................8........E........:...h...8.... ..R R.:1a~....{....a(....s....z(....(....:3...8[...(....(....:.... ....~....{....9....& ....8.....*(.... V..O ....a~....{e...a(w...(....(....*(....(....9.... ....~....{c...:7...& ....8,.........*................8........E....3.......8....(....(....9)... ....~....{\...9....& ....8....8,...8.... 8y2. ....b 8.d.a~....{....a(w...s..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.BTScan.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):248976
                                                                                                                                                                                                                                        Entropy (8bit):6.089407589245316
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fCdWsprbc/X+sa4UmBR9OBvkqkzmTfQtFfVqmgCmOpypx/mYWzJzoxR:LOrpsRavkmfSqmgCmRLmYYz
                                                                                                                                                                                                                                        MD5:6CAA478DF71ADA01A4651A96FA422322
                                                                                                                                                                                                                                        SHA1:3175422D1A11076C2970324A702145C3DB8E1E07
                                                                                                                                                                                                                                        SHA-256:943EEB938CDEC5BEA182CE8AA2CA479CA9A3275D9255C2A47DB3D9DB01B1008A
                                                                                                                                                                                                                                        SHA-512:D045863187BAA25CF4CCABA5C1AF91C55E3F8E5111D0DA1E571E721EB0A459AF45B62532B7E0A4488985D2BE18286A918C2DADF51CB566C292B67031047BE3C1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.BTScan.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E.............!..0.................. ........@.. ....................................`.....................................K........................:..........Q................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc..............................@..B.......................H.......4f...............]...F..........................................*..B(i...(....(....*.....(^...*....*................E....B.......~...8=....(.....(+..... ....8........E............r...8.....(...... ........8........E............ ...O...........8..........(,...(.... ....8.............io....8........E....+...8&.....o.... ....~....{....:....& ....8..........:5... ....~....{....9....& ....8........E....+...5...8&.....o.... ....~....{....9....& ....8....8....8..... ....~.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Camera.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196744
                                                                                                                                                                                                                                        Entropy (8bit):6.1481222343305175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Ef05aI0u7OhDTEutfz8kjbS30RKsboQi8S8MGTqApA5upj+hcDllfyu5dc:Ef0wIT78Dt4kfVRHoQi8l3pOPE5o
                                                                                                                                                                                                                                        MD5:F4A4B6F512164745D16EE1DC826302F2
                                                                                                                                                                                                                                        SHA1:79A9C24DF7476E7B3B5083931CCD4EC6E17EAB0E
                                                                                                                                                                                                                                        SHA-256:C40F961E08F614D11404D3D66D25B7D257E3BBBDDBA7B709FEDA16DC05DD333F
                                                                                                                                                                                                                                        SHA-512:F5C4D26C06440C259137321C9F75CC37970D93E30DE75ADC56CA8B86A96EDA231D531BBF2B6F8A8613D698AAC1DB91225B1951079E14D98A4127FC4CD300335D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Camera.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.v............!..0.................. ........@.. ....................... ............`.....................................K........................:..........o................................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@....reloc..............................@..B........................H.......x...(...............g4...........................................*..B(&...(....(....*.....(....*..(....*....*..................(.... ....~....{....9....& ....8....8........E........8....*.B(&...(....(....*.......*....*......*.......*.......*..................(.... ....~....{....9....& ....8....8........E........8....*.B(&...(....(....*.......*.......*....*......*.......*.......*.......*.................:'...8.... 3.YWe J[..a~....{....a( ...s....z d.D.e 'fcfa~....{....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Edr.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142992
                                                                                                                                                                                                                                        Entropy (8bit):6.073743042549598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mpf+vwThHIsceScHje/Jk9ZXOOGNiFCDZrSztUuiW:XwxbTSCqJm4OuGT
                                                                                                                                                                                                                                        MD5:6AB35008C89413796D5D0CAABE0244BB
                                                                                                                                                                                                                                        SHA1:6ADA52E9AB24007308064FB26E37E3C96197F269
                                                                                                                                                                                                                                        SHA-256:19F9083ECFB8D33C85F494DD4F96F37827D25A8E23C3E5836C2B8ED55EDB52A7
                                                                                                                                                                                                                                        SHA-512:DE4BF52E7E7AA5015E5618E68F3F65ED7407B3B58D664B648087A5C7A53901015B0D31DE82B63654E4FD2CFDE6D737749269DBE94C804D2E68CF9AA4EEF25C80
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Edr.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y..............!..0.............~.... ... ....@.. .......................`.......:....`.................................0...K.... ...................:...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B................`.......H........o..................V...V........................................*..B(Q...(....(....*.....(F...*....*...................*...8....*......*..................%...%....%....(....8.........*...................%...%...%....%....%....%....(....8..........*..................(.... ....~L...{....9....& ....8....8........E........8....*..0..........(Q... ........8........E........H.......$...8....s.........8....(.... ....8....*(.... ....~L...{....:....& ....8....(F... ....~L...{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Microphone.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):172176
                                                                                                                                                                                                                                        Entropy (8bit):6.157002851606526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BnDciVGhexCSXHa6aw0Pts5mMUFmq6dCs2yjrX7HbPgW:xDciVNQt6awM7MB9C8b
                                                                                                                                                                                                                                        MD5:3A7ED929230A613C54604A443E35EDF7
                                                                                                                                                                                                                                        SHA1:DC74D6F7892253E6647952764506F5C52D39D16F
                                                                                                                                                                                                                                        SHA-256:B5F24733328A24C240FA87963A50F8D0C16AD3A1BD76BC91D44C19C446CE6A04
                                                                                                                                                                                                                                        SHA-512:F6F6900A44475A5FB806E1CC1E8CADB9AB4D7371FBCF45F831E2BEA92601F24BB1CF278BC273D7037A8E407D842400420C76CC4121720EBA374E54B734911878
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Microphone.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..\...........y... ........@.. ....................................`..................................y..K....................f...:..........Ry............................................... ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@....reloc...............d..............@..B.................y......H...........H...........LN...(...x.......................................*..B(....(....(....*.....(....*..(....*....*..................(.... ....~....{~...9....& ....8....8........E........8....*.B(....(....(....*.......*....*......*.......*.......*................. ...X $_p.a~....{t...a(....s....z D..ve J..a~....{....a(....(....*(....(....:....8..........*................8........E........u.......8.... .... .@.VY E?ena~....{....a(....s....z .... ....a~....{v...a(..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Programs.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):332800
                                                                                                                                                                                                                                        Entropy (8bit):6.178315042612466
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:DNzdJXMSRhdSvGYtbp/chiZEs9d1PomUfyGzph2:xJJXnhL439d1P/Uayc
                                                                                                                                                                                                                                        MD5:289FA505F765127810156291E21695C3
                                                                                                                                                                                                                                        SHA1:842695BEA52D01E5673B6675A88F2FC9FEE5221E
                                                                                                                                                                                                                                        SHA-256:D20872D6DE07D18E6BF92AC729D9A078CDBBAC23C302E5AB761531B1949820B9
                                                                                                                                                                                                                                        SHA-512:EE97C0BA5575AB23631E98D46C8EC0F99935A2CDC94D115B83227F5D16D5B07CB666685A7FBDF3F99105D6BAC165D5AFEAD255409FBDA7CB751A85FE97D292E6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Programs.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6dG............!..0.................. ........@.. .......................@......B(....`.....................................K........................>... ......9................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B........................H.......\...d............^...............................................*..B(w...(....(....*.....(l...*....*................8........E....5...........'...80...r...p*.(*...:.... ....~....{....9....& ....8.....(+....o......8@.......E........~.......8....s...... ....~....{....9....& ....8.... ._.; hK.ua~....{~...a(q..........%.>...(,...s...... ....~....{....9|...& ....8q....(-.....8c.......E........q........... .......8........(1....s...... ....8.............i(2... ....~....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Ransomware.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1521296
                                                                                                                                                                                                                                        Entropy (8bit):7.847329578221486
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:LKCYNFxuyWWTcH4IMkfS0HCHp7z00CxeTrTg3mh3/y86joi+7bxKCa7z8JgQtU:Ro1WxMgSCCHlzDCxqrk2h3/ync7b3
                                                                                                                                                                                                                                        MD5:2885C6DA9DB101EE2CD99F69A2C7E431
                                                                                                                                                                                                                                        SHA1:F9065CB9D42E7CAB8ECF7755D8DC79D263E79307
                                                                                                                                                                                                                                        SHA-256:79B529C7373C56AEF90B0FDB6BDD0A69ACBE4E914955A87A70A3C7CB056CEE12
                                                                                                                                                                                                                                        SHA-512:99DEC4C58C6194AFC4AA8A5F2238905D34A239CA5F8465B4C280987F80171AA77B970DD116FBE5BE22A905FA417BC769935F7FC1DA8FE9CEB501D529711C28B1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Ransomware.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ... ....@.. .......................`............`.....................................K.... ...................:...@......4................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H...........T...........$................................................*..B(....(....(....*.......*................E........n...a...1...8....r...p*r...p.. ....~....{....9....& ....8....r...p*.()...:.... ....~....{....9....& ....8.....(*....o...... ........8........E................8.... >.0t .&.Ha ..%Aa~....{....a(+..........%.P...(....s...... ....~....{....9....& ....8.....(...... ....~....{....:....& ....8........E....G...........w.......T...8B.....(1... ........8......(3

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Self.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):171520
                                                                                                                                                                                                                                        Entropy (8bit):6.170576629726866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:rl9yiQCmAf0TW629ElqcpcGlLQJ5/xvttOqzmnWS:rlA4mNWF9Elfp3LE5p/O6w
                                                                                                                                                                                                                                        MD5:3E3C2B5EEBCF2967204602A6CBCB7517
                                                                                                                                                                                                                                        SHA1:FD94F8433D46C762D18D5CDF95D7653730436062
                                                                                                                                                                                                                                        SHA-256:C580120DD5B29E5FF34D4ED41B86FF45CD596FE102914508C7D67CE112FE0DF6
                                                                                                                                                                                                                                        SHA-512:87C71D2D52FE19AF261B422AC764E477172F1C13B25B891768E7ADDCE88594C72B1DD808E109A6A107C2BB07A1B3AEC5A0387CAF45EDDB8141254CA7137EDE96
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Protection.Self.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.S............!..0..V...........u... ........@.. ....................................`..................................u..K....................`...>...........u............................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@....reloc...............^..............@..B.................u......H.......................HN..~$...t.......................................*..B(....(....(....*.....(....*..(....*....*................8........E....*...................8%.....*..R ....~....{....:....& ....8....(....(....9.... ........8.......(....9.... ....~....{....:....& ....8........E1...............3...........8.......<...i...v.......................................-...................d...................p.......p..._...........W...I...n...........................J.......W

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Detections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):160400
                                                                                                                                                                                                                                        Entropy (8bit):6.153604832369825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:CdWzTvFO5YfsLs3DR/zduFTeGuZN4GEQzecGv7yu/R+Ysq/R+FZ:CdOTvFc0somT4z3ifkViR+
                                                                                                                                                                                                                                        MD5:E5F0DD373E7B18B968FDC1087734F249
                                                                                                                                                                                                                                        SHA1:7AA65A636B7308F2BF9857530928DD50F0ED23E5
                                                                                                                                                                                                                                        SHA-256:EE4ADDB2FDFB0196F64D291F658377E7911643840DDE4D360AA2C7EEA3BCC020
                                                                                                                                                                                                                                        SHA-512:0CF3FD3A0FEEC3FF292BC0A81A33F022E46F1DD8BEE84D830628C80E96F2033975671D3B2C9B2386554074E3595A20DFE4EC3C0360FCF6B3FDF4AA1D1BD086B8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Detections.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6:.............!..0..............M... ...`....@.. ...............................O....`..................................M..K....`...............8...:..........'M............................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@....reloc...............6..............@..B.................M......H...............................L.......................................*..B(....(....(....*.......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnAccess.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):514560
                                                                                                                                                                                                                                        Entropy (8bit):6.409490598681187
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:xzAxZAn4A7V7xZ8dKOpMjampeKWBg1at/MKBVIMtYBeNVLq:x/4AxdBedrMKpZdq
                                                                                                                                                                                                                                        MD5:73452F58EA360501168391ED51967414
                                                                                                                                                                                                                                        SHA1:CCA89D6093F987572967042CD6321D13B1FF342B
                                                                                                                                                                                                                                        SHA-256:D314FE22DCB040B8A7AD183C15C872E4B0E14ECBB169AA8F4DDE84389A1513DB
                                                                                                                                                                                                                                        SHA-512:6E663E9462E5A1A1BB88A7B88DB35994B8B9A2A5FB0C47DA5D6038524439790F72D2A3A5EE8602AA3E49CE9EE24708D3E3F368D8DF931491794BD598F6481F08
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnAccess.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7.............!..0................. ........@.. ....................................`.....................................K........................>..........O................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc..............................@..B.......................H............T...........m..7@..........................................*..B(....(....(....*.....(....*....*................8........E....q...K...2.......$...8l...*.........(...+.. ........8........@D...8.......(D...t)..... ....8....~...... ....~5...{....:....& ....8v....... ....~5...{t...9^...& ....8S........*................8........E....i...[...j...-...F...8d.......@M... ....~5...{I...:....& ....8.......(G...t)..... ....8.............(...+..8........ ....8~...*~...... ...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnDemand.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):472064
                                                                                                                                                                                                                                        Entropy (8bit):6.199008548625321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:cCz7cTxZKL1JmzPydmULmHQ1c6yqmZ4EdzktLRuCXzYbdWrFQEp5ze:cCMT20P5vD67wvzsRudWrFfze
                                                                                                                                                                                                                                        MD5:D39E273EE94BBC10711BD117681C012C
                                                                                                                                                                                                                                        SHA1:DBA8D0169DC6010C78F323194558AA0CF4675983
                                                                                                                                                                                                                                        SHA-256:A2B2ABF5E7B80135C07A35BB9200BADD4C0C12B997234B063D6F6E1EE395A55C
                                                                                                                                                                                                                                        SHA-512:2CA1432FF29212CB8F33F220650314B93F415A4203A10DA55E58D7B6B22CE2A71EF9AA6C79F82B168152DA4D36A4D9AC150DDBAED806B98D4AF9F6ACB8C61A59
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.OnDemand.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..............!..0.................. ... ....@.. .......................`....... ....`.................................P...K.... ...................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H.......0....k...........*.._...r........................................*..B(#...(....(....*.....(....*....*................E................2.......8......*8+... ....8.....(+....(,.....8........E............Y...8.... ....f ..0}a~x...{....a(-..........%.....(....s...... ....~x...{~...:....& ....8.....(/..... ....~x...{....9....& ....8........E........l...........4...Z...8......... (0...(1... ....~x...{....9....& ....8......(7... ....~x...{t...9....& ....8........(3....s.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Quarantine.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):416400
                                                                                                                                                                                                                                        Entropy (8bit):6.284768478175249
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:8CeUGvX2vrwWyfKVuiDBvnFLJevzfXjvZ:8zUGv2Dw/yVugnFLJevzfF
                                                                                                                                                                                                                                        MD5:FEF47B4E7B63CB25325B309501C1277F
                                                                                                                                                                                                                                        SHA1:1855189CC7572FA17E6140100930F33B7C567883
                                                                                                                                                                                                                                        SHA-256:426C7A2EB540DB5B688D9D49DFAB819178AF4D1EEBD23ADF979BB0178EC6FE5B
                                                                                                                                                                                                                                        SHA-512:316ED1CF7F6438481E13BAFBE5DD21550A86AB7AC20A1FDFFA4AA9A934757A0E570745E1D96B6AD28DA665C0B63E5EB460FDE1F5676445A18A71745B78D54850
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.Quarantine.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8N.............!..0..............5... ...@....@.. ..............................M.....`..................................4..K....@............... ...:...`......k4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................4......H........7...!...........X..*....3.......................................*..B(....(....(....*.....(....*....*................8........E....................0.......8.....(.....o...... ....~....{....:....& ....8........E........$.......8.....(+..... ....~....{....:....& ....8........E....?...n...8.......^...s...8:.....(2...(3..... ....8........o.....s...... ....8......(0... ....~....{5...9....& ....8..........o....(....8.............i(/... ....~....{....9....& ....8........E...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2771600
                                                                                                                                                                                                                                        Entropy (8bit):6.630252356589734
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Vo5aD7iyJuZetjPsDpGg+LHH4YvbCPv7KOuNXU9QtCofuHMBgNTaH9+4/V5WE7li:VRscg+i7KXlCKQ+8uN7lEUjkAW
                                                                                                                                                                                                                                        MD5:E3AEDD60FA756973BFA4BF4DF12D0E3C
                                                                                                                                                                                                                                        SHA1:8C4ADFF407EE0FAFE72F3FD6AEE2D2EE56B53819
                                                                                                                                                                                                                                        SHA-256:A634608BCECA94C010B383B1B4CCC4750F875C41C458C3FC26A1941F2F09D836
                                                                                                                                                                                                                                        SHA-512:2C1725561C2E43DEB329CFA50E7A1E185AFE8E5C84E52F00A14C1BE81684D5EDA2708231F69DA5B9FA5FD94DF0F32DF809A581CA1D13809E7565535FCDBB3EB0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Scan.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P.q............!..0...*.........^$*.. ...@*...@.. ........................*.......*...`..................................$*.K....@*.h.............*..:...`*......#*.............................................. ............... ..H............text...d.*.. ....*................. ..`.rsrc...h....@*.......*.............@....reloc.......`*.......*.............@..B................@$*.....H........<..|...........(....?..C#*......................................*..B(Q...(F...(....*.....(....*....*................8........E....5...S.......Y...\...80...r...p*.(*...:L... ....~....{....9....& ....8....8.... ....~....{....:....& ....8......*r...p*r...p..8.....(.....o...... ....8........E........5...A...8.....(...... ....~....{....:....& ....8........E....W...|...B.......O...4...8R.........o....(.... ....~....{....9....& ....8........(/....s...... ....8......o....(..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.UDI.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):218112
                                                                                                                                                                                                                                        Entropy (8bit):6.125510337455106
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:dHfzQNeguktxKD8AOQnzdGp/uaONd3aDDqnuHkFSSSqw9ZG9G+4c3TP:xoeg5wD8AOuztNcDD2lSZN+4cL
                                                                                                                                                                                                                                        MD5:E921ED7413602B2083B92D2A59B3CED8
                                                                                                                                                                                                                                        SHA1:D7D39380690EBF37980478BF0147355706AF90F6
                                                                                                                                                                                                                                        SHA-256:E97376D9A88F7162CA726B09F275C3C8AC9D46245F596B0F70670B1F6B211624
                                                                                                                                                                                                                                        SHA-512:256B7D71E8E31F4ADE989D6CBCDA70D49897F88E591298C3E19DD06E97218EEBB92D47B7A959F2FB9C100B7D706E141D2BFDF2AA20623948B78C3807E2D1FE08
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.UDI.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..............*... ...@....@.. ....................................`..................................)..K....@..h................>...`.......)............................................... ............... ..H............text...4.... ...................... ..`.rsrc...h....@......................@....reloc.......`......................@..B.................*......H........1..0...............k8...).......................................*..B(_...(T...(....*.....(....*....*.......*.......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*................8..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Updater.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):166400
                                                                                                                                                                                                                                        Entropy (8bit):6.158608866537054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DXjdRFYnUGOU5EkAOb1G4/bYEDJNsg8Ta/PM38ovau1FHdGXa7:DXjLFYn7GkPXbYU+vt1F9Go
                                                                                                                                                                                                                                        MD5:E0D4F80FBCEEC79CCE5938FE9F01CFC1
                                                                                                                                                                                                                                        SHA1:DBCDFC09652F84486671121BE2F1CA37F043C94C
                                                                                                                                                                                                                                        SHA-256:ECCAEEDE0D5EC2B32DCDCFC96E1A4BB0D6C495B04B1EAEE5A56A8314C5B5DFA5
                                                                                                                                                                                                                                        SHA-512:A9E303EBF5392DF9AC804B220846116FDC9EF308E99920C6F2F240F20B8EBDC2C696A02730DD429D15E5D8E22AEBEB280BB2222E23D3DE0E19D249CADAD858BA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Updater.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f............!..0..B...........`... ........@.. ..............................8u....`.................................p`..K....................L...>.........."`............................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@....reloc...............J..............@..B.................`......H...........4............;...!..._.......................................*..B(....(....(....*.....(....*..(....*....*................8........E............n...+.......8|...~...... ....~o...{N...:....& ....8.......(....t......8.............(...+.. ....~o...{....9....& ....8y.......@.... ....8f....... ....8X...*.....*................8........E....:.......i.......w...85...*....@Z...8....~...... ....~o...{....9....& ....8.............(...+.. ....~o...{....:....& ....8~....... ...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Utilities.Browsers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):534016
                                                                                                                                                                                                                                        Entropy (8bit):6.1378496343217614
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ruFjirA1cQ3luN7Ce9+YLgtXsXNvSgKc4D7SBinCCwCy:r6jUA1cQ3luN2e9hLGsXN6A4D7TnCl5
                                                                                                                                                                                                                                        MD5:3D99E12DEB19BAA369F7FDCD78602852
                                                                                                                                                                                                                                        SHA1:D2C3DCAC19A1F2E6F0766830B034D3792708C5C6
                                                                                                                                                                                                                                        SHA-256:25D5733DE291FC13A5377E293A1DB0628BF46028C1A75451363218043EDC71B7
                                                                                                                                                                                                                                        SHA-512:EB600DB4E7A4139FF105995E2F6A58278772AECF66EFD7406C1B2461312554756CD2F1423CD5C69202FC5D4FBE5F274B1A7F46A4A5C2894EBDD34AE99AF4DB4E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Utilities.Browsers.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5.............!..0.............~.... ........@.. .......................@............`.................................0...K........................>... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B................`.......H............<...........'......Y........................................*..B(....(....(....*.....(....*..(....*....*..................9......o....(....9......o....(....9......o....(....9......o....(....9......o.....*...".......*.....................E....*.......8%...... ....~....{`...:....& ....8......*.~....(....(....(.... ..4. ....a~....{....a(....r...p(....(...... ........8........E:...........O...".......C.......................:...~...............>...........,..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Utilities.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2464400
                                                                                                                                                                                                                                        Entropy (8bit):6.218158032777317
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:26nuotpeZ9F9wQ7YO6GWZ1VlB6F00QEXiAuT6A6yl2XhKNO8s3+WB:C2QMDHCTAHemO8I1
                                                                                                                                                                                                                                        MD5:3E90B6DE455F8A6EBF19F909EEF0F2BD
                                                                                                                                                                                                                                        SHA1:EF08B47F6A311DE7FBE94B64A5BA3FF30B4CDEE7
                                                                                                                                                                                                                                        SHA-256:57BF1B550404462301C0610BF33865B504B5D0B09C87B6F97F55B089E059A6D1
                                                                                                                                                                                                                                        SHA-512:1A92732CA78D52076D16A751882AB9A9CBAB8558BF3DC1558C39854547E7430A7D278D048433459A6D3FC4D06820FDE74DDA6B4BC109B057DB6480B5ED4B38D0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f..............!..0..V%.........~t%.. ....%...@.. ........................%.......%...`.................................0t%.K.....%..............`%..:....%......s%.............................................. ............... ..H............text....T%.. ...V%................. ..`.rsrc.........%......X%.............@....reloc........%......^%.............@..B................`t%.....H.......X=..,S............ .....`s%......................................*..B(....(....(....*.....(....*..(....*....*................8........E....2.......{.../...G...<...8-....(....:;... ....~y...{....9....& ....8......*8....8....8.... ....8....r...p*.o....9.... ....~y...{a...9s...& ....8h....(*....(+.....8........E....O...X...u...8J... .!.. .@.>a~y...{w...a(,......#...%....(-...s...... ....~y...{3...:....& ....8.....(...... ....~y...{....9....& ....8........E..............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Wsc.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142848
                                                                                                                                                                                                                                        Entropy (8bit):6.084168906551222
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:U0ufITLt74jugCBnwQ5pbYehtBw2uF1/A/zTkRK1b6jeWpV:U0ufITJ74agCJwQ56ehtBw2ubYV1bx6
                                                                                                                                                                                                                                        MD5:C52264E3E8AAA14A7F8F5101BBA18730
                                                                                                                                                                                                                                        SHA1:A19A6C8BE9BB38FEECD49EDB09A66BD725312A26
                                                                                                                                                                                                                                        SHA-256:ADFFE3F17B6812A7B0AAE6AA8BD97645E62F91B79E10E405905F03C78EBC07C9
                                                                                                                                                                                                                                        SHA-512:8BCFB822EEBC4E1A70328FAEF907CF028CCBE11A60C6E2A98343E022524B840DEDBE9189E723B7758A2C77187E5B0E471EF1FC47E97B82B6736FDD7435AD64F4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.Wsc.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ... ....@.. .......................`......I.....`.................................p...K.... ..h................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...h.... ......................@....reloc.......@......................@..B........................H.......lo..............$................................................*..B(R...(....(....*.....(G...*..(....*....*................8........E........e...........8.........(....8K.......E....Y.......}.......F...8T...s......... ....~R...{_...:....& ....8....~....:E... ........8....8.... ........8.....9... ....~R...{y...:u...& ....8j...~...... ....~R...{....:O...& ....8D..........:5... ....~R...{a...:....& ....8........E....5...+...80.....(.... ....~R...{....:....& ....8....8.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngine.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (5824), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5824
                                                                                                                                                                                                                                        Entropy (8bit):5.99179572850437
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Rw99zAT1M+bHIEwrgiYlBk9x/rcohy9Q/GDFSf1Ru/M7j0C0wXfAXBT5A:RwLzAZxrIt0Bk7+QZz7jh0wI5K
                                                                                                                                                                                                                                        MD5:0195B6F2D3E0F5A4947F353E48E15D8C
                                                                                                                                                                                                                                        SHA1:F29FB502B68A486FFEE0C55ED343C15E5110E6F9
                                                                                                                                                                                                                                        SHA-256:52B9FF10C412162CE0AC5ECE6CD56B1164C209AF1AD8B3B8E334149ED6E4EA56
                                                                                                                                                                                                                                        SHA-512:65BA63D1645A1C507C2A8C4728DF0F1F660F3574333925386F1B5B07F11E4E894D8404767A478A384D6A5910915FF040698C6C761047A4CE53A9FABD2D788BEF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SeNHHAozzDzx8xafGs52O02M3LrbDRSLIJ5xixluCuxOz2RE7hbtSEc4h5uwlDrbNRkIuc4wJhx4cXXt/BOt9Z+36zGIYFX8XISHgLWcpFjCNyTrdgn2YOwLq7Y7bAKO5yDJj86mhhScMYzZBlyORgFRJ147EDfwm0fcGGR0sjv0p2Gn/ZV4AgD66Ocu+Msv8hkX9Iv4Ny94mQ/t8HdSZcpl3Vs1/Y2/w1eWrsjffIJRQPTst3kD+6PkJ6wESCkalyNysMY7Xym7/aS1fSZWmUxP0m0VZihGj6AV+J3d8we9Z3Jd/GK2Eyq8xg+d0D03kWzKYSSWH6IurX1f0MJ/RdIqVoXOToOeW8FXmrL/mVu1P0Sk9q5GCosFlPYAQdEkM+k9JNb0YPcOmlrbVVF+CU2PekpKhwWF/u6kFjbT3EZbXcfjB4XPqNremlWvMtCo2mOnMIs9Omm9ROlhD28LolaA9zpxsgDoqLGVSb56MA8Z2ho9DdUQHixQWphsJ7efUATXjTeoitUN7qTrigGJXAeGYCeHtHISIi8LkQB6uba4L8w6imPsL/ak8FtVyW2OYkpELVVcBdg5NTDT7hhkgBYjSRz4udHNJAwrHJtQkDcZRu81LGNQBmeEER99cN71j06CjH6xiw5y6Q/bgmQ8OvH0WTMXXcCc3fkVWDHgSDKvj6owxB9+Z3KGjnEbmpOzfxDkI8h4JF2ALQbKSxhTEaLUDm7zsJuljmB7VBsCEAw0yStGo/aTERF+U4Hlh6RrC6jTRnB6hMMY3NJf7nqG7jlAcyoi6/btEFUz0MmFZ6PF7rOuPsIuD3QHWgZdFQIH/TZskLj1YAEXDsU/HSQR/ukB/If5hjj5Lk4ZkZ621Upjc2OVvyFMrSEC8chhTVfauV72ZEIvueY5TFjx+AxdEvShXzTTJJjlss3nI8Qsy2+k/bUAuaJO9qlH6KuWoYT5keJ7IZxJQP0DE1Lfzb6ZWNMcwZLxYXCpR4lLNHDb

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.Proxy.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):167424
                                                                                                                                                                                                                                        Entropy (8bit):6.165456000712779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TdtSl7bGtt5g6RBJ3jqXc6AFBnMkV21vbzy:Zt2bgn32KMc
                                                                                                                                                                                                                                        MD5:327345B3F3E66A7429BFD822F6C20553
                                                                                                                                                                                                                                        SHA1:D2A8E73744B1F266B16E18FBA4C61AA5C5B50CC7
                                                                                                                                                                                                                                        SHA-256:AD6C80D0BE80A6581DAAE0C9A851586D5511C60FD2C2CA4705027259591DD2A2
                                                                                                                                                                                                                                        SHA-512:B7C1476196782942DC15198B8CE8DF92EAB4E4B388A4C8DF5DE39FC47947A4638FC94EA7657F5636D88A1B8E8098753B80862F5CF87DE47FCDE14A0D40613AC2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.Proxy.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.............!..0..F...........d... ........@.. ....................................`..................................c..K....................P...>..........qc............................................... ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@....reloc...............N..............@..B.................c......H.......l................=...#...b.......................................*..B(a...(....(....*.....(V...*..(....*....*................E........M.......Z...8.............(...+.. ....8.......(....t...... ....~....{h...9....& ....8....*~......8(.......@.... ....~....{....9t...& ....8i....... ....8[.........*................8........E....G...4...n...U.......8B............(...+.. ....~....{....:....& ....8........ ........8....*....@....8.......( ...t...... ....8y...~...... ....~..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.JSONInterface.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):309248
                                                                                                                                                                                                                                        Entropy (8bit):6.231027305537471
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JY9xWi4IKRdUa3n5Xuj8NZsaJ6BrdvtFmso7UT+mTDNfXDfKrB+3fCyhM4TKBj7y:JaBjHa3RpZsa4BrdVF9o7UPD0+PDki
                                                                                                                                                                                                                                        MD5:EDAFCF4340BE2E065FD54D20CBD3DC58
                                                                                                                                                                                                                                        SHA1:77491716599FC8D874D9E3F320379CD2309D394B
                                                                                                                                                                                                                                        SHA-256:3F29E100DB1DA87A42B9CD30E96AE9FB1066C0E7ADCB774C76E0A1DE7481875A
                                                                                                                                                                                                                                        SHA-512:29CD20A20506227FE9F04BBCE632B39B39648EE7621A053D9DC7CAF81F0D586A79E32CEAF29C7B0FF36324FAE08F8CAD5FAE5F5D20E9FCA194F9F5F4E818D1F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.JSONInterface.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....GPf...........!.....p..........^.... ........@.. ..............................^c....@.....................................K....................z...>........................................................... ............... ..H............text...dn... ...p.................. ..`.rsrc................r..............@....reloc...............x..............@..B................@.......H.......l...t...........................................................*..B(....(....(....*.....(....*..(....*....*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*..................t.........~....o.....i.@.......i...s....(.......j...s....(.......k...s....(.......l...s....(.......m...s....(.......n...s....(.......o...s....(.......p...s....( ......q...s!...("......r...s#...($......s...s%...(&......t...s'...((....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):190464
                                                                                                                                                                                                                                        Entropy (8bit):6.260050422590562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:pk4fIhz6wRxDxwWEIW8lReMzF8hakNzijRcuQGK1mTw:pZfkz6iDx9xmh1VuX4
                                                                                                                                                                                                                                        MD5:6586DD2E2192CC016D40D6A0439B1923
                                                                                                                                                                                                                                        SHA1:2A30D5A172BDB44FD4C0A91AD729C684EFF068CB
                                                                                                                                                                                                                                        SHA-256:6D5EC23B8E664ABDEF46A39A2AE0BB86674A29D342DC11CF9ACA356EEC6C6D07
                                                                                                                                                                                                                                        SHA-512:3F1A945AC993C6009D8DA2AD466A48CC87B1CE3D702F53448A3F8E253DA7797B4CE9484434A1C9D4B462AE8A0BF808A9CE5A2B3CE4539822A5F461E13700C5FD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.RPC.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Vm............!..0.............^.... ........@.. ..............................E.....`.....................................K.......t................>........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...t...........................@....reloc..............................@..B................@.......H.......................p....-..<........................................*..B(....(....(....*.....(....*..(....*....*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*...................(....&8....*....*................8........E........q... .......K...8....8.... ....8......;^...8....(....%:H...& ....~....{....:....& ....8......;.... ....~....{....9....& ....8v....*(....*(....%:"...& ....~....{....9N...& ....8C....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):364688
                                                                                                                                                                                                                                        Entropy (8bit):6.349300837557166
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:IhN7hsWFCYn1OccgbaLUGj13/ILPYngdruWO8ITeN8fl31171ntnPQvpQ4zc+eMR:ShsWFT1Oc1ijZ/IDddaWGl111BuvRc+
                                                                                                                                                                                                                                        MD5:D8053B9FDBDBB3E32CF583AACB29D1EE
                                                                                                                                                                                                                                        SHA1:43D1F93711C410C9458F0C10F98BB89690661F1B
                                                                                                                                                                                                                                        SHA-256:D241E1EE561D0161455520676504E581CC2FEF4BEA6680C9D447FD2253678B2E
                                                                                                                                                                                                                                        SHA-512:C436FA0B982E3212A2D7379F3DAE8DCB2984973889544719B6E68CC8FC53A7CCB31BB2190FF7D868A74ED65D5A93435D71A8A5BE6BD4AFA8E075EBDA9C94075C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0..J...........i... ........@.. ..............................z.....`..................................h..K.......$............V...:...........h............................................... ............... ..H............text...$I... ...J.................. ..`.rsrc...$............L..............@....reloc...............T..............@..B.................i......H.......TQ...m..........\........h.......................................*..B(/...(....(....*.....($...*..(....*....*.................po.... '...8........Ec...4...........!...........P.......Y...........a.......6.......+...!...................4.......................@...............A...........p...(...........}.......5...........................C...........`...<...<...................j...R...........................!...................?...[..................."...8...........[

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsEngineSvc.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153600
                                                                                                                                                                                                                                        Entropy (8bit):6.136407498903004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:6K86KKJ/0hDGadf+DZZC3J5Qdl+4e4cwJ5EqP4qCq1RY09:6KvKKShKe5QdM4e4cGT/n
                                                                                                                                                                                                                                        MD5:42FFE698DABC46C3993D74E2BC6116D5
                                                                                                                                                                                                                                        SHA1:19D937886A469C3A7EAB1CC4F662476D37E22C44
                                                                                                                                                                                                                                        SHA-256:031348435351CC53C63FB0C0365AB0612FF405D34DD25D97C2EDA90F00BA3E1E
                                                                                                                                                                                                                                        SHA-512:9F11A2E661390834D34472D92CA2750B499B379D1E1368E67B48ECCE56BA464F22D3C713DF1AE7805895E9E9568EA91537988232213BE919F58B2E056116FCDC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............~,... ...@....@.. ..............................4.....`.................................0,..K....@...................>...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B................`,......H.......0...T.......Y...........h+.......................................*..B(....(....(....*.......*................8........E....l...........C.......8g......... ....8....(....o....9m... ....~w...{r...9....& ....8....(....(.... ....~w...{m...9....& ....8{...8.... ....~w...{N...9b...& ....8W...*.(....8.........*...(...+*......*................E....9.......:.......|...84....(....9....8....8 ... ....~w...{I...:....& ....8....** ..y ..xa I.<sa~w...{....a(.....s.....o....(....:

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsExtensionHost.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsFrame.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.868915768817926
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BYzPTJH3h8Eq7rjP9Z95Xa/rl9qX2Ip4VnTjdAA1m5wMBq5ul043Ovfh+LLX:BYztH3h8Eq5HRKrLy2Ip4VnTxf1mlBqi
                                                                                                                                                                                                                                        MD5:C104DA9AADDEBF969962F11EA3F7F42F
                                                                                                                                                                                                                                        SHA1:546EC88DB080684694860C9B0B4B2EEA48B9953C
                                                                                                                                                                                                                                        SHA-256:9E5714777C010A693FCCB69AF0FD3909DF486360B8D8DA67A257F338D0CD3D16
                                                                                                                                                                                                                                        SHA-512:EE0AE4101130A5E852254543930B5915D74D54145738084DEEC661C74B4D09924D323E7A4FCDBA559FFE38C7522C785FA92CBAA02C1CB24262724BB93C9B4A1E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............".... ...@....... ...............................v....`..................................-..O....@..H................>...`......D-..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B........................H.......H$...............................................................0..t..........(.....0...R......*.-...R......*. ....j5...6.r...ps....z.i.................Yo.......1...X...1...2.....s....z..R..*.0..E.........i..,-.j%(.......X..........(.......o........o....*..(........o....*..(....*....0..^........~....7T.~....7J.~....7@.~....76.~....7,.~....7".~....7..~....7..~....7...*..*.*.*.*.*.*.*.*.*...0..B........(............T...J...XT....j_ ....j`...d%..-...J.Y.....%G.._.R.*..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143872
                                                                                                                                                                                                                                        Entropy (8bit):6.099711845700752
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:/Wy17X7LCWgHARJGojSkT3j+iCFCKJVLgEYyoE/58ceViIZF45Lw2aR8PTMDz+VK:/WQLJDTGh83qhsKbLzoke74I0Fn32io
                                                                                                                                                                                                                                        MD5:FBEE628345F36CDDE1AA68500C805888
                                                                                                                                                                                                                                        SHA1:990C2FF6F1CCD1B3AECF7137C8EEE764EFECD754
                                                                                                                                                                                                                                        SHA-256:BD8DBBF36AEB46474A5C087B939F96979C65E3EDFAF0B0C889EDF4B3316E0FC0
                                                                                                                                                                                                                                        SHA-512:B3A0285AE5B6F614EC1DEA34C9276A9F44982B5E16F01A71FC7168424F035B05093AC95BC47888B80EDC607C5E7865A253D5FF6996E9F7FCCC9CA1CB6DBC6E8B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?...............0.................. ... ....@.. .......................`............`.................................p...K.... ...................>...@......)................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H........k...............................................................*..B(f...(....(....*.....([...*....*................8........E....9.......)...v...............84......... ....8....(....r...p(....8>....(.... ....8....(....(....:.... ....~....{....:....& ....8x...(.... ....8i...(.... ....8Z...*(....(.... ....~....{....9;...& ....80.........*................8........E....*.......8%...(.... ....~....{....9....& ....8....*......8........*................E..................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsHelper.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsJSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224400
                                                                                                                                                                                                                                        Entropy (8bit):6.7771936576354355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:R7IEMtFMZZi+Ng9999994f9oMlnhcNx3Bn:BZi/MlevB
                                                                                                                                                                                                                                        MD5:FA63504382F4F3F92FA86841D9E97F29
                                                                                                                                                                                                                                        SHA1:0BDE02C98741BB24EAF501BD8E2D9738742CD042
                                                                                                                                                                                                                                        SHA-256:5F0764E1998464F63C6583F870DD3784921B752B91D8E450FE2C90153CB5E58D
                                                                                                                                                                                                                                        SHA-512:C8483D9060A6800C8DEDB4D5FEA7CDA346F742CA1A149C3EB608823209AFF1F00BFCC5B0CAF9C482C7B01D75F6E198EDFAE3B0100CB0DCA6E5B5F18336ABDEE5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3..............!..0..(..........nG... ...`....@.. ...............................)....`................................. G..K....`..D............2...:...........F............................................... ............... ..H............text...t'... ...(.................. ..`.rsrc...D....`.......*..............@..@.reloc...............0..............@..B................PG......H....... ...P...........p\......_F.......................................(....(....*:+.(.N.R.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*....*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLitmus.A.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):111616
                                                                                                                                                                                                                                        Entropy (8bit):6.294958596524468
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:XfL+72PsK9Qd/RpgyxMkJfjQmMCdwMzTVVAP:XCqkK2/Rp5DzTVKP
                                                                                                                                                                                                                                        MD5:25E82984602B03AE3572A1AE582B3392
                                                                                                                                                                                                                                        SHA1:7407428D1B7E82F5266B1FD9F010F9C63079B7E3
                                                                                                                                                                                                                                        SHA-256:D1DBA91B162DA215E091701BAA4A662EDF22911CAE67C64DF0ECA8FF7A1EAA78
                                                                                                                                                                                                                                        SHA-512:72CE8E33C1A1D2AA8AA68906A89787AC589DA86845211E066E5D1B41948FD3D7FE16FDBBA8A6CDFCF5DC944943A8ABD4ED4E582D959D1C6A1AC802DB3D5F5480
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Lq..-..-..-...E..-...E..-...E...-...X..-...X..-...X..-...E..-..-...-..;X..-..;X..-..;X..-..Rich.-..........................PE..d......b.........."............................@.............................................................................................V..(...............t....v...>......8....E..p...........................@F..8............... ............................text............................... ..`.rdata..V...........................@..@.data........`.......R..............@....pdata..t............\..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc..8............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLitmus.S.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):105456
                                                                                                                                                                                                                                        Entropy (8bit):6.166230469207198
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8fL+72PsK9Qd/RpgyxMkJfjQmMCdwMzTVK:8CqkK2/Rp5DzTVK
                                                                                                                                                                                                                                        MD5:7C97046701CB82E4E409DF20AF386275
                                                                                                                                                                                                                                        SHA1:051267E447CF42B2ECA5F695526F18ADD1CCF3E4
                                                                                                                                                                                                                                        SHA-256:38CA46547C8C7C5C0C8E394EA355A03C26A08ADB63B39FC95AA5461B5321DA7C
                                                                                                                                                                                                                                        SHA-512:22E2CFBDA6E47D62E0F87535F4F61ECC67408EFDF020C41A29993BD80FAC9CC40D4513708C0BC96CBAA0D70686BBBD2D7CB1FBB95BD273937159D6516452B691
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Lq..-..-..-...E..-...E..-...E...-...X..-...X..-...X..-...E..-..-...-..;X..-..;X..-..;X..-..Rich.-..........................PE..d......b.........."............................@.............................................................................................V..(...............t....v...%......8....E..p...........................@F..8............... ............................text............................... ..`.rdata..V...........................@..@.data........`.......R..............@....pdata..t............\..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc..8............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLogger.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182920
                                                                                                                                                                                                                                        Entropy (8bit):6.549984856278825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5Uy/CR6dEfViQ+7gLmiEw/zrQUTkkySNP0dbNIprWrL:Cy/CVQILmil/zrQV2YbNGy
                                                                                                                                                                                                                                        MD5:E3FA0916F33BEE8A14F28421D2DCDC9F
                                                                                                                                                                                                                                        SHA1:FD3DCA4DB55E81EBFFC7609C5D63A4FFBD6629B2
                                                                                                                                                                                                                                        SHA-256:29AAFF11E775C800575B1A5D4160DAEC749DDE528E68BC3B6E9B340279ED991D
                                                                                                                                                                                                                                        SHA-512:FE96EFD3CF162BBB766634C3D90F707D868378DD04E47AA9D55C03E03130F54827F781639383B053C9335D022CCD6B244B67E586197C2B40D193DD58A4EE8CB6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsLogger.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...oe.............!..0.................. ........@.. ..............................Y.....`.................................P...K.......P................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H........s..d...........t".. ............................................(....(}...*".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*........00......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsPerformance.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):43152
                                                                                                                                                                                                                                        Entropy (8bit):6.52771924462892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NWti03xJqc90G9LylSEJHRKrLy2Ip4PCxf1mlzzA:NWtbq80S4bJHi/9AfIPA
                                                                                                                                                                                                                                        MD5:3418BCC93F638C6546B5E65B178F3FB4
                                                                                                                                                                                                                                        SHA1:75A5668656A41FBF9010C2A06A42A4A03B4BE17D
                                                                                                                                                                                                                                        SHA-256:E5E37F425D3DB3ADE0340CA8D0D787A00C1CB3FA392BC525A56632D6A8983B9F
                                                                                                                                                                                                                                        SHA-512:173CAD6D3787BDED545D8DF9A4C1CE248E9AABF4DA3AF9DB80E9B2BBCEE59923CF6FF32F9021EC7FD880AF609680C3EF3DD3F3C7E7E6B231D9113CF306ECE73C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.w..........." ..0..f............... ........... ..............................3.....`.................................l...O....................n...:.............8............................................ ............... ..H............text...xe... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B........................H........>...D............................................................(....*..(....*..(....*.0...........~....}.....s....}.......(*....~....s....}......{ ...r...p(....}......+&..{.....{!.........(2...(1...}......X...{!....i2...{....(3...}....*~.(_....|.....(.....|....(....&*..0..2.......sa......}A.....}B....{.....{B......b...s....o....*...0..$.........(......o ....0.~....*.{.....(!...*.0...........|.....(......("...-..(#...,.~....*.-..|....($...+..|.....j(%....{......{...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):141968
                                                                                                                                                                                                                                        Entropy (8bit):6.096258611111406
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:0wGLJwGeXmUy1hjvSn27sXc95eOioAXUxuIORpDa06i9i:rGLidXXKw2Mc95eLo/MQU
                                                                                                                                                                                                                                        MD5:AFB4F88146753AE0BB5C19E4DAECBB63
                                                                                                                                                                                                                                        SHA1:2A69DE6264B486D92D0CF08013209E997816D529
                                                                                                                                                                                                                                        SHA-256:E51CF661C3D51CD72B1D70DAC281579C4A94A7BA691D5933C316BE3718C1251E
                                                                                                                                                                                                                                        SHA-512:88C2C090190C9CA920C55CA2B02B31D345634418AEDEE742437197737EA67EAA38252F7453DA5D09CC9C283D0DE76B8984D3B655B2AB56F722BD0A0E5A77E605
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.................0.................. ... ....@.. .......................`......hb....`.................................p...K.... ...................:...@......#................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H........j..p...........`...[............................................*..B(N...(....(....*.....(C...*.0.......... ........8........E....$.......5...............|.......+...........3...w...{...........8......9.... ....~....{l...:....& ....8..... ...r w)..Y .Z.a~....{N...a(H...(....(...+9.... ....~....{....:K...& ....8@...8.... ....~....{j...:'...& ....8.....9.... ....8....(Z... ....~....{....:....& ....8...........s....(....*. .@.. ....b ..a~....{V...a(H...(....(...+9/..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsRemediation.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):532
                                                                                                                                                                                                                                        Entropy (8bit):5.071669869884946
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdG3VOcrL59LNFF7ap+5EPf/2/+ZS9FicYo4xT:2dErvPF7NEPH2/+w39y
                                                                                                                                                                                                                                        MD5:801C6F8CE1CA9EAC249D7CD896E49649
                                                                                                                                                                                                                                        SHA1:6C39302A125ED0D5B4E7FAB0F04231264B5E59FE
                                                                                                                                                                                                                                        SHA-256:30F7E43D8512DE6CD64FAA58F6AD86046DA331E979AB4AF38F57BE57F7469EBD
                                                                                                                                                                                                                                        SHA-512:CC310126D9FE3857ED7F335400C11749911611EE782C172426F31ED7B6B7B3921C53BBFA5FEAB3BF1B0637A53581ACA231A7ED144D77F7B0237C77E4096F4D76
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsServiceController.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):179072
                                                                                                                                                                                                                                        Entropy (8bit):6.562871128885791
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fT9nvidN3G9nZm4feQPMYGQh5AB9vaTiYuzdNd6iB6KA5U:fT9nvDB75Fq91dNd6iB6K
                                                                                                                                                                                                                                        MD5:8DCD92DE516608670F57193D74824A3B
                                                                                                                                                                                                                                        SHA1:C67C347DFA47C2DB1628FAB8BF9906C353F33DD9
                                                                                                                                                                                                                                        SHA-256:96DB49DB4DD12B9F86144FEDF83AC7DC12D855C5D7E3C863FD5B1696966AC345
                                                                                                                                                                                                                                        SHA-512:E5FDE81AE57E68DF69FC7695B9E16D8C7D188A30A4D68FFB682A3DCFEDF2C028874145815AAD2F957A02B0EAD6AD8F1442635DFA580339816110E7B1CDBC0C0E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsServiceController.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.C............!..0..t.............. ........@.. ..............................".....`.....................................K....................~...=..........A................................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H........q..<...........$................................................(....(....*.0.............*A...........(...;...:........0.............*.................0.............*.0.............*......,....5.....0.............*......L..6.:.....0.............*AL..................Y.......................^...............~................0.............*......T..".......0.............*.0.............*.0.............*A.......C...........c.......B(....(....(5...*.......*.......*.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsTime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.90635157752554
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hYZv554sAHo3T8VNrjP9Z95Xa/rl9qX2Ip4EDeCjdAA1m5wMzsPuMV:hYr9P3T8VTHRKrLy2Ip4tCxf1mlzzu
                                                                                                                                                                                                                                        MD5:3B2E281F09FCA19A7DDFA60F05566101
                                                                                                                                                                                                                                        SHA1:2F03319A5840EB8C2E12DAF8C9E7870FB022EAEB
                                                                                                                                                                                                                                        SHA-256:4041ECEC136A63E97B5FF0C980B95A4A5A193F95024C36BF56BC45DFBAC0558F
                                                                                                                                                                                                                                        SHA-512:F0C261714666BD5FF804BF6FD72C71AEFAAC0C9F13A74A1551FF65D5808B5E2C624A6B660B611B64714583C9B3363A33426C30223AEAF9D95F7770D06AD039F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$ k..........." ..0.............~,... ...@....... ..............................N.....`.................................,,..O....@..H................:...`.......+..8............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................`,......H.......l"..8............................................................0..E.........(.........(........(....(......,...(....+...(.....#.........(....j*....0..2........(.......j1..,....l(....+....l(.......3...(......*2(.....(....*J ...........s....*...0..|.........(....,....j...(.........(...._,..........*.(...........(............(...._-&......(....-..........*...(....Ys....*.js....*.0............j/..j*.(......./...Y*.j*...0..|.........(....,....j...(.........(...._,.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSC.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):208416
                                                                                                                                                                                                                                        Entropy (8bit):6.66794417577223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DelSSyM0edH6EPcfkUlpOepc4b6SBw8b+tjzyXOjnBYJwdkJjd/09xHcxOz:8SSl08EfkUlnp96Sa2u/yuBpdcu3h
                                                                                                                                                                                                                                        MD5:D8021F3B7E9C952B7EC33B929183E8EF
                                                                                                                                                                                                                                        SHA1:ED2D1DF3E7CAE24754DF2B59AB69263CA2EC8D13
                                                                                                                                                                                                                                        SHA-256:3744DB07F72992950FF14D39E7E82302B99557592649A855497C18DB3D7A3B39
                                                                                                                                                                                                                                        SHA-512:07C7DF63D4DD21B65ECE55BD6EF6D513F9DF400F5FE456BEDBCD24AE5C58800F4FB189CE00B2C0BB05B724234FA227904C021C4160D8C5541CD4B599DB2AAB47
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSC.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0R...............0..~............... ........@.. ..............................5 ......................................`...K.......l............... ..........."................................................ ............... ..H............text....}... ...~.................. ..`.rsrc...l...........................@..@.reloc..............................@..B........................H..................=....<..2^...........................................(k...(....*:+.(.^K5.(a...*..0.............*.0.............*.0.............*....*....0.............*.(k...(....*....*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*......Y....44.....Y....95....0.............*AL..........E...M...8...4...........E.......8...7...........E.......8...5....0.............*Ad..................:...5...........~.......=...4...........~.......8...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSCClient.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):167056
                                                                                                                                                                                                                                        Entropy (8bit):6.47173453338494
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:X2kniFpIq4pOYs2sMR0i4xcHlyMTz4cU2bf3CLkPUWv2hK:mkniRQOYs2jRr4xcr3ELkPUY
                                                                                                                                                                                                                                        MD5:FD49CDA141634DFD2CB9538878D4FB0D
                                                                                                                                                                                                                                        SHA1:E52637CBF9724A59EDB51194A8F9B2784D019465
                                                                                                                                                                                                                                        SHA-256:9D7B2A3F3B53A3999B085466F4D12C80B062812FB871AAE34A621082EBC81BD7
                                                                                                                                                                                                                                        SHA-512:69BB9B3234B2EDBF93010DB72C47B00DE1D3C39E5F72FF8DDD7F408334709CDA3C6B27981F90E3BC1DFE43CEA82CD4363241A74C7824FC04BB189E0A622DBE2F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\133617708056576695\rsWSCClient.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..H..........>f... ........@.. ....................................`..................................e..K.......\............R...:...........e............................................... ............... ..H............text...DF... ...H.................. ..`.rsrc...\............J..............@..@.reloc...............P..............@..B................ f......H........l..L...........X....i..!e.......................................(....(....*:+.(...W.(....*..0.............*....*....0.............*.(......E.........l.p..c......^..?.......0.............*....*....0.............*A...................}........0.............*.0.............*........t...".......t..}.....0.............*.0.............*......$.k..}....B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\EPP.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2285056
                                                                                                                                                                                                                                        Entropy (8bit):2.0558079294683314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BWaGrR1sGXh2YGmO+OB69vV7GVrKEu1aeBv1L8ajGCsCMldD:BWaGrQGXhZ7OS9vV7G5MphKlV
                                                                                                                                                                                                                                        MD5:4BE222B0796DF9D496E9FF02C389C304
                                                                                                                                                                                                                                        SHA1:A50131CC3683AED3C32847CDD0B8B976951296BA
                                                                                                                                                                                                                                        SHA-256:AE6D512A1D4F0F4B91A699C80EB6B97ACD3BC59B22375A3039D74B58B31E9C2D
                                                                                                                                                                                                                                        SHA-512:26CCCEA83B3F1DFE84C63CACD4698D9EEA373219CDF810F5DBC1ACE313B1478D753EB5547CA186076E878883B462364DD80136805D7AADABD5917CF485A55EAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........I...I...I.......L..............C.......Y.......@.......b.......H.......L...I...........H.....E.H.......H...RichI...........................PE..d...X>Pf.........."......H...T!.....PJ.........@..............................#.....ke#...`.....................................................<....`.... ..0..X....."..>....".t.......p........................... ...8............`..h............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..X....0......................@..@_RDATA.......P......................@..@.rsrc..... ..`.... .................@..@.reloc..t.....".......".............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19517294
                                                                                                                                                                                                                                        Entropy (8bit):6.694656838901371
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:d+ST74motPO6kP2yKFZ18eBEUuvO2iVTmkPF6F5iyNbQ0/ynL:4STsdhB2UUiVBP0IIsL
                                                                                                                                                                                                                                        MD5:5B3C96E8253407BB4D731B00F64F42C3
                                                                                                                                                                                                                                        SHA1:F6F1C01CCA4DEBF091A8A6A76CF65D8FE47E9881
                                                                                                                                                                                                                                        SHA-256:8EE98FEC98550BFB5404406191838972977EFBE8B38B043D91BE2D2A5DF80C4D
                                                                                                                                                                                                                                        SHA-512:F257F5BAE982DE279D29475CBAD159C79B3BF7834434F944FF92CC34B6190C84489B755BAF513203578F105A106405428E84A58A6A3978D8A666765523CDFC42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................{"files":{"asset-manifest.json":{"size":22307,"offset":"0","integrity":{"algorithm":"SHA256","hash":"1c397dbeb5572ee886bf7ad240ec1d6a49fdc39467eef0435c0bc2ec078d1b28","blockSize":4194304,"blocks":["1c397dbeb5572ee886bf7ad240ec1d6a49fdc39467eef0435c0bc2ec078d1b28"]}},"electron":{"files":{"assets":{"files":{"icon.ico":{"size":2127654,"offset":"22307","integrity":{"algorithm":"SHA256","hash":"b79838b15a988ea1aaaead3ba1353d54085cc76008489fb42f614e96f8b46aab","blockSize":4194304,"blocks":["b79838b15a988ea1aaaead3ba1353d54085cc76008489fb42f614e96f8b46aab"]}},"tray_icon_notification.ico":{"size":16836,"offset":"2149961","integrity":{"algorithm":"SHA256","hash":"195607d97318343d29f77215740adce9a8029f7944db37f912a4b1b2290f115e","blockSize":4194304,"blocks":["195607d97318343d29f77215740adce9a8029f7944db37f912a4b1b2290f115e"]}},"tray_icon_rtp.ico":{"size":28078,"offset":"2166797","integrity":{"algorithm":"SHA256","hash":"ac1878c446d7434ad43262739b23085830a9bd4c67864ea0fc57228ea218

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.sig

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (684)
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):685
                                                                                                                                                                                                                                        Entropy (8bit):5.950928481801507
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:ctCb0Vz+/Zq+hQrXSx2zIAtw3LAvljajTo25nmEOAIKb2d+MQRs0Cv8Q3Tz2On1+:4809+/fm7Se23LmzcncAxW+MQe0Cv/ut
                                                                                                                                                                                                                                        MD5:39990FB3FBE164F5CCA526FFF6678787
                                                                                                                                                                                                                                        SHA1:7037190DC2C2D10C9220B30A6AC3E5186215CC8C
                                                                                                                                                                                                                                        SHA-256:513EEC3066E2C6ABAA5654D14157DAC092B8546A22F88F64F17A3B0FA31FDFB5
                                                                                                                                                                                                                                        SHA-512:FD2F93C033B1A35BCEDF459573E12DF9529ACAF919AEBAB0F0296E90230E0A2D1C758FCD5DC1EB6533DEC4EF11077D832C245F284FCF38E4B1188FDAF8749C3B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:NNWiHoYKUNP4wim/xps0pIZW91JrzgVqVKdk6/6p/0VFB+U6s116mOKSdx+CEtHEJQa5FpngO7YuDx5amohtSnS9F5vpFqIAFTpczGGYHkDJ7J0+RvDIrR6IxDEJB/8M5yEw4Df8NV2dvKjHoYEVgKgpDIASXxDufeJW4syXz3+UCdWaS2rSz03vmSmBlsQNIwMTBD/PVpSEqLvT49UiP9b+Dy5zopLHWd/F5zo+DUJnX98OZCQ1DYAwwqHyXIvPBDamJraD4ja3C7ARVl0ALRif5Ju/ONOqPsVBQRvhM43X7zwZfnpWJZ+8FwWu+3UnRXZfbP3FX1D71/tCLUb44bykmgaKEkH0kMA8TAkEWlSmYZTr+Zt+n8l2HzB/5gX1mfcqDAJxWGlyAQu/6mzzmnWaJgdWR7HmsIPZ3LrR/aGHuJp9RVpj5xmkkiWPSkt+Kh79kKit44CzavGzx+5VLTuGghqBbfTKRzklFAAEMKRNEfj9Y5FD+ort4NwD0HKmehYcrv5G6dN33P11BWIe0CYAme6aJjqJ3CkxG7+2g3CAJM1I7dbRysLWD6gunrkYvjvVJKd+ew2ol9Af5Y0ROYYTupmTFRGoV6ZSx6E7mLL7/Mu+hNPdual3xBaLYR8Ac7Yjb4QEkFGziaFPRZz8qp0ywLbjqgHKqcHFEzL69yQ=.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):204800
                                                                                                                                                                                                                                        Entropy (8bit):6.408978814111418
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Bxa137c+Jw+7mlU6UFyAIJXw9AlbLI+aYroEWOV4iDh:Bo37c+JwGIApIJA9AlbuJEfbN
                                                                                                                                                                                                                                        MD5:9504727B1D15A8BDF74F28F40C85D1F3
                                                                                                                                                                                                                                        SHA1:DBDFCB492A583EE82C86013FD03C3F9FA1288D59
                                                                                                                                                                                                                                        SHA-256:F5DD2E25F142BFC75060DD1000B858349998497196C2509D508368131A89FDD5
                                                                                                                                                                                                                                        SHA-512:4EF87E1507C95C4B012F03D7E9D1664D3CA73FED8960D48D1E791C9C16A2A57855EE299526DEE0BE89ADE9B98A0E76B7CD6065B312DB1D559267FB8381FF2DD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A... .. .. ..@P.. ..@P.." ..@P.. ...U.. ...U.. ...U.. ..@P.. .. ..+ ...U.. ...U.. ...U1. ...U.. ..Rich. ..........................PE..d...*..b.........." .........................................................@............`.........................................P...D.......<.... ..........(........>...0.......~..p............................v..8......................@....................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..(...........................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):204800
                                                                                                                                                                                                                                        Entropy (8bit):6.408619361294289
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:6xa137c+Jw+7mlU6UFyAIJXw9AlbLI+aYroEWOV4iCY:6o37c+JwGIApIJA9AlbuJEfbz
                                                                                                                                                                                                                                        MD5:CEDCC6CEAFF8EB1C4BE2A5E6E2B012C3
                                                                                                                                                                                                                                        SHA1:D53FAB8D1FA4A2AFF8E490C8F7F13F5B1C691C8E
                                                                                                                                                                                                                                        SHA-256:282519F369B7D642BE6B1AEBDCF83B113101B812896C379E53D99A859A39B8DA
                                                                                                                                                                                                                                        SHA-512:D3F4A6C01EEC58418DA43BCCE2BB74C8FCB4B75CCF6140CEB402CFEEB05997324F7E583249F905CB31750E2C00703E3A04F7823681AEEDE84C07E0018C635AA1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A... .. .. ..@P.. ..@P.." ..@P.. ...U.. ...U.. ...U.. ..@P.. .. ..+ ...U.. ...U.. ...U1. ...U.. ..Rich. ..........................PE..d...*..b.........." .........................................................@............`.........................................P...D.......<.... ..........(........>...0.......~..p............................v..8......................@....................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..(...........................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):124560
                                                                                                                                                                                                                                        Entropy (8bit):6.262453461799155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:N+rSugvaDzJGezUUSBxlezTESfWwjbE42qyGHzdHKcQsWydp9dlscxHi/9afI5g:N+rSu15XslsTEMPs42qyqKaB+cs5
                                                                                                                                                                                                                                        MD5:04BFFD5DEC81CBD4A75C00D36A1E0510
                                                                                                                                                                                                                                        SHA1:48B7E059157AECF0CEE08F7C5273929572499704
                                                                                                                                                                                                                                        SHA-256:F17416F61D9DDAEF528CC1121205E6526AAA0600114A61535D6C1D7CB76DEB00
                                                                                                                                                                                                                                        SHA-512:67CA87F152D7B63030BD24F2DE1E60F8C9ACC6A2B401350AF168CC03A1A7C8FBCCB81D097F6E4AA6608FF4E8FB119A426F1397BB0DFAAA02D86B99FBF84D76D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............N..N..N...O..N...Ol.N...O..N...O..N...O..N...O..N...O..N..N..NS..O..NS..O..NS.eN..NS..O..NRich..N................PE..d.....a.........." ................................................................P.....`.............................................h.......<........................:......d...P{..p...........................0x..8...................T...@....................text...@........................... ..`.rdata..z...........................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\ui\manifest.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):117
                                                                                                                                                                                                                                        Entropy (8bit):4.19896048699559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:mifFQiXvF9+GNHfFQ3TRpvF/FHEYd7QWNwFiOv8KAfFHURXPFMY:v2KdgGjYVC4OFAt0RSY
                                                                                                                                                                                                                                        MD5:E250CCE095CCDBA7CF7B0399DC8D8970
                                                                                                                                                                                                                                        SHA1:49A4AA2D4240C6E68BC2E4A17C1006ACA156EF6B
                                                                                                                                                                                                                                        SHA-256:8188F879E93D568204BCD78E8F1B43F120A6F0917DCA9B045EAB946D84907A3F
                                                                                                                                                                                                                                        SHA-512:248832E5358BA06338C061AB675CC1CF6F01B17CAE5BD62FE1A65E8A9BD46BEBCEE76EC187628C27B67AB919040558F636698DB9A08335AE431CEE4964715373
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{. "name": "epp-ui",. "arch": [. "x64",. "arm64". ],. "dependencies": {. "electron-shell": "1.4.2". }.}

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\7z64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1857536
                                                                                                                                                                                                                                        Entropy (8bit):6.308114326702068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:y8sHeHKHplfu94i55tbhris2CCEnWaWBvYyozGUIjnRnUC:y8Y/Q94iZNrP2t0ZyyIjnRnUC
                                                                                                                                                                                                                                        MD5:ECC83C860D6D7A1B8A6206948900FC0C
                                                                                                                                                                                                                                        SHA1:E07003B71BCF02DF865F65B5F763268AEC60D05A
                                                                                                                                                                                                                                        SHA-256:AEDB54DDA1ED189430E942D85DC50031565544694C8229FC8F6D4394235764CF
                                                                                                                                                                                                                                        SHA-512:A260B1DFD2985E565231A66939D7966204EB8861159CBD88A2C0DA96F0747214B8B52EA25420D157FE244E34862F1A2C8025A54965E01F5C54CAE11DBFA4C47C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..07.sc7.sc7.scA-.c6.scA-.c<.sc7.rcR.scA-.c.sc!.wb4.scA-.c..sc..pb0.scA-.c6.scA-.c6.scA-.c6.scRich7.sc................PE..d....\.d.........." ................pe...............................................@....`..........................................-.......$..x................1.......>.......!...................................................................................text...]........................... ..`.rdata...^.......`..................@..@.data........0......."..............@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...3.......4..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1646736
                                                                                                                                                                                                                                        Entropy (8bit):6.5502084862762135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:JKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB:JK3/z0h
                                                                                                                                                                                                                                        MD5:5796085AF562C2E98939B4230AE14723
                                                                                                                                                                                                                                        SHA1:3049BEA83BA556F021E34D8B4B8176A8B29B8096
                                                                                                                                                                                                                                        SHA-256:31560913EF14B54FAE7A0A3AA38F531E7705ACB0BA69E50483B5F6447E1805D4
                                                                                                                                                                                                                                        SHA-512:A39903B3E321DDE00EFD6C4E1FC19D2F2E9601AE221C8EE6A51D6BB5D35AB1AEF65F282A74A846AA6AE2A2EA8CC338ACF89F8A31DE4ABFF473D9B218536BE338
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@...........`..........................................V..X1......<.......<................:... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\ext_x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):378368
                                                                                                                                                                                                                                        Entropy (8bit):6.323464271782006
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:eBYqz/61Z2lKHQM/QX1ahKrJQRB2XHbV7iFGrwGav4VohWrtdmXR:eJ/UIwQM/qo4rGREXH1o8oR
                                                                                                                                                                                                                                        MD5:56C7619C00F192566EB83574A8DB52DE
                                                                                                                                                                                                                                        SHA1:04B70963A8A4DD097D5485F5955A9CB8EAEF688E
                                                                                                                                                                                                                                        SHA-256:89C96ABE36042E6486D1E6A5A3233B30F9D8CDD08C8300237C75F33BC2F46610
                                                                                                                                                                                                                                        SHA-512:CE5B801CD8B3E9C10F0AFAAE39DD98A75E9FFD32EBDB6E38C6BF6803A9543FB364B1E60969BC398B020CF7534E8699E178CB2E4191D36D052E454D44AA505E1C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................3~+....3~)....3~(......................Z..........................%..........Rich...................PE..d.....]Y.........." .................`...............................................e....`......................................... 4.......4..P........................>.............p.......................(...`................................................text............................... ..`.rdata.............................@..@.data....2...@.......&..............@....pdata...........0...@..............@..@.tls.................p..............@....gfids...............r..............@..@.rsrc................v..............@..@.reloc...............x..............@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\lz4_x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):121856
                                                                                                                                                                                                                                        Entropy (8bit):6.2949477851647835
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8vysFz2cyiAtLfc57mfngv6ALQ09tNdUNtDfBv5XvEX6c+y:8vy6z2GAtLfcCgv6ALehJcR
                                                                                                                                                                                                                                        MD5:499BA5735A47E2B547C86BE363DF89C2
                                                                                                                                                                                                                                        SHA1:9FB9BCA2DA6D33B54761D9B4F739F9DA2DEF5B25
                                                                                                                                                                                                                                        SHA-256:8488F38CA4DBB8A3AF6C39281C8774A6BD9F3E0AED2E3B046FA250C238875D24
                                                                                                                                                                                                                                        SHA-512:BE9BA4494AFBF630906AA27E7B3AF63A63D28D666C5EBA7613192DE0F3196E011AADD442FFED2C69ED8BE9255B77F1070A5FB969D7CB4CD18FE3445DEC78AA75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L^."..".."...!.."...&.."...'..."...!.."...&.."...'.."...#.."..#..."...+.."...".."......"... ..".Rich.".........................PE..d....HSZ.........." ................D/...............................................=....`..........................................|..d...$}..(........................>......L....c..p............................d..................(............................text...`........................... ..`.rdata..~...........................@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsCamFilter020502.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):48944
                                                                                                                                                                                                                                        Entropy (8bit):6.755780295147749
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:68vbBtr3uL645Mx5wm9sKN6DRtoQpH3e6n9yEM1didV1VaXLkj3XV13hwOOPO9z4:Hp3uORwOO3/c1dGP0+xnOiz4
                                                                                                                                                                                                                                        MD5:633861D85B60EB7DE2E820F4FAC586E0
                                                                                                                                                                                                                                        SHA1:E5666AECD7B9D97627C4A0FC06D52AEA59D7C37D
                                                                                                                                                                                                                                        SHA-256:8EEBBE6A69D030FF7944524E22126218B6AE8CDB349C97FEEDB83CD0686BBB38
                                                                                                                                                                                                                                        SHA-512:8F26D38ABEF1CA2B365A2B1CC6B2A49C55319C59D790C32EC8D5728596FDDCF9252230C200ABAE4609884CBA3449B3EA778785244330F98C8C21CADF8C921AE1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'F..tF..tF..tF..tG..t...uC..tF..t...t...uA..t...uN..t...u@..t..*tG..t...uG..tRichF..t................PE..d....<|d.........."....".L.....................@.....................................`....`A................................................t...<.......h....`..`....l..0S......$....D..8...........................`C..@............@..H............................text............0.................. ..h.rdata.......@.......4..............@..H.data...@....P.......B..............@....pdata..`....`.......D..............@..HPAGE....a....p.......H.............. ..`INIT.................V.............. ..b.rsrc...h............d..............@..B.reloc..$............j..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsJournal-x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136328
                                                                                                                                                                                                                                        Entropy (8bit):6.275782785750883
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:TOJMZaVYm1tAF3f5tqKhRWmGBASRua3jXKqMVqhcWMsWCdt9dl3RDsp3rPHi/92X:TOJMucfP9WmSAmNzaqM0hnF9BRDsJMM9
                                                                                                                                                                                                                                        MD5:9BFDBCFA3233482D9DEB99F115505CC5
                                                                                                                                                                                                                                        SHA1:FCCE0D2EF738808E203DE6923EA5F463D1132C33
                                                                                                                                                                                                                                        SHA-256:AA4A93069098D1D67BF6A731FE87CFE877886B25ED18FA8EC30811C30636EA22
                                                                                                                                                                                                                                        SHA-512:90A9933ED21C68D18A5CAC2D41889FAF428EF6B2A137D5D809F8DE63A9331EA1C8E78BB5693AF3B80E25E3D8151C216ADCCD11C1557361674FCA51796D5DEAB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V2.`.S.3.S.3.S.3.!.2.S.3.!.2.S.3.!.2.S.3@&.27S.3@&.2.S.3@&.2.S.3.!.2.S.3.S.3OS.3.&.2.S.3.&.2.S.3.&v3.S.3.S.3.S.3.&.2.S.3Rich.S.3........................PE..d....Ia.........." .........................................................0......Jl....`.........................................@..........(.......h................:... ..l.......p...........................p...8............ ..x............................text............................... ..`.rdata..$.... ......................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...h...........................@..@.reloc..l.... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsKernelEngine.inf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3063
                                                                                                                                                                                                                                        Entropy (8bit):5.014088126389475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:utXfcDLNthOyA9Bd8WMv/EhtF/qi/Oaucosld2dVBBiBklmP55I4kYlIRF7osFrr:uNfcDLNPOyALd81v+tVR/qlPsBklA5IL
                                                                                                                                                                                                                                        MD5:E8EF8570898C8ED883B4F9354D8207AE
                                                                                                                                                                                                                                        SHA1:5CC645EF9926FD6A3E85DBC87D62E7D62AB8246D
                                                                                                                                                                                                                                        SHA-256:EDC8579DEA9FAF89275F0A0BABEA442ED1C6DCC7B4F436424E6E495C6805D988
                                                                                                                                                                                                                                        SHA-512:971DD20773288C7D68FB19B39F9F5ED4AF15868BA564814199D149C32F6E16F1FD3DA05DE0F3C2ADA02C0F3D1FF665B1B7D13CE91D2164E01B77CE1A125DE397
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:;;;..;;; rsKernelEngine..;;;..;;;..;;; Copyright (c) Microsoft Corporation..;;;....[Version]..Signature = "$Windows NT$"..Class = "ContentScreener" ;This is determined by the work this filter driver does..ClassGuid = {3e3f0674-c83c-4558-bb26-9820e1eba5c5} ;This value is determined by the Class..Provider = %ProviderString%..DriverVer = 03/25/2021,1.0.0.2..CatalogFile = rsKernelEngine.cat......[DestinationDirs]..DefaultDestDir = 12..rsKernelEngine.DriverFiles = 12 ;%windir%\system32\drivers..rsKernelEngine.UserFiles = 10,FltMgr ;%windir%\FltMgr....;;..;; Default install sections..;;....[DefaultInstall]..OptionDesc = %ServiceDescription%..;CopyFiles = rsKernelEngine.DriverFiles..;, rsKernelEngine.UserFiles....[DefaultInstall.Services]..AddService = %ServiceName%,,rsKernelEngine.Service....;;..;; Default uninstall sections..;;....[DefaultUninstall]..;DelFiles = rsKernelEngine.DriverF

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsKernelEngine.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49456
                                                                                                                                                                                                                                        Entropy (8bit):6.631066056716293
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768://Vqt92EbtYnekejiYF5blvhBVu8suwIppriCAVUValkjvJt3Hy5Z:EmeLT0CpprAqs6tXqZ
                                                                                                                                                                                                                                        MD5:F77B9B6CCCA206535EB9672266A462B1
                                                                                                                                                                                                                                        SHA1:479345A89FB7362CAE53A3040F4EFCEE55B92BF7
                                                                                                                                                                                                                                        SHA-256:BC4EBE3656BE0F502B65A2CA247FFA1B3065EC6FE2E76D3AF21511A0616F855C
                                                                                                                                                                                                                                        SHA-512:9C80E9C83A58C9E2C63F22C17E4FD4DF227F04960AA2212C66A1308512FE02E71CB7300455965109A7E3931ABD38EBD15162FE3CB46C3328F28D1AE175B4EFE3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2.P.Sg..Sg..Sg..Sf..Sg..5f..Sg..5c..Sg..5d..Sg.C:c..Sg.C:...Sg..S...Sg.C:e..Sg.Rich.Sg.................PE..d...".\`.........."......H...&................@....................................A......A................................................4...<....... ....P.......r..0O......D....5..8........................... 6...............0...............................text...D........................... ..h.rdata.......0......."..............@..H.data...$....@.......2..............@....pdata.......P.......4..............@..HPAGE....N....`.......8.............. ..`INIT....6............R.............. ..b.rsrc... ............b..............@..B.reloc..D............p..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\133617708056576695\x64\rsYara-x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2368144
                                                                                                                                                                                                                                        Entropy (8bit):6.822279556639425
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:EGtlqmIU6i9WVwASOgrXZLIgUivtw6jx5+8678vcWs4jdNsgiPLI:w+3zjdsZF4jTsgsI
                                                                                                                                                                                                                                        MD5:A43118B1455E67429B40C004379D0EC7
                                                                                                                                                                                                                                        SHA1:862B1B00F881BAEF639D517C6772DAAFE06B135D
                                                                                                                                                                                                                                        SHA-256:0E020A3A096FF4A161ADBC501C3D71F2B4B0587735E86CF8673544286808494E
                                                                                                                                                                                                                                        SHA-512:887A0E7E46804CD79C91F313E9AD32E5E5EEE594CCD126A6CBC491AEE2B90E623D666DB1FCDB5B7CE65193F02653855E63B673F888EA7BDCA712081CA8AE390D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......}..o9r.<9r.<9r.<r..=3r.<r..=.r.<r..=7r.<?.U<8r.<?.=.r.<?.=+r.<?.=-r.<9r.<.r.<r..=4r.<9r.<$r.<..=.s.<V.=.r.<V.=8r.<V.=8r.<V.W<8r.<9r?<8r.<V.=8r.<Rich9r.<................PE..d......e.........." ...&.....f................................................$.......$...`..........................................i".t...Tk".......$.X.....#.D.....#..:... $.lS..0k!.8............................i!.@............................................text............................... ..`.rdata..............................@..@.data....v...."..0...f".............@....pdata..D.....#.......".............@..@_RDATA........$.......#.............@..@.rsrc...X.....$.......#.............@..@.reloc..lS... $..T....#.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ARM64\KernelTraceControl.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):265728
                                                                                                                                                                                                                                        Entropy (8bit):6.227072664660365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DJxCYKhMXJw5eSpmpi4F1Lvvt+S/77gQQgfUFOlkBsTdUM3J/qyPUQrmqMlw2aFG:DJxJK/dpOfr37g1QOe5qWlr0lwbG
                                                                                                                                                                                                                                        MD5:51117CE7C1A4BC9A60F614A7EE35FA6A
                                                                                                                                                                                                                                        SHA1:8B2582DDC2F4D70014C5012A811352C31A054B05
                                                                                                                                                                                                                                        SHA-256:45F09D1BFBDC7D513D371E0DE290097F2142CBA513F77EF11CD4BAA9A2797FE4
                                                                                                                                                                                                                                        SHA-512:B3FB5047036FA03359F8ABB9CCA6C228D87D0C8F560CC9A294D13ABBC61B84019F6E1FFA35AAC44A243AA6D5965C84CF8D5DEFBC521F3544479B0BFA38D377E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.lO.......................H...................................................................Rich............................PE..d...Bz^..........." ......................................................... .......V....`A........................................@...................x................>...........(..T...............................8....................}..@....................text............................... ..`.rdata..............................@..@.data...`'..........................@....pdata..............................@..@.didat..@...........................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ARM64\msdia140.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3490816
                                                                                                                                                                                                                                        Entropy (8bit):6.326124434789562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:jF+5PLDsbg5+e9VvR/hzH01zzEbMx+5vqDLBOmUAmPNb63oJmoJS9MeK3XqRZ:GDPfpz24ME5nbqogp9h
                                                                                                                                                                                                                                        MD5:37A7A31A4A28C4FB13878C67FF114C08
                                                                                                                                                                                                                                        SHA1:9726DD9EBDB5203581FFBC67AE21814172E72D7F
                                                                                                                                                                                                                                        SHA-256:8E5EED1FB13D790F061F45125D9F13135C46F7E4614874B4A2A23ED7FB6F2851
                                                                                                                                                                                                                                        SHA-512:55FAF413A434406A91E6313AFDBCBB48A50DB0CC85687B90DA38A76D14008F655FF63AD72DCB1FC5DFB755CD3400418E99A7886C86E429117812BF5BAF6209A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ^..N...N...N...M...N...J...N...K...N...J...N...M...N...K...N...O...N...O...N...F...N...N...N......N...L...N.Rich..N.........PE..d...@TA..........." ...$..*.........P.........................................6.....eL5...`A........................................@.1.....<.1.(....@4.X....03.0.....5..>...`5.....()0.T....................*0.(....,.@.............*.......1......................hexpthkp........................... ..`.text.....*.. ....*................. ..`.rdata...c....*..d....*.............@..@.data...$.... 2..r....1.............@....pdata..l....03......`2.............@..@.didat..`.... 4......N3.............@....a64xrm.@....04......P3.............@..@.rsrc...X....@4......R3.............@..@.reloc.......`5......n4.............@..B........................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ARM64\rsYara-ARM64.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1768448
                                                                                                                                                                                                                                        Entropy (8bit):6.608015764873274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:NFh+6066jUNguhPGJQAJQfxilwTebiPcFvX:vgEaUNguhPGJQAJQUldbiPcF/
                                                                                                                                                                                                                                        MD5:4845895C33EF465D7E87C299F777E108
                                                                                                                                                                                                                                        SHA1:90E7917C79733E469C34B59275DB667A78AB0AD9
                                                                                                                                                                                                                                        SHA-256:E8D15C16D106660E7B100B8F2CF471E80407422A91A22A1D04F88103559E7AD9
                                                                                                                                                                                                                                        SHA-512:96EA20296791696234BFA2AA2D53D1CDB79A2EA5460F3F0CF7AFF94AB99C037D30F6258F609A62689BF14977823C427448D0342483FD46B47A720490F7BE1338
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......,%._hD..hD..hD..#<..jD..#<...D..#<..~D..hD..iD..n.h.iD..n..wD..n..|D..n..fD..hD...D..#<..cD.....lF.....ID.....iD.....iD....j.iD..hD..iD.....iD..RichhD..........................PE..d.....e.........." ...&.t..........h........................................P............`......................................... ...t.......x.......X....`..0x.......>.......R......................................@...............h............................text....r.......t.................. ..`.rdata..~C.......D...x..............@..@.data....r..........................@....pdata..0x...`...z..................@..@.rsrc...X............d..............@..@.reloc...R.......T...j..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\BouncyCastle.Crypto.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2624144
                                                                                                                                                                                                                                        Entropy (8bit):5.839297070317323
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:TSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:rxodumo6Lr
                                                                                                                                                                                                                                        MD5:B18CA30F651CFFF347CBEB8BAB938014
                                                                                                                                                                                                                                        SHA1:238373F463B31BA04F5C42A0B4926E1E199E7E36
                                                                                                                                                                                                                                        SHA-256:D21186E6BA5DD62BD873F544215E78EEBF7536ADBF787BD103E694A10D07E1E8
                                                                                                                                                                                                                                        SHA-512:990EFD9AA0AC93E612193CC8E653E0B614003099C3DBF5B8971406D090D0FFBD4D73CC537633DC3BF115F662DDD9B496992356FB19A588B7BAE830170131BEFA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.._...........!......'.. ........'.. ....'...@.. ........................(.......(.....................................d.'.W.....'.`.............'..:....'...................................................... ............... ..H............text....'.. ....'................. ..`.rsrc...`.....'.......'.............@..@.reloc........'.......'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Dia2Lib.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58880
                                                                                                                                                                                                                                        Entropy (8bit):6.4695031247599255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:iQMT4Q3O9ymyKJcy3Xs3y4rV50sds8SzUwHhTHRKrLy2Ip4ruTxf1mlA6hZ68:HQCye14oGs8SNhTHi/9rufInhc8
                                                                                                                                                                                                                                        MD5:50BA6B3FDBCEDF339C9E7097B8714294
                                                                                                                                                                                                                                        SHA1:012D4E83B2B698903EEC0C1D608033389797A225
                                                                                                                                                                                                                                        SHA-256:E2940DDCCB2427DAA5996BAF3FAC1A50B01D59DD42D49A7D2889F12773B87384
                                                                                                                                                                                                                                        SHA-512:C930FF79972D927F332CF3C3E7641176883211854253102C92FE96BB3D909A5ABBCF2A89B5FC1324C4E262F9E6BA49B4D83BD73DF4DB2BD37D615073FA1B1F0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.NZ...........!..................... ........@.. ...............................k....@.................................P...K........................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........ ......................P .......................................*..E...$....8..5>I....zc.9.]hOy......=.....jz.......cxR.Be.mZ...............8.K......o.(...i...3.%.....PO.F...Jq...DBSJB............v4.0.30319......l....Q..#~..,R..d6..#Strings............#US.........#GUID...........#Blob...........W.........%3............*.......................q...w...#...........$...'.................{.........).....G.....U.....r.............................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\InstallerLib.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):342528
                                                                                                                                                                                                                                        Entropy (8bit):6.319695730516836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Bc4hrbRETiqEVVtrSiitN4J4RVk87Uo0zEWEpnSAJVGN937taTVD7zsih7Kn9s0T:uMnqEVtmLtRRVB7UoQI80zsihmn9dZ
                                                                                                                                                                                                                                        MD5:135353974CBEBF94B8BC48D682F8F5D8
                                                                                                                                                                                                                                        SHA1:0D8911EFA7759516FC80961EC42ED6E15764CEB8
                                                                                                                                                                                                                                        SHA-256:3DA6DB19E909805066BB41B1674B76B9B1946E99AEFDEE3EF96A0EE73B9914C1
                                                                                                                                                                                                                                        SHA-512:1896E77B05162F9624ECC2139866186260B1ADFB6A1918F04F9696DDE2E7B5B4C2FB64533C20ABC44EA0BC42AFED692381CFF956A458B1FB420E5B490F26F998
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....yY............!..0.............N.... ... ....@.. .......................`......Fm....`.....................................K.... ..|................>...@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...|.... ......................@....reloc.......@......................@..B................0.......H........,.. 4...........`..Z...3........................................*..B(w...(....(....*.....(l...*..(....*....*..................{J...9......(.... .H.. ....a~D...{#...a(q...(....~....%:....&~......B...s....%.....(...+....(....9).....(.... 4K.V ..54a~D...{-...a(q...(....... .... ..va .U8Ca~D...{<...a(q.....(......r...p..s....o......(.... .M_. .t_.a~D...{7...a(q...(.......(.... .. i..VY 9..Aa~D...{....a(q...(.......(.... .q{.e ...^a~D...{c...a(q...(...... ...ze ...a~D

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Bcl.HashCode.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.760851730168963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:4v6lknrJ93rkPKCHRKrLy2Ip4ZxTxf1mlA6AZr:9m33lCHi/9ZjfInAh
                                                                                                                                                                                                                                        MD5:ACB3B8B030A178D204A6C32414CB16F0
                                                                                                                                                                                                                                        SHA1:C7D1703BE7C2B6F0F327A4353C08285E3171567C
                                                                                                                                                                                                                                        SHA-256:19A884B8D348DBE3D90816052193A24D83B01FB1BD5D6540FC25EF1CC6993A8E
                                                                                                                                                                                                                                        SHA-512:6F7C05555319F3EC1C97DD4A7BDE0F6A42B992386BD8B717CEEA2A911F816DF70E5FC4B8873AB93D74A1D1D38AC7708B3D067D37BEE40F5AEA4C29A44E65A97E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E.&..........." ..0..............M... ...`....... ...............................+....`.................................jM..O....`...............8...>...........L..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H........,..|...........0J......HL........................................(....*^.(.......!...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..6.......(....-.(.......!......o.......(.....(.......,..o.....*...........+........(....*.0..............(.....*..0..4.............-..+.........o.....(.......X...(......(......*.0..U.............-..+.........o...........-..+.........o.....(.......X...(.......(......(......*....0..w.............-..+.........o...........-..+.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Diagnostics.FastSerialization.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):80896
                                                                                                                                                                                                                                        Entropy (8bit):6.2332467019367135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:uGQVC/QSnsZIHMkJAsSQQ11pJXWmWHi/9wfInX2:uGkC/QXI/A6Q11pJXXpm
                                                                                                                                                                                                                                        MD5:CF1EDCCF60725C2F4BA3C1B87D8ED683
                                                                                                                                                                                                                                        SHA1:C1EB3691E4058A0FCFB2D5F27C515DD1D4199E4A
                                                                                                                                                                                                                                        SHA-256:5503DD2AB5C36751E2752FA790E73CC60A273872FA30FC6D2680C7D7377A8902
                                                                                                                                                                                                                                        SHA-512:13B7035AE83B4075150C41B8ABEF9463EE74F0C022AF1536C50CD990695C86768B93362E61D27981D9804D78B1D7AD8D0D075411FC54AA54B6028A03A9D940F1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3A..........." ..0.................. ... ....... .......................`......\R....`.................................W...O.... ...................>...@......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......................................................................0..(........._,..l(2...i...+...]-..*..X...1..*....*.0..S........./.r...ps3...z~.......+.......2..*..X....i2...`.+..(....,...Y.e],..*..X.. ....2..*..0..!.........Z.. ....6. .....1. ....*.(....*&.j.n\.jX*..0............nZ. d.jX.nZ. dm..*b.H.F...%.|...(4........*....0........................,..-..s5...z*Zri..p......(6...s7...zBr...p~~...(....z6.......(....z"..s8...*^r...p..(9...r...ps:...*:.(;.....}<...*:.{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Diagnostics.Tracing.TraceEvent.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3168256
                                                                                                                                                                                                                                        Entropy (8bit):5.997335561761779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:82D77md4XviutkNNnh9k/kCC0Ps6MrwMvAcZU28MHAmXyFlDH3n9:3D7y4qutkNlICUTMHlXyv9
                                                                                                                                                                                                                                        MD5:6E70D569E1A4A1D8DFE4884286643C95
                                                                                                                                                                                                                                        SHA1:A90A5BF9D736FA595FEA49CDD5B4A644E1ED8A7D
                                                                                                                                                                                                                                        SHA-256:4DD85290401BD1F59BDF9157A74D0DEFF03755D1A0DBCC6E1DF214B618E64287
                                                                                                                                                                                                                                        SHA-512:7ED8E219DC80507300131CA0808BE5EA3EDD5E4966FB67DB3860A9CD48792AF15EAD9BE50C730A73B3323EBDD43832C0B033F546BAFD8CCAAD46D1401DFFCF39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........." ..0...0.........*/0.. ...@0...... ........................0......\0...`...................................0.O....@0...............0..>...`0......-0.T............................................ ............... ..H............text...0.0.. ....0................. ..`.rsrc........@0.......0.............@..@.reloc.......`0.......0.............@..B................./0.....H........j......................\-0.......................................{_...*..{`...*V.(a.....}_.....}`...*...0..A........u........4.,/(b....{_....{_...oc...,.(d....{`....{`...oe...*.*.*. ... )UU.Z(b....{_...of...X )UU.Z(d....{`...og...X*...0..b........r...p......%..{_......%q.........-.&.+.......oh....%..{`......%q.........-.&.+.......oh....(i...*..{j...*..{k...*V.(a.....}j.....}k...*.0..A........u........4.,/(b....{j....{j...oc...,.(d....{k....{k...oe...*.*.*. B.8' )UU.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Win32.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.999968626712184
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UN9VWhX3WwrjP9Z95Xa/rl9qX2Ip4jcTjdAA1m5wMT9YMWuuwsNA5DuQ/f:4GrHRKrLy2Ip4jcTxf1mlTAwsN+iQH
                                                                                                                                                                                                                                        MD5:9BF3077927261B22D370B5B3CA57D038
                                                                                                                                                                                                                                        SHA1:B17769BE1674A4E2714E739B2563D300144C904D
                                                                                                                                                                                                                                        SHA-256:3FD59AA9EB5F647528F1E6B44320CA7DF4A29C45C3632A3D568BBA6BA6518E55
                                                                                                                                                                                                                                        SHA-512:414AC4A704EE5E776F5F35361A497FD43B564B0FA8E8D38462BE8AA159B9588DF63F2005C8C62B51D871DB6550BFB6B42E1E806C58785CEB0A7560382CDC3151
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................CD....@.................................T(..O....@..0................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Win32.Registry.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31232
                                                                                                                                                                                                                                        Entropy (8bit):6.545145822499441
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:biE9HCViR9ymljiqHRKrLy2Ip4WjTxf1mlA6mRZmV:G0CViR9ymljiqHi/9IfInmRA
                                                                                                                                                                                                                                        MD5:B8BC5CFB09FC20C3AAC34B61F938FDA8
                                                                                                                                                                                                                                        SHA1:4317695A609106D4BCCDA3413ADE56871079CB7E
                                                                                                                                                                                                                                        SHA-256:6EFB32D2EB38B0226CB930BBCA3C6D421D1A425EECD843D2F72DE85610C09E26
                                                                                                                                                                                                                                        SHA-512:D2169F1280C45C6389285D9D8D17C4AA61C202C512EEC27BC7E105DD11C7231099407B7F6EF9F94C55F9D4330C1F79D10032289DCA05A07BF82EC41D228C00FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..,..........6K... ...`....... ....................................@..................................J..O....`..(............<...>..........8J............................................... ............... ..H............text...<+... ...,.................. ..`.rsrc...(....`......................@..@.reloc...............:..............@..B.................K......H........"..x...........8<.......I......................................j~....%-.&("...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r?..p.(....*2rg..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r7..p.(....*2r_..p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\Microsoft.Win32.TaskScheduler.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):349696
                                                                                                                                                                                                                                        Entropy (8bit):6.202386229973413
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:81sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfD:81sSmRIt/xhtsOju1DH5NXnIKAcW
                                                                                                                                                                                                                                        MD5:312DDE0440242AC225AADF3C1F72DA30
                                                                                                                                                                                                                                        SHA1:DF1F5B38F76A1661380EAF660936FF8721A16E34
                                                                                                                                                                                                                                        SHA-256:1908B436373C8813C21D777124E715363D0AB7EDBE8238AE71C6FD6F24C95B69
                                                                                                                                                                                                                                        SHA-512:21A7C48004313A254BA928B4CD238C2C5AB33B70C4016E82BF29561A882AD2F3D8067E2CF014E0EC815736594ACB7F10DE40C7CF7B38B284DBC11D2D235C1F34
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ..............................{.....`.................................0-..O....@...................>...`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\NAudio.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):529408
                                                                                                                                                                                                                                        Entropy (8bit):6.092519311604388
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:hnfnRe200wJT4WQ+NOStYVlJHMGwH7fug:1DIrQ+NOS2HMGwHT/
                                                                                                                                                                                                                                        MD5:C7EB00862B2ACF71D32CB1CDF6E02581
                                                                                                                                                                                                                                        SHA1:3C6E5B0AE8EBA473FE0E5DB17ADC98AC2B5F276C
                                                                                                                                                                                                                                        SHA-256:AA4BAFD2B0D064BAA00996DCECFBCB4C0C118F7534CECE4AF9B137ECB42B3268
                                                                                                                                                                                                                                        SHA-512:A753137140B6CBC9040BE95F07C5DC3681747FD82FDA48535E09E10F2ADCACD64932E2F635B6A78A89E7C199DF26039A11A8186165BE6D657B2E0F9D35EE2F77
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q............" ..0.................. ........... .......................@...........@.................................1...O........................>... ......d...T............................................ ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................e.......H........i...[............................................................{<...*..{=...*V.(>.....}<.....}=...*...0..;........u(.....,/(?....{<....{<...o@...,.(A....{=....{=...oB...*.*. ... )UU.Z(?....{<...oC...X )UU.Z(A....{=...oD...X*.0..X........r...p......%..{<........+...-.&.+...+...oE....%..{=........,...-.&.+...,...oE....(F...*r...(....(G.....}......}....*JrG..p.......(H...*2.,...s....z*..{....*N.,...i./...s......*N.,...i./...l......*....0..............+....,..*..X....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\SQLite.Interop.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1647616
                                                                                                                                                                                                                                        Entropy (8bit):6.551177299884059
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:HKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB/:HK3/z0hZ
                                                                                                                                                                                                                                        MD5:D208CAB80627C09A9E7E69FF31FE95F7
                                                                                                                                                                                                                                        SHA1:A36E96E21AD21638046BC9820E07724E8A202CCE
                                                                                                                                                                                                                                        SHA-256:29842A886DC678A7CAFF5F741FFF20E9825E064144BA09CA3BBD47E09EA7CFCE
                                                                                                                                                                                                                                        SHA-512:1CAF5E430AD5E295C5BD4EEF698E44025F826FE1E70079C1AE214885A8962D3170E3465494AB24B36365CC1CF25AF9C6F6EF5A3409BF6B4C8CFA1C8A1877F154
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................>... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\SecurityProductInformation.ini (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):112
                                                                                                                                                                                                                                        Entropy (8bit):4.9372191821953795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:LBQBIGqr2igRUGLsW7/ZA783dEcsAVCXoA0Ayn:1U2rwRUGZA783dAAVCXoA7y
                                                                                                                                                                                                                                        MD5:AA76741FF18EEF8DADD607315B86815D
                                                                                                                                                                                                                                        SHA1:F71E92F4ABDC7DC7FBEAF8583A8415A83948F2DA
                                                                                                                                                                                                                                        SHA-256:3F8B58A5E9F78367AC1F366488004B409BC1526439D1C3FAA344A95BCA445D32
                                                                                                                                                                                                                                        SHA-512:7FBE625D421AD9A6DFB1AF1956CC4B65320385E05B1013054922E17AFCF990857B8996EED02E2497F978CFAF07460D7EC9487B070BB1287074DD3DA4A5055164
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[Products] ..Name=Reason Cybersecurity ..Version=3.5.0 ..Company=Reason Software Company, Inc ..Upgrade=FALSE ..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.AppContext.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.978537519188193
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/DNxWQFWWrjP9Z95Xa/rl9qX2Ip4z2TTjdAA1m5wMT9YMWuuwlNA5DdD:/DNVTHRKrLy2Ip42Txf1mlTAwlN+p
                                                                                                                                                                                                                                        MD5:2DFF1B9CA7F8F5306847F4E9A3B6986A
                                                                                                                                                                                                                                        SHA1:0972B9A567C63F8D9A9DAA5E53F05B6C9A2DB5D0
                                                                                                                                                                                                                                        SHA-256:606611B5159500AC591813A658540F59A147C66100F622AD8B44A5540E573FE7
                                                                                                                                                                                                                                        SHA-512:8E9EBEFE85B0000BF6ACB1ADE4A42832D61E56675386351A6CCA8B65E711B29091A6985DA9D92D1FC316B6BCE2ADC1742518FD8053673C153EFC2005317DB308
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ...................................@..................................(..O....@...................>...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Collections.Concurrent.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038714011015616
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9m2igOWnW8rWGrjP9Z95Xa/rl9qX2Ip4i/jTjdAA1m5wMT9YMWuuwkNA5D6v:lthHRKrLy2Ip4AjTxf1mlTAwkN+o
                                                                                                                                                                                                                                        MD5:7AC4FDFD4937947B05A24FBC521B3F94
                                                                                                                                                                                                                                        SHA1:684BA6B2AE151A48CEA3838B8AB13D44A988757B
                                                                                                                                                                                                                                        SHA-256:3356CCEC48B70923560CAE1FC92A8778CB22089D1B955AC691B6BF49C1A682B4
                                                                                                                                                                                                                                        SHA-512:B0D9D93C81268C33EBDEC4D50220A2014D950BE17D50382248051E4E38756DFDB04A26762B87AF03A7344FB2C8646A4B76919073BCE0D61935F226471B5ECD4A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ............................../.....@.................................t)..O....@..D................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Collections.NonGeneric.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038869248646308
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dnapn1iwwPWcGWHrjP9Z95Xa/rl9qX2Ip48qTjdAA1m5wMT9YMWuuwWNA5DT:EDuFHRKrLy2Ip48qTxf1mlTAwWN+v
                                                                                                                                                                                                                                        MD5:DE4F6EEF2E6CA33D0ADFAC45FD34103B
                                                                                                                                                                                                                                        SHA1:FFA22597139DE334AC0E4DA91B13067E1B6AC391
                                                                                                                                                                                                                                        SHA-256:90A0E014766A51776A99260E21268A320B30C4024AF276FB0FB25414A15559D5
                                                                                                                                                                                                                                        SHA-512:2FD3B491675B3BB4349251D1113992D098AF61C1055EAFFBA33AE939720FA2EA9A60FFD755AFE5F55CBF4F8358BB97AD32605F66698614215E8CD87E3AD3C964
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................iw....@.................................p)..O....@..@................>...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Collections.Specialized.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.038266147487603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aHLaEav5aaUa6arWVLWNrjP9Z95Xa/rl9qX2Ip4CCjdAA1m5wMt+uKn2MDug26U:rPv5t/NOEHRKrLy2Ip4CCxf1mltdKnNb
                                                                                                                                                                                                                                        MD5:73590CA143A8BDB34145D491F3D146FC
                                                                                                                                                                                                                                        SHA1:0F1EF5093DFF48D9B0FC0A8E3351D151AA87F0AD
                                                                                                                                                                                                                                        SHA-256:B090BAF1A8A5CAC4835F3DE5D60B8B98C550349915E9FBE360605CD143C68777
                                                                                                                                                                                                                                        SHA-512:28678930E560D79FD34C31FF5F58BDAC53012BB8D5F2E7DC750E119C0DA12B5FCA830C0ACBEA5FA800B2D5534AB4850FEB11EECEFAADED1691B4AE2FC62C3639
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................`.....@..................................)..O....@..P................=...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Collections.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.9403371462839605
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:56iIJq56dOuWSKeWHrjP9Z95Xa/rl9qX2Ip4e6LTjdAA1m5wMQhKuVdJm5vZYaG:niA9HRKrLy2Ip4e6LTxf1mlQh5VdJm5G
                                                                                                                                                                                                                                        MD5:3787FD49F76887523CA6EE358EFE211B
                                                                                                                                                                                                                                        SHA1:39CC297E1CB3A02608C9A687FA063DFC37124AE4
                                                                                                                                                                                                                                        SHA-256:E8A46F40D416E1636F067C621C69FA64C959915AA59922F3FFFE61C349FC0BF5
                                                                                                                                                                                                                                        SHA-512:C6F4EEEA71C55BA5C5A77248539FC5D454953BB2A58A8553677419EAC5B9BC7F5CFF5E53EBD89126BCE16BA6372BE833A43BC7D2AE242AE62DB57FF39F83AD39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ..............................g.....@..................................*..O....@...................>...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ComponentModel.EventBasedAsync.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.969557757793759
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:onzz+MpSaLWW0+W3rjP9Z95Xa/rl9qX2Ip4aCU9CjdAA1m5wMt+uKu2MDug2Ecf:mpuNHRKrLy2Ip4a3Cxf1mltdKuN
                                                                                                                                                                                                                                        MD5:205CFCD6412BD6E73B6D76AB425FEE45
                                                                                                                                                                                                                                        SHA1:1F81DD9DC0794C7C700894A76DC409A1EC734228
                                                                                                                                                                                                                                        SHA-256:9DB96E9B00B7D4761890BADC3CA6988C882CA98C67693FC9C969603B07F5C912
                                                                                                                                                                                                                                        SHA-512:60277DC31CE4C6ED9543CC3284F7640B79B84D033478A2C6D01E79E292A424CD17DB8AC9D8023661A3E21E6931D543BAA8954BADA8540D04B05B35C16587BDCE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ...............................!....@..................................)..O....@...................=...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ComponentModel.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):7.003252995869171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0Ghr+YUfyHxsW/HWIrjP9Z95Xa/rl9qX2Ip43CjdAA1m5wMt+uKj2MDug23:DkmDHRKrLy2Ip43Cxf1mltdKjN
                                                                                                                                                                                                                                        MD5:FAAE39EA5667034ACA5FE9695F7842AF
                                                                                                                                                                                                                                        SHA1:D14F68156029D6A69CB831AD5935DDC08F3C7B1D
                                                                                                                                                                                                                                        SHA-256:C5DE6F3CA7476F1EB517A24C96CC4D654CEEA3F5679946A8887CF48F10A603DF
                                                                                                                                                                                                                                        SHA-512:15117974C027B03CBD81B07CEE0330336247D48D696187A1CA10A48FBC71F696DB58C4C1C326CC805B668A21697AD3CC81C196749C388E37125FF783E4B11189
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ..............................a?....@.................................<+..O....@..`................=...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ComponentModel.TypeConverter.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22400
                                                                                                                                                                                                                                        Entropy (8bit):6.946606868220202
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sRE+ruiA5vzWeNWqrjP9Z95Xa/rl9qX2Ip4BtCjdAA1m5wMt+uKz2MDug27Q:sS9bHHRKrLy2Ip4BtCxf1mltdKzNy
                                                                                                                                                                                                                                        MD5:32EDB888088E971503F899257BDF5C3E
                                                                                                                                                                                                                                        SHA1:E8A3AFAAC560318591A9DA9E64258F2C1F2B93DA
                                                                                                                                                                                                                                        SHA-256:F07FDB5720B64DFC55FD49742F041D07BFB9C006167E12DD68033077F6FFB529
                                                                                                                                                                                                                                        SHA-512:DF68B9FE96B68A2B138DCD482470369AD902792CA6CC97FE16EFA61D517E85E0A612213CB79B809D7527CF5C87792E7D41871589173C0A4BCF0AD915D0B084BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ....................................@................................../..O....@..p................=...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ComponentModel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992218618555366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dT+6ywnVvW0LWYrjP9Z95Xa/rl9qX2Ip4sk6CjdAA1m5wMzsPu:d99DHRKrLy2Ip4sjCxf1mlzz
                                                                                                                                                                                                                                        MD5:AD599C4F1182F117CB2EFFD67B81FE00
                                                                                                                                                                                                                                        SHA1:72DE534F8AD7DDAAC63AF05CCE5F09118F002718
                                                                                                                                                                                                                                        SHA-256:A2F1BB86811D01DD872DC22C1791C906C8761EB9E277E16F67CCEBC34525E558
                                                                                                                                                                                                                                        SHA-512:E78D3614EA65F507C6882EDCE51FE6BA7435C3AFBC70D26A6787620F5205AD8DFC39268350D87A874832BFD6D7ECEB36BCD67005B05E5D47D766C6AEDEA45ACE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................>.....@..................................(..O....@...................:...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Console.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.9972717627617875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LRbzriaXT+WlEW6rjP9Z95Xa/rl9qX2Ip40CjdAA1m5wMt+uKb2MDug2K:N7icoHRKrLy2Ip40Cxf1mltdKbN
                                                                                                                                                                                                                                        MD5:D04BAB647A4535646AF7907572D2F416
                                                                                                                                                                                                                                        SHA1:29D08751EF6296F3CD817A85D7FA8734B90E5452
                                                                                                                                                                                                                                        SHA-256:AA607E257803A266057CD3A3231BF28656164636753A73153FD69AD374E52B79
                                                                                                                                                                                                                                        SHA-512:1A4E4A00BCBC81CA473C2F7C58E4D059B763C3BEE88837FD9CB419E34F552307BFEC08DB57C35E0A91C1998792A311CF0DF4DE9D91097FF2D66D17985BA93307
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ....................................@..................................(..O....@...................=...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Data.Common.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153984
                                                                                                                                                                                                                                        Entropy (8bit):5.51941877191699
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rHOdYYWg+GImdMEGK61wb5nx03LBblQ6Ndk66byYSI4Zki+BReD4pK/uYxtl+DH1:KdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+Q
                                                                                                                                                                                                                                        MD5:38AE6C349E82C48143368F320E9D3334
                                                                                                                                                                                                                                        SHA1:FEAFB1B6F68B2B2B4BADCD26E955392132EC0598
                                                                                                                                                                                                                                        SHA-256:C6689E8B6D972E3F3B8C8D553D3297013280FCD254CE67A253F8C5599D6251C0
                                                                                                                                                                                                                                        SHA-512:4244F1A46E867D69165555CCADBAFC802F2CAF911E64F817D86444307625CB71B4055DBDB343B74F027A050A2E0F5D2BA5DBFF5238CDAD6239EB45129E4EF9C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ..............................d.....@..................................,..O....@...................=...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Data.SQLite.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370320
                                                                                                                                                                                                                                        Entropy (8bit):6.097287838038304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:1ruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmg:oNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeL
                                                                                                                                                                                                                                        MD5:0ABD891534524A6F338A47D9FB607809
                                                                                                                                                                                                                                        SHA1:5DFD01F659AC840B59B98108E5ABE7519CA29E59
                                                                                                                                                                                                                                        SHA-256:69BACBBCC9F64B4A3A5E4AC155306139410740776780856C6F268B4778EC8672
                                                                                                                                                                                                                                        SHA-512:D2F5316282F874F9B132829209326B9A6C5CC85EA953EFD9828B076D38F65CBC6A0CADA901C6E53FA90072774C6C2087F242616481354C569F4E3F2981325D7F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ..............................n@....`.....................................O.......$............l...:...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Contracts.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.97137335485154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mRtRWjYWQrjP9Z95Xa/rl9qX2Ip4p5CjdAA1m5wMt+uKp2MDug2:QiqHRKrLy2Ip4TCxf1mltdKpN
                                                                                                                                                                                                                                        MD5:46C3A5D639EA85E10F9D1586D4A5DEF9
                                                                                                                                                                                                                                        SHA1:AE021C65C29185807DEFD8704BBDE13A5C0CCE79
                                                                                                                                                                                                                                        SHA-256:D5E78C7417B778A2225FB1AA518D32714E12974B5B9B51177A27DC8AD811F850
                                                                                                                                                                                                                                        SHA-512:E5412FE8BBD065D819CD20D3C5EFCDAD9672479D9DBD0E2F52C13AEADEE1BA0FBBBA6056D577F263BF8CA8F8119A8F8A5A65C2E99E1F3ED9ECB9EBF571555CBB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ....................................@.................................x*..O....@..@................=...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Debug.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038357471463953
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hjeWnoWxrjP9Z95Xa/rl9qX2Ip4CEB9MTjdAA1m5wMAvru4LTgZIjhIEOnD:hjn5HRKrLy2Ip4CEfMTxf1mlA6tZgOD
                                                                                                                                                                                                                                        MD5:D04EE873D87F1CF5695D31F86CBA4278
                                                                                                                                                                                                                                        SHA1:73AEC30B5428C3F0E10CD9B98FF4C19A2190CAAB
                                                                                                                                                                                                                                        SHA-256:83F8910AE3F0D1B95AAD265A42AF82012BBE88476842B71F768D3EB5ED0D2316
                                                                                                                                                                                                                                        SHA-512:18D8A69AFE3DCE5074907ABFE81D09C7D9B880D53F912CF19848AC5C4F54F134B75FFB491392EA97A0B240CBAA06402A4CABDA809BD105CF8CCF375EC172ADB3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................X)..O....@..$................>...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.FileVersionInfo.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.001464127739083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:x6oWJjWtrjP9Z95Xa/rl9qX2Ip4SCjdAA1m5wMt+uKt2MDug2X:x6v0HRKrLy2Ip4SCxf1mltdKtNm
                                                                                                                                                                                                                                        MD5:47510476D42A1E6DD5F9E6CFA8E9D6D8
                                                                                                                                                                                                                                        SHA1:376574A12D975EF0D78F99ADA722D5B11059E712
                                                                                                                                                                                                                                        SHA-256:70E554C0E1D4C4EC7016BA649E141AE58594D413D5A1D90B5AC754A3F44D5B55
                                                                                                                                                                                                                                        SHA-512:9FC00B095BA4A60E0EAB56E6812F35CBCE2D668F409917DE3CE4055A010AC9D8D911F2417421B8F2EADAFF77098E14BBF6FC340795E795A6A87164D3B22D99CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................(.....@.................................H(..O....@..p................=...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Process.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.945463408943383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Cqk53/hW3fZ+zWVbrjP9Z95Xa/rl9qX2Ip4WAVgCjdAA1m5wMt+uKU2MDug2:Cqk53M5ZHRKrLy2Ip4WAyCxf1mltdKUN
                                                                                                                                                                                                                                        MD5:4CFB2E34693018E465658F779B0BDDE6
                                                                                                                                                                                                                                        SHA1:2CD83A865FF0BF72F12117BD175231AEC50BF700
                                                                                                                                                                                                                                        SHA-256:0B92293628B413CF914D6E7AD16D6976C307C115EB0B101B2BC9A966C3CF6516
                                                                                                                                                                                                                                        SHA-512:166CB361C2E0AB7E5F570B11EB11AB89888758FD552942D21E5C2A73D94A46308F27DC16A585AC8FE9B410C3D96AEBCF5AD454EE7EDF014F8DE848B2C4D6413C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ..............................D.....@..................................)..O....@..0................=...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.StackTrace.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                                                        Entropy (8bit):6.855660382428409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MFCc4Y4OJWfOWqWWOWdrjP9Z95Xa/rl9qX2Ip4+FTjdAA1m5wMAvru4LTWZIjBsp:ICcyCzHRKrLy2Ip4+FTxf1mlA6PZHp
                                                                                                                                                                                                                                        MD5:798570CC1DB66CC342FA38F275D75D4F
                                                                                                                                                                                                                                        SHA1:819D8F7806C26ECCF670D593AB9660285ACC8FC9
                                                                                                                                                                                                                                        SHA-256:E823C5C674318872ADFD5F9E5FBB83965E7F5030ADF24292D7EEFF5E53184606
                                                                                                                                                                                                                                        SHA-512:175005A2D32C2BA628108484CF1E63DCD23EBEEDAB2B500E08F75EC5276D3AE9F7AB62DF2FC3EE15F4657E9F3B2927FB0B5CE21A5482DBEF750EBD7DC09F2CCE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................>...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.TextWriterTraceListener.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.016242383612687
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nAWxMWQrjP9Z95Xa/rl9qX2Ip4L/nCjdAA1m5wMt+uK5v2MDug2:nv6HRKrLy2Ip47Cxf1mltdK5vN
                                                                                                                                                                                                                                        MD5:08E3E0F118B430982B94ED6ABB25382B
                                                                                                                                                                                                                                        SHA1:406F98E588A9F7EECEC07792B851C452B52E1B75
                                                                                                                                                                                                                                        SHA-256:C3E6DDACB8D0B505BFE81CF063FD9843DC7173AAD30C9E6DE3D46F9CB8771DA4
                                                                                                                                                                                                                                        SHA-512:D921C2E8DB77B9A1ECE0A59412A9D4199076886AF88710B53CF9D68DDD6DEE8EB0AB6748860EDD62A1588D7EC7CF5F7978A6E858179A29AAA52C4A5DA52506A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................`....@..................................(..O....@...................=...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Tools.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):6.995066534914386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:8AlcWHaWZrjP9Z95Xa/rl9qX2Ip4jlRCjdAA1m5wMzsPugRt:19jHRKrLy2Ip4BRCxf1mlzzgRt
                                                                                                                                                                                                                                        MD5:278F5B46B1C9E6109A65CA5FBE594A89
                                                                                                                                                                                                                                        SHA1:E6648323BA045947C0411419F621E83BD7D223E8
                                                                                                                                                                                                                                        SHA-256:F18350E20E583009BE9D758EBC998158BF4BAD6E68D4B19CBADEC6898156C36F
                                                                                                                                                                                                                                        SHA-512:346B0E93EB8F15B78A3BD3995A8C708041BEA40EF6925DEA2898D6339A2C426E7A298CE618F6E068CA20F1D50659393E6F93261256BE7E6EC3995BB6806EE309
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................n.....@..................................(..O....@.. ................:...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.TraceSource.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.947354078253707
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9lIZnWlNWErjP9Z95Xa/rl9qX2Ip4pX9CjdAA1m5wMt+uKE2MDug2:TUyVHRKrLy2Ip4jCxf1mltdKEN
                                                                                                                                                                                                                                        MD5:4A8846936A8E09232C82977B877A9B20
                                                                                                                                                                                                                                        SHA1:7FE242D157DC0B3D0627CC94390C90CF44B09D8D
                                                                                                                                                                                                                                        SHA-256:E8D49993C6FD98CE6B356D9EF3F8866214D08F900899453A254015A8D4069333
                                                                                                                                                                                                                                        SHA-512:7AF5B55A38A7A93558DD7BC4B15CEA22AC9639148FDA5E9F50335C2F5A98A24A39DBCCB3BB09D13066CF2F4077F1159A03402608FFD24319FFF73C22976FB4D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ....................................@..................................)..O....@..P................=...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Diagnostics.Tracing.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30344
                                                                                                                                                                                                                                        Entropy (8bit):6.663317009056621
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:eQq33333333kX+TBi8xHRKrLy2Ip4JCxf1mlzzd:xu1i8xHi/9efIPd
                                                                                                                                                                                                                                        MD5:D1DA0724F22A4FBCB7758EB7EF38696A
                                                                                                                                                                                                                                        SHA1:0E798048BE830BF25431469FDE0BE7EC4F487AF0
                                                                                                                                                                                                                                        SHA-256:666841D9F5BC6AE09A49DD1489CED8AFB992BE962A86FC59C4FA0D1B371FF9D0
                                                                                                                                                                                                                                        SHA-512:F88EF2B992DA027257D73D75A124F20BA94A09DB95211DEA42E22D3FF43B3CB2039EE7B1060357B9ECA08483866D76106D26D5F09AAE04D526F40F6E022574D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<...:..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.DirectoryServices.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):114832
                                                                                                                                                                                                                                        Entropy (8bit):6.2259167984140324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:j781mqR5JriAGnUKh17T6glQ6xBIwNSB:vu5wAGnUM1ZzPIwN
                                                                                                                                                                                                                                        MD5:8464F5D99D9A00AC125A48F656867B61
                                                                                                                                                                                                                                        SHA1:011DCBF2DB20C8A67E552FAC80C49208F17BA80C
                                                                                                                                                                                                                                        SHA-256:5F755B209F31B531796CAF3FAE5CB018E402A3431E51F5C56A482F10CFF2148C
                                                                                                                                                                                                                                        SHA-512:B114379487EC341B13F2F5A0B7F1BE00A59C4151CB4F58A414BD2396CD3821D66D020C8EBA6160EEDBDD4D5FAEE3DA0FC21E865AD7CC89AA1EFC67A3104D4CFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....W.........." ..0..|..........j.... .........c. ....................................`.....................................O.......h................:........................................................... ............... ..H............text....{... ...|.................. ..`.rsrc...h............~..............@..@.reloc..............................@..B................L.......H........&...................j...................................................................0...........0...........0...........0...........0...........0...............0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Drawing.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.993611820038077
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J28YFlXulWY/WKrjP9Z95Xa/rl9qX2Ip4Ee2XLCjdAA1m5wMzsPuHi:J0qRHRKrLy2Ip4EL7Cxf1mlzzHi
                                                                                                                                                                                                                                        MD5:C26D67F215E17C4173AD7725DE4A9130
                                                                                                                                                                                                                                        SHA1:C65379A9B92ED71511EA5F7E2393BC0D00ABBE15
                                                                                                                                                                                                                                        SHA-256:3DD500CA615786015FEBCB9A7B6F2BEC1C19D24FB90AAF810831D772FA18F959
                                                                                                                                                                                                                                        SHA-512:3C7F5C1F66873A5112E5262FE514B7FC5F3397B18EA27A66FEF2DA9351AED081F8B7548F5128859B8F566689D6AEA14C1920D12DA0B638C6CCDA2A0950D529C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................:...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Dynamic.Runtime.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.895040972202649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VuMLcdQ5MW9MWfrjP9Z95Xa/rl9qX2Ip48DS/CjdAA1m5wMzsPu:EOcSpzHRKrLy2Ip4LCxf1mlzz
                                                                                                                                                                                                                                        MD5:79D4D3FEF35DE357C3E9B0DA22230BD7
                                                                                                                                                                                                                                        SHA1:130063A58B3CCCD4EC889D8C0347E7521E8DC160
                                                                                                                                                                                                                                        SHA-256:8485B02BC0A877B2719652935FE4B81F83B05EBB7444CF373D35153A0936C32B
                                                                                                                                                                                                                                        SHA-512:7144EFF5D1311B03BE4D5A713399FC8B726ED896A5B624704E249781530F20EFE08880CC855A718EAF2E7BCD03C5920FE09E87C444D676367AA11DA20971807B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ..............................h.....@..................................+..O....@...................:...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Globalization.Calendars.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.961688394250093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VZ7RqXWDRqlRqj0RqFWOrjP9Z95Xa/rl9qX2Ip42STjCjdAA1m5wMzsPuo:z9qKqjqjuq/HRKrLy2Ip42SPCxf1mlzU
                                                                                                                                                                                                                                        MD5:368EF630398E8653410CEA57695551EA
                                                                                                                                                                                                                                        SHA1:0D20730CCE83B5DFB7B22821E44C81FDB5411630
                                                                                                                                                                                                                                        SHA-256:C68B619757B9F5B7662F4E93A242E1A4181EFAAE4365DB394DE97C5C9731BB04
                                                                                                                                                                                                                                        SHA-512:1CD4963673C882E64E0D4E80A155790EFFEAAC4B298A3DFAF20F3C65759FCA3C68CD40D83AF6751A8BE68E8D5594BCFD2F910727BD49B3C06F9F8AE3E125EECA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ...............................S....@.................................X*..O....@..P................:...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Globalization.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25472
                                                                                                                                                                                                                                        Entropy (8bit):6.806988625442559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:3vMhF2SzNzwu/NljuQHRKrLy2Ip4wCxf1mltdK1N:3vMhaKRHi/9BfI/K1
                                                                                                                                                                                                                                        MD5:998B608546A2129C7A0A6250E23BDA86
                                                                                                                                                                                                                                        SHA1:BF519F3A049F7FD131486E17592FAE69E80718A0
                                                                                                                                                                                                                                        SHA-256:2CC4C989B76BC93251881273E8274D0D5F4B3FEEA67F04A69FFC707539AF41C9
                                                                                                                                                                                                                                        SHA-512:9CF2F2955B35D5DE925903FCED9F1DD9995CFD721B47FD15DD724065856F0D628838CE1CB296C1300B820E6DBFD74870CE919A972DD0B1A1413ADB99A8757408
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...=...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Globalization.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.025957682532363
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EZ4RLWdRfRJ0RZW1rjP9Z95Xa/rl9qX2Ip43CjdAA1m5wMzsPuREx:EZK0pJumHRKrLy2Ip43Cxf1mlzzRW
                                                                                                                                                                                                                                        MD5:9E68EF9807635098495C4691027E2894
                                                                                                                                                                                                                                        SHA1:A51F0061A74A95F80E75DB502A76842C4C6B6FB7
                                                                                                                                                                                                                                        SHA-256:A88DD60478376843166145F91ED97D4BC1047ADE4769BAB4EBB7E14570117A3C
                                                                                                                                                                                                                                        SHA-512:31A98EE8EC3D6C1F55AE55E7B90E71AA3B1B42CD5CFB1ACB9DE9109D7FA166E1ECFD505DFE14E7A03839B57858274972887A0370A916A38975EDD29564A5058C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@...................:...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.Compression.ZipFile.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.961301734790314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4YWsmWVrjP9Z95Xa/rl9qX2Ip4hv9CjdAA1m5wMt+uKQ2MDug2:42DHRKrLy2Ip4h1Cxf1mltdKQN
                                                                                                                                                                                                                                        MD5:36F75710F33734896D90F65CAD7C2AD9
                                                                                                                                                                                                                                        SHA1:44F39226CDD1F55F1E5AFB13ACC1C24CC88E8AEC
                                                                                                                                                                                                                                        SHA-256:40F80C59D227234209E372CF13B68CB68F1DD60903BBF2AD402086174E62645B
                                                                                                                                                                                                                                        SHA-512:69161D15DBD399DBF0F5F1C2BCB20C4518B37F5E13A06C2B7F0C8AA97306946F83DFB1FDCCB59018FFE6CC4BEC11C67B00151601C5047CC3BF29A0DC19947802
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ....................................@..................................'..O....@..@................=...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.Compression.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):110464
                                                                                                                                                                                                                                        Entropy (8bit):6.4473067267179065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:7vc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXlHi/9ZfI/KYX:bgk1tiLMYiDFvxqrWDWNoJXZ
                                                                                                                                                                                                                                        MD5:DAF3E5DD2EE18B843AA7AE7EA626707F
                                                                                                                                                                                                                                        SHA1:415F56AB834B4C6154B508929AB45869C08C8153
                                                                                                                                                                                                                                        SHA-256:F061FE1B914A06B26B286E0CF240504E906F3A2E84C1568B5155C9595B0F4C2C
                                                                                                                                                                                                                                        SHA-512:E7AAEDA753427CE2BB5744FCCA75B54FA9DD5194BC4455A6B2782845DCE3AEC674155A141AB836E2AABD043117FEAAD0E5A92F006A196B6763A27DDA06373C61
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ....................................@.................................5W..O....................r...=...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.FileSystem.DriveInfo.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.004024120526974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:gKcuz1W1cWcrjP9Z95Xa/rl9qX2Ip4Wo2CjdAA1m5wMt+uKf2MDug2bK:wu8CHRKrLy2Ip4oCxf1mltdKfNJ
                                                                                                                                                                                                                                        MD5:AAB985F9BAF075B8FEF0A285437B1C2C
                                                                                                                                                                                                                                        SHA1:B6F26238DE84C30244BABCEEE9E5C23B4957B1BE
                                                                                                                                                                                                                                        SHA-256:6EF4FB27066AA0F4B84E94912F1B4E39F2FB6DEDCB46CE9BFF8F07C9B7B452CB
                                                                                                                                                                                                                                        SHA-512:A737B55AA4F4B670B418A87BF7AA75C59600DE61CB56A5BACF6FB84AA120D866AEEDDB6448719C486CD03D2CD7F47FD8B08710A72E864BDF440D6F4691806F09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................I....@..................................(..O....@..P................=...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.FileSystem.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015928217476137
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:1+SWikW2rjP9Z95Xa/rl9qX2Ip4yTjdAA1m5wMBq5ul0Wevfh+C2:1+eoHRKrLy2Ip4yTxf1mlBqsCvJ2
                                                                                                                                                                                                                                        MD5:E73A79701E00DFDE3FCBC7BE60AB6031
                                                                                                                                                                                                                                        SHA1:1B3966632B3292C7DE09A6496AD7AA5A41068245
                                                                                                                                                                                                                                        SHA-256:073592FE8FBADEAFD388CB9327C462C953C2D844F252B170B87A4150AFC92263
                                                                                                                                                                                                                                        SHA-512:BCEF67565C355549131942FFE4F808508D301E395EC127C5E68C3B944A34C2FE5EA8F3FAC15536BA11BDFC5A7A81FE4E6B8984B60FF3FE9BFA8A7C0D31ED2DDA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.FileSystem.Watcher.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.033515096452303
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GAWzgWJxrjP9Z95Xa/rl9qX2Ip4SbJnCjdAA1m5wMzsPu:GtLHRKrLy2Ip4SRCxf1mlzz
                                                                                                                                                                                                                                        MD5:16FE78EDC4C2B0435ABBD8B57BFF1683
                                                                                                                                                                                                                                        SHA1:E9E1797801F0CDEAC79520795F3405774599F4E8
                                                                                                                                                                                                                                        SHA-256:D87BAA2359DB3584B098ABD3D376B2E7B00DF21FD2408DED9F5CC4195B27D5E5
                                                                                                                                                                                                                                        SHA-512:2B13B83707E43C8553EAE1056DCDBB433ECE88A1E9F92910E00448F502B2AEA3B361A4350520CF8F6CFD73967152013EDA3237617BE110C5F6818E96B34F68FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................p)..O....@..@................:...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.FileSystem.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.010993463774131
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UBLRWbYWfrjP9Z95Xa/rl9qX2Ip4JCjdAA1m5wMt+uKd2MDug2l:UB2XHRKrLy2Ip4JCxf1mltdKdN
                                                                                                                                                                                                                                        MD5:627658C98D56F21BA4B4869528DF47D0
                                                                                                                                                                                                                                        SHA1:B1BFD69286D77C5C39D90A06DB1AF4C9724A4735
                                                                                                                                                                                                                                        SHA-256:DC09C0286397AD1A567F5C45ED279C2B2F68BD9775CBD20638A388D848BA8C4B
                                                                                                                                                                                                                                        SHA-512:86D2C7E69C99D62EBDD40DD60AE50E8F622277803266056C246E2E8EF4EA1086846BB96879533F6425CB3C1ED671B1783CEBF298CCFC0817259FCBFA6616B3C3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................h.....@..................................)..O....@...................=...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.IsolatedStorage.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992158648190345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:XHW4/Wh+rjP9Z95Xa/rl9qX2Ip4Bh3ZCjdAA1m5wMzsPu8z:XrEWHRKrLy2Ip4vZCxf1mlzz8
                                                                                                                                                                                                                                        MD5:4D5FC69F7C0B4A69AC7DEDCBACDEE8B7
                                                                                                                                                                                                                                        SHA1:D239969D823374B41C5A0B2C51620E559C4351AC
                                                                                                                                                                                                                                        SHA-256:F86BC2D92EFDF25991B67D96572581FEB3985880ADAD2C10556B550A10295ED2
                                                                                                                                                                                                                                        SHA-512:E4D29A2085968A6CEFEF7BCB5D25D6F18DBD238D406C5F9B9DB447C6C0DA79A14335118C0AAD6AE012133543B25F882D9DAFB4AA1FFDDEB51192472930257EF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................Zi....@..................................(..O....@.. ................:...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.MemoryMappedFiles.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.044497037369271
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Ovk7hWmCWJrjP9Z95Xa/rl9qX2Ip4jTjdAA1m5wMAvru4LTuZIjOz:Os7/7HRKrLy2Ip4jTxf1mlA6vZ5z
                                                                                                                                                                                                                                        MD5:12CF683B4FC3D703092F203EAD04168A
                                                                                                                                                                                                                                        SHA1:830F120CB51BE0536E04D3D4A5E5495621EB06BD
                                                                                                                                                                                                                                        SHA-256:8A3C25B70BC1F5C9481E6D1F9E1F22E7FC3CEFCFEA5FA156258720063551BC37
                                                                                                                                                                                                                                        SHA-512:C87BB035026A50256F7DA00EF144D6F6201519ADAA82809F388A18A12A2EB357586108088E25A84587D314250536BD54446E8438F6F18DB18842F83F793D4112
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................h)..O....@..0................>...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.Pipes.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.006094828452657
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dGMWCUW4rjP9Z95Xa/rl9qX2Ip4N+CjdAA1m5wMzsPuT:d36HRKrLy2Ip4kCxf1mlzzT
                                                                                                                                                                                                                                        MD5:14E892A0E1F04DD40F0BF129EFB0D170
                                                                                                                                                                                                                                        SHA1:5A79D45A7748065D9EF2ECE5E19E919625A34450
                                                                                                                                                                                                                                        SHA-256:A394584966884F781A52C0EBD04AFCC76B3B9B64B3E271E25EB645D272A6EBF5
                                                                                                                                                                                                                                        SHA-512:642DF58022D04794AF4ADF8C11E24D037E96A338BC4C587076DFDFFED7E7D8B4AFB319236A28BD1127FA2D5026705724C045E56FA801DDAD42480A56991F5947
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................,.....@.................................@)..O....@...................:...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.UnmanagedMemoryStream.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20888
                                                                                                                                                                                                                                        Entropy (8bit):7.0015647853208876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cBhwI7WSQWzrjP9Z95Xa/rl9qX2Ip40JqjdAA1m5wMRv3cquhqjlLb:cDwIBjHRKrLy2Ip4uqxf1mlRv3cZhqj
                                                                                                                                                                                                                                        MD5:D44D5DD154CAD3B1C6B9ABB5DF068DDD
                                                                                                                                                                                                                                        SHA1:81969B84137CC13E83D58ABC70341B05D1FADA1C
                                                                                                                                                                                                                                        SHA-256:8667D8765649E1F7BF3DDB72A3C1BD69D21B797D42BEBBC472C1DEACD8353C6A
                                                                                                                                                                                                                                        SHA-512:B30C1F8BA6872E477978321BEB0B3AED75E78F3DE96878EE1A315E236952D68F44C25328AE415C9CE092561E0E35DA9A2398BA3586B3B0697E497B46E8F19D1F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................=...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.IO.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                                        Entropy (8bit):7.0141346287170565
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6yvPRW4lWtrjP9Z95Xa/rl9qX2Ip4OCjdAA1m5wMt+uKZ2MDug2E:/39yHRKrLy2Ip4OCxf1mltdKZNX
                                                                                                                                                                                                                                        MD5:9FF070C6EB7760F09DB611BD2F5B318A
                                                                                                                                                                                                                                        SHA1:6F481AF69D8A7BD589C1BCA7CF3E4D60AFDB6E56
                                                                                                                                                                                                                                        SHA-256:35770C71A9F9FB00A1670FC84C4F2F3F8EC4D9B916B989797AC2617D12A9B234
                                                                                                                                                                                                                                        SHA-512:5AF364BB4016F9283287F3F4FDB7B672338A750AA50828FF5366CFB5726CC9658465C1B0405500EBFE4803F26A53960DAAA2D9F171072F809546F12C22FBB10A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................v....@..................................)..O....@..................x=...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Linq.Expressions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.974962300073246
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:96RW6eWSrjP9Z95Xa/rl9qX2Ip4hUTjdAA1m5wMBq5ul0fvfh+7sA:967iHRKrLy2Ip4mTxf1mlBqs4v7A
                                                                                                                                                                                                                                        MD5:8785C40B625CB1CA0EA659E020A7E6E7
                                                                                                                                                                                                                                        SHA1:4D3F0F5D090C0A0C203F5768029C527533475263
                                                                                                                                                                                                                                        SHA-256:7788B97CEEC5516732CA7D9B28811510406834C7C2CD61B61FE43218806C2B08
                                                                                                                                                                                                                                        SHA-512:64D1F2BECFDA8D4CC7E272BD31D3ADB8BC305A8765E20F8BE92F96E540EE84F3BDDBB0E1F4533640FCAE3C42E83B994E33F0B249593810246F9EC8A1199DA9C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ...............................0....@..................................-..O....@...................>...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Linq.Parallel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.014336643161851
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xSUP9W70W1rjP9Z95Xa/rl9qX2Ip4zRQTjdAA1m5wMBq5ul0dvfh+Q2eE:4UeNHRKrLy2Ip46Txf1mlBqsSvkr
                                                                                                                                                                                                                                        MD5:C0D9607847BAA5B0CCAA5665B1EA0CE6
                                                                                                                                                                                                                                        SHA1:F10332D5D80917CAA332291B9995AC3435FFB268
                                                                                                                                                                                                                                        SHA-256:358F5A8DC2E4D95D833E07425624450700157AC0193B43DEC899363777A2CBDF
                                                                                                                                                                                                                                        SHA-512:BAD4B3FBCDF7D675790BAC05A66AF1D3E8954370E9C40491C3693EDB069788ECE42D22CD1962E74DAD6D44CB32EFA6BDE7D7C1CA36C7549D5BB4EBE6853FF080
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................V....@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Linq.Queryable.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.009137368657855
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:38yg07W0/W+rjP9Z95Xa/rl9qX2Ip4YTjdAA1m5wMBq5ul0svfh+5w:3BHZHRKrLy2Ip4YTxf1mlBqsfvr
                                                                                                                                                                                                                                        MD5:497A902D35AB8232116EE89D21E38D66
                                                                                                                                                                                                                                        SHA1:C4822D2D2B4B4C4F42AA8476C1B079CBE826D0AC
                                                                                                                                                                                                                                        SHA-256:89CC50C586627CBA755433C5F5553523EEBD098CC62390CF7DA3B01488301603
                                                                                                                                                                                                                                        SHA-512:2E7B6C5AC6F3B5B1D66E42BE50CBC1E0892D0802B5ACFB56FC4B9CC9722792AB16E192B395CC4936E5AA2C1C6E9E25C3997F2A3FEFE736141B77AFE0BF3B6906
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................(....@..................................(..O....@...................>...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Linq.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.976370301041513
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:We1WmRW/rjP9Z95Xa/rl9qX2Ip4cqCjdAA1m5wMt+uKz2MDug2W+:WejkHRKrLy2Ip4NCxf1mltdKzN
                                                                                                                                                                                                                                        MD5:B559A8455E4270263625C155F0686265
                                                                                                                                                                                                                                        SHA1:67931AF4D0813B6827FBCA1944632E2771CF606E
                                                                                                                                                                                                                                        SHA-256:FB0B1D70F997EAB63CAA50A41CB3E164456DDB26C17547E1C874C881CFC156CA
                                                                                                                                                                                                                                        SHA-512:125BD456B80904A7CD4DA64B516FC2DDF1DAB1912984BD91E3101BDCE9EEBDE6B31BE644999BC2BF83604DEA1033D6D6B7B2588A013B3B55F7CE705B575175A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................1r....@.................................p(..O....@...................=...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Http.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):198144
                                                                                                                                                                                                                                        Entropy (8bit):6.163642467505993
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgNy:cW60VcTvakcXcApOL
                                                                                                                                                                                                                                        MD5:A6305F8C82C0CCF2D0BE25887BCC625F
                                                                                                                                                                                                                                        SHA1:BEEC702FCDA79322193BA4207F82924ACA0BB364
                                                                                                                                                                                                                                        SHA-256:9A1ABA67CD581E40A4DAA2BCA86276F5568608D011D0D2070BB83D76F80E4E77
                                                                                                                                                                                                                                        SHA-512:281FCFDB90E45DE12CA91EDBF9BADA4FCEA64F1416C37840F2C5D7F1AD55B14BAF23EB8C7124475A027AC7715FB9828249DAEF8F4E6519D12C801F49166199BC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ......P ....@.....................................O.......h................>........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.NameResolution.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.983124585784105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:g6ZWYLW6rjP9Z95Xa/rl9qX2Ip4q31vcCjdAA1m5wMzsPu9:g6l1HRKrLy2Ip4q3JcCxf1mlzz
                                                                                                                                                                                                                                        MD5:BC3F5D6D722774A570B3A1DE58E2EBBC
                                                                                                                                                                                                                                        SHA1:C579AEBDFDF288064705CBC2F1AD178E258AF039
                                                                                                                                                                                                                                        SHA-256:BC53C02FA05BCBBB8144E6D9B8AC036362332EED3B67A6FDA073C2D015D86701
                                                                                                                                                                                                                                        SHA-512:ABFE28100E4603F6C48AEB9C8E7F8D2C6559B533E566DED65A69B489C96D275A0137AB29CF43718972323E763B98B77273D30A8E1C6D64654859F03E9CE6766D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................R....@.................................T(..O....@.. ................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.NetworkInformation.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.940990717284523
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:A1W1WMQWvrjP9Z95Xa/rl9qX2Ip4zq7CjdAA1m5wMzsPuG:b17HRKrLy2Ip4zsCxf1mlzz
                                                                                                                                                                                                                                        MD5:360717B2996F9A21186CB6C6333015CE
                                                                                                                                                                                                                                        SHA1:D0EFE923ECAC3D152F0B34EBC693EC85D7A13092
                                                                                                                                                                                                                                        SHA-256:A13B2B226C3153B81D12DBC33A9966030D9330069FDDC9A474D35408AA452E7D
                                                                                                                                                                                                                                        SHA-512:CA010E618AB0EEFFB38D825A66FE90521EBABDDD8A91E8F04EE512D43C9910E84BE74FB759F64484D42B2E343BACAC33903F3BBCB0A51CC45125D1430B2C02B5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ...............................G....@..................................,..O....@..@................:...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Ping.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.9839807358827395
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LdSWSKWIrjP9Z95Xa/rl9qX2Ip4YOCjdAA1m5wMt+uK42MDug22:ROcHRKrLy2Ip4YOCxf1mltdK4N
                                                                                                                                                                                                                                        MD5:A96BEA342F91D186767C7A03BC6D3A65
                                                                                                                                                                                                                                        SHA1:716D819F7DA2893C5265836EC11BE33951413F29
                                                                                                                                                                                                                                        SHA-256:0E7B4A7119FD0E19DB10BD9E3C9B7BC76486BDC88C5BC24CCE3B0CEAE5AF7EB4
                                                                                                                                                                                                                                        SHA-512:CC6E1CCABCCEFC8513395A5ECC3DBF03F539C6E5DE513283946D0FEF1FDD4789D223CC368F8A64DF38B6943B2165B5E1E7AE96324E515C27CA6C9449B8928C2A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................A.....@..................................(..O....@...................=...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21888
                                                                                                                                                                                                                                        Entropy (8bit):6.917946536927677
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EJEYA2WkIW8rjP9Z95Xa/rl9qX2Ip4/CjdAA1m5wMt+uK82MDug2T:EyYA8CHRKrLy2Ip4/Cxf1mltdK8Nu
                                                                                                                                                                                                                                        MD5:78AE99457050BBE396A1AD9F4369B093
                                                                                                                                                                                                                                        SHA1:35DED67BD7D99FA6E561ECC19BE92E96E4A7C32B
                                                                                                                                                                                                                                        SHA-256:3B0A67438822ABDC4BD07B61CA4E7F089E235885F1F98B72F0A10EFF9F7165A0
                                                                                                                                                                                                                                        SHA-512:0C1808D342F1A9F2E5145A55E02A48487D40A1F97FAA36D6853870310F728461C3D53F178C5E55000F6CCC132180D4F1FB033C814B1ACB1ABFFB5728E45E6A47
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................u....@................................. ,..O....@...................=...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Requests.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.024383643761439
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3JGWe4WKrjP9Z95Xa/rl9qX2Ip4vTjdAA1m5wMBq5ul04vfh+7L:ZmgHRKrLy2Ip4vTxf1mlBqsHvm
                                                                                                                                                                                                                                        MD5:07D1968A9D4796A602BDD87D1DE640DA
                                                                                                                                                                                                                                        SHA1:032E8EB6C6ED8802F444C1A3AF213ABDA6680C2A
                                                                                                                                                                                                                                        SHA-256:FF56F726AD14116AD4760AE1211A916B177B1796CC5CFA9C1AFE53A25DFF0306
                                                                                                                                                                                                                                        SHA-512:0D860913063F11CD5E17F78AFC48B7E11094AA3C5937CC5BF492DD4443A122E293AFACA9C6A4128C8BA6256AC96EEA9C8CD93F11FDA5C6525642F15CCBDBD98D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................B.....@.................................0)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Security.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.949503664344784
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BdW1w3WesWorjP9Z95Xa/rl9qX2Ip4kjBdCjdAA1m5wMt+uKu2MDug2:e1wx2HRKrLy2Ip4k7Cxf1mltdKuN
                                                                                                                                                                                                                                        MD5:67F5D9F0420089641C4A586F67E4AD8E
                                                                                                                                                                                                                                        SHA1:46F305FAD2BC4394E204285D115C99911F0BD2CC
                                                                                                                                                                                                                                        SHA-256:6DE73632E3B5C91C65A8EF22D0DCDEFD5F4D79401D6106AC45EFF9FF62308452
                                                                                                                                                                                                                                        SHA-512:3EEC96DC2D36CAC18BEEF1E84822D25B2F4CD871FA53CC9A7D0919A450BE07D4E50AC1B2BCB76ACFE106D59025AA20311C8A7D3DB4D3F6621140F5030CC4088F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ....................................@.................................,*..O....@...................=...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.Sockets.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.767793329723504
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Nyp12Bhkg3qnV/sPMHRKrLy2Ip4ATxf1mlBqsQuvEk:y12zkg3qV/sPMHi/9MfIQs/D
                                                                                                                                                                                                                                        MD5:536E8F3C34410C25A83952179FCA8862
                                                                                                                                                                                                                                        SHA1:137C88DCD584D0741994FAA263B47359D10C018B
                                                                                                                                                                                                                                        SHA-256:730C10E5A6ACB38DD0D58B4EC4A296D609392385494EBBC77D064E60833EF99D
                                                                                                                                                                                                                                        SHA-512:96CCC78A577BB063ECCC91562E368C114845F7ED60207E95867DAD75ADD6EC261750D5EC9A2E44521BEE94DEC90D791BC97505C1B4A41835C11669E4A5C8A498
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ..............................`"....@.................................gI..O....`...............8...>...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.WebHeaderCollection.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012312379517373
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yHPAW1bWjrjP9Z95Xa/rl9qX2Ip4IN3TjdAA1m5wMBq5ul0Qvfh+C:qrWHRKrLy2Ip4I9Txf1mlBqsXv7
                                                                                                                                                                                                                                        MD5:093EEEDB8C88A75C6A4EFFC1424552FC
                                                                                                                                                                                                                                        SHA1:91B63883B48FE79F7FDC5276DB4875272EE8A8D3
                                                                                                                                                                                                                                        SHA-256:FAC3EE2E6DD6ABFEBA4043F69AFD6D8761CB96763DE2B4CBA0567E61220E8D21
                                                                                                                                                                                                                                        SHA-512:83BCBFCD0A5E5B0C37C52E25E9B4ED4821670D65FAFAA42F6807B683533BE9110E196C57F1B435A16C2373659BFFF5B1FFF4E11ABDA0C69A0B861AB4D4A9A8BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.WebSockets.Client.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.990449962762576
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KNoqWD7WPrjP9Z95Xa/rl9qX2Ip4TaCjdAA1m5wMzsPu:KNofOHRKrLy2Ip4mCxf1mlzz
                                                                                                                                                                                                                                        MD5:FCFD3EDDED347FC06BA08FD9A4874E0F
                                                                                                                                                                                                                                        SHA1:8869063AAF7EBB264E3C8D8CEA1933364A9FE8B4
                                                                                                                                                                                                                                        SHA-256:3AC4F6D4D123671D92CCF1C70D594CF0DDDB20D10658E494994D23E686EFC5AB
                                                                                                                                                                                                                                        SHA-512:C6DCC2D0D280320F13E7212B03D672803F2DE684F98153DF9371777D403CDF2E328266858E0A3371E5E7C1572F3E9863AEC07E1C6FBE54841DD45FAE85BCAC55
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................-(....@.................................|(..O....@..@................:...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Net.WebSockets.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.016070802680104
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cGETSAWUEWIrjP9Z95Xa/rl9qX2Ip4dtaTjdAA1m5wMBq5ul0nvfh+4:ST1CHRKrLy2Ip47aTxf1mlBqs4vt
                                                                                                                                                                                                                                        MD5:48A9F245C1FCD9CD421526374C8FC42A
                                                                                                                                                                                                                                        SHA1:78D5DB17A57F476CD8DA8BE5E9AD8721CFB2638B
                                                                                                                                                                                                                                        SHA-256:C2D8D7D77B50991327DC9940B896306AAAA7A63D682EA708BB48F12EBAB1CE6D
                                                                                                                                                                                                                                        SHA-512:D038949B35F84ACEB6F405FB389820EC3241E712797C82F1E4FAB1E0F5734FF715DF24677ED81F67F5B5A67201ED4AC073D4E9CAB681EAF0EF808A9886560F6F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ObjectModel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.985562996876628
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:lcDagtDApWSKJWnrjP9Z95Xa/rl9qX2Ip4FOCjdAA1m5wMzsPu:lPKBAHRKrLy2Ip44Cxf1mlzz
                                                                                                                                                                                                                                        MD5:3B88B9BE220E36D7F8729B488EE4F6DC
                                                                                                                                                                                                                                        SHA1:34BE6187882F312305C45D440BF427CD695013CA
                                                                                                                                                                                                                                        SHA-256:B0C016655C302D3DC25F369D6087D669B2D4EDC05CA48AAF9CBA48EF239DF41F
                                                                                                                                                                                                                                        SHA-512:5F1F48A77F4A46C4BD5275F5466AB24E830C965A80400C7CC314A888D904A90254E335BD9A0F7B08ABD9451DF4CF0E3B2966A99C3EA05C7A8FE3F9F228BED8BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................:...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Reflection.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.004484897309742
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fIWD4WPrjP9Z95Xa/rl9qX2Ip4dCjdAA1m5wMt+uKA2MDug2GwW:f1/HRKrLy2Ip4dCxf1mltdKANP
                                                                                                                                                                                                                                        MD5:1D5F9A52D4F45D8A9410EAEDADBA77EA
                                                                                                                                                                                                                                        SHA1:EB5A23D3842F1BDFC074D9A0D47DBBFD8AA71771
                                                                                                                                                                                                                                        SHA-256:A531CD972442CF7A6C98446EC3CBB607B8F147B2DD762C97B2D4AA397DFEF300
                                                                                                                                                                                                                                        SHA-512:730CE31E52EFAE2882394552F7A8DE774C4E0887764CC0DAE5308F7F18D81D6FE5930106563D7AFCC7232216ABA444ADA618BB4A13FAD75C14D8E364A6C528AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................=....@..................................(..O....@..@................=...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Reflection.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.956883982952257
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iMWzQW3rjP9Z95Xa/rl9qX2Ip4UoOTjdAA1m5wMBq5ul0Vvfh+1f:i57HRKrLy2Ip4UhTxf1mlBqs2vif
                                                                                                                                                                                                                                        MD5:FD2AB5130049284E205256F6D21B4FF9
                                                                                                                                                                                                                                        SHA1:F5BCB68D775ED244205716AA2AF6BFC31C336DFD
                                                                                                                                                                                                                                        SHA-256:45E8FFB0FDF3B114E717333EA544E8438DE146778A7CFF9EEA1E39063E538011
                                                                                                                                                                                                                                        SHA-512:A9998074ED4F8FE09D667DDC2B9E8F15C338E07D2C13098F454C95E54610555C18909E8809820C88D1846FA52B783887C9B39030988945B339ED392729E97725
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ...............................W....@..................................)..O....@..@................>...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Reflection.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.907071338300692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wxDHKWAMWHrjP9Z95Xa/rl9qX2Ip4bYTjdAA1m5wMQhKuVdRm5vZf:4D8bHRKrLy2Ip4bYTxf1mlQh5VdRm5t
                                                                                                                                                                                                                                        MD5:8A252F1FB85086D035FAD4B976F84421
                                                                                                                                                                                                                                        SHA1:B2BB9B4CE4B6D25B35091B6765AC080D1779CBC1
                                                                                                                                                                                                                                        SHA-256:BB05FA6215A3B9FD9B2EB0F559FE7A30E944F03F07F7D79CDF4DDD7B57DEEE01
                                                                                                                                                                                                                                        SHA-512:8482D445DE1B26EBEE5E486C36C27B3FDFACC09AED8619F66EFF4106CC717EC393D2DB181891F58A6B696053AE8F5E5402F2B9D62AA5F3E0C3494E10CC850864
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...................................@................................. ,..O....@...................>...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Resources.Reader.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.993420993671583
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cLNBEW6pWerjP9Z95Xa/rl9qX2Ip4UTjdAA1m5wMQhKuVdDm5vZyo8:cbMzHRKrLy2Ip4UTxf1mlQh5VdDm5UL
                                                                                                                                                                                                                                        MD5:5353D2CC4393D2DE1EAE1A00B7848BB9
                                                                                                                                                                                                                                        SHA1:017ED99087BCE6A35826FD861E555869D3B1550F
                                                                                                                                                                                                                                        SHA-256:5734A2041DAFC60696583043AD4E5613306C760B9F895F80E58C049AB63B7EB0
                                                                                                                                                                                                                                        SHA-512:A856661DB9B3068B6D64F202B1C9C71A0129658CDD6F25C6E3C219A3CCA63AB20C708ED12B6C0FBD17BF6EB13C27A04F6BB8F74DC22040EA3B6D6DFFC9603F1D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Resources.ResourceManager.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.0244524304384015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CKkHKW/tWNrjP9Z95Xa/rl9qX2Ip4OeTjdAA1m5wMBq5ul0ovfh+YV:XuWHRKrLy2Ip4OeTxf1mlBqs3vN
                                                                                                                                                                                                                                        MD5:26478EDBE547D0DBDDCAC468D8A4FAE1
                                                                                                                                                                                                                                        SHA1:FE1B850C11229BC091E725FE4DB6EC379030AE40
                                                                                                                                                                                                                                        SHA-256:ECE642BD2BB8CE7B18583961C68C1F050DC639C7459581CD4E3C4068B6A67516
                                                                                                                                                                                                                                        SHA-512:E4AFDD796F8CA6FFDF2B57B761C78A872DF6A881C30576F36EF5EAAABB58C26C53E9D1B220BE86B9CBED28ECED2E14BB10CA8BC29403A159466E7C6235207286
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................].....@..................................(..O....@..`................>...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Resources.Writer.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.978820551680673
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BLnfIWqrWXrjP9Z95Xa/rl9qX2Ip4tf6CjdAA1m5wM36QNuZLQrQY:BDf4GHRKrLy2Ip4B6Cxf1ml36QgZS
                                                                                                                                                                                                                                        MD5:0DC9CCC1D26214E4A95847F7C6335926
                                                                                                                                                                                                                                        SHA1:A7F4E12DBA444C5EEA2624F7A88F77142AAA74FE
                                                                                                                                                                                                                                        SHA-256:A739636CD6CB162D927E6C203F4BA8E9164E5EB44E1AAD9F045470B61CEE39DF
                                                                                                                                                                                                                                        SHA-512:A3DB6DB5710C985B78F3FF706FAE31C797937A3AE5B50439C7C18A2F222000ECF85686C86B8FECE69593972C6A5E1DA327A200ABD8DC9D3DE5E163143066BFC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................B....@.................................D(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.CompilerServices.Unsafe.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.800053693288702
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eybU8ndrbbT9NWB2WTrjP9Z95Xa/rl9qX2Ip4j/TjdAA1m5wMQhKuVd3gm5vZ2:ey5ndvWZHRKrLy2Ip4LTxf1mlQh5Vdwz
                                                                                                                                                                                                                                        MD5:0F9957AD9E020ABF5F3B4B06E5D6B953
                                                                                                                                                                                                                                        SHA1:AF9BD1B21D22421D6B95C191007267393F9FD8BC
                                                                                                                                                                                                                                        SHA-256:381F5473A17720FBED4F960867E9457C035EE22F76AEEBCEB3DBA60009A0B45E
                                                                                                                                                                                                                                        SHA-512:19611204AC5D1A64D6E8726FCBF83DE84BAE8C6C35980D3EBE2711ADF3B219AA39C887197B1CF8369719AC398AB3CC56AF3F0B831BD79D4ED84A17F025894C79
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ..............................o.....@..................................6..K....@..............."...>...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.CompilerServices.VisualC.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.976445569058889
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:jna8WK1WWrjP9Z95Xa/rl9qX2Ip48YTjdAA1m5wMQhKuVdygm5vZssqy:jna0/HRKrLy2Ip4PTxf1mlQh5Vdygm5F
                                                                                                                                                                                                                                        MD5:5862163035701C1C8C83E0A00EA0A4EE
                                                                                                                                                                                                                                        SHA1:69C1AFAF61FA70CB70EE4E638B610E2350C88001
                                                                                                                                                                                                                                        SHA-256:2CB315BD1C4E9050C35F6DD253C9C499FB4AACB76593240438B2BC56792E3B92
                                                                                                                                                                                                                                        SHA-512:9DD8FE1B96238310DEA332699BBD062EB89924C37C2DB0FB1B7ED0C7AF9A4627A2B8BFEFD3A608449033F401F191C51F5ADF4170A3AE4120F5A3B718195FC51C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ...............................=....@..................................*..O....@...................>...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.9265541297950595
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4BSWITWprjP9Z95Xa/rl9qX2Ip4Iky6CjdAA1m5wM36QNuZL:46YHRKrLy2Ip4Ly6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:806ACB0354C1DE48BB61DF96E2FAD5D1
                                                                                                                                                                                                                                        SHA1:ACC1AE918D897C8BC3279B6C1F6A96485546AB86
                                                                                                                                                                                                                                        SHA-256:AA84EE4FE186F4CCFBCAFACAE30016A8CF877787C56E05CC6B12D9C228E19831
                                                                                                                                                                                                                                        SHA-512:20872A5896FE19C087E9C374410108BDB3074D7C284C2BF7F0CD09DD207E3FE141B1637152C56C98B1F29178604CB43C2804073588D3E03C8AF89DD64B8B49B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ...............................!....@..................................)..O....@.. ................:...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Handles.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.024914500099341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:C88cIIWNoWLrjP9Z95Xa/rl9qX2Ip4z/6TjdAA1m5wMQhKuVdcm5vZ97CU:C9cUbHRKrLy2Ip4GTxf1mlQh5Vdcm5P
                                                                                                                                                                                                                                        MD5:1DF480B3EF676A09D9DD11890C70EE66
                                                                                                                                                                                                                                        SHA1:8E827424C2B2766D71A36742501F4B631C34FD6E
                                                                                                                                                                                                                                        SHA-256:D2C88FE15D78332989A507E36EA1A8A2C4CC8B25BE7500C855E9F76D4991585B
                                                                                                                                                                                                                                        SHA-512:4E3FF3B1C6A2402A69A435D207A33E7D504683E0F8FE7F25D6E31EC04B717495F065FC2DBF513F8DDE7C27B520CA864CC501D24E69C247FE1E4F1D8CC92A252F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................2'....@..................................)..O....@...................>...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.InteropServices.RuntimeInformation.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28160
                                                                                                                                                                                                                                        Entropy (8bit):6.790350767912065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:crmoFmWdO9HRKrLy2Ip44ODTxf1mlQh5Vdkm5n:caEFdO9Hi/9/BfI+vkGn
                                                                                                                                                                                                                                        MD5:562379760F9E686652297B3180E05C1C
                                                                                                                                                                                                                                        SHA1:24B16EC8CF800C81C789E1F279E64CBC55BAC596
                                                                                                                                                                                                                                        SHA-256:24B63A98A0D136BACDD057DBFD173A95C10EFCF706A71A51942741983C383EC8
                                                                                                                                                                                                                                        SHA-512:C60057EB8D985204E0816A397252668F8CCD5170961DDAE052E67E4EAD43F470780D79D6B7602E35455EDC72DBBCEEEAD50241711B87BC3E1DD0FD328E77609A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................b.....@.................................PE..O....`..x............0...>...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.InteropServices.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                                                        Entropy (8bit):6.86244677413669
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:O09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsz:3OAghbsDCyVnVc3p/i2fBVlAO/BRU+pF
                                                                                                                                                                                                                                        MD5:4B9E6A397BAF62480D1D642C539982D2
                                                                                                                                                                                                                                        SHA1:EFDBFF45B098CE1A36F08D07D4F70B474FB29B54
                                                                                                                                                                                                                                        SHA-256:A602F22DE6691C1ECDE9CB9A186541A60759B87AC3C1FD281BD5E5FF9CE7D64D
                                                                                                                                                                                                                                        SHA-512:DB65D862A86567262FF79009C08139C280CE0912A015351118151E1AB64E5CD88906954285707AEE38E180EAB9B2DBDA1D53F611334EAB1F078992826EDF6F0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ..............................L6....@................................. 5..O....@..P............ ...>...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Numerics.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.98121423453462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:G7W6RW+rjP9Z95Xa/rl9qX2Ip4+C6CjdAA1m5wM36QNuZLRv:G5rHRKrLy2Ip4z6Cxf1ml36QgZFv
                                                                                                                                                                                                                                        MD5:F030F3E4D0EEE23DF31E5C684BEDAD97
                                                                                                                                                                                                                                        SHA1:322FB4F7CFC4BB2DFADC2F71B1216B2A6F82F0D6
                                                                                                                                                                                                                                        SHA-256:37073DA1F5A20BF1FE1B33CCB42F0B29D32196241BFCF1A3A2A70FD601EDF1F3
                                                                                                                                                                                                                                        SHA-512:0AD034960ABDFF4FBF506DAF87CAABB5DE6F79C0394D019FC05A8A5D90D5828FA938E96868DC7E058E04FA8CCD199DD5CEE7900A03008345F791C6DC70417C0B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................>....@.................................T(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Serialization.Formatters.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.05428802807611
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qI5HeWFwTBsWNrjP9Z95Xa/rl9qX2Ip4JKTjdAA1m5wMQhKuVd2m5vZL:qI5HFwTBlHRKrLy2Ip48Txf1mlQh5Vdl
                                                                                                                                                                                                                                        MD5:799BBB26B86D38A7F621AF8FFFDD8E01
                                                                                                                                                                                                                                        SHA1:CEC6F288C85E4581CB8876733E3EE6681808F249
                                                                                                                                                                                                                                        SHA-256:E6098F2253327D950B81076337EE0B92667EF6508F41F527372F7FCAB57E36F1
                                                                                                                                                                                                                                        SHA-512:AF67B37AE0BBDB17FB0A798D085630904CD23D0E56FE502E4CDE8B984FCCFCFA1CFD82BD7C8BCD20CE2E316568DFA5C49FE34E73EBC4C5393275D40807237E50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................u....@.................................|)..O....@...................>...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Serialization.Json.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.032938959830146
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iAJpVWbfkBnW6rjP9Z95Xa/rl9qX2Ip4scTjdAA1m5wMBq5ul0zvfh+BzR:iAJpWfkBdHRKrLy2Ip4scTxf1mlBqs8m
                                                                                                                                                                                                                                        MD5:A8FFF498E33FFB86C678046527186133
                                                                                                                                                                                                                                        SHA1:A9749F87CF0F7FA8685EFE1F22DCA999C56E6475
                                                                                                                                                                                                                                        SHA-256:B5303D326DC0D0CA787EF8569AAA6F2EB15A73BC0B901920CCCEB00BFE16567F
                                                                                                                                                                                                                                        SHA-512:57AEED077A4A27CD08AC7221A3A1C3D5B938AE07B6E1A9896339651530B9B438C7A5C61BC7C9ADE8F22AC71938240F91F7B8B44818E2469A11124A29E45D9E1A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ...............................u....@..................................(..O....@..`................>...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Serialization.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26624
                                                                                                                                                                                                                                        Entropy (8bit):6.744878476669213
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:W1dyAqgQBfqyTBQHRKrLy2Ip4kWTxf1mlA6RZy:YdK1WHi/9kWfInRU
                                                                                                                                                                                                                                        MD5:CC2E63CBCBB9960B8D20AB217B6753D8
                                                                                                                                                                                                                                        SHA1:792ACA3B73401780A272EB8F0B2AD242E2057C22
                                                                                                                                                                                                                                        SHA-256:8816399ACCD5340398DFE2825666C0EE95CBD7A10A435BE9BF3F4F0C5C42A845
                                                                                                                                                                                                                                        SHA-512:27FE73E2D221E60B48BA5D3876F685C33C656E1D78CB1B2E44DD90C232621B5CCB32D917261D9824D7D9116BF5E6BF5B551D14B540E6AEAE5CAA4CF3AACAC16D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................o.....@..................................8..O....@..8............*...>...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.Serialization.Xml.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.862001295533237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWIrjP9Z95Xa/rl9qX2Ip4qyTjdAAs:XsPMQMI8COYyi4oBNw4tB4HRKrLy2IpH
                                                                                                                                                                                                                                        MD5:91F23081484BE9044502E179DFFD0B5B
                                                                                                                                                                                                                                        SHA1:C8767E1515A3B453B7E9EA386CD892B6BB9566CB
                                                                                                                                                                                                                                        SHA-256:CB21115EEC55C3B2998D4E820C0B609535660CCA8B8FFBCBF044CD6A879AB2E5
                                                                                                                                                                                                                                        SHA-512:6E202B60FC061D7C1A5B97ECC69381F902EFF7CFD2E61D4C90050190CADB1D0FA72D3492628F543C5E9BAA43E8B664D407BE3AB11F9E0A9B3C5423639BB4B91B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ..............................,{....@..................................3..O....@..............."...>...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Runtime.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29184
                                                                                                                                                                                                                                        Entropy (8bit):6.563794164270402
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nbhigwLAuZtM66g/Id7WVXW0rjP9Z95Xa/rl9qX2Ip4HTjdAA1m5wMBq5ul0Avf0:nbhzkKs7HRKrLy2Ip4HTxf1mlBqsTvBC
                                                                                                                                                                                                                                        MD5:3D4BB4CA05BA61CF938055E75C74E93B
                                                                                                                                                                                                                                        SHA1:688F6D9B94C76CF251632BB61642CBC4BFD973ED
                                                                                                                                                                                                                                        SHA-256:4C4FD044311E64557A9C5D48C86A92D0B7A6C7A3B36B4657762F9EDC0AD01973
                                                                                                                                                                                                                                        SHA-512:297CCF91CEA0E1DF52490A696413BE638B9C66562C703B18EFAA9803FC903D00A116B4335ADA3C586953E4FF936277FAC077687EA19B260C57F5FB95427A01C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ...................................@..................................G..O....`...............4...>...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.AccessControl.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38912
                                                                                                                                                                                                                                        Entropy (8bit):6.258801189412649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:yTIrKFsESvNsStEpOqPOmizx1qYDpjhHsH5KDs6L5C4ioDElwr1ZWBky351iQHRa:d6lw1IbiQHi/9VSfIQsCq
                                                                                                                                                                                                                                        MD5:C60DB20B29E88958D9465CF180B78944
                                                                                                                                                                                                                                        SHA1:354F0623DD0FD9868B27758737FC25B96C8E0B97
                                                                                                                                                                                                                                        SHA-256:68DD8B93139014803DC11A5398CCAFB1ABF5450635AB4FA6E5DE7C27098ABAA3
                                                                                                                                                                                                                                        SHA-512:E17EA0E31A2F246C096E7D0CC94A6B20789AD2BB3A39CE28A89DC5A310A044F0595CDD1CDBE3CB25A0BD01864D4016AECF277F637E3AB853C078E8067F723EC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..J..........>h... ........... ..............................& ....@..................................g..O.......h............Z...>..........8g............................................... ............... ..H............text...DH... ...J.................. ..`.rsrc...h............L..............@..@.reloc...............X..............@..B................ h......H........#..8)...........M.......f......................................j~....%-.&(7...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r9..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r3..p.(....*2rk..p.(....*2r...p.(....*2r;..p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Claims.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.002325554132072
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:1UcX6W9aWsrjP9Z95Xa/rl9qX2Ip4LKGY6CjdAA1m5wM36QNuZLin:1UchwHRKrLy2Ip4LKt6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:0347D6FA68EF104062D2F03BD2836C51
                                                                                                                                                                                                                                        SHA1:907FEBC4AA739CCED0AFAD90CB2457335CFB174F
                                                                                                                                                                                                                                        SHA-256:5F5BB112A5ADC3D3999DEB912D8C428EECDAAD68CA3B65FE62492B82655D7A4A
                                                                                                                                                                                                                                        SHA-512:093F240E2C1F8857BB991AF1BE4ED60DCFC9C9D28CF8A660B7822474408436B9D05C0579F8B3644BA1A74876C4D0DB1C0F14DC127637B4C7096B5B168FFAD3A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................:...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Cryptography.Algorithms.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                                                                                        Entropy (8bit):6.171207295782074
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:+oBj7kS+8mjvHTeaWKs0Sd4eehHRKrLy2Ip4kOTxf1mlBqsqv/e:FPmb9WKs0PeehHi/9vfIQsqO
                                                                                                                                                                                                                                        MD5:368CDE2C1517D0370689048DFEFBBE01
                                                                                                                                                                                                                                        SHA1:18B56375A8FF8D0B5A51C2EF09154F4F598F4966
                                                                                                                                                                                                                                        SHA-256:D100C10F273171C43BD6A6DB1F08FB8EF7E69D0A65470566EFECAB68AD5EE150
                                                                                                                                                                                                                                        SHA-512:E25E29290F49E71B4291042D255F24FB877D04FB4B56B76249DD6188C601E4201CBDA6EE0205CCD58B84AF26D43B4E7755F2EE62AF5196E83A20025E4F1198D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x...>........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Cryptography.Csp.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.036231673830498
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:STI2pWPzWkrjP9Z95Xa/rl9qX2Ip4STyTjdAA1m5wMBq5ul0fvfh+7U:SE3zHRKrLy2Ip42yTxf1mlBqskviU
                                                                                                                                                                                                                                        MD5:DE4C7C34DE0EE77E22BE7BD4DCB12EF6
                                                                                                                                                                                                                                        SHA1:F292FAE6FE6443516156BD63CD424CCEE1162F76
                                                                                                                                                                                                                                        SHA-256:6D1B52839B5C28352B4B5DC63D40253BFC9A05C1D93F76042AB2A0F324A5C88F
                                                                                                                                                                                                                                        SHA-512:1D847BE48A9F9370E3CA239314CAD3C20322033C52AA74568F1F2A24A5C4D053510F3F93C53B0CDD0B16400D5D57743527E5E2F376EA52D14809B9C13662060A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................lw....@..................................)..O....@..`................>...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Cryptography.Encoding.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043752496308506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zcezoy4W04WxFrjP9Z95Xa/rl9qX2Ip4wQoTjdAA1m5wMBq5ul0gvfh+9o:zBzoy+fHRKrLy2Ip4wQoTxf1mlBqsbvj
                                                                                                                                                                                                                                        MD5:C706B0668387A2ACF3E8C6E2A11390EF
                                                                                                                                                                                                                                        SHA1:6108CEDFE1301AE1A381AB15D05E6F1ECABC5885
                                                                                                                                                                                                                                        SHA-256:ACC37223E0389865D94131FF72E7E9A81A468A73F5E648E66496E11ADF68D72F
                                                                                                                                                                                                                                        SHA-512:4B880649BFFA7B8DBBE4EA2CE23F2A4D9462518DB1A41C44A2D64CC75D327032FC7A2C4C7159D99BB712E4D0B3B872F5F5B507951A467FED0063D810C1CD7A10
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ....................................@.................................,)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Cryptography.Primitives.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.964569325909888
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DH/JWKpW5rjP9Z95Xa/rl9qX2Ip4psrpTjdAA1m5wMQhKuVdbYm5vZdb:DH/jyHRKrLy2Ip4WtTxf1mlQh5VdMm5
                                                                                                                                                                                                                                        MD5:16F83A3369AFD8F913FD9FBF2BE2E09E
                                                                                                                                                                                                                                        SHA1:DE0D9DF9581050AEEC9F77CAD32D452E021A6A72
                                                                                                                                                                                                                                        SHA-256:29451952BF4887D95F2F34A47EB5F1487B0371B93D14CBBE3AB12634356CC505
                                                                                                                                                                                                                                        SHA-512:68106DF7EF3C8D23FD4C5849DD8575C6CE23821B408BEC175CCE61D5D0A77BC4D1E7B016942117B7BEC588762A9A1CA8A39002F63A5B1160EC20ADB76F391FED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ..............................2N....@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Cryptography.X509Certificates.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.918646557026692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KTjbocNsWMhWwrjP9Z95Xa/rl9qX2Ip465TjdAA1m5wMQhKuVd4m5vZXVy:aboYyxHRKrLy2Ip465Txf1mlQh5Vd4mY
                                                                                                                                                                                                                                        MD5:053CDE539558C043EF0D98D277A225E4
                                                                                                                                                                                                                                        SHA1:433526427E83F939C8074C326367703A94A5D6B5
                                                                                                                                                                                                                                        SHA-256:923C9B96CC5F054C309816CC90C0A1B2C65E9432B2E38AEE50CCA1557B051FC7
                                                                                                                                                                                                                                        SHA-512:0F3150292BF8BB20D1C106251E8C670AC959C4A42CE84475DF0BF90010BED07D8608561D5F87CBE0045E1572800BC324296E532070770521D0A62B001F234042
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ....................................@..................................-..O....@...................>...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Principal.Windows.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23040
                                                                                                                                                                                                                                        Entropy (8bit):6.890329778208696
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ResTEpq4YiZUlW/AWXIZWWAWXkrjP9Z95Xa/rl9qX2Ip4LF0TjdAA1m5wMAvru4x:FwTiuHRKrLy2Ip4LF0Txf1mlA6XfZ9W
                                                                                                                                                                                                                                        MD5:C5B6F82F05364033B9FD4B5204E34F26
                                                                                                                                                                                                                                        SHA1:9255FEFDDEE9FE6568B91665ADA3C19C3246D480
                                                                                                                                                                                                                                        SHA-256:24DDDE4EB0276C3CB82E3FCC3B5A4EAEA32867004A7D2EC0F885ADAE06A6EA66
                                                                                                                                                                                                                                        SHA-512:9F86A85915E45DFD7D7987AF92A895AD73754C9AD4245040FBE14A3F343C71F7995F7A754E8E3DC6D1A1B3DC4950846D95CCE604679BA3C7D17EADBA6AD07B0D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..............+... ...@....... ....................................@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................T*......................................BSJB............v4.0.30319......l...l...#~..........#Strings............#US.........#GUID...........#Blob............T.........3.........................................._.........-............./...../.........O...........I.....f........................................._.............................y.............................!.....).....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .....&.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.Principal.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.003345288923658
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MSKiWIhW+rjP9Z95Xa/rl9qX2Ip4YZh4TjdAA1m5wMBq5ul0Qvfh+r:MSK8jHRKrLy2Ip4YZh4Txf1mlBqsTvC
                                                                                                                                                                                                                                        MD5:BA49CEC30FB0DB7466AAA605878CDDD1
                                                                                                                                                                                                                                        SHA1:0C7F6967FCB69D76EC8FAEB8CAB1BFEBB1DEF616
                                                                                                                                                                                                                                        SHA-256:45E5B19DFF471EF416B6F46B42AD3FDBE4C58DAB33C1C12D3D0D71982E62CFC5
                                                                                                                                                                                                                                        SHA-512:B10CED8BB341E51A82CB395B072B0960AF5B18BD93E916B1D82373CA74F1028927245204F9B03A461AC08A73B5B61955DBFE15CA87F61A7C8881EBC6494A65BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................:q....@.................................t(..O....@.. ................>...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Security.SecureString.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.952617106985068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:40KbZWApWmWTpWNrjP9Z95Xa/rl9qX2Ip4DThTjdAA1m5wMBq5ul0Nvfh+Vt:nKRyiHRKrLy2Ip4DThTxf1mlBqsqvkt
                                                                                                                                                                                                                                        MD5:24046188160DAD513AD213EEBB9BF585
                                                                                                                                                                                                                                        SHA1:53D4E09F3F739D2A8E5EB59D156A52A7748D106D
                                                                                                                                                                                                                                        SHA-256:B28ED96F3D699D5A6B1B88A3E4E2D855945C8BD9F10EAE62F42A910FE7D31377
                                                                                                                                                                                                                                        SHA-512:5D5462F87D9720FFFB9FBA73DA246C25475F854B65AACDFC27C302570DF3290C3EFE1CEB2A9CF9B02CDA8327B4C7A951117DA08853D5056CBBD341D281856E5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ..............................._....@.................................>)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Text.Encoding.Extensions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.025793572253596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yb1nWCXWbrjP9Z95Xa/rl9qX2Ip4fTjdAA1m5wMAvru4LTyZIjWYzF:M7mHRKrLy2Ip4fTxf1mlA6TZfYzF
                                                                                                                                                                                                                                        MD5:4C471F1FA1733D378B9F76125EA13D4D
                                                                                                                                                                                                                                        SHA1:DF3165A865220EA5AF741F7293CC131F6D58A375
                                                                                                                                                                                                                                        SHA-256:714736E69B61DAC9D6C3EF6C7D36AAA8ECAB2D1B02DB018C6FA24E5641AD1424
                                                                                                                                                                                                                                        SHA-512:70A1ED5B34BC2D5ABD955C1B37BA3C6D0C8AB4509E08263FC469BC134946E6188E593BB9E129D735B09F0FA5AB8B2EA3199558E5B0F2F36C7B16549D7808A1C6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................;.....@..................................(..O....@..T................>...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Text.Encoding.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.950125579722336
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:5NyW7TWXrjP9Z95Xa/rl9qX2Ip4cTjdAA1m5wMBq5ul0uvfh+0PL:vf2HRKrLy2Ip4cTxf1mlBqs1vfL
                                                                                                                                                                                                                                        MD5:D93D4BFA4526FB0C604410F445BA6C83
                                                                                                                                                                                                                                        SHA1:820E6E420D2FE3C97F0B22489EAA95449F6F08B2
                                                                                                                                                                                                                                        SHA-256:35B54B143B778769511843B4C493952F63B5F08F7A5947885B3CCFCB349894F9
                                                                                                                                                                                                                                        SHA-512:2E892D8C05337DD7BC553C29A70462B8548159EBFACB548DEB7120000845792DDA83E4B801D8EDEAD4F20100EFB28C09C5BEA33DE1BD814CE0CA9B494F49ACFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...............................1....@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Text.RegularExpressions.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.044767989073116
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k6Rb32WVzW5rjP9Z95Xa/rl9qX2Ip43cVTjdAA1m5wMQhKuVdUm5vZ4:zRb3dkHRKrLy2Ip43cVTxf1mlQh5VdUZ
                                                                                                                                                                                                                                        MD5:CCC96D3D8E531D7411636B2D3F24E55C
                                                                                                                                                                                                                                        SHA1:57FEE930236DFD4571A68B41657DBA8FF08614B4
                                                                                                                                                                                                                                        SHA-256:7EC1720789541966183A2538BBD46D271333A7B382EDD0A2B142F49BF123A20E
                                                                                                                                                                                                                                        SHA-512:8D9EB4C6F692B856DAA3CA60D1912542F580B1692E8EE31A16641EB026CFB156630B9FECDBFA19F283568AD99CC92D35E26AFA8E8357059FEB186F25468CDEC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................M.....@.................................t)..O....@..P................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Overlapped.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36496
                                                                                                                                                                                                                                        Entropy (8bit):6.6902083286878415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:du5I+sqOylryry8qqIfUc7a5AHRKrLy2Ip476Cxf1ml36QgZI5:dYIVBpry8qqIfUcm5AHi/9zfI5gC5
                                                                                                                                                                                                                                        MD5:4D8FD560D264D9D2F9CC360809053DE8
                                                                                                                                                                                                                                        SHA1:20F80B422BF59D580A59514D2F06EB1E00316553
                                                                                                                                                                                                                                        SHA-256:555962091DAE5AABF44DEFCDDE0A2D98CD46E94DDC6C199AADD73DE08DA5B93B
                                                                                                                                                                                                                                        SHA-512:B911AFCA1DC43D010FC8053451DB2104982FC2F7E69CF7FB1D136D1AFAD08BA9D5AB54BD36F11FB4BC7D5117EB699A77145080EC3CA3E8EE51AF2F5B932589F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ...............................P....@..................................c..O.......x............T...:...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Tasks.Parallel.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.02247507672201
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fvn4HREpWiQW3rjP9Z95Xa/rl9qX2Ip43ETjdAA1m5wMQhKuVdnm5vZWM9:4SXHRKrLy2Ip4UTxf1mlQh5Vdnm5v
                                                                                                                                                                                                                                        MD5:1C6034027DF04E156FF60B0F09A12DAC
                                                                                                                                                                                                                                        SHA1:651400F7A2F86C4C6273D1225C19631049894DCC
                                                                                                                                                                                                                                        SHA-256:358A76309D3D26CAC4C021E8FC5DB847C9D45FE6A1474B0789004E57B9BB3135
                                                                                                                                                                                                                                        SHA-512:2618C604EA80AE5210AAAA4ECFCF12182475252642EA86F709CA8DFF1579909F83E4B342D2471A567674E48C2F2BEB8E9A2241FC1EB4CEA2CFD4C237E7EAC473
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................VX....@..................................(..O....@..P................>...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Tasks.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.946165235196381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:r8MjKb47T3UCcqFMkJ59WdtWurjP9Z95Xa/rl9qX2Ip4jJoTjdAA1m5wMQhKuVd8:wMjKb4vcGdOnHRKrLy2Ip4j2Txf1mlQ0
                                                                                                                                                                                                                                        MD5:FD32901AD58EDA4E8BA9A56187C360B5
                                                                                                                                                                                                                                        SHA1:090398A1AC61FA530596DF1B6C42CA651F698A27
                                                                                                                                                                                                                                        SHA-256:37A4BC0B6C9873F1FA36F1372C0A2AEABA038430D8CB649151626A2CFE5EE972
                                                                                                                                                                                                                                        SHA-512:DFE1101D0B6F56ABE153542B90A2F766E3C420DB7279A77652E560CD8ADD998A56838AEAF170F18E27A2B82A9372F1CD93C9AEF33CA8BBDF241724B7315FCFFC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................4b....@.................................`,..O....@...................>...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Thread.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015976194477571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3zyNXd4+BW6FW8rjP9Z95Xa/rl9qX2Ip4ne3TjdAA1m5wMAvru4LTUZIjP:mzZHRKrLy2Ip4oTxf1mlA6VZk
                                                                                                                                                                                                                                        MD5:939491A792A9A207C16E50C4D76D63D2
                                                                                                                                                                                                                                        SHA1:0CB73A19297E30369703D1A57EC68648B349CD38
                                                                                                                                                                                                                                        SHA-256:3F9461B26DA4236B975BF0DBA56B6E9FECBD333BA0E84AC9DABCE7D7F8968DCE
                                                                                                                                                                                                                                        SHA-512:143E0650F4876996337AA870659955D705DEA24873BD614A43B0D36B558F0D13A43258B071FA71317609E5A61C83C7E588AACD5FE0BB5CA214B2AC0CCE186C93
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.ThreadPool.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):6.999581586913751
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Wvs2Q3HKJNrWWRWkrjP9Z95Xa/rl9qX2Ip4By7mdCjdAA1m5wMzsPuO:WuMRHRKrLy2Ip4B3dCxf1mlzzO
                                                                                                                                                                                                                                        MD5:1F4B2EF214A0E6E0A74D9F7AD997FA55
                                                                                                                                                                                                                                        SHA1:70D9D29C100A5E1DE5A55511FEDB3D320F1336F1
                                                                                                                                                                                                                                        SHA-256:6A37AE19E656D95778D917D68686994C0BF899CF4033646B12CD2476DBEEED2A
                                                                                                                                                                                                                                        SHA-512:2101C4681DD9F915C617215BFB3BE986D203A837D906DA4EA6D49C401B03E5322409FB0EBC6C44E77D812A83F8328F0138F4E2B8097BEAB6232D6AFCBBD65DAE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................!....@..................................(..O....@..4................:...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.Timer.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.980722029632896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GFz0Q6gcqRhcsMWdMW0rjP9Z95Xa/rl9qX2Ip4bbkOCjdAA1m5wMzsPu9:GFz1c6KHRKrLy2Ip4HPCxf1mlzz
                                                                                                                                                                                                                                        MD5:69074C045653E6A61DB94CC48F74778C
                                                                                                                                                                                                                                        SHA1:98852A0E6B68AB3E1E28F192E57C1EB77C15B77B
                                                                                                                                                                                                                                        SHA-256:F52AA52FCF186B83B56500B2D50F6B3A72C4DDC9CB6E474CDAAB9FAF5E64EE87
                                                                                                                                                                                                                                        SHA-512:C01A3DB152C3B3DD03C92B126985A70803EB4C349EDDF6B32F90D1E7C0845D6ED57B06BEAF17EC4B4777491BF04D059FEB0D7B0966D05E1C4D757CCE8894D74C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................@.....@.................................L(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Threading.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.910677968918354
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:K6xWA3W4aW/NWUrjP9Z95Xa/rl9qX2Ip4OTjdAA1m5wMQhKuVdAm5vZ9q1:KaBJHRKrLy2Ip4OTxf1mlQh5VdAm56
                                                                                                                                                                                                                                        MD5:418BE29B62A24A1ACA13E31A72415198
                                                                                                                                                                                                                                        SHA1:31BD7839E973C5ACA50AD50AC8E1FD3BCB85994B
                                                                                                                                                                                                                                        SHA-256:4A2D205DCF3607CA4B9723325B94ABDF0E795FEE5AE357B76C6BA47422F642F5
                                                                                                                                                                                                                                        SHA-512:CEB86E3ED47AF6B4C78AA5391E041F24B0C703DA720BE68CB30344C770336CB7148BC1872792445092D3789A0D70655C92669DF7B5720C879E258EFA6DF4065F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................RM....@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.ValueTuple.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):77960
                                                                                                                                                                                                                                        Entropy (8bit):6.069856591381686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:L784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSATHi/9XfI5gs:L7NV8v36tI0XCKAv5h
                                                                                                                                                                                                                                        MD5:062043C4CBF910C829E24CFE5941A9E5
                                                                                                                                                                                                                                        SHA1:88527923E47525DA468EC708D3D4E6FE0F044A0F
                                                                                                                                                                                                                                        SHA-256:BD7B95E588DC552A4092D5CA917E75FCC0643DC00A90C9051DA0B4EB24FFFF71
                                                                                                                                                                                                                                        SHA-512:FC22DE7A246FC6BC56A535F7AAB379D0F46CD4AA5C91DA1F5022BC9DD7736E7EEA049FB5A5778366EEDD2C7D663C03F4A09097FCC7E2925DA5FC51C6D19AAF67
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`....../.....@.....................................O.... ..P................:...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.ReaderWriter.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.004031307297091
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mr97WquW+rjP9Z95Xa/rl9qX2Ip4Q9ATjdAA1m5wMQhKuVdqm5vZaj:mRJGHRKrLy2Ip4jTxf1mlQh5Vdqm5Uj
                                                                                                                                                                                                                                        MD5:D92A0F1DDF807D1BCC3EB3E6E166690A
                                                                                                                                                                                                                                        SHA1:CB158BA1F7AEB5CF6EE80E7F31421F4F6E6A91DD
                                                                                                                                                                                                                                        SHA-256:F8C65EBD07C69DA5577515174011E704E362611E6B092E3E0017E6913325DED5
                                                                                                                                                                                                                                        SHA-512:AECB1AC24F60332D763D116E022A848E9F0F2A4F912E46D1D6247C262D83CD5E79E5916AD5AE05AF38C62572EC79958B9D0AADCDD716057229167D9ADB081874
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ..............................t.....@.................................\+..O....@...................>...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XDocument.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.968105530882379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:G16eWLDWxrjP9Z95Xa/rl9qX2Ip4lTjdAA1m5wMQhKuVdem5vZyYB:C6LgHRKrLy2Ip4lTxf1mlQh5Vdem5LB
                                                                                                                                                                                                                                        MD5:60C26F8A9719F7B4FB617429DA9A3158
                                                                                                                                                                                                                                        SHA1:376356D56F21FACAE15172E80C75A5C49122246C
                                                                                                                                                                                                                                        SHA-256:F1BFCBDF1CAC8AF8295EACCB3F8E66218A95F7FFCD2CF8D5EA4AD0CE9C5F9D83
                                                                                                                                                                                                                                        SHA-512:0F5FF0C16C268DB1B7FF0E71D811239F8007126AF21146693457CD6787E976F38F5269908D0B708FFACC105F6D6AFDADB65BF960A0D72023F4EB6600E6DD3963
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@...................>...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XPath.XDocument.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.936296264713254
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:c8G4YC2W+wW8WpwW+rjP9Z95Xa/rl9qX2Ip4jdM6CjdAA1m5wM36QNuZL0:/GZ5sHRKrLy2Ip4jq6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:4ACDFE5373BDCAEF6F79F9EB64DDEE1D
                                                                                                                                                                                                                                        SHA1:C090D98D272A627525F9D1166E63A5E2DD799D2E
                                                                                                                                                                                                                                        SHA-256:2ECC2C6B418B04EAFD00F6C2C2278FB13DA6E853194FB56478D315655DF8FBA3
                                                                                                                                                                                                                                        SHA-512:5D740D96FDED5409FD543399D5CFF52D6F9F42FAC1B4CB269E8241921FB7EB5A96A65B273F0F26478C18177D704ACF4BC2FEBFB69A11542709D811B727901811
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ....................................@.................................z+..O....@..x................:...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XPath.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038633483362159
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:L6ziqTEkGWvRWZrjP9Z95Xa/rl9qX2Ip48JnTjdAA1m5wMBq5ul00vfh+F5:LYT1eHRKrLy2Ip48dTxf1mlBqsjva
                                                                                                                                                                                                                                        MD5:825AD627DBA9F0C3C7A770F696E6947F
                                                                                                                                                                                                                                        SHA1:2066D011588BD747763AA95492DB045BA3096F9A
                                                                                                                                                                                                                                        SHA-256:274BFBE88FDDD305E371DBA66C940BB67B26AC51E5C4CF1F74F72557B375F3E4
                                                                                                                                                                                                                                        SHA-512:DF6A7C5AEE18E9200EA095EA917AA8161A80D6767D2AAEC527471EAEF7905214B64FB2FCA847A642D1C70379D2632A21CAAE6E00B3FF513F6058FEE29A21F456
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................e....@..................................)..O....@...................>...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XmlDocument.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.975499885006936
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FUv7c7iWNCWjrjP9Z95Xa/rl9qX2Ip4HTjdAA1m5wMBq5ul0Pvfh+8Q:FM7c1tHRKrLy2Ip4HTxf1mlBqssv/Q
                                                                                                                                                                                                                                        MD5:CBACEA8BBF166AED9AAEC25EFD2819A0
                                                                                                                                                                                                                                        SHA1:7E055A8842B4F6FB75C4F5A94FA4F4BEC39146A4
                                                                                                                                                                                                                                        SHA-256:A8C93DE53CBA7166EFC70B2EE73EC6499132C4F4E2E42112FFF1E56231E3D046
                                                                                                                                                                                                                                        SHA-512:7C91480657B086D22B3BAFEC5E1351661FC5F19F4EED06E3D1C9C397B7F7D49AA4F763820B35B344F31A5EEF12D45769B91C1EE725DC7927DD28AD2846170FE4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................>...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\System.Xml.XmlSerializer.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.00528420868397
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bSWnRWCrjP9Z95Xa/rl9qX2Ip40KTjdAA1m5wMBq5ul06vfh+2v:bzXHRKrLy2Ip4LTxf1mlBqsBv3
                                                                                                                                                                                                                                        MD5:07EABA4F76B4E982E4D3B7EC268A6DEA
                                                                                                                                                                                                                                        SHA1:75442424E3196F4B3B339079FDC3143D16AE2354
                                                                                                                                                                                                                                        SHA-256:DA38AB286AB29491AD8FD0F34C5CD9A0AC32119A85EB1AB3B313743311CA68CE
                                                                                                                                                                                                                                        SHA-512:019054285EAF91E55CAD4F1323D8DC67901378E21B519522BC8DC1859D7F983EBCD696E6C517E6850B95EDBBABB7037D0F4D8F7970B114B8AC9CB82EC602CD9E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ...............................7....@.................................L+..O....@..$................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\TraceReloggerLib.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22160
                                                                                                                                                                                                                                        Entropy (8bit):6.932114236344035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eoMeAKyr1jSC6ErjP9Z95Xa/rl9qX2Ip4eR6CjdAA1m5wM36QNuZL3y:eoMbKK1OBMHRKrLy2Ip4Y6Cxf1ml36QC
                                                                                                                                                                                                                                        MD5:55CFC9F443E2D115AFE56DC32B60E523
                                                                                                                                                                                                                                        SHA1:CDEA8BCC2A11BE43C6B13B4AD535620C66B4D5DE
                                                                                                                                                                                                                                        SHA-256:3A0CD656D1AAA8667BA91C36FBED4034A0115423498AA1BD16E678F5083F37D7
                                                                                                                                                                                                                                        SHA-512:250A92485CDE3729DC3CBD2B32924F7CB700817E8B796830520C4EB4BE3DF8C0F7C8E30E083D2B23376EEE5DE5836A6A71105AB685076856A1353010087ED1ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.NZ...........!.................2... ...@....@.. ..............................[.....@..................................1..S....@...................:...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........ ......................P .......................................t..Ar..(9...8.7.Y*(...x.R.[#.e..3.A.8]...a?..o...W..%...,U.8Rn...^..?N ...0....f..X...G.P..Z.X.....ih.Du.UPxSh.............BSJB............v4.0.30319......l...h...#~......d...#Strings....8.......#US.@.......#GUID...P.......#Blob...........W.........%3................)..."...'.........................................p.........).....L.....d.....r............................................... .....5...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\amd64\KernelTraceControl.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):273920
                                                                                                                                                                                                                                        Entropy (8bit):6.063893530470953
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:jlPLikZqxz9Prt9e1bd6JcAMaLD0qjR0FC4YPHnG:jFmX9e1bd6JcAMq+FpGG
                                                                                                                                                                                                                                        MD5:5F3DD6D4469C25B3100035493E84B287
                                                                                                                                                                                                                                        SHA1:375784997D26D0F30D5BCDB9B37E1C481F0C3D60
                                                                                                                                                                                                                                        SHA-256:04BAAF4E558FC18828E65002CEB130CE0CF79AAED507FB1C5A2ACA5B4A37182F
                                                                                                                                                                                                                                        SHA-512:27C61ECBA96DC53945A0881C29AF457C7DC9EB174D2FE1C854DC26143A80906023D9FFA4504014DA7CFF924F0ED05325158AEAB352F6D63208C1F1D38D822B3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................y................`..y......y......y......y......y......y.@....y.B....y......Rich...................PE..d....5............" .........P......................................................z-....`A.........................................X.......Y..........x................>......$.......p...........................p...8...................pW..@....................text...;........................... ..`.rdata..............................@..@.data... (....... ..................@....pdata........... ..................@..@.didat..@...........................@....rsrc...x...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\amd64\msdia140.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1804288
                                                                                                                                                                                                                                        Entropy (8bit):6.342131904971123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:frPHIDLY5h/Ud23lAy7ldZyzjIK3Y9bni0QwURlG3xA44jqfBlMoTVe:fUo/Ud2V17liz29utwURluxN4B
                                                                                                                                                                                                                                        MD5:0D12B6457B990E150388E5906F61C6BB
                                                                                                                                                                                                                                        SHA1:28B8087E023783DDA50C6BAEC351416F68BD5628
                                                                                                                                                                                                                                        SHA-256:214DC7E1C6E93CF7CC902E824E36F091FCF54A90754247F6A221299978AD2E9C
                                                                                                                                                                                                                                        SHA-512:718F162C96D896FFEA6AA3A3AB2FCF6E2054C8D1DBE1FD138B273A86D80A39869041FCAF1B17B6AB5F212A10D55F54F8B10485385B53FA66F7C6F7A5ED6E2A90
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]............K.......K...5...K.......<.......<.......<......K.........../...<.......<.......<.4.....<.......Rich............................PE..d....)?t.........." ...$.....z......`....................................................`A...................................................(....p..X....0.......J...>.......H... ..T.................... ..(....m..@............0......t........................text...L........................... ..`.rdata..zm...0...n..................@..@.data...@........:..................@....pdata.......0......................@..@.didat.......P......................@..._RDATA..\....`......................@..@.rsrc...X....p......................@..@.reloc...H.......J..................@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\elam\evntdrv.xml (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2357
                                                                                                                                                                                                                                        Entropy (8bit):4.908284940509403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:o55s8iPgzK7W96MhM5IVkZJElInU/9ysI1qNA:o550ozK7WFhM5I6eo89ysI1qNA
                                                                                                                                                                                                                                        MD5:2AF5B11A9B5F5B7C2BFEA7A3D7186B85
                                                                                                                                                                                                                                        SHA1:E1F32261FD6D3D4679740B69E923CB053B30CE5F
                                                                                                                                                                                                                                        SHA-256:6953F1DB3172307E77B65295FDE86915E77A0589B6669EB80ADFCDB8056802A6
                                                                                                                                                                                                                                        SHA-512:4BD531D81FE46B1ABE933258C945683D98209E3C83BA3B3A0AB136F6D1A3D22D8731131FD6D11B58D8FD7B642E324C3DB1942BA22E9033CB76302E110E8D01DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version='1.0' encoding='utf-8' standalone='yes'?>....<instrumentationManifest.. xmlns="http://schemas.microsoft.com/win/2004/08/events".. xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events".. xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd">.. <instrumentation>.. <events>.. <provider.. guid="{b5a0bda9-50fe-4d0e-a83d-bae3f58c94d6}".. messageFileName="%SystemRoot%\System32\drivers\rsElam.sys".. name="Reason ELAM Driver".. resourceFileName="%SystemRoot%\System32\drivers\rsElam.sys".. symbol="DriverControlGuid">.. <channels>.. <importChannel.. chid="SYSTEM".. name="System" />.. </channels>.. <templates>.. <template tid="AllEventsTemplate">.. <data name="message" inType="win:UnicodeString" outType="xs:string">..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\elam\rsElam.inf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1716
                                                                                                                                                                                                                                        Entropy (8bit):5.230162000430176
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:FhHP8wMlKnfM2nnwrIP5yHvb2/oyzvTB+X:zkDlE0ow2yHvb2XzLB2
                                                                                                                                                                                                                                        MD5:EC813E1F8F193DCE5B07ADA4FEE1D43A
                                                                                                                                                                                                                                        SHA1:9464FB33B041B54E20BC71D4BD67185B255A3809
                                                                                                                                                                                                                                        SHA-256:FDACE7F8EBF8CD4A8CA18A172A604132CC2BCF000083DF69A4B9D54A10DC1BE6
                                                                                                                                                                                                                                        SHA-512:9EE51D25D5F7679C3038F0B77AECF0AC29DE57E4065BCE3105AD21A9D37CF9818F67B2AF32823E781E5D38E360BC249E46979F674BDF1DCE85072ADA4795CC5E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[Version]..Signature = "$Windows NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider = %ManufacturerName%..DriverVer = 04/12/2022,0.0.0.6..CatalogFile = rsElam.cat......[DestinationDirs]..DefaultDestDir = 12....[DefaultInstall.NTamd64]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTamd64.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTamd64]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[DefaultInstall.NTx86]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTx86.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTx86]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[ElamDelReg]..HKLM, "SYSTEM\ControlSet001\Services\rsElam"....[rsElam_Service]..DisplayName = %rsElamDisplayName%..Description = %rsElamDescription%..ServiceType

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\elam\rsElam.sys (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19944
                                                                                                                                                                                                                                        Entropy (8bit):6.115904530529
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:L22mPMNY+DHa3eLzeCvUkjWHhELVWQ4aWSWDqF9e+X01k9z3AzsJO4gdHfQhW:L4M1u3LCskJpWe99R9zusZwfQhW
                                                                                                                                                                                                                                        MD5:8129C96D6EBDAEBBE771EE034555BF8F
                                                                                                                                                                                                                                        SHA1:9B41FB541A273086D3EEF0BA4149F88022EFBAFF
                                                                                                                                                                                                                                        SHA-256:8BCC210669BC5931A3A69FC63ED288CB74013A92C84CA0ABA89E3F4E56E3AE51
                                                                                                                                                                                                                                        SHA-512:CCD92987DA4BDA7A0F6386308611AFB7951395158FC6D10A0596B0A0DB4A61DF202120460E2383D2D2F34CBB4D4E33E4F2E091A717D2FC1859ED7F58DB3B7A18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q...q...q...e...r...e...t...q...y...e...p...e...r......p......p......p...Richq...........................PE..d...n.Ub.........."............................@....................................4S.....A.................................................P..<....`..x....@.......(...%...p..$....$..T............................%............... ..P............................text............................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT....^....P...................... ..b.rsrc...x....`......................@..B.reloc..$....p.......&..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\elam\rselam.cat (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11062
                                                                                                                                                                                                                                        Entropy (8bit):7.302964587285633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:TohIuPyyJCx0jnyKQvAIFWQFljudcCFaqDu0K9X01k9z3APi5t:000ivAIFR78cCFYj9R9zqSt
                                                                                                                                                                                                                                        MD5:DF4EAED5CF816C9F03DBC95AB74BC8A8
                                                                                                                                                                                                                                        SHA1:CA40FF3D91D3D3D75286EFD1C320CD1DCCB6C3DC
                                                                                                                                                                                                                                        SHA-256:34C442AA2B53F2256108FC54CAD61C820884C8195193CECDA2BCBBE33D05359E
                                                                                                                                                                                                                                        SHA-512:E53F25823A9B875EB67C16888E61566357853CCECDBB287AFCE8637FE08674EFF5EAB825CA687F66838AC6F01A1B0A1CC561F4BA12BCFB756DD20CB8B102BF50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0.+2..*.H........+#0.+....1.0...`.H.e......0.....+.....7......0...0...+.....7.....).#...\J.@.RL.<...220412160200Z0...+.....7.....0..G0.... ....zg.X?w .!.{...`.Mp..~^..n..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ....zg.X?w .!.{...`.Mp..~^..n..0... VG..k..V..P.xg.'......,.......G1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... VG..k..V..P.xg.'......,.......G0........k.+t...1.U4J9.h1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s...0......J.c..t.!?..|.a...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f......10..-0J..+.....7....<0:.&

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\manifest.json (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):74
                                                                                                                                                                                                                                        Entropy (8bit):4.005190565270453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:3H9ifFQtJdVQWNtNg/IBF+WVlIvDn:3HW2trVfNgKYWyD
                                                                                                                                                                                                                                        MD5:B887FD9A0E3798FD3482667E21561155
                                                                                                                                                                                                                                        SHA1:87188CDC055C857561333942FB24E7F209C51178
                                                                                                                                                                                                                                        SHA-256:F698ED945129085C527E4E79C0475D989DB367EF223F0A6E833AD151E31ED5DA
                                                                                                                                                                                                                                        SHA-512:533AEF3F4E4CB4619881B391388FE465608936A525B18EC6B9A5B0B5F80802CEEE6717B390C178CA71B6D121B5D77B3988C4C695C04047BD4F51DD865E9A1214
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "epp",.. "dependencies": {.. "epp-ui": "5.30.4".. }..}..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\mc.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1102848
                                                                                                                                                                                                                                        Entropy (8bit):7.3551536456680635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:g1F/DU/0v79/tgAOA+dGog4gGxHn2CbEXZndw:WF3TgA5+rxH2CbeG
                                                                                                                                                                                                                                        MD5:C85B6E5CBC8CD0CD668A95378CF2339F
                                                                                                                                                                                                                                        SHA1:A53D71A00A4D1EE74DE71543846DDBEB568B29A1
                                                                                                                                                                                                                                        SHA-256:EF6F5493F21FA5FDAC8B6B669AC6DBC0923E5C7C794F075413F27CA6EBEEB4B1
                                                                                                                                                                                                                                        SHA-512:7067887375C5AA40B1732D648185A0D231B8D87A43B63FB3670DC5099A56C7C7356CCE43DC48CAD6E96C1585FDB2955AFA8A50D3A1C7DF1994E80705F76AAEC2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0.................. ........@.. ..............................3.....`.................................P...K.......8................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H........t...<...........................................................(6...(,...*.0.............*.0.............*AL......i.......|...Y...........w...A.......@...........+.......>............0.............*......../B.......0.............*.........8.y.....0.............*AL......`...............................2...................m...{...t...........*....0.............*......D...........D..e.......0.............*.0.............*.0.............*.0.............*.0.............*

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\netstandard.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97424
                                                                                                                                                                                                                                        Entropy (8bit):5.6163370964241635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:C2Ec05j4eAH64rh5fSt5T9nFcI94W0Hi/9ufIP:xlK4eA7mDmWV
                                                                                                                                                                                                                                        MD5:C91FFF17BFA6C8C8ED4E001A8C58BF87
                                                                                                                                                                                                                                        SHA1:4D6D22AF0EB8499E2AC8D349CBAAE9A5C622E4FC
                                                                                                                                                                                                                                        SHA-256:EDF0CEF60BBF8118937606D878FAE05B8EAA9B486EA4B45992029BF5FC07EA36
                                                                                                                                                                                                                                        SHA-512:A1AED700093E42F1E805CD50B314E59125C879F2FC0E7D206F146D84E3335F47868A520CBE60D8BC86837DE63104E1E3B71179A951CB9C750390A6E4F6BC4BBC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................f....@..................................U..O....`..,............B...:........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsAssistant.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1352192
                                                                                                                                                                                                                                        Entropy (8bit):6.5007445296681965
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:CrXxKmWyc6Xwb9/BSWh/7Ds0x1QbD+JRyxpCcLwg4LjXPpS2FV4VFAFh0lhSMXla:CrXxKmWyc6dWh/7DQLpqp/FmVFAcq
                                                                                                                                                                                                                                        MD5:526C976F4BE230C8DEE35360EE51F483
                                                                                                                                                                                                                                        SHA1:DFF228568C2BC51BDE041A679A6DE76151846033
                                                                                                                                                                                                                                        SHA-256:691C72DE6BE0FE2BD90DCCBF9B9E162A3FB7C320D7DF7E82AC09B7BD441C0EC2
                                                                                                                                                                                                                                        SHA-512:A4C09F13C5506BEE016CB161B6A5DFBBCB90AE5FB513A64684710EB644EE2E868E2CCD5E531F2E06B62FC91C7B7FB82ED6B8CC4389BACBBED7B82ADF74621465
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......%...a.c.a.c.a.c.*.`.l.c.*.f..c.*.g.}.c...g.r.c...f..c...`.m.c...`.`.c...f.R.c.*.b.n.c.a.b.e.c.u.j.r.c.u..`.c.a...`.c.u.a.`.c.Richa.c.........................PE..d....M.d.........."....$.......................@....................................N.......................................................|...........h.......t....d...>.......%.....p.......................(.......@............................................text...l........................... ..`.rdata..............................@..@.data....D..........................@....pdata..t...........................@..@_RDATA..\............6..............@..@.rsrc...h............8..............@..@.reloc...%.......&...>..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsAtom.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162816
                                                                                                                                                                                                                                        Entropy (8bit):6.4347197585730385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OX5TgLoWlo6zvLblsvv5Emm16e68QNmTNh3l2AuZejZnjjWr:KOom9Av6RvfltqEZ+r
                                                                                                                                                                                                                                        MD5:044D60780B0C40D3F9B0B5A3FC040948
                                                                                                                                                                                                                                        SHA1:2E16C926F11ED5FAAE22D9AF5D935748C57EC1F8
                                                                                                                                                                                                                                        SHA-256:7493F645BB04092AEE30A47A681494251C79A38A941C9A3D2DEE4293A265F428
                                                                                                                                                                                                                                        SHA-512:7653A0A46E3EB9331E92A09937754302F939100ADBFB283242C25BF0F73F8508D6F7E9D5AA08DBBEFDD14BF682AD7D0D77F4999B3274D329D281E22934C445EA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..4...........R... ...`....@.. ....................................`..................................Q..K....`..T............>...>...........Q............................................... ............... ..H............text...$2... ...4.................. ..`.rsrc...T....`.......6..............@..@.reloc...............<..............@..B.................R......H........g.................1X...Q.......................................(....(....*:+.([.%^.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.u.....0.............*B(....( ...(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsBridge.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):154112
                                                                                                                                                                                                                                        Entropy (8bit):6.1143850196696885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TW6KrX3r/EEgTUSNc24mY5n1sclb2sDzgWGE:TW6MX3gEgTUp6cld/n
                                                                                                                                                                                                                                        MD5:B6984D0E136E087316B339D8AAD2DFD1
                                                                                                                                                                                                                                        SHA1:3B2F7BE133AA525B76AAC9D9049A9730D76237D3
                                                                                                                                                                                                                                        SHA-256:491A021E4F3E5ABDC937C1329E35028CC805F78F84D10398C2DB692E7E2FB43D
                                                                                                                                                                                                                                        SHA-512:781556A889855ED5F7203ED21D3559EB0DCD007F859349DCC1286A0EB05BECD2D841570FD19DFC6941053F2F1A07D65D8E779EF3C55C263DFF459189CEB7123B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q8.............!..0.............N0... ...@....@.. ...............................Z....`..................................0..K....@...................>...`......./............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@....reloc.......`......................@..B................00......H..........................m...5/.......................................*..B(....(....(....*.....(....*..(....*.0..W.......(.... ........8........E........9...|.......................].......8....~....(....8....(....8...........s(........ ....8....(.... ....~....{y...:....& ....8v..........s-........ ........8S...(.... ....~....{]...9>...& ....83...~....(.... ....8....~....(.... ....8...........s#........ ....8....~....(.... ....8....*.......s2........ ....8......*......*...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsBuild.Runtime.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.903857312303968
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zGK3h8ZRSrjP9Z95Xa/rl9qX2Ip4CIhCjdAA1m5wMDBuZ:6K3h8niHRKrLy2Ip4CECxf1mlD0
                                                                                                                                                                                                                                        MD5:0069E67AF86418ADD8F693EEB86A384D
                                                                                                                                                                                                                                        SHA1:8B6490755B0B78342C192518141BAA08212ED65F
                                                                                                                                                                                                                                        SHA-256:90AFF2D97BEF3BF98A1BD315379094D361194184EE35C6ED2661DBFD65DC619C
                                                                                                                                                                                                                                        SHA-512:AEEBCDBB39737D7FB1A7BB397A4EA9DC2B26F20CCBB131480FFF787087A1CCD5742D3D20D6507CD07CAB63B46808F52DABD5FD4596CFC83A800D19679FA48CE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............."*... ...@....... ...............................`....`..................................)..O....@..x................:...`......0)..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................*......H........ ..|..........................................................."..(....*V.(......}......}....*:.(......}....*..(....*..(....*:.(......}....*:.(......}....*..(....*BSJB............v4.0.30319......l.......#~..l...$...#Strings............#US.........#GUID...........#Blob...........W..........3............................................................$...........|.f.....................D.....x.....]...................y.........<...........d...........Q.................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsClient.Protection.Microphone.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                        Entropy (8bit):6.70434675005567
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:m4wXL42btPdC3h8YcHRKrLy2Ip46Txf1mlBqsnvcY:yDbtMR8YcHi/9yfIQsnj
                                                                                                                                                                                                                                        MD5:107CA49B4915F14FB922F5D5ABEBE845
                                                                                                                                                                                                                                        SHA1:E4EF5C0FD743B9228945E62D00482AC3DA9711A8
                                                                                                                                                                                                                                        SHA-256:F165BC0C4E4622171B2967CFD5C4379473E07D1EF16EA4CA3ECD12C3B3F0EC72
                                                                                                                                                                                                                                        SHA-512:25D51D21801693DFB964A2B554A1DA0CFD232DFA21BEDC8B7D51FEF749C7D32CDD1087906B2FA254FD8A8A433E6FBD7E2C893FE18007F0EFDDFE2EBCF5CFC8ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C..........." ..0..(...........F... ...`....... ....................................`.................................uF..O....`...............2...>...........E..8............................................ ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H........)..(............................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..:.......~....--~..........(....~....-.s............,..(.....~....*...........*......v.s....}.....s....}.....(....*...0...........{....,.*..s#...}.....{...........s4...o.....{......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsClient.Protection.Microphone.dll.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):161
                                                                                                                                                                                                                                        Entropy (8bit):5.010777093927904
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRyAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRyAqDQIm
                                                                                                                                                                                                                                        MD5:DDC25AEFCAE9826CCE1754C2C89E959D
                                                                                                                                                                                                                                        SHA1:36899490B8B0CF36AE8A1477468F3884C0CC9664
                                                                                                                                                                                                                                        SHA-256:F8AD17C37D444521B3905CCBD75EA6CB6E3D2763B16EB56B2E1AA4274173E614
                                                                                                                                                                                                                                        SHA-512:4C52E02E4E6A17FD36714E3769D34BC14675D47BE0322B14F4BBB13268C34DFE647A37DB7DF0DE7D8C31494BF878B597EDF85913E7FB648CB0D993E89FB5D611
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup></configuration>..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsClientSvc.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):673280
                                                                                                                                                                                                                                        Entropy (8bit):6.493909069727573
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:rOguoezLfVAMFgCNS+MvHY/8j+7rmboDhgkEHoNOvPar/z:rOgud/jFgq6Is+7rmbGhcHsg2
                                                                                                                                                                                                                                        MD5:9170244A34CB903FC5DFBE4159DB6F16
                                                                                                                                                                                                                                        SHA1:F70791F187F14DD11B3893CF378E2B2871B40D7D
                                                                                                                                                                                                                                        SHA-256:C843C458A26D98D0AE7A4B280F77AD193225B84882EC98650EBBA7B51B322D44
                                                                                                                                                                                                                                        SHA-512:BC50DB62BAA8FC60469982E0D986E89EA094497C617D4A1C6849403911457E11DFF98E5F2CDD7F9F6453EF3D0363A1DC4664FA38DB83155CF850108706EFF128
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z3.`.R.3.R.3.R.3U*.2.R.3U*.2.R.3U*.2.R.3L'.2.R.3L'.2.R.3L'.2@R.3U*.2.R.3.R.3.R.3.'.2.R.3.'C3.R.3.R+3.R.3.'.2.R.3Rich.R.3........PE..d....GPf.........."......H.....................@.............................`.......z....`..........................................................@..l.......hI.......>...P..........p...........................@...8............`...............................text...~F.......H.................. ..`.rdata..z?...`...@...L..............@..@.data....;..........................@....pdata..hI.......J..................@..@_RDATA.......0......................@..@.rsrc...l....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsDatabase.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):175104
                                                                                                                                                                                                                                        Entropy (8bit):6.477895770562103
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:MSa2SASiV7/3JThFoPdXTssFBSKvvvvnPPH6Gi5tPArrYeiYiPKiA15/ph9r6rrP:HjiWbJTPo1XTPPSKvvvvnPPH6Gi5tPAK
                                                                                                                                                                                                                                        MD5:D58DD4CFD84A514AE70E1A72C037A161
                                                                                                                                                                                                                                        SHA1:FD134A72D801261CB6E143A54A868696FCE22474
                                                                                                                                                                                                                                        SHA-256:D9DF5C9CF429C714615770480AA9076D1EC2A25F9D52CBDF6D7300000C3BBC39
                                                                                                                                                                                                                                        SHA-512:2A3A5673DE138B47C969BB8078CF6A95BEEF4A822633A91AD728CB68D6DB8E461D43A739A8546FBBAEE4FD5716E4AF86C131EDC292334CD3F019C9FE2B80C73B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0..d............... ........@.. ....................................`.................................P...K.......\............n...>........................................................... ............... ..H............text....b... ...d.................. ..`.rsrc...\............f..............@..@.reloc...............l..............@..B........................H........v..<................k...........................................(....(....*:+.([..X.(....*..0.............*....*....0.............*.0.............*......"....Y.....0.............*........VV.Q ....0.............*............ ....0.............*AL......Z.......q...................j...........................................*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*A4..................;...............P...X....... ....0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.API.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254608
                                                                                                                                                                                                                                        Entropy (8bit):6.109726763458205
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:fdsKWU2shBl9Dsj6sUxZwIgC3ZWkd5n5WiSdlJRt:fRpdDsj6fxr5na
                                                                                                                                                                                                                                        MD5:AD6AB7F88A7F20DCFF9364FE3C606EB1
                                                                                                                                                                                                                                        SHA1:F7877ED46BC5E07D0397F5DD268FC5FCC0BE49A6
                                                                                                                                                                                                                                        SHA-256:666DB7971ADD6AEFBF31E599E1784AF2977F714439DBA20B6676CA4DC03DCD4F
                                                                                                                                                                                                                                        SHA-512:EC53720D20AA67A2C272F1C3D738F794CBD78F988B458432772A21CFB73106389954C2C487B85A5ED062CA4385FD4AB84064709C8270C8933DAA52482071C16A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ........@.. ...................................`.....................................K.......h................:..........s................................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@....reloc..............................@..B.......................H.......d...............`p...I..........................................*..B(c...(....(....*.....(X...*..(....*....*................8........E....a...\...n.......k...8\...r...p*r...p.. ....~....{....:....& ....8....r...p*.o....:.... ....~....{r...9....& ....8....8....8......*.(+....(,.....8Y.......E........+.......8....s...... ....~....{....9....& ....8.....(/..... ....8........E....:.......................85.....o....(5..... ....8.............i(2...8........E....+...8&.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Client.Messages.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224256
                                                                                                                                                                                                                                        Entropy (8bit):6.2226977365106215
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:5gieg/fp3Rublq6d4VKl9RQx504T9jP19:eieOfB62VVx5zJ9
                                                                                                                                                                                                                                        MD5:30AECE1972D91CEC63777681926A73B7
                                                                                                                                                                                                                                        SHA1:192550747A794D2054654589068C5BDD23ACE302
                                                                                                                                                                                                                                        SHA-256:CF74774291BFA8F6B6B5EBE54DEFAD51D52E08FC97614558FD4F1CC7FA54855C
                                                                                                                                                                                                                                        SHA-512:BCF64ADD4E1698D3A6E55EE74088C35926A090E6105EA51C430FD63F6072E4A60D34FCF122A950904F4A1CEC0201388A3054665BB7FEE95F160A9E42A149ADB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.............!..0..$...........B... ...`....@.. ..............................0.....`..................................B..K....`...................>..........8B............................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@....reloc...............,..............@..B.................B......H.......@...X...............+G...A.......................................*..B(V...(....(....*.....(K...*..(....*....*..................(.... ....8....8........E........+...R...x...=...8......}.... ....~....{....:....& ....8.......}.... ....8......}.... ........8......}.... ....~....{....:z...& ....8o...*.......*...............{....s"...*.....*......*B(V...(....(....*.......*.......*....*......*.......*.......*.......*..................a~....{....a(P...s.....(......o....*.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Client.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):369664
                                                                                                                                                                                                                                        Entropy (8bit):6.625460113459136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:i0yhs1rgLEr7DBPAqz5x9Sw7UDBvmLUMPHEJnCs11PAVhLvruoQe9PZD6e3Cc5NU:Awhlx9SMc4RPqnBMN9dJD3CcHLI6/Ywe
                                                                                                                                                                                                                                        MD5:AB81BAB4ADFD7DF6DC8F9BF867603E81
                                                                                                                                                                                                                                        SHA1:5B46F2D85B63C3F115AC9BEABE756143B90B5EF9
                                                                                                                                                                                                                                        SHA-256:5FE722B79C37605C713C61FCC530A0A1C42F791584AF5B74CACD9C1DF8720EDC
                                                                                                                                                                                                                                        SHA-512:271952E237C2186083AAB496ECA4909F5EFBEA3D4700C93130BF37ADFC3B4DC6BF57108B2A0E3E9B9290DF552ECC67B22D92DE7FC46F53AEA8DBF7937B366DF9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.............!..0..\..........~z... ........@.. ...............................5....`.................................0z..K.......t............f...>...........y............................................... ............... ..H............text....Z... ...\.................. ..`.rsrc...t............^..............@....reloc...............d..............@..B................`z......H...........h...........0+..9L..^y.......................................*..B(....(....(....*.....(....*..(....*....*................8........E....1.......^.......[...8,...r...p*r...p.. ....~....{....9....& ....8.....(+....(,..... ....~....{....:....& ....8........E....Y...Z.......8T... B...e .hRfa~....{....a(...........%....(....s...... ....~....{1...:....& ....8.....(-..... ....8........E........>...=...........2...8......(3...(4..... ....~....{....9....& ....8......o....8

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Core.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):354304
                                                                                                                                                                                                                                        Entropy (8bit):6.112385200418826
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Mvm33r4BCvAQZn7fboYz+Mbvkqqx0J1aeL22/ISPAyXDiJ6:Mvm33ryC7Z7fkYSMbUxO1d/ISYas6
                                                                                                                                                                                                                                        MD5:FA16D0DC50B77C9F8703B5B36D774107
                                                                                                                                                                                                                                        SHA1:EC426639F3BF3A563491AC53B70BB5EB92E5C314
                                                                                                                                                                                                                                        SHA-256:94AD9F2B387A5E6CBD0F7B2259E37533CA80AAA69BA044DB6A022661EAEB606D
                                                                                                                                                                                                                                        SHA-512:B2E50634A6A7A116C71BB56DC045F29F79ABD5D831ED1AC4A4FB7AB6A452321A814B9877B1C98CC0E185C6B6CAB5BFE3E9435A43F9F4D1FF4D515109779372CD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E=............!..0.. ...........?... ...@....@.. ....................................`..................................>..K....@..h............*...>...`.......>............................................... ............... ..H............text...$.... ... .................. ..`.rsrc...h....@......."..............@....reloc.......`.......(..............@..B.................?......H........s..xE..........\........>.......................................*..B(....(....(....*.....(....*....*................8........E....W.......f...A...K.../...8R....()...:1... ....~h...{....:....& ....8......*8.... ....8....r...p*.(*...9....8....8.... ....8}....(+....(,..... ....~h...{....:....& ....8........E............c...8.....(/..... ....8........E................F...[...Y...8........(3....s...... ....~h...{l...9....& ....8......(4... ....8......o....(6.....8........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Data.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):184320
                                                                                                                                                                                                                                        Entropy (8bit):6.221783549418622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:9bISftpuc0OA1pxW4kNnDZaXNG0Qir2XviGMSFCKq7PcwixGt:9bPlB0OA1SqXNzQLKaQcC
                                                                                                                                                                                                                                        MD5:99692C5CC13EF293197CDE6C912379CA
                                                                                                                                                                                                                                        SHA1:17C504578DCB26E7DF87955362A7EEFB12386555
                                                                                                                                                                                                                                        SHA-256:41950668DB2EB5AB7017484AB74955B664EEDFB543FBD078F6DAE21078EA319E
                                                                                                                                                                                                                                        SHA-512:BDFF8F225933462ECD166359473AD0F0A7A9EE84F92E1EC1B0706AA97257348F134490176E73B6E08E8A586C765C2BE59590135E6F266E076A94B12ED82EF7C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.Z............!..0.............n.... ........@.. ..............................8J....`................................. ...K.......h................>.......................................................... ............... ..H............text...t.... ...................... ..`.rsrc...h...........................@....reloc..............................@..B................P.......H........................l..s7..S........................................*..B(....(....(....*.....(....*....*................8........E....w...T........... ...8r...*.........(...+.. ....8........@+...8....~...... ....~....{....:....& ....8........ ....~....{l...:{...& ....8p......(....t...... ....8W........*................E....@...X.......W...8;...~......8`............(...+.. ....~....{....9....& ....8........@(... ........8....*...(....t...... ....8z....... ....~....{s...:b

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Extension.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196096
                                                                                                                                                                                                                                        Entropy (8bit):6.250386192319483
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:UOASlPt5xg7Osb2bPszL5YeYtS8i4cTASYk4IMa6Ldlw:UOASFt5xv0zLxpTvoaF
                                                                                                                                                                                                                                        MD5:A802608C39518F4D5AA0D0ACA476F2F7
                                                                                                                                                                                                                                        SHA1:B67E4ADCE2DE5984818131375A8C0A7239D7AEE1
                                                                                                                                                                                                                                        SHA-256:11374C4265F281819C7DB93B648C8B072D07E0EC599EA203C95C427D5E0CE97E
                                                                                                                                                                                                                                        SHA-512:23AF5CB8AACD5AD060A428185306D57162058CDA1AE52BE576E5BCBA4DFE7901F06D9C0DEED96A7281CCFEBC9DB65C7945B00BD0F6B074DC5EE874FB0533807D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@B............!..0.................. ........@.. ....................... ............`.....................................K........................>..........7................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@....reloc..............................@..B........................H............................@...........................................*..B(....(....(....*.......*................... .Q.Ve ".U.a~....{g...a(.... ..S. ....b .!..a~....{m...a(............(..... .B.> .d.?a~....{s...a(.... ...5 .k1.a~....{d...a(....."o.... ....8........E............=.......8......;V... ....8.......(.... ....~....{....:....& ....8.... .... .VZ.a~....{....a(....8&...8.... .... .G(Y &...a~....{....a(..........(....& ....~....{c...:H...& ....8=.........8.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Features.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):141968
                                                                                                                                                                                                                                        Entropy (8bit):6.095571910595917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:q5qgBA2D+nqGVAZvG3hnrTvvvviYPPLG6Gi5tPUrYeiYiPTizo5i0s/KXrrii55G:Sqgy2qq1U3RTvvvviYPPLG6Gi5tPUrYa
                                                                                                                                                                                                                                        MD5:63F68035F2EDE62811EEECF169136E55
                                                                                                                                                                                                                                        SHA1:DBDE8D4BBDCA350080F4701934301C12CD88211F
                                                                                                                                                                                                                                        SHA-256:FFEE7222A6202BF31B2F3058B5003ED0E7A98FD9C5F245B362F64371FF69D497
                                                                                                                                                                                                                                        SHA-512:F3AD7C90B3B48117885778E0721D678CEB47EB7C432FBAB1A60ED6D11AF803EC333822C56ED279C80E9217C64259EBB7EC1CB6F3AC66C28720551C3043E499B2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V............!..0.................. ... ....@.. .......................`......r.....`.................................`...K.... ...................:...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H.......8m..0...........h...:............................................*..B(U...(....(....*.....(J...*....*................~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~......(...+~....%:....&~......!...s....%.....(...+(...+...9,... ... ....b .wlWa~h...{....a(O....(....8!... 8{.= ...a ..".a~h...{....a(O.....(...& .P. R...Y ...a~h...{....a(O..........*.............(.....0..|.......(U... ........8........E................@...v...0...g...................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Helper.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153088
                                                                                                                                                                                                                                        Entropy (8bit):6.096015765166375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Rar5BdXMvCqqYMpshETiAwnOd5FIE/lSs1veWzn:RatBdcv2ZgRO2Q/n
                                                                                                                                                                                                                                        MD5:FBE815423A8D6D1C06FD83F3CC06E76C
                                                                                                                                                                                                                                        SHA1:F854D1C2F917B7E40435CCB2F5AF46CB887F046A
                                                                                                                                                                                                                                        SHA-256:1720C9D432A5DB0216B12BAFD315E86A6719EE138F3D09C4B91A0214F1281333
                                                                                                                                                                                                                                        SHA-512:C60BD6B8558ADB880778B9E8B2C1A3ACA7F14ED881F5165250596A959BD30CF2048615AD5A8E653706F51733C5D8F7688B1B6317AD34A0FFC3CEAFC1DCC44AEE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w..............!..0..............-... ...@....@.. ....................................`.................................@-..K....@..t................>...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc...t....@......................@....reloc.......`......................@..B................p-......H.......T.............. ...a...i,.......................................*..B(_...(T...(....*.....(....*....*................8........E....(... .......T...8#........(.... ....~....{s...:....& ....8........E....=...L.......88...s......... ....~....{....:....& ....8....8.... ....8....~....9....8..........:?...8........E....)...O...8$...8E... ....~....{f...9....& ....8......(.... ....~....{l...:....& ....8..... ....~....{....9....& ....8.......8....~....*~...... ....~....{....9

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Loggers.Application.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):155136
                                                                                                                                                                                                                                        Entropy (8bit):6.100208779846344
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mXXryQmjkr+ff93/q9LrWI1wdfKVwon8IVWDX0IxxRrasF6aDOm:ymj++XNcjwdKVG+Y
                                                                                                                                                                                                                                        MD5:1DB37D2AA8DFAD273BC92B2860B4EFA8
                                                                                                                                                                                                                                        SHA1:CD6AFB90C28905F1592D50013F081A6C45371BD2
                                                                                                                                                                                                                                        SHA-256:BDA4BEEA60EF8FB05073B6CD1DE57B77A4B2E29068411E7128803B90E7359859
                                                                                                                                                                                                                                        SHA-512:78FE5ECE62D36641FA7CDC90D7389D493A8AFFAFE987602AA73AB7FB7EFF65A258B1399B1503DFA30C2463E8AEABD1259D1DD819F9A78D7AA486E048A8EAB066
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V.............!..0..............3... ...@....@.. ...............................'....`..................................3..K....@............... ...>...`......U3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................3......H.......l...p....................2.......................................*..B(y...(....(....*.....(n...*..(....*....*..................s....}....8.....s....}....8.....(.... ....~....{....:....& ....8....8........E............8....*.s....}.... ....~....{....9....& ....8...........*................8........E........<...'...v...P...8....... ....~....{{...9....& ....8....~....9.... ....~....{....:....& ....8....~...... ....~....{U...9|...& ....8q........(.... ....~....{M...:....&

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Loggers.Business.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):202752
                                                                                                                                                                                                                                        Entropy (8bit):6.084395898584841
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:IhI3WaidnUVoKnRV3+ovvBR8OKql4qxoAMrZlhMvxS7BE4YV3vxYzh+jW:oeWagUD+ovvBKg4Y7F3/xA
                                                                                                                                                                                                                                        MD5:5751FC3807356C1857B5B91E7DE45B5D
                                                                                                                                                                                                                                        SHA1:D64906E807DFA80C69C82907395A9660A4AC7FE9
                                                                                                                                                                                                                                        SHA-256:73E2992C703DC532C2205A8956A4E08BA78B3B5D4AED07DB39D7A55547B83E66
                                                                                                                                                                                                                                        SHA-512:BA2FFB30DD22FF0FF743369573D02264154F7AE7DEED16C2D39FC957AFE5FC8020131BA18D621AEF122D498D86109CAD2D9D8A29DB02551610ADF963BA4B0B65
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g;.............!..0.................. ........@.. .......................@............`.....................................K........................>... ......U................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B........................H........... ................/...........................................*..B(....(....(....*.......*................8........E............5..._.......8....r...p*.()...9.... ....~....{....9....& ....8.....((...9.... ....~....{....:....& ....8....8?... ....~....{....:o...& ....8d....(*....(+..... ....~....{....:....& ....8........E............a...8.....(,..... ....~....{....:....& ....8........E....d...)...............X...8_............i(0...8........E....+...8&.....(1... ....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Needle.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):151040
                                                                                                                                                                                                                                        Entropy (8bit):6.110094403881827
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:uszfe8gqYmOuYOfzzyb2Dkji1FQaEOV18GcAw0v+PYaxNu4md:usLe8gqYfgybGKaEAr/WXk
                                                                                                                                                                                                                                        MD5:50A6E9A1962918386B795C23F3D51071
                                                                                                                                                                                                                                        SHA1:678185A86ADC440859F78F54442BAC328A327521
                                                                                                                                                                                                                                        SHA-256:16D0311D1487F6EEA7594FA8D1836434F49BACC7536E7A98960A9C6B9D99C402
                                                                                                                                                                                                                                        SHA-512:830651C72AD83FB7509B78E792406CFBEEA4BF8789D5A13078EBA3428A14AC5E5BD60183C3601CB1C5D610F238FF4FEF7980CBC52E98862E992EB1E2ACE2D349
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1..............!..0.............~%... ...@....@.. ...............................C....`.................................0%..K....@..t................>...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc...t....@......................@....reloc.......`......................@..B................`%......H..............................Y$.......................................*..B(q...(....(....*.....(f...*..(....*....*................8........E............O...s...8.... ...U .,.[a~w...{....a(k...s....z. ....~w...{K...:....& ....8....~....*..*8.... ....~w...{....:....& ....8x...(....(....9.... ....8_....~....(.....>.... ....~w...{I...:....& ....8........E....u...<...............8p....i... ........8....8.... ....~w...{....9....& ....8....~....(....{.... ..E ?.HDa~w...{c...a(..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Performance.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):149648
                                                                                                                                                                                                                                        Entropy (8bit):6.105238189284848
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:gVZJLDlibf9fHhD1+/17Fp/XE1wVR2wG1HxY:WJHiZD1+561
                                                                                                                                                                                                                                        MD5:489BF057DCFC83929FA8FE632FA70DCD
                                                                                                                                                                                                                                        SHA1:2EB2FCA6C0FC58590C5618149768D7AAF560F870
                                                                                                                                                                                                                                        SHA-256:B1CFFCCE2079D2FB7AB641F8BBAE7D8844C28B3B6ACC55DC2802D6F97A68436D
                                                                                                                                                                                                                                        SHA-512:EF57E882A05D090964710FFD140E3A1C9D2A7C64EBEB5775B6219BB332E0E635E9D13F74D6242CF0BBBD85EAFF74AF628C1B1C57AA414BF63BDCD81D077A68F9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....H............!..0..............#... ...@....@.. ....................................`..................................#..K....@...................:...`......Y#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................#......H.......H~..............P........".......................................*..B(}...(r...(....*.......*................8........E........:...h...8.... ..R R.:1a~....{....a(....s....z(....(....:3...8[...(....(....:.... ....~....{....9....& ....8.....*(.... V..O ....a~....{e...a(w...(....(....*(....(....9.... ....~....{c...:7...& ....8,.........*................8........E....3.......8....(....(....9)... ....~....{\...9....& ....8....8,...8.... 8y2. ....b 8.d.a~....{....a(w...s..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.BTScan.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):248976
                                                                                                                                                                                                                                        Entropy (8bit):6.089407589245316
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fCdWsprbc/X+sa4UmBR9OBvkqkzmTfQtFfVqmgCmOpypx/mYWzJzoxR:LOrpsRavkmfSqmgCmRLmYYz
                                                                                                                                                                                                                                        MD5:6CAA478DF71ADA01A4651A96FA422322
                                                                                                                                                                                                                                        SHA1:3175422D1A11076C2970324A702145C3DB8E1E07
                                                                                                                                                                                                                                        SHA-256:943EEB938CDEC5BEA182CE8AA2CA479CA9A3275D9255C2A47DB3D9DB01B1008A
                                                                                                                                                                                                                                        SHA-512:D045863187BAA25CF4CCABA5C1AF91C55E3F8E5111D0DA1E571E721EB0A459AF45B62532B7E0A4488985D2BE18286A918C2DADF51CB566C292B67031047BE3C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E.............!..0.................. ........@.. ....................................`.....................................K........................:..........Q................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc..............................@..B.......................H.......4f...............]...F..........................................*..B(i...(....(....*.....(^...*....*................E....B.......~...8=....(.....(+..... ....8........E............r...8.....(...... ........8........E............ ...O...........8..........(,...(.... ....8.............io....8........E....+...8&.....o.... ....~....{....:....& ....8..........:5... ....~....{....9....& ....8........E....+...5...8&.....o.... ....~....{....9....& ....8....8....8..... ....~.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Camera.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196744
                                                                                                                                                                                                                                        Entropy (8bit):6.1481222343305175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Ef05aI0u7OhDTEutfz8kjbS30RKsboQi8S8MGTqApA5upj+hcDllfyu5dc:Ef0wIT78Dt4kfVRHoQi8l3pOPE5o
                                                                                                                                                                                                                                        MD5:F4A4B6F512164745D16EE1DC826302F2
                                                                                                                                                                                                                                        SHA1:79A9C24DF7476E7B3B5083931CCD4EC6E17EAB0E
                                                                                                                                                                                                                                        SHA-256:C40F961E08F614D11404D3D66D25B7D257E3BBBDDBA7B709FEDA16DC05DD333F
                                                                                                                                                                                                                                        SHA-512:F5C4D26C06440C259137321C9F75CC37970D93E30DE75ADC56CA8B86A96EDA231D531BBF2B6F8A8613D698AAC1DB91225B1951079E14D98A4127FC4CD300335D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.v............!..0.................. ........@.. ....................... ............`.....................................K........................:..........o................................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@....reloc..............................@..B........................H.......x...(...............g4...........................................*..B(&...(....(....*.....(....*..(....*....*..................(.... ....~....{....9....& ....8....8........E........8....*.B(&...(....(....*.......*....*......*.......*.......*..................(.... ....~....{....9....& ....8....8........E........8....*.B(&...(....(....*.......*.......*....*......*.......*.......*.......*.................:'...8.... 3.YWe J[..a~....{....a( ...s....z d.D.e 'fcfa~....{....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Edr.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142992
                                                                                                                                                                                                                                        Entropy (8bit):6.073743042549598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mpf+vwThHIsceScHje/Jk9ZXOOGNiFCDZrSztUuiW:XwxbTSCqJm4OuGT
                                                                                                                                                                                                                                        MD5:6AB35008C89413796D5D0CAABE0244BB
                                                                                                                                                                                                                                        SHA1:6ADA52E9AB24007308064FB26E37E3C96197F269
                                                                                                                                                                                                                                        SHA-256:19F9083ECFB8D33C85F494DD4F96F37827D25A8E23C3E5836C2B8ED55EDB52A7
                                                                                                                                                                                                                                        SHA-512:DE4BF52E7E7AA5015E5618E68F3F65ED7407B3B58D664B648087A5C7A53901015B0D31DE82B63654E4FD2CFDE6D737749269DBE94C804D2E68CF9AA4EEF25C80
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y..............!..0.............~.... ... ....@.. .......................`.......:....`.................................0...K.... ...................:...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B................`.......H........o..................V...V........................................*..B(Q...(....(....*.....(F...*....*...................*...8....*......*..................%...%....%....(....8.........*...................%...%...%....%....%....%....(....8..........*..................(.... ....~L...{....9....& ....8....8........E........8....*..0..........(Q... ........8........E........H.......$...8....s.........8....(.... ....8....*(.... ....~L...{....:....& ....8....(F... ....~L...{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Microphone.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):172176
                                                                                                                                                                                                                                        Entropy (8bit):6.157002851606526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BnDciVGhexCSXHa6aw0Pts5mMUFmq6dCs2yjrX7HbPgW:xDciVNQt6awM7MB9C8b
                                                                                                                                                                                                                                        MD5:3A7ED929230A613C54604A443E35EDF7
                                                                                                                                                                                                                                        SHA1:DC74D6F7892253E6647952764506F5C52D39D16F
                                                                                                                                                                                                                                        SHA-256:B5F24733328A24C240FA87963A50F8D0C16AD3A1BD76BC91D44C19C446CE6A04
                                                                                                                                                                                                                                        SHA-512:F6F6900A44475A5FB806E1CC1E8CADB9AB4D7371FBCF45F831E2BEA92601F24BB1CF278BC273D7037A8E407D842400420C76CC4121720EBA374E54B734911878
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..\...........y... ........@.. ....................................`..................................y..K....................f...:..........Ry............................................... ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@....reloc...............d..............@..B.................y......H...........H...........LN...(...x.......................................*..B(....(....(....*.....(....*..(....*....*..................(.... ....~....{~...9....& ....8....8........E........8....*.B(....(....(....*.......*....*......*.......*.......*................. ...X $_p.a~....{t...a(....s....z D..ve J..a~....{....a(....(....*(....(....:....8..........*................8........E........u.......8.... .... .@.VY E?ena~....{....a(....s....z .... ....a~....{v...a(..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Programs.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):332800
                                                                                                                                                                                                                                        Entropy (8bit):6.178315042612466
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:DNzdJXMSRhdSvGYtbp/chiZEs9d1PomUfyGzph2:xJJXnhL439d1P/Uayc
                                                                                                                                                                                                                                        MD5:289FA505F765127810156291E21695C3
                                                                                                                                                                                                                                        SHA1:842695BEA52D01E5673B6675A88F2FC9FEE5221E
                                                                                                                                                                                                                                        SHA-256:D20872D6DE07D18E6BF92AC729D9A078CDBBAC23C302E5AB761531B1949820B9
                                                                                                                                                                                                                                        SHA-512:EE97C0BA5575AB23631E98D46C8EC0F99935A2CDC94D115B83227F5D16D5B07CB666685A7FBDF3F99105D6BAC165D5AFEAD255409FBDA7CB751A85FE97D292E6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6dG............!..0.................. ........@.. .......................@......B(....`.....................................K........................>... ......9................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B........................H.......\...d............^...............................................*..B(w...(....(....*.....(l...*....*................8........E....5...........'...80...r...p*.(*...:.... ....~....{....9....& ....8.....(+....o......8@.......E........~.......8....s...... ....~....{....9....& ....8.... ._.; hK.ua~....{~...a(q..........%.>...(,...s...... ....~....{....9|...& ....8q....(-.....8c.......E........q........... .......8........(1....s...... ....8.............i(2... ....~....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Ransomware.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1521296
                                                                                                                                                                                                                                        Entropy (8bit):7.847329578221486
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:LKCYNFxuyWWTcH4IMkfS0HCHp7z00CxeTrTg3mh3/y86joi+7bxKCa7z8JgQtU:Ro1WxMgSCCHlzDCxqrk2h3/ync7b3
                                                                                                                                                                                                                                        MD5:2885C6DA9DB101EE2CD99F69A2C7E431
                                                                                                                                                                                                                                        SHA1:F9065CB9D42E7CAB8ECF7755D8DC79D263E79307
                                                                                                                                                                                                                                        SHA-256:79B529C7373C56AEF90B0FDB6BDD0A69ACBE4E914955A87A70A3C7CB056CEE12
                                                                                                                                                                                                                                        SHA-512:99DEC4C58C6194AFC4AA8A5F2238905D34A239CA5F8465B4C280987F80171AA77B970DD116FBE5BE22A905FA417BC769935F7FC1DA8FE9CEB501D529711C28B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ... ....@.. .......................`............`.....................................K.... ...................:...@......4................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H...........T...........$................................................*..B(....(....(....*.......*................E........n...a...1...8....r...p*r...p.. ....~....{....9....& ....8....r...p*.()...:.... ....~....{....9....& ....8.....(*....o...... ........8........E................8.... >.0t .&.Ha ..%Aa~....{....a(+..........%.P...(....s...... ....~....{....9....& ....8.....(...... ....~....{....:....& ....8........E....G...........w.......T...8B.....(1... ........8......(3

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Protection.Self.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):171520
                                                                                                                                                                                                                                        Entropy (8bit):6.170576629726866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:rl9yiQCmAf0TW629ElqcpcGlLQJ5/xvttOqzmnWS:rlA4mNWF9Elfp3LE5p/O6w
                                                                                                                                                                                                                                        MD5:3E3C2B5EEBCF2967204602A6CBCB7517
                                                                                                                                                                                                                                        SHA1:FD94F8433D46C762D18D5CDF95D7653730436062
                                                                                                                                                                                                                                        SHA-256:C580120DD5B29E5FF34D4ED41B86FF45CD596FE102914508C7D67CE112FE0DF6
                                                                                                                                                                                                                                        SHA-512:87C71D2D52FE19AF261B422AC764E477172F1C13B25B891768E7ADDCE88594C72B1DD808E109A6A107C2BB07A1B3AEC5A0387CAF45EDDB8141254CA7137EDE96
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.S............!..0..V...........u... ........@.. ....................................`..................................u..K....................`...>...........u............................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@....reloc...............^..............@..B.................u......H.......................HN..~$...t.......................................*..B(....(....(....*.....(....*..(....*....*................8........E....*...................8%.....*..R ....~....{....:....& ....8....(....(....9.... ........8.......(....9.... ....~....{....:....& ....8........E1...............3...........8.......<...i...v.......................................-...................d...................p.......p..._...........W...I...n...........................J.......W

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.Detections.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):160400
                                                                                                                                                                                                                                        Entropy (8bit):6.153604832369825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:CdWzTvFO5YfsLs3DR/zduFTeGuZN4GEQzecGv7yu/R+Ysq/R+FZ:CdOTvFc0somT4z3ifkViR+
                                                                                                                                                                                                                                        MD5:E5F0DD373E7B18B968FDC1087734F249
                                                                                                                                                                                                                                        SHA1:7AA65A636B7308F2BF9857530928DD50F0ED23E5
                                                                                                                                                                                                                                        SHA-256:EE4ADDB2FDFB0196F64D291F658377E7911643840DDE4D360AA2C7EEA3BCC020
                                                                                                                                                                                                                                        SHA-512:0CF3FD3A0FEEC3FF292BC0A81A33F022E46F1DD8BEE84D830628C80E96F2033975671D3B2C9B2386554074E3595A20DFE4EC3C0360FCF6B3FDF4AA1D1BD086B8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6:.............!..0..............M... ...`....@.. ...............................O....`..................................M..K....`...............8...:..........'M............................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@....reloc...............6..............@..B.................M......H...............................L.......................................*..B(....(....(....*.......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.OnAccess.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):514560
                                                                                                                                                                                                                                        Entropy (8bit):6.409490598681187
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:xzAxZAn4A7V7xZ8dKOpMjampeKWBg1at/MKBVIMtYBeNVLq:x/4AxdBedrMKpZdq
                                                                                                                                                                                                                                        MD5:73452F58EA360501168391ED51967414
                                                                                                                                                                                                                                        SHA1:CCA89D6093F987572967042CD6321D13B1FF342B
                                                                                                                                                                                                                                        SHA-256:D314FE22DCB040B8A7AD183C15C872E4B0E14ECBB169AA8F4DDE84389A1513DB
                                                                                                                                                                                                                                        SHA-512:6E663E9462E5A1A1BB88A7B88DB35994B8B9A2A5FB0C47DA5D6038524439790F72D2A3A5EE8602AA3E49CE9EE24708D3E3F368D8DF931491794BD598F6481F08
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7.............!..0................. ........@.. ....................................`.....................................K........................>..........O................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc..............................@..B.......................H............T...........m..7@..........................................*..B(....(....(....*.....(....*....*................8........E....q...K...2.......$...8l...*.........(...+.. ........8........@D...8.......(D...t)..... ....8....~...... ....~5...{....:....& ....8v....... ....~5...{t...9^...& ....8S........*................8........E....i...[...j...-...F...8d.......@M... ....~5...{I...:....& ....8.......(G...t)..... ....8.............(...+..8........ ....8~...*~...... ...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.OnDemand.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):472064
                                                                                                                                                                                                                                        Entropy (8bit):6.199008548625321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:cCz7cTxZKL1JmzPydmULmHQ1c6yqmZ4EdzktLRuCXzYbdWrFQEp5ze:cCMT20P5vD67wvzsRudWrFfze
                                                                                                                                                                                                                                        MD5:D39E273EE94BBC10711BD117681C012C
                                                                                                                                                                                                                                        SHA1:DBA8D0169DC6010C78F323194558AA0CF4675983
                                                                                                                                                                                                                                        SHA-256:A2B2ABF5E7B80135C07A35BB9200BADD4C0C12B997234B063D6F6E1EE395A55C
                                                                                                                                                                                                                                        SHA-512:2CA1432FF29212CB8F33F220650314B93F415A4203A10DA55E58D7B6B22CE2A71EF9AA6C79F82B168152DA4D36A4D9AC150DDBAED806B98D4AF9F6ACB8C61A59
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..............!..0.................. ... ....@.. .......................`....... ....`.................................P...K.... ...................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H.......0....k...........*.._...r........................................*..B(#...(....(....*.....(....*....*................E................2.......8......*8+... ....8.....(+....(,.....8........E............Y...8.... ....f ..0}a~x...{....a(-..........%.....(....s...... ....~x...{~...:....& ....8.....(/..... ....~x...{....9....& ....8........E........l...........4...Z...8......... (0...(1... ....~x...{....9....& ....8......(7... ....~x...{t...9....& ....8........(3....s.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.Quarantine.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):416400
                                                                                                                                                                                                                                        Entropy (8bit):6.284768478175249
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:8CeUGvX2vrwWyfKVuiDBvnFLJevzfXjvZ:8zUGv2Dw/yVugnFLJevzfF
                                                                                                                                                                                                                                        MD5:FEF47B4E7B63CB25325B309501C1277F
                                                                                                                                                                                                                                        SHA1:1855189CC7572FA17E6140100930F33B7C567883
                                                                                                                                                                                                                                        SHA-256:426C7A2EB540DB5B688D9D49DFAB819178AF4D1EEBD23ADF979BB0178EC6FE5B
                                                                                                                                                                                                                                        SHA-512:316ED1CF7F6438481E13BAFBE5DD21550A86AB7AC20A1FDFFA4AA9A934757A0E570745E1D96B6AD28DA665C0B63E5EB460FDE1F5676445A18A71745B78D54850
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8N.............!..0..............5... ...@....@.. ..............................M.....`..................................4..K....@............... ...:...`......k4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................4......H........7...!...........X..*....3.......................................*..B(....(....(....*.....(....*....*................8........E....................0.......8.....(.....o...... ....~....{....:....& ....8........E........$.......8.....(+..... ....~....{....:....& ....8........E....?...n...8.......^...s...8:.....(2...(3..... ....8........o.....s...... ....8......(0... ....~....{5...9....& ....8..........o....(....8.............i(/... ....~....{....9....& ....8........E...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Scan.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2771600
                                                                                                                                                                                                                                        Entropy (8bit):6.630252356589734
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Vo5aD7iyJuZetjPsDpGg+LHH4YvbCPv7KOuNXU9QtCofuHMBgNTaH9+4/V5WE7li:VRscg+i7KXlCKQ+8uN7lEUjkAW
                                                                                                                                                                                                                                        MD5:E3AEDD60FA756973BFA4BF4DF12D0E3C
                                                                                                                                                                                                                                        SHA1:8C4ADFF407EE0FAFE72F3FD6AEE2D2EE56B53819
                                                                                                                                                                                                                                        SHA-256:A634608BCECA94C010B383B1B4CCC4750F875C41C458C3FC26A1941F2F09D836
                                                                                                                                                                                                                                        SHA-512:2C1725561C2E43DEB329CFA50E7A1E185AFE8E5C84E52F00A14C1BE81684D5EDA2708231F69DA5B9FA5FD94DF0F32DF809A581CA1D13809E7565535FCDBB3EB0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P.q............!..0...*.........^$*.. ...@*...@.. ........................*.......*...`..................................$*.K....@*.h.............*..:...`*......#*.............................................. ............... ..H............text...d.*.. ....*................. ..`.rsrc...h....@*.......*.............@....reloc.......`*.......*.............@..B................@$*.....H........<..|...........(....?..C#*......................................*..B(Q...(F...(....*.....(....*....*................8........E....5...S.......Y...\...80...r...p*.(*...:L... ....~....{....9....& ....8....8.... ....~....{....:....& ....8......*r...p*r...p..8.....(.....o...... ....8........E........5...A...8.....(...... ....~....{....:....& ....8........E....W...|...B.......O...4...8R.........o....(.... ....~....{....9....& ....8........(/....s...... ....8......o....(..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.UDI.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):218112
                                                                                                                                                                                                                                        Entropy (8bit):6.125510337455106
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:dHfzQNeguktxKD8AOQnzdGp/uaONd3aDDqnuHkFSSSqw9ZG9G+4c3TP:xoeg5wD8AOuztNcDD2lSZN+4cL
                                                                                                                                                                                                                                        MD5:E921ED7413602B2083B92D2A59B3CED8
                                                                                                                                                                                                                                        SHA1:D7D39380690EBF37980478BF0147355706AF90F6
                                                                                                                                                                                                                                        SHA-256:E97376D9A88F7162CA726B09F275C3C8AC9D46245F596B0F70670B1F6B211624
                                                                                                                                                                                                                                        SHA-512:256B7D71E8E31F4ADE989D6CBCDA70D49897F88E591298C3E19DD06E97218EEBB92D47B7A959F2FB9C100B7D706E141D2BFDF2AA20623948B78C3807E2D1FE08
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..............*... ...@....@.. ....................................`..................................)..K....@..h................>...`.......)............................................... ............... ..H............text...4.... ...................... ..`.rsrc...h....@......................@....reloc.......`......................@..B.................*......H........1..0...............k8...).......................................*..B(_...(T...(....*.....(....*....*.......*.......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*................8..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Updater.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):166400
                                                                                                                                                                                                                                        Entropy (8bit):6.158608866537054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DXjdRFYnUGOU5EkAOb1G4/bYEDJNsg8Ta/PM38ovau1FHdGXa7:DXjLFYn7GkPXbYU+vt1F9Go
                                                                                                                                                                                                                                        MD5:E0D4F80FBCEEC79CCE5938FE9F01CFC1
                                                                                                                                                                                                                                        SHA1:DBCDFC09652F84486671121BE2F1CA37F043C94C
                                                                                                                                                                                                                                        SHA-256:ECCAEEDE0D5EC2B32DCDCFC96E1A4BB0D6C495B04B1EAEE5A56A8314C5B5DFA5
                                                                                                                                                                                                                                        SHA-512:A9E303EBF5392DF9AC804B220846116FDC9EF308E99920C6F2F240F20B8EBDC2C696A02730DD429D15E5D8E22AEBEB280BB2222E23D3DE0E19D249CADAD858BA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f............!..0..B...........`... ........@.. ..............................8u....`.................................p`..K....................L...>.........."`............................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@....reloc...............J..............@..B.................`......H...........4............;...!..._.......................................*..B(....(....(....*.....(....*..(....*....*................8........E............n...+.......8|...~...... ....~o...{N...:....& ....8.......(....t......8.............(...+.. ....~o...{....9....& ....8y.......@.... ....8f....... ....8X...*.....*................8........E....:.......i.......w...85...*....@Z...8....~...... ....~o...{....9....& ....8.............(...+.. ....~o...{....:....& ....8~....... ...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Utilities.Browsers.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):534016
                                                                                                                                                                                                                                        Entropy (8bit):6.1378496343217614
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ruFjirA1cQ3luN7Ce9+YLgtXsXNvSgKc4D7SBinCCwCy:r6jUA1cQ3luN2e9hLGsXN6A4D7TnCl5
                                                                                                                                                                                                                                        MD5:3D99E12DEB19BAA369F7FDCD78602852
                                                                                                                                                                                                                                        SHA1:D2C3DCAC19A1F2E6F0766830B034D3792708C5C6
                                                                                                                                                                                                                                        SHA-256:25D5733DE291FC13A5377E293A1DB0628BF46028C1A75451363218043EDC71B7
                                                                                                                                                                                                                                        SHA-512:EB600DB4E7A4139FF105995E2F6A58278772AECF66EFD7406C1B2461312554756CD2F1423CD5C69202FC5D4FBE5F274B1A7F46A4A5C2894EBDD34AE99AF4DB4E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5.............!..0.............~.... ........@.. .......................@............`.................................0...K........................>... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B................`.......H............<...........'......Y........................................*..B(....(....(....*.....(....*..(....*....*..................9......o....(....9......o....(....9......o....(....9......o....(....9......o.....*...".......*.....................E....*.......8%...... ....~....{`...:....& ....8......*.~....(....(....(.... ..4. ....a~....{....a(....r...p(....(...... ........8........E:...........O...".......C.......................:...~...............>...........,..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Utilities.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2464400
                                                                                                                                                                                                                                        Entropy (8bit):6.218158032777317
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:26nuotpeZ9F9wQ7YO6GWZ1VlB6F00QEXiAuT6A6yl2XhKNO8s3+WB:C2QMDHCTAHemO8I1
                                                                                                                                                                                                                                        MD5:3E90B6DE455F8A6EBF19F909EEF0F2BD
                                                                                                                                                                                                                                        SHA1:EF08B47F6A311DE7FBE94B64A5BA3FF30B4CDEE7
                                                                                                                                                                                                                                        SHA-256:57BF1B550404462301C0610BF33865B504B5D0B09C87B6F97F55B089E059A6D1
                                                                                                                                                                                                                                        SHA-512:1A92732CA78D52076D16A751882AB9A9CBAB8558BF3DC1558C39854547E7430A7D278D048433459A6D3FC4D06820FDE74DDA6B4BC109B057DB6480B5ED4B38D0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f..............!..0..V%.........~t%.. ....%...@.. ........................%.......%...`.................................0t%.K.....%..............`%..:....%......s%.............................................. ............... ..H............text....T%.. ...V%................. ..`.rsrc.........%......X%.............@....reloc........%......^%.............@..B................`t%.....H.......X=..,S............ .....`s%......................................*..B(....(....(....*.....(....*..(....*....*................8........E....2.......{.../...G...<...8-....(....:;... ....~y...{....9....& ....8......*8....8....8.... ....8....r...p*.o....9.... ....~y...{a...9s...& ....8h....(*....(+.....8........E....O...X...u...8J... .!.. .@.>a~y...{w...a(,......#...%....(-...s...... ....~y...{3...:....& ....8.....(...... ....~y...{....9....& ....8........E..............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.Wsc.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142848
                                                                                                                                                                                                                                        Entropy (8bit):6.084168906551222
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:U0ufITLt74jugCBnwQ5pbYehtBw2uF1/A/zTkRK1b6jeWpV:U0ufITJ74agCJwQ56ehtBw2ubYV1bx6
                                                                                                                                                                                                                                        MD5:C52264E3E8AAA14A7F8F5101BBA18730
                                                                                                                                                                                                                                        SHA1:A19A6C8BE9BB38FEECD49EDB09A66BD725312A26
                                                                                                                                                                                                                                        SHA-256:ADFFE3F17B6812A7B0AAE6AA8BD97645E62F91B79E10E405905F03C78EBC07C9
                                                                                                                                                                                                                                        SHA-512:8BCFB822EEBC4E1A70328FAEF907CF028CCBE11A60C6E2A98343E022524B840DEDBE9189E723B7758A2C77187E5B0E471EF1FC47E97B82B6736FDD7435AD64F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ... ....@.. .......................`......I.....`.................................p...K.... ..h................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...h.... ......................@....reloc.......@......................@..B........................H.......lo..............$................................................*..B(R...(....(....*.....(G...*..(....*....*................8........E........e...........8.........(....8K.......E....Y.......}.......F...8T...s......... ....~R...{_...:....& ....8....~....:E... ........8....8.... ........8.....9... ....~R...{y...:u...& ....8j...~...... ....~R...{....:O...& ....8D..........:5... ....~R...{a...:....& ....8........E....5...+...80.....(.... ....~R...{....:....& ....8....8.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngine.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (5824), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5824
                                                                                                                                                                                                                                        Entropy (8bit):5.99179572850437
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Rw99zAT1M+bHIEwrgiYlBk9x/rcohy9Q/GDFSf1Ru/M7j0C0wXfAXBT5A:RwLzAZxrIt0Bk7+QZz7jh0wI5K
                                                                                                                                                                                                                                        MD5:0195B6F2D3E0F5A4947F353E48E15D8C
                                                                                                                                                                                                                                        SHA1:F29FB502B68A486FFEE0C55ED343C15E5110E6F9
                                                                                                                                                                                                                                        SHA-256:52B9FF10C412162CE0AC5ECE6CD56B1164C209AF1AD8B3B8E334149ED6E4EA56
                                                                                                                                                                                                                                        SHA-512:65BA63D1645A1C507C2A8C4728DF0F1F660F3574333925386F1B5B07F11E4E894D8404767A478A384D6A5910915FF040698C6C761047A4CE53A9FABD2D788BEF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SeNHHAozzDzx8xafGs52O02M3LrbDRSLIJ5xixluCuxOz2RE7hbtSEc4h5uwlDrbNRkIuc4wJhx4cXXt/BOt9Z+36zGIYFX8XISHgLWcpFjCNyTrdgn2YOwLq7Y7bAKO5yDJj86mhhScMYzZBlyORgFRJ147EDfwm0fcGGR0sjv0p2Gn/ZV4AgD66Ocu+Msv8hkX9Iv4Ny94mQ/t8HdSZcpl3Vs1/Y2/w1eWrsjffIJRQPTst3kD+6PkJ6wESCkalyNysMY7Xym7/aS1fSZWmUxP0m0VZihGj6AV+J3d8we9Z3Jd/GK2Eyq8xg+d0D03kWzKYSSWH6IurX1f0MJ/RdIqVoXOToOeW8FXmrL/mVu1P0Sk9q5GCosFlPYAQdEkM+k9JNb0YPcOmlrbVVF+CU2PekpKhwWF/u6kFjbT3EZbXcfjB4XPqNremlWvMtCo2mOnMIs9Omm9ROlhD28LolaA9zpxsgDoqLGVSb56MA8Z2ho9DdUQHixQWphsJ7efUATXjTeoitUN7qTrigGJXAeGYCeHtHISIi8LkQB6uba4L8w6imPsL/ak8FtVyW2OYkpELVVcBdg5NTDT7hhkgBYjSRz4udHNJAwrHJtQkDcZRu81LGNQBmeEER99cN71j06CjH6xiw5y6Q/bgmQ8OvH0WTMXXcCc3fkVWDHgSDKvj6owxB9+Z3KGjnEbmpOzfxDkI8h4JF2ALQbKSxhTEaLUDm7zsJuljmB7VBsCEAw0yStGo/aTERF+U4Hlh6RrC6jTRnB6hMMY3NJf7nqG7jlAcyoi6/btEFUz0MmFZ6PF7rOuPsIuD3QHWgZdFQIH/TZskLj1YAEXDsU/HSQR/ukB/If5hjj5Lk4ZkZ621Upjc2OVvyFMrSEC8chhTVfauV72ZEIvueY5TFjx+AxdEvShXzTTJJjlss3nI8Qsy2+k/bUAuaJO9qlH6KuWoYT5keJ7IZxJQP0DE1Lfzb6ZWNMcwZLxYXCpR4lLNHDb

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngineSvc.Proxy.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):167424
                                                                                                                                                                                                                                        Entropy (8bit):6.165456000712779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TdtSl7bGtt5g6RBJ3jqXc6AFBnMkV21vbzy:Zt2bgn32KMc
                                                                                                                                                                                                                                        MD5:327345B3F3E66A7429BFD822F6C20553
                                                                                                                                                                                                                                        SHA1:D2A8E73744B1F266B16E18FBA4C61AA5C5B50CC7
                                                                                                                                                                                                                                        SHA-256:AD6C80D0BE80A6581DAAE0C9A851586D5511C60FD2C2CA4705027259591DD2A2
                                                                                                                                                                                                                                        SHA-512:B7C1476196782942DC15198B8CE8DF92EAB4E4B388A4C8DF5DE39FC47947A4638FC94EA7657F5636D88A1B8E8098753B80862F5CF87DE47FCDE14A0D40613AC2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.............!..0..F...........d... ........@.. ....................................`..................................c..K....................P...>..........qc............................................... ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@....reloc...............N..............@..B.................c......H.......l................=...#...b.......................................*..B(a...(....(....*.....(V...*..(....*....*................E........M.......Z...8.............(...+.. ....8.......(....t...... ....~....{h...9....& ....8....*~......8(.......@.... ....~....{....9t...& ....8i....... ....8[.........*................8........E....G...4...n...U.......8B............(...+.. ....~....{....:....& ....8........ ........8....*....@....8.......( ...t...... ....8y...~...... ....~..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngineSvc.RPC.JSONInterface.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):309248
                                                                                                                                                                                                                                        Entropy (8bit):6.231027305537471
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JY9xWi4IKRdUa3n5Xuj8NZsaJ6BrdvtFmso7UT+mTDNfXDfKrB+3fCyhM4TKBj7y:JaBjHa3RpZsa4BrdVF9o7UPD0+PDki
                                                                                                                                                                                                                                        MD5:EDAFCF4340BE2E065FD54D20CBD3DC58
                                                                                                                                                                                                                                        SHA1:77491716599FC8D874D9E3F320379CD2309D394B
                                                                                                                                                                                                                                        SHA-256:3F29E100DB1DA87A42B9CD30E96AE9FB1066C0E7ADCB774C76E0A1DE7481875A
                                                                                                                                                                                                                                        SHA-512:29CD20A20506227FE9F04BBCE632B39B39648EE7621A053D9DC7CAF81F0D586A79E32CEAF29C7B0FF36324FAE08F8CAD5FAE5F5D20E9FCA194F9F5F4E818D1F9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....GPf...........!.....p..........^.... ........@.. ..............................^c....@.....................................K....................z...>........................................................... ............... ..H............text...dn... ...p.................. ..`.rsrc................r..............@....reloc...............x..............@..B................@.......H.......l...t...........................................................*..B(....(....(....*.....(....*..(....*....*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*..................t.........~....o.....i.@.......i...s....(.......j...s....(.......k...s....(.......l...s....(.......m...s....(.......n...s....(.......o...s....(.......p...s....( ......q...s!...("......r...s#...($......s...s%...(&......t...s'...((....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngineSvc.RPC.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):190464
                                                                                                                                                                                                                                        Entropy (8bit):6.260050422590562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:pk4fIhz6wRxDxwWEIW8lReMzF8hakNzijRcuQGK1mTw:pZfkz6iDx9xmh1VuX4
                                                                                                                                                                                                                                        MD5:6586DD2E2192CC016D40D6A0439B1923
                                                                                                                                                                                                                                        SHA1:2A30D5A172BDB44FD4C0A91AD729C684EFF068CB
                                                                                                                                                                                                                                        SHA-256:6D5EC23B8E664ABDEF46A39A2AE0BB86674A29D342DC11CF9ACA356EEC6C6D07
                                                                                                                                                                                                                                        SHA-512:3F1A945AC993C6009D8DA2AD466A48CC87B1CE3D702F53448A3F8E253DA7797B4CE9484434A1C9D4B462AE8A0BF808A9CE5A2B3CE4539822A5F461E13700C5FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Vm............!..0.............^.... ........@.. ..............................E.....`.....................................K.......t................>........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...t...........................@....reloc..............................@..B................@.......H.......................p....-..<........................................*..B(....(....(....*.....(....*..(....*....*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*...................(....&8....*....*................8........E........q... .......K...8....8.... ....8......;^...8....(....%:H...& ....~....{....:....& ....8......;.... ....~....{....9....& ....8v....*(....*(....%:"...& ....~....{....9N...& ....8C....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngineSvc.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):364688
                                                                                                                                                                                                                                        Entropy (8bit):6.349300837557166
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:IhN7hsWFCYn1OccgbaLUGj13/ILPYngdruWO8ITeN8fl31171ntnPQvpQ4zc+eMR:ShsWFT1Oc1ijZ/IDddaWGl111BuvRc+
                                                                                                                                                                                                                                        MD5:D8053B9FDBDBB3E32CF583AACB29D1EE
                                                                                                                                                                                                                                        SHA1:43D1F93711C410C9458F0C10F98BB89690661F1B
                                                                                                                                                                                                                                        SHA-256:D241E1EE561D0161455520676504E581CC2FEF4BEA6680C9D447FD2253678B2E
                                                                                                                                                                                                                                        SHA-512:C436FA0B982E3212A2D7379F3DAE8DCB2984973889544719B6E68CC8FC53A7CCB31BB2190FF7D868A74ED65D5A93435D71A8A5BE6BD4AFA8E075EBDA9C94075C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0..J...........i... ........@.. ..............................z.....`..................................h..K.......$............V...:...........h............................................... ............... ..H............text...$I... ...J.................. ..`.rsrc...$............L..............@....reloc...............T..............@..B.................i......H.......TQ...m..........\........h.......................................*..B(/...(....(....*.....($...*..(....*....*.................po.... '...8........Ec...4...........!...........P.......Y...........a.......6.......+...!...................4.......................@...............A...........p...(...........}.......5...........................C...........`...<...<...................j...R...........................!...................?...[..................."...8...........[

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsEngineSvc.exe.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsExtensionHost.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153600
                                                                                                                                                                                                                                        Entropy (8bit):6.136407498903004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:6K86KKJ/0hDGadf+DZZC3J5Qdl+4e4cwJ5EqP4qCq1RY09:6KvKKShKe5QdM4e4cGT/n
                                                                                                                                                                                                                                        MD5:42FFE698DABC46C3993D74E2BC6116D5
                                                                                                                                                                                                                                        SHA1:19D937886A469C3A7EAB1CC4F662476D37E22C44
                                                                                                                                                                                                                                        SHA-256:031348435351CC53C63FB0C0365AB0612FF405D34DD25D97C2EDA90F00BA3E1E
                                                                                                                                                                                                                                        SHA-512:9F11A2E661390834D34472D92CA2750B499B379D1E1368E67B48ECCE56BA464F22D3C713DF1AE7805895E9E9568EA91537988232213BE919F58B2E056116FCDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............~,... ...@....@.. ..............................4.....`.................................0,..K....@...................>...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B................`,......H.......0...T.......Y...........h+.......................................*..B(....(....(....*.......*................8........E....l...........C.......8g......... ....8....(....o....9m... ....~w...{r...9....& ....8....(....(.... ....~w...{m...9....& ....8{...8.... ....~w...{N...9b...& ....8W...*.(....8.........*...(...+*......*................E....9.......:.......|...84....(....9....8....8 ... ....~w...{I...:....& ....8....** ..y ..xa I.<sa~w...{....a(.....s.....o....(....:

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsExtensionHost.exe.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsFrame.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.868915768817926
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BYzPTJH3h8Eq7rjP9Z95Xa/rl9qX2Ip4VnTjdAA1m5wMBq5ul043Ovfh+LLX:BYztH3h8Eq5HRKrLy2Ip4VnTxf1mlBqi
                                                                                                                                                                                                                                        MD5:C104DA9AADDEBF969962F11EA3F7F42F
                                                                                                                                                                                                                                        SHA1:546EC88DB080684694860C9B0B4B2EEA48B9953C
                                                                                                                                                                                                                                        SHA-256:9E5714777C010A693FCCB69AF0FD3909DF486360B8D8DA67A257F338D0CD3D16
                                                                                                                                                                                                                                        SHA-512:EE0AE4101130A5E852254543930B5915D74D54145738084DEEC661C74B4D09924D323E7A4FCDBA559FFE38C7522C785FA92CBAA02C1CB24262724BB93C9B4A1E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............".... ...@....... ...............................v....`..................................-..O....@..H................>...`......D-..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B........................H.......H$...............................................................0..t..........(.....0...R......*.-...R......*. ....j5...6.r...ps....z.i.................Yo.......1...X...1...2.....s....z..R..*.0..E.........i..,-.j%(.......X..........(.......o........o....*..(........o....*..(....*....0..^........~....7T.~....7J.~....7@.~....76.~....7,.~....7".~....7..~....7..~....7...*..*.*.*.*.*.*.*.*.*...0..B........(............T...J...XT....j_ ....j`...d%..-...J.Y.....%G.._.R.*..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsHelper.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143872
                                                                                                                                                                                                                                        Entropy (8bit):6.099711845700752
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:/Wy17X7LCWgHARJGojSkT3j+iCFCKJVLgEYyoE/58ceViIZF45Lw2aR8PTMDz+VK:/WQLJDTGh83qhsKbLzoke74I0Fn32io
                                                                                                                                                                                                                                        MD5:FBEE628345F36CDDE1AA68500C805888
                                                                                                                                                                                                                                        SHA1:990C2FF6F1CCD1B3AECF7137C8EEE764EFECD754
                                                                                                                                                                                                                                        SHA-256:BD8DBBF36AEB46474A5C087B939F96979C65E3EDFAF0B0C889EDF4B3316E0FC0
                                                                                                                                                                                                                                        SHA-512:B3A0285AE5B6F614EC1DEA34C9276A9F44982B5E16F01A71FC7168424F035B05093AC95BC47888B80EDC607C5E7865A253D5FF6996E9F7FCCC9CA1CB6DBC6E8B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?...............0.................. ... ....@.. .......................`............`.................................p...K.... ...................>...@......)................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H........k...............................................................*..B(f...(....(....*.....([...*....*................8........E....9.......)...v...............84......... ....8....(....r...p(....8>....(.... ....8....(....(....:.... ....~....{....:....& ....8x...(.... ....8i...(.... ....8Z...*(....(.... ....~....{....9;...& ....80.........*................8........E....*.......8%...(.... ....~....{....9....& ....8....*......8........*................E..................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsHelper.exe.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsJSON.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224400
                                                                                                                                                                                                                                        Entropy (8bit):6.7771936576354355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:R7IEMtFMZZi+Ng9999994f9oMlnhcNx3Bn:BZi/MlevB
                                                                                                                                                                                                                                        MD5:FA63504382F4F3F92FA86841D9E97F29
                                                                                                                                                                                                                                        SHA1:0BDE02C98741BB24EAF501BD8E2D9738742CD042
                                                                                                                                                                                                                                        SHA-256:5F0764E1998464F63C6583F870DD3784921B752B91D8E450FE2C90153CB5E58D
                                                                                                                                                                                                                                        SHA-512:C8483D9060A6800C8DEDB4D5FEA7CDA346F742CA1A149C3EB608823209AFF1F00BFCC5B0CAF9C482C7B01D75F6E198EDFAE3B0100CB0DCA6E5B5F18336ABDEE5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3..............!..0..(..........nG... ...`....@.. ...............................)....`................................. G..K....`..D............2...:...........F............................................... ............... ..H............text...t'... ...(.................. ..`.rsrc...D....`.......*..............@..@.reloc...............0..............@..B................PG......H....... ...P...........p\......_F.......................................(....(....*:+.(.N.R.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*....*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsLitmus.A.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):111616
                                                                                                                                                                                                                                        Entropy (8bit):6.294958596524468
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:XfL+72PsK9Qd/RpgyxMkJfjQmMCdwMzTVVAP:XCqkK2/Rp5DzTVKP
                                                                                                                                                                                                                                        MD5:25E82984602B03AE3572A1AE582B3392
                                                                                                                                                                                                                                        SHA1:7407428D1B7E82F5266B1FD9F010F9C63079B7E3
                                                                                                                                                                                                                                        SHA-256:D1DBA91B162DA215E091701BAA4A662EDF22911CAE67C64DF0ECA8FF7A1EAA78
                                                                                                                                                                                                                                        SHA-512:72CE8E33C1A1D2AA8AA68906A89787AC589DA86845211E066E5D1B41948FD3D7FE16FDBBA8A6CDFCF5DC944943A8ABD4ED4E582D959D1C6A1AC802DB3D5F5480
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Lq..-..-..-...E..-...E..-...E...-...X..-...X..-...X..-...E..-..-...-..;X..-..;X..-..;X..-..Rich.-..........................PE..d......b.........."............................@.............................................................................................V..(...............t....v...>......8....E..p...........................@F..8............... ............................text............................... ..`.rdata..V...........................@..@.data........`.......R..............@....pdata..t............\..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc..8............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsLitmus.S.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):105456
                                                                                                                                                                                                                                        Entropy (8bit):6.166230469207198
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8fL+72PsK9Qd/RpgyxMkJfjQmMCdwMzTVK:8CqkK2/Rp5DzTVK
                                                                                                                                                                                                                                        MD5:7C97046701CB82E4E409DF20AF386275
                                                                                                                                                                                                                                        SHA1:051267E447CF42B2ECA5F695526F18ADD1CCF3E4
                                                                                                                                                                                                                                        SHA-256:38CA46547C8C7C5C0C8E394EA355A03C26A08ADB63B39FC95AA5461B5321DA7C
                                                                                                                                                                                                                                        SHA-512:22E2CFBDA6E47D62E0F87535F4F61ECC67408EFDF020C41A29993BD80FAC9CC40D4513708C0BC96CBAA0D70686BBBD2D7CB1FBB95BD273937159D6516452B691
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Lq..-..-..-...E..-...E..-...E...-...X..-...X..-...X..-...E..-..-...-..;X..-..;X..-..;X..-..Rich.-..........................PE..d......b.........."............................@.............................................................................................V..(...............t....v...%......8....E..p...........................@F..8............... ............................text............................... ..`.rdata..V...........................@..@.data........`.......R..............@....pdata..t............\..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc..8............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsLogger.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182920
                                                                                                                                                                                                                                        Entropy (8bit):6.549984856278825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5Uy/CR6dEfViQ+7gLmiEw/zrQUTkkySNP0dbNIprWrL:Cy/CVQILmil/zrQV2YbNGy
                                                                                                                                                                                                                                        MD5:E3FA0916F33BEE8A14F28421D2DCDC9F
                                                                                                                                                                                                                                        SHA1:FD3DCA4DB55E81EBFFC7609C5D63A4FFBD6629B2
                                                                                                                                                                                                                                        SHA-256:29AAFF11E775C800575B1A5D4160DAEC749DDE528E68BC3B6E9B340279ED991D
                                                                                                                                                                                                                                        SHA-512:FE96EFD3CF162BBB766634C3D90F707D868378DD04E47AA9D55C03E03130F54827F781639383B053C9335D022CCD6B244B67E586197C2B40D193DD58A4EE8CB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...oe.............!..0.................. ........@.. ..............................Y.....`.................................P...K.......P................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H........s..d...........t".. ............................................(....(}...*".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*........00......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsPerformance.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):43152
                                                                                                                                                                                                                                        Entropy (8bit):6.52771924462892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NWti03xJqc90G9LylSEJHRKrLy2Ip4PCxf1mlzzA:NWtbq80S4bJHi/9AfIPA
                                                                                                                                                                                                                                        MD5:3418BCC93F638C6546B5E65B178F3FB4
                                                                                                                                                                                                                                        SHA1:75A5668656A41FBF9010C2A06A42A4A03B4BE17D
                                                                                                                                                                                                                                        SHA-256:E5E37F425D3DB3ADE0340CA8D0D787A00C1CB3FA392BC525A56632D6A8983B9F
                                                                                                                                                                                                                                        SHA-512:173CAD6D3787BDED545D8DF9A4C1CE248E9AABF4DA3AF9DB80E9B2BBCEE59923CF6FF32F9021EC7FD880AF609680C3EF3DD3F3C7E7E6B231D9113CF306ECE73C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.w..........." ..0..f............... ........... ..............................3.....`.................................l...O....................n...:.............8............................................ ............... ..H............text...xe... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B........................H........>...D............................................................(....*..(....*..(....*.0...........~....}.....s....}.......(*....~....s....}......{ ...r...p(....}......+&..{.....{!.........(2...(1...}......X...{!....i2...{....(3...}....*~.(_....|.....(.....|....(....&*..0..2.......sa......}A.....}B....{.....{B......b...s....o....*...0..$.........(......o ....0.~....*.{.....(!...*.0...........|.....(......("...-..(#...,.~....*.-..|....($...+..|.....j(%....{......{...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsRemediation.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):141968
                                                                                                                                                                                                                                        Entropy (8bit):6.096258611111406
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:0wGLJwGeXmUy1hjvSn27sXc95eOioAXUxuIORpDa06i9i:rGLidXXKw2Mc95eLo/MQU
                                                                                                                                                                                                                                        MD5:AFB4F88146753AE0BB5C19E4DAECBB63
                                                                                                                                                                                                                                        SHA1:2A69DE6264B486D92D0CF08013209E997816D529
                                                                                                                                                                                                                                        SHA-256:E51CF661C3D51CD72B1D70DAC281579C4A94A7BA691D5933C316BE3718C1251E
                                                                                                                                                                                                                                        SHA-512:88C2C090190C9CA920C55CA2B02B31D345634418AEDEE742437197737EA67EAA38252F7453DA5D09CC9C283D0DE76B8984D3B655B2AB56F722BD0A0E5A77E605
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.................0.................. ... ....@.. .......................`......hb....`.................................p...K.... ...................:...@......#................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H........j..p...........`...[............................................*..B(N...(....(....*.....(C...*.0.......... ........8........E....$.......5...............|.......+...........3...w...{...........8......9.... ....~....{l...:....& ....8..... ...r w)..Y .Z.a~....{N...a(H...(....(...+9.... ....~....{....:K...& ....8@...8.... ....~....{j...:'...& ....8.....9.... ....8....(Z... ....~....{....:....& ....8...........s....(....*. .@.. ....b ..a~....{V...a(H...(....(...+9/..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsRemediation.exe.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):532
                                                                                                                                                                                                                                        Entropy (8bit):5.071669869884946
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdG3VOcrL59LNFF7ap+5EPf/2/+ZS9FicYo4xT:2dErvPF7NEPH2/+w39y
                                                                                                                                                                                                                                        MD5:801C6F8CE1CA9EAC249D7CD896E49649
                                                                                                                                                                                                                                        SHA1:6C39302A125ED0D5B4E7FAB0F04231264B5E59FE
                                                                                                                                                                                                                                        SHA-256:30F7E43D8512DE6CD64FAA58F6AD86046DA331E979AB4AF38F57BE57F7469EBD
                                                                                                                                                                                                                                        SHA-512:CC310126D9FE3857ED7F335400C11749911611EE782C172426F31ED7B6B7B3921C53BBFA5FEAB3BF1B0637A53581ACA231A7ED144D77F7B0237C77E4096F4D76
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsServiceController.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):179072
                                                                                                                                                                                                                                        Entropy (8bit):6.562871128885791
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fT9nvidN3G9nZm4feQPMYGQh5AB9vaTiYuzdNd6iB6KA5U:fT9nvDB75Fq91dNd6iB6K
                                                                                                                                                                                                                                        MD5:8DCD92DE516608670F57193D74824A3B
                                                                                                                                                                                                                                        SHA1:C67C347DFA47C2DB1628FAB8BF9906C353F33DD9
                                                                                                                                                                                                                                        SHA-256:96DB49DB4DD12B9F86144FEDF83AC7DC12D855C5D7E3C863FD5B1696966AC345
                                                                                                                                                                                                                                        SHA-512:E5FDE81AE57E68DF69FC7695B9E16D8C7D188A30A4D68FFB682A3DCFEDF2C028874145815AAD2F957A02B0EAD6AD8F1442635DFA580339816110E7B1CDBC0C0E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.C............!..0..t.............. ........@.. ..............................".....`.....................................K....................~...=..........A................................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H........q..<...........$................................................(....(....*.0.............*A...........(...;...:........0.............*.................0.............*.0.............*......,....5.....0.............*......L..6.:.....0.............*AL..................Y.......................^...............~................0.............*......T..".......0.............*.0.............*.0.............*A.......C...........c.......B(....(....(5...*.......*.......*.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsTime.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.90635157752554
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hYZv554sAHo3T8VNrjP9Z95Xa/rl9qX2Ip4EDeCjdAA1m5wMzsPuMV:hYr9P3T8VTHRKrLy2Ip4tCxf1mlzzu
                                                                                                                                                                                                                                        MD5:3B2E281F09FCA19A7DDFA60F05566101
                                                                                                                                                                                                                                        SHA1:2F03319A5840EB8C2E12DAF8C9E7870FB022EAEB
                                                                                                                                                                                                                                        SHA-256:4041ECEC136A63E97B5FF0C980B95A4A5A193F95024C36BF56BC45DFBAC0558F
                                                                                                                                                                                                                                        SHA-512:F0C261714666BD5FF804BF6FD72C71AEFAAC0C9F13A74A1551FF65D5808B5E2C624A6B660B611B64714583C9B3363A33426C30223AEAF9D95F7770D06AD039F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$ k..........." ..0.............~,... ...@....... ..............................N.....`.................................,,..O....@..H................:...`.......+..8............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................`,......H.......l"..8............................................................0..E.........(.........(........(....(......,...(....+...(.....#.........(....j*....0..2........(.......j1..,....l(....+....l(.......3...(......*2(.....(....*J ...........s....*...0..|.........(....,....j...(.........(...._,..........*.(...........(............(...._-&......(....-..........*...(....Ys....*.js....*.0............j/..j*.(......./...Y*.j*...0..|.........(....,....j...(.........(...._,.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsWSC.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):208416
                                                                                                                                                                                                                                        Entropy (8bit):6.66794417577223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DelSSyM0edH6EPcfkUlpOepc4b6SBw8b+tjzyXOjnBYJwdkJjd/09xHcxOz:8SSl08EfkUlnp96Sa2u/yuBpdcu3h
                                                                                                                                                                                                                                        MD5:D8021F3B7E9C952B7EC33B929183E8EF
                                                                                                                                                                                                                                        SHA1:ED2D1DF3E7CAE24754DF2B59AB69263CA2EC8D13
                                                                                                                                                                                                                                        SHA-256:3744DB07F72992950FF14D39E7E82302B99557592649A855497C18DB3D7A3B39
                                                                                                                                                                                                                                        SHA-512:07C7DF63D4DD21B65ECE55BD6EF6D513F9DF400F5FE456BEDBCD24AE5C58800F4FB189CE00B2C0BB05B724234FA227904C021C4160D8C5541CD4B599DB2AAB47
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0R...............0..~............... ........@.. ..............................5 ......................................`...K.......l............... ..........."................................................ ............... ..H............text....}... ...~.................. ..`.rsrc...l...........................@..@.reloc..............................@..B........................H..................=....<..2^...........................................(k...(....*:+.(.^K5.(a...*..0.............*.0.............*.0.............*....*....0.............*.(k...(....*....*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*......Y....44.....Y....95....0.............*AL..........E...M...8...4...........E.......8...7...........E.......8...5....0.............*Ad..................:...5...........~.......=...4...........~.......8...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\rsWSCClient.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):167056
                                                                                                                                                                                                                                        Entropy (8bit):6.47173453338494
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:X2kniFpIq4pOYs2sMR0i4xcHlyMTz4cU2bf3CLkPUWv2hK:mkniRQOYs2jRr4xcr3ELkPUY
                                                                                                                                                                                                                                        MD5:FD49CDA141634DFD2CB9538878D4FB0D
                                                                                                                                                                                                                                        SHA1:E52637CBF9724A59EDB51194A8F9B2784D019465
                                                                                                                                                                                                                                        SHA-256:9D7B2A3F3B53A3999B085466F4D12C80B062812FB871AAE34A621082EBC81BD7
                                                                                                                                                                                                                                        SHA-512:69BB9B3234B2EDBF93010DB72C47B00DE1D3C39E5F72FF8DDD7F408334709CDA3C6B27981F90E3BC1DFE43CEA82CD4363241A74C7824FC04BB189E0A622DBE2F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..H..........>f... ........@.. ....................................`..................................e..K.......\............R...:...........e............................................... ............... ..H............text...DF... ...H.................. ..`.rsrc...\............J..............@..@.reloc...............P..............@..B................ f......H........l..L...........X....i..!e.......................................(....(....*:+.(...W.(....*..0.............*....*....0.............*.(......E.........l.p..c......^..?.......0.............*....*....0.............*A...................}........0.............*.0.............*........t...".......t..}.....0.............*.0.............*......$.k..}....B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\EPP.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2285056
                                                                                                                                                                                                                                        Entropy (8bit):2.0558079294683314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BWaGrR1sGXh2YGmO+OB69vV7GVrKEu1aeBv1L8ajGCsCMldD:BWaGrQGXhZ7OS9vV7G5MphKlV
                                                                                                                                                                                                                                        MD5:4BE222B0796DF9D496E9FF02C389C304
                                                                                                                                                                                                                                        SHA1:A50131CC3683AED3C32847CDD0B8B976951296BA
                                                                                                                                                                                                                                        SHA-256:AE6D512A1D4F0F4B91A699C80EB6B97ACD3BC59B22375A3039D74B58B31E9C2D
                                                                                                                                                                                                                                        SHA-512:26CCCEA83B3F1DFE84C63CACD4698D9EEA373219CDF810F5DBC1ACE313B1478D753EB5547CA186076E878883B462364DD80136805D7AADABD5917CF485A55EAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........I...I...I.......L..............C.......Y.......@.......b.......H.......L...I...........H.....E.H.......H...RichI...........................PE..d...X>Pf.........."......H...T!.....PJ.........@..............................#.....ke#...`.....................................................<....`.... ..0..X....."..>....".t.......p........................... ...8............`..h............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..X....0......................@..@_RDATA.......P......................@..@.rsrc..... ..`.... .................@..@.reloc..t.....".......".............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\app.asar (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19517294
                                                                                                                                                                                                                                        Entropy (8bit):6.694656838901371
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:d+ST74motPO6kP2yKFZ18eBEUuvO2iVTmkPF6F5iyNbQ0/ynL:4STsdhB2UUiVBP0IIsL
                                                                                                                                                                                                                                        MD5:5B3C96E8253407BB4D731B00F64F42C3
                                                                                                                                                                                                                                        SHA1:F6F1C01CCA4DEBF091A8A6A76CF65D8FE47E9881
                                                                                                                                                                                                                                        SHA-256:8EE98FEC98550BFB5404406191838972977EFBE8B38B043D91BE2D2A5DF80C4D
                                                                                                                                                                                                                                        SHA-512:F257F5BAE982DE279D29475CBAD159C79B3BF7834434F944FF92CC34B6190C84489B755BAF513203578F105A106405428E84A58A6A3978D8A666765523CDFC42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................{"files":{"asset-manifest.json":{"size":22307,"offset":"0","integrity":{"algorithm":"SHA256","hash":"1c397dbeb5572ee886bf7ad240ec1d6a49fdc39467eef0435c0bc2ec078d1b28","blockSize":4194304,"blocks":["1c397dbeb5572ee886bf7ad240ec1d6a49fdc39467eef0435c0bc2ec078d1b28"]}},"electron":{"files":{"assets":{"files":{"icon.ico":{"size":2127654,"offset":"22307","integrity":{"algorithm":"SHA256","hash":"b79838b15a988ea1aaaead3ba1353d54085cc76008489fb42f614e96f8b46aab","blockSize":4194304,"blocks":["b79838b15a988ea1aaaead3ba1353d54085cc76008489fb42f614e96f8b46aab"]}},"tray_icon_notification.ico":{"size":16836,"offset":"2149961","integrity":{"algorithm":"SHA256","hash":"195607d97318343d29f77215740adce9a8029f7944db37f912a4b1b2290f115e","blockSize":4194304,"blocks":["195607d97318343d29f77215740adce9a8029f7944db37f912a4b1b2290f115e"]}},"tray_icon_rtp.ico":{"size":28078,"offset":"2166797","integrity":{"algorithm":"SHA256","hash":"ac1878c446d7434ad43262739b23085830a9bd4c67864ea0fc57228ea218

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\app.asar.sig (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (684)
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):685
                                                                                                                                                                                                                                        Entropy (8bit):5.950928481801507
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:ctCb0Vz+/Zq+hQrXSx2zIAtw3LAvljajTo25nmEOAIKb2d+MQRs0Cv8Q3Tz2On1+:4809+/fm7Se23LmzcncAxW+MQe0Cv/ut
                                                                                                                                                                                                                                        MD5:39990FB3FBE164F5CCA526FFF6678787
                                                                                                                                                                                                                                        SHA1:7037190DC2C2D10C9220B30A6AC3E5186215CC8C
                                                                                                                                                                                                                                        SHA-256:513EEC3066E2C6ABAA5654D14157DAC092B8546A22F88F64F17A3B0FA31FDFB5
                                                                                                                                                                                                                                        SHA-512:FD2F93C033B1A35BCEDF459573E12DF9529ACAF919AEBAB0F0296E90230E0A2D1C758FCD5DC1EB6533DEC4EF11077D832C245F284FCF38E4B1188FDAF8749C3B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:NNWiHoYKUNP4wim/xps0pIZW91JrzgVqVKdk6/6p/0VFB+U6s116mOKSdx+CEtHEJQa5FpngO7YuDx5amohtSnS9F5vpFqIAFTpczGGYHkDJ7J0+RvDIrR6IxDEJB/8M5yEw4Df8NV2dvKjHoYEVgKgpDIASXxDufeJW4syXz3+UCdWaS2rSz03vmSmBlsQNIwMTBD/PVpSEqLvT49UiP9b+Dy5zopLHWd/F5zo+DUJnX98OZCQ1DYAwwqHyXIvPBDamJraD4ja3C7ARVl0ALRif5Ju/ONOqPsVBQRvhM43X7zwZfnpWJZ+8FwWu+3UnRXZfbP3FX1D71/tCLUb44bykmgaKEkH0kMA8TAkEWlSmYZTr+Zt+n8l2HzB/5gX1mfcqDAJxWGlyAQu/6mzzmnWaJgdWR7HmsIPZ3LrR/aGHuJp9RVpj5xmkkiWPSkt+Kh79kKit44CzavGzx+5VLTuGghqBbfTKRzklFAAEMKRNEfj9Y5FD+ort4NwD0HKmehYcrv5G6dN33P11BWIe0CYAme6aJjqJ3CkxG7+2g3CAJM1I7dbRysLWD6gunrkYvjvVJKd+ew2ol9Af5Y0ROYYTupmTFRGoV6ZSx6E7mLL7/Mu+hNPdual3xBaLYR8Ac7Yjb4QEkFGziaFPRZz8qp0ywLbjqgHKqcHFEzL69yQ=.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):204800
                                                                                                                                                                                                                                        Entropy (8bit):6.408978814111418
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Bxa137c+Jw+7mlU6UFyAIJXw9AlbLI+aYroEWOV4iDh:Bo37c+JwGIApIJA9AlbuJEfbN
                                                                                                                                                                                                                                        MD5:9504727B1D15A8BDF74F28F40C85D1F3
                                                                                                                                                                                                                                        SHA1:DBDFCB492A583EE82C86013FD03C3F9FA1288D59
                                                                                                                                                                                                                                        SHA-256:F5DD2E25F142BFC75060DD1000B858349998497196C2509D508368131A89FDD5
                                                                                                                                                                                                                                        SHA-512:4EF87E1507C95C4B012F03D7E9D1664D3CA73FED8960D48D1E791C9C16A2A57855EE299526DEE0BE89ADE9B98A0E76B7CD6065B312DB1D559267FB8381FF2DD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A... .. .. ..@P.. ..@P.." ..@P.. ...U.. ...U.. ...U.. ..@P.. .. ..+ ...U.. ...U.. ...U1. ...U.. ..Rich. ..........................PE..d...*..b.........." .........................................................@............`.........................................P...D.......<.... ..........(........>...0.......~..p............................v..8......................@....................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..(...........................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):204800
                                                                                                                                                                                                                                        Entropy (8bit):6.408619361294289
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:6xa137c+Jw+7mlU6UFyAIJXw9AlbLI+aYroEWOV4iCY:6o37c+JwGIApIJA9AlbuJEfbz
                                                                                                                                                                                                                                        MD5:CEDCC6CEAFF8EB1C4BE2A5E6E2B012C3
                                                                                                                                                                                                                                        SHA1:D53FAB8D1FA4A2AFF8E490C8F7F13F5B1C691C8E
                                                                                                                                                                                                                                        SHA-256:282519F369B7D642BE6B1AEBDCF83B113101B812896C379E53D99A859A39B8DA
                                                                                                                                                                                                                                        SHA-512:D3F4A6C01EEC58418DA43BCCE2BB74C8FCB4B75CCF6140CEB402CFEEB05997324F7E583249F905CB31750E2C00703E3A04F7823681AEEDE84C07E0018C635AA1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A... .. .. ..@P.. ..@P.." ..@P.. ...U.. ...U.. ...U.. ..@P.. .. ..+ ...U.. ...U.. ...U1. ...U.. ..Rich. ..........................PE..d...*..b.........." .........................................................@............`.........................................P...D.......<.... ..........(........>...0.......~..p............................v..8......................@....................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..(...........................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):124560
                                                                                                                                                                                                                                        Entropy (8bit):6.262453461799155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:N+rSugvaDzJGezUUSBxlezTESfWwjbE42qyGHzdHKcQsWydp9dlscxHi/9afI5g:N+rSu15XslsTEMPs42qyqKaB+cs5
                                                                                                                                                                                                                                        MD5:04BFFD5DEC81CBD4A75C00D36A1E0510
                                                                                                                                                                                                                                        SHA1:48B7E059157AECF0CEE08F7C5273929572499704
                                                                                                                                                                                                                                        SHA-256:F17416F61D9DDAEF528CC1121205E6526AAA0600114A61535D6C1D7CB76DEB00
                                                                                                                                                                                                                                        SHA-512:67CA87F152D7B63030BD24F2DE1E60F8C9ACC6A2B401350AF168CC03A1A7C8FBCCB81D097F6E4AA6608FF4E8FB119A426F1397BB0DFAAA02D86B99FBF84D76D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............N..N..N...O..N...Ol.N...O..N...O..N...O..N...O..N...O..N..N..NS..O..NS..O..NS.eN..NS..O..NRich..N................PE..d.....a.........." ................................................................P.....`.............................................h.......<........................:......d...P{..p...........................0x..8...................T...@....................text...@........................... ..`.rdata..z...........................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\ui\manifest.json (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):117
                                                                                                                                                                                                                                        Entropy (8bit):4.19896048699559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:mifFQiXvF9+GNHfFQ3TRpvF/FHEYd7QWNwFiOv8KAfFHURXPFMY:v2KdgGjYVC4OFAt0RSY
                                                                                                                                                                                                                                        MD5:E250CCE095CCDBA7CF7B0399DC8D8970
                                                                                                                                                                                                                                        SHA1:49A4AA2D4240C6E68BC2E4A17C1006ACA156EF6B
                                                                                                                                                                                                                                        SHA-256:8188F879E93D568204BCD78E8F1B43F120A6F0917DCA9B045EAB946D84907A3F
                                                                                                                                                                                                                                        SHA-512:248832E5358BA06338C061AB675CC1CF6F01B17CAE5BD62FE1A65E8A9BD46BEBCEE76EC187628C27B67AB919040558F636698DB9A08335AE431CEE4964715373
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{. "name": "epp-ui",. "arch": [. "x64",. "arm64". ],. "dependencies": {. "electron-shell": "1.4.2". }.}

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\7z64.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1857536
                                                                                                                                                                                                                                        Entropy (8bit):6.308114326702068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:y8sHeHKHplfu94i55tbhris2CCEnWaWBvYyozGUIjnRnUC:y8Y/Q94iZNrP2t0ZyyIjnRnUC
                                                                                                                                                                                                                                        MD5:ECC83C860D6D7A1B8A6206948900FC0C
                                                                                                                                                                                                                                        SHA1:E07003B71BCF02DF865F65B5F763268AEC60D05A
                                                                                                                                                                                                                                        SHA-256:AEDB54DDA1ED189430E942D85DC50031565544694C8229FC8F6D4394235764CF
                                                                                                                                                                                                                                        SHA-512:A260B1DFD2985E565231A66939D7966204EB8861159CBD88A2C0DA96F0747214B8B52EA25420D157FE244E34862F1A2C8025A54965E01F5C54CAE11DBFA4C47C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..07.sc7.sc7.scA-.c6.scA-.c<.sc7.rcR.scA-.c.sc!.wb4.scA-.c..sc..pb0.scA-.c6.scA-.c6.scA-.c6.scRich7.sc................PE..d....\.d.........." ................pe...............................................@....`..........................................-.......$..x................1.......>.......!...................................................................................text...]........................... ..`.rdata...^.......`..................@..@.data........0......."..............@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...3.......4..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\SQLite.Interop.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1646736
                                                                                                                                                                                                                                        Entropy (8bit):6.5502084862762135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:JKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB:JK3/z0h
                                                                                                                                                                                                                                        MD5:5796085AF562C2E98939B4230AE14723
                                                                                                                                                                                                                                        SHA1:3049BEA83BA556F021E34D8B4B8176A8B29B8096
                                                                                                                                                                                                                                        SHA-256:31560913EF14B54FAE7A0A3AA38F531E7705ACB0BA69E50483B5F6447E1805D4
                                                                                                                                                                                                                                        SHA-512:A39903B3E321DDE00EFD6C4E1FC19D2F2E9601AE221C8EE6A51D6BB5D35AB1AEF65F282A74A846AA6AE2A2EA8CC338ACF89F8A31DE4ABFF473D9B218536BE338
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@...........`..........................................V..X1......<.......<................:... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\ext_x64.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):378368
                                                                                                                                                                                                                                        Entropy (8bit):6.323464271782006
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:eBYqz/61Z2lKHQM/QX1ahKrJQRB2XHbV7iFGrwGav4VohWrtdmXR:eJ/UIwQM/qo4rGREXH1o8oR
                                                                                                                                                                                                                                        MD5:56C7619C00F192566EB83574A8DB52DE
                                                                                                                                                                                                                                        SHA1:04B70963A8A4DD097D5485F5955A9CB8EAEF688E
                                                                                                                                                                                                                                        SHA-256:89C96ABE36042E6486D1E6A5A3233B30F9D8CDD08C8300237C75F33BC2F46610
                                                                                                                                                                                                                                        SHA-512:CE5B801CD8B3E9C10F0AFAAE39DD98A75E9FFD32EBDB6E38C6BF6803A9543FB364B1E60969BC398B020CF7534E8699E178CB2E4191D36D052E454D44AA505E1C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................3~+....3~)....3~(......................Z..........................%..........Rich...................PE..d.....]Y.........." .................`...............................................e....`......................................... 4.......4..P........................>.............p.......................(...`................................................text............................... ..`.rdata.............................@..@.data....2...@.......&..............@....pdata...........0...@..............@..@.tls.................p..............@....gfids...............r..............@..@.rsrc................v..............@..@.reloc...............x..............@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\lz4_x64.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):121856
                                                                                                                                                                                                                                        Entropy (8bit):6.2949477851647835
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8vysFz2cyiAtLfc57mfngv6ALQ09tNdUNtDfBv5XvEX6c+y:8vy6z2GAtLfcCgv6ALehJcR
                                                                                                                                                                                                                                        MD5:499BA5735A47E2B547C86BE363DF89C2
                                                                                                                                                                                                                                        SHA1:9FB9BCA2DA6D33B54761D9B4F739F9DA2DEF5B25
                                                                                                                                                                                                                                        SHA-256:8488F38CA4DBB8A3AF6C39281C8774A6BD9F3E0AED2E3B046FA250C238875D24
                                                                                                                                                                                                                                        SHA-512:BE9BA4494AFBF630906AA27E7B3AF63A63D28D666C5EBA7613192DE0F3196E011AADD442FFED2C69ED8BE9255B77F1070A5FB969D7CB4CD18FE3445DEC78AA75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L^."..".."...!.."...&.."...'..."...!.."...&.."...'.."...#.."..#..."...+.."...".."......"... ..".Rich.".........................PE..d....HSZ.........." ................D/...............................................=....`..........................................|..d...$}..(........................>......L....c..p............................d..................(............................text...`........................... ..`.rdata..~...........................@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\rsCamFilter020502.sys (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):48944
                                                                                                                                                                                                                                        Entropy (8bit):6.755780295147749
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:68vbBtr3uL645Mx5wm9sKN6DRtoQpH3e6n9yEM1didV1VaXLkj3XV13hwOOPO9z4:Hp3uORwOO3/c1dGP0+xnOiz4
                                                                                                                                                                                                                                        MD5:633861D85B60EB7DE2E820F4FAC586E0
                                                                                                                                                                                                                                        SHA1:E5666AECD7B9D97627C4A0FC06D52AEA59D7C37D
                                                                                                                                                                                                                                        SHA-256:8EEBBE6A69D030FF7944524E22126218B6AE8CDB349C97FEEDB83CD0686BBB38
                                                                                                                                                                                                                                        SHA-512:8F26D38ABEF1CA2B365A2B1CC6B2A49C55319C59D790C32EC8D5728596FDDCF9252230C200ABAE4609884CBA3449B3EA778785244330F98C8C21CADF8C921AE1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'F..tF..tF..tF..tG..t...uC..tF..t...t...uA..t...uN..t...u@..t..*tG..t...uG..tRichF..t................PE..d....<|d.........."....".L.....................@.....................................`....`A................................................t...<.......h....`..`....l..0S......$....D..8...........................`C..@............@..H............................text............0.................. ..h.rdata.......@.......4..............@..H.data...@....P.......B..............@....pdata..`....`.......D..............@..HPAGE....a....p.......H.............. ..`INIT.................V.............. ..b.rsrc...h............d..............@..B.reloc..$............j..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\rsJournal-x64.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136328
                                                                                                                                                                                                                                        Entropy (8bit):6.275782785750883
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:TOJMZaVYm1tAF3f5tqKhRWmGBASRua3jXKqMVqhcWMsWCdt9dl3RDsp3rPHi/92X:TOJMucfP9WmSAmNzaqM0hnF9BRDsJMM9
                                                                                                                                                                                                                                        MD5:9BFDBCFA3233482D9DEB99F115505CC5
                                                                                                                                                                                                                                        SHA1:FCCE0D2EF738808E203DE6923EA5F463D1132C33
                                                                                                                                                                                                                                        SHA-256:AA4A93069098D1D67BF6A731FE87CFE877886B25ED18FA8EC30811C30636EA22
                                                                                                                                                                                                                                        SHA-512:90A9933ED21C68D18A5CAC2D41889FAF428EF6B2A137D5D809F8DE63A9331EA1C8E78BB5693AF3B80E25E3D8151C216ADCCD11C1557361674FCA51796D5DEAB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V2.`.S.3.S.3.S.3.!.2.S.3.!.2.S.3.!.2.S.3@&.27S.3@&.2.S.3@&.2.S.3.!.2.S.3.S.3OS.3.&.2.S.3.&.2.S.3.&v3.S.3.S.3.S.3.&.2.S.3Rich.S.3........................PE..d....Ia.........." .........................................................0......Jl....`.........................................@..........(.......h................:... ..l.......p...........................p...8............ ..x............................text............................... ..`.rdata..$.... ......................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...h...........................@..@.reloc..l.... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\rsKernelEngine.inf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3063
                                                                                                                                                                                                                                        Entropy (8bit):5.014088126389475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:utXfcDLNthOyA9Bd8WMv/EhtF/qi/Oaucosld2dVBBiBklmP55I4kYlIRF7osFrr:uNfcDLNPOyALd81v+tVR/qlPsBklA5IL
                                                                                                                                                                                                                                        MD5:E8EF8570898C8ED883B4F9354D8207AE
                                                                                                                                                                                                                                        SHA1:5CC645EF9926FD6A3E85DBC87D62E7D62AB8246D
                                                                                                                                                                                                                                        SHA-256:EDC8579DEA9FAF89275F0A0BABEA442ED1C6DCC7B4F436424E6E495C6805D988
                                                                                                                                                                                                                                        SHA-512:971DD20773288C7D68FB19B39F9F5ED4AF15868BA564814199D149C32F6E16F1FD3DA05DE0F3C2ADA02C0F3D1FF665B1B7D13CE91D2164E01B77CE1A125DE397
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:;;;..;;; rsKernelEngine..;;;..;;;..;;; Copyright (c) Microsoft Corporation..;;;....[Version]..Signature = "$Windows NT$"..Class = "ContentScreener" ;This is determined by the work this filter driver does..ClassGuid = {3e3f0674-c83c-4558-bb26-9820e1eba5c5} ;This value is determined by the Class..Provider = %ProviderString%..DriverVer = 03/25/2021,1.0.0.2..CatalogFile = rsKernelEngine.cat......[DestinationDirs]..DefaultDestDir = 12..rsKernelEngine.DriverFiles = 12 ;%windir%\system32\drivers..rsKernelEngine.UserFiles = 10,FltMgr ;%windir%\FltMgr....;;..;; Default install sections..;;....[DefaultInstall]..OptionDesc = %ServiceDescription%..;CopyFiles = rsKernelEngine.DriverFiles..;, rsKernelEngine.UserFiles....[DefaultInstall.Services]..AddService = %ServiceName%,,rsKernelEngine.Service....;;..;; Default uninstall sections..;;....[DefaultUninstall]..;DelFiles = rsKernelEngine.DriverF

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\rsKernelEngine.sys (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49456
                                                                                                                                                                                                                                        Entropy (8bit):6.631066056716293
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768://Vqt92EbtYnekejiYF5blvhBVu8suwIppriCAVUValkjvJt3Hy5Z:EmeLT0CpprAqs6tXqZ
                                                                                                                                                                                                                                        MD5:F77B9B6CCCA206535EB9672266A462B1
                                                                                                                                                                                                                                        SHA1:479345A89FB7362CAE53A3040F4EFCEE55B92BF7
                                                                                                                                                                                                                                        SHA-256:BC4EBE3656BE0F502B65A2CA247FFA1B3065EC6FE2E76D3AF21511A0616F855C
                                                                                                                                                                                                                                        SHA-512:9C80E9C83A58C9E2C63F22C17E4FD4DF227F04960AA2212C66A1308512FE02E71CB7300455965109A7E3931ABD38EBD15162FE3CB46C3328F28D1AE175B4EFE3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2.P.Sg..Sg..Sg..Sf..Sg..5f..Sg..5c..Sg..5d..Sg.C:c..Sg.C:...Sg..S...Sg.C:e..Sg.Rich.Sg.................PE..d...".\`.........."......H...&................@....................................A......A................................................4...<....... ....P.......r..0O......D....5..8........................... 6...............0...............................text...D........................... ..h.rdata.......0......."..............@..H.data...$....@.......2..............@....pdata.......P.......4..............@..HPAGE....N....`.......8.............. ..`INIT....6............R.............. ..b.rsrc... ............b..............@..B.reloc..D............p..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\4ddojutq.nph\x64\rsYara-x64.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2368144
                                                                                                                                                                                                                                        Entropy (8bit):6.822279556639425
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:EGtlqmIU6i9WVwASOgrXZLIgUivtw6jx5+8678vcWs4jdNsgiPLI:w+3zjdsZF4jTsgsI
                                                                                                                                                                                                                                        MD5:A43118B1455E67429B40C004379D0EC7
                                                                                                                                                                                                                                        SHA1:862B1B00F881BAEF639D517C6772DAAFE06B135D
                                                                                                                                                                                                                                        SHA-256:0E020A3A096FF4A161ADBC501C3D71F2B4B0587735E86CF8673544286808494E
                                                                                                                                                                                                                                        SHA-512:887A0E7E46804CD79C91F313E9AD32E5E5EEE594CCD126A6CBC491AEE2B90E623D666DB1FCDB5B7CE65193F02653855E63B673F888EA7BDCA712081CA8AE390D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......}..o9r.<9r.<9r.<r..=3r.<r..=.r.<r..=7r.<?.U<8r.<?.=.r.<?.=+r.<?.=-r.<9r.<.r.<r..=4r.<9r.<$r.<..=.s.<V.=.r.<V.=8r.<V.=8r.<V.W<8r.<9r?<8r.<V.=8r.<Rich9r.<................PE..d......e.........." ...&.....f................................................$.......$...`..........................................i".t...Tk".......$.X.....#.D.....#..:... $.lS..0k!.8............................i!.@............................................text............................... ..`.rdata..............................@..@.data....v...."..0...f".............@....pdata..D.....#.......".............@..@_RDATA........$.......#.............@..@.rsrc...X.....$.......#.............@..@.reloc..lS... $..T....#.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ARM64\KernelTraceControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):265728
                                                                                                                                                                                                                                        Entropy (8bit):6.227072664660365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DJxCYKhMXJw5eSpmpi4F1Lvvt+S/77gQQgfUFOlkBsTdUM3J/qyPUQrmqMlw2aFG:DJxJK/dpOfr37g1QOe5qWlr0lwbG
                                                                                                                                                                                                                                        MD5:51117CE7C1A4BC9A60F614A7EE35FA6A
                                                                                                                                                                                                                                        SHA1:8B2582DDC2F4D70014C5012A811352C31A054B05
                                                                                                                                                                                                                                        SHA-256:45F09D1BFBDC7D513D371E0DE290097F2142CBA513F77EF11CD4BAA9A2797FE4
                                                                                                                                                                                                                                        SHA-512:B3FB5047036FA03359F8ABB9CCA6C228D87D0C8F560CC9A294D13ABBC61B84019F6E1FFA35AAC44A243AA6D5965C84CF8D5DEFBC521F3544479B0BFA38D377E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.lO.......................H...................................................................Rich............................PE..d...Bz^..........." ......................................................... .......V....`A........................................@...................x................>...........(..T...............................8....................}..@....................text............................... ..`.rdata..............................@..@.data...`'..........................@....pdata..............................@..@.didat..@...........................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ARM64\msdia140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3490816
                                                                                                                                                                                                                                        Entropy (8bit):6.326124434789562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:jF+5PLDsbg5+e9VvR/hzH01zzEbMx+5vqDLBOmUAmPNb63oJmoJS9MeK3XqRZ:GDPfpz24ME5nbqogp9h
                                                                                                                                                                                                                                        MD5:37A7A31A4A28C4FB13878C67FF114C08
                                                                                                                                                                                                                                        SHA1:9726DD9EBDB5203581FFBC67AE21814172E72D7F
                                                                                                                                                                                                                                        SHA-256:8E5EED1FB13D790F061F45125D9F13135C46F7E4614874B4A2A23ED7FB6F2851
                                                                                                                                                                                                                                        SHA-512:55FAF413A434406A91E6313AFDBCBB48A50DB0CC85687B90DA38A76D14008F655FF63AD72DCB1FC5DFB755CD3400418E99A7886C86E429117812BF5BAF6209A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ^..N...N...N...M...N...J...N...K...N...J...N...M...N...K...N...O...N...O...N...F...N...N...N......N...L...N.Rich..N.........PE..d...@TA..........." ...$..*.........P.........................................6.....eL5...`A........................................@.1.....<.1.(....@4.X....03.0.....5..>...`5.....()0.T....................*0.(....,.@.............*.......1......................hexpthkp........................... ..`.text.....*.. ....*................. ..`.rdata...c....*..d....*.............@..@.data...$.... 2..r....1.............@....pdata..l....03......`2.............@..@.didat..`.... 4......N3.............@....a64xrm.@....04......P3.............@..@.rsrc...X....@4......R3.............@..@.reloc.......`5......n4.............@..B........................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ARM64\rsYara-ARM64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1768448
                                                                                                                                                                                                                                        Entropy (8bit):6.608015764873274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:NFh+6066jUNguhPGJQAJQfxilwTebiPcFvX:vgEaUNguhPGJQAJQUldbiPcF/
                                                                                                                                                                                                                                        MD5:4845895C33EF465D7E87C299F777E108
                                                                                                                                                                                                                                        SHA1:90E7917C79733E469C34B59275DB667A78AB0AD9
                                                                                                                                                                                                                                        SHA-256:E8D15C16D106660E7B100B8F2CF471E80407422A91A22A1D04F88103559E7AD9
                                                                                                                                                                                                                                        SHA-512:96EA20296791696234BFA2AA2D53D1CDB79A2EA5460F3F0CF7AFF94AB99C037D30F6258F609A62689BF14977823C427448D0342483FD46B47A720490F7BE1338
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......,%._hD..hD..hD..#<..jD..#<...D..#<..~D..hD..iD..n.h.iD..n..wD..n..|D..n..fD..hD...D..#<..cD.....lF.....ID.....iD.....iD....j.iD..hD..iD.....iD..RichhD..........................PE..d.....e.........." ...&.t..........h........................................P............`......................................... ...t.......x.......X....`..0x.......>.......R......................................@...............h............................text....r.......t.................. ..`.rdata..~C.......D...x..............@..@.data....r..........................@....pdata..0x...`...z..................@..@.rsrc...X............d..............@..@.reloc...R.......T...j..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2624144
                                                                                                                                                                                                                                        Entropy (8bit):5.839297070317323
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:TSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:rxodumo6Lr
                                                                                                                                                                                                                                        MD5:B18CA30F651CFFF347CBEB8BAB938014
                                                                                                                                                                                                                                        SHA1:238373F463B31BA04F5C42A0B4926E1E199E7E36
                                                                                                                                                                                                                                        SHA-256:D21186E6BA5DD62BD873F544215E78EEBF7536ADBF787BD103E694A10D07E1E8
                                                                                                                                                                                                                                        SHA-512:990EFD9AA0AC93E612193CC8E653E0B614003099C3DBF5B8971406D090D0FFBD4D73CC537633DC3BF115F662DDD9B496992356FB19A588B7BAE830170131BEFA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.._...........!......'.. ........'.. ....'...@.. ........................(.......(.....................................d.'.W.....'.`.............'..:....'...................................................... ............... ..H............text....'.. ....'................. ..`.rsrc...`.....'.......'.............@..@.reloc........'.......'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Dia2Lib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58880
                                                                                                                                                                                                                                        Entropy (8bit):6.4695031247599255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:iQMT4Q3O9ymyKJcy3Xs3y4rV50sds8SzUwHhTHRKrLy2Ip4ruTxf1mlA6hZ68:HQCye14oGs8SNhTHi/9rufInhc8
                                                                                                                                                                                                                                        MD5:50BA6B3FDBCEDF339C9E7097B8714294
                                                                                                                                                                                                                                        SHA1:012D4E83B2B698903EEC0C1D608033389797A225
                                                                                                                                                                                                                                        SHA-256:E2940DDCCB2427DAA5996BAF3FAC1A50B01D59DD42D49A7D2889F12773B87384
                                                                                                                                                                                                                                        SHA-512:C930FF79972D927F332CF3C3E7641176883211854253102C92FE96BB3D909A5ABBCF2A89B5FC1324C4E262F9E6BA49B4D83BD73DF4DB2BD37D615073FA1B1F0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.NZ...........!..................... ........@.. ...............................k....@.................................P...K........................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........ ......................P .......................................*..E...$....8..5>I....zc.9.]hOy......=.....jz.......cxR.Be.mZ...............8.K......o.(...i...3.%.....PO.F...Jq...DBSJB............v4.0.30319......l....Q..#~..,R..d6..#Strings............#US.........#GUID...........#Blob...........W.........%3............*.......................q...w...#...........$...'.................{.........).....G.....U.....r.............................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\Dia2Lib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58000
                                                                                                                                                                                                                                        Entropy (8bit):6.450429603336052
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:2QMT4Q3O9ymyKJcy3Xs3y4rV50sds8SzUwHhaHRKrLy2Ip4PPCxf1mlD0O:rQCye14oGs8SNhaHi/9PAfIIO
                                                                                                                                                                                                                                        MD5:771AE99E62F3F041ABA9014682C931AA
                                                                                                                                                                                                                                        SHA1:96FF034CC69E3F8A2D2FFF736E62401B53033C54
                                                                                                                                                                                                                                        SHA-256:DCCD68E5689B31CE6AA58E86040773EF68CCE34A47241664172CBDBB2351C4BC
                                                                                                                                                                                                                                        SHA-512:6AF6D79729931517E68BBB5EC6FA527B6128A814A89C6B68DE42109064B39FDD33F3155ECCEA3CBD300AD6F270CF6C0C4E063FCEDBD85613131177B37D065F07
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.NZ...........!..................... ........@.. ....................................@.................................P...K........................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........ ......................P .......................................*..E...$....8..5>I....zc.9.]hOy......=.....jz.......cxR.Be.mZ...............8.K......o.(...i...3.%.....PO.F...Jq...DBSJB............v4.0.30319......l....Q..#~..,R..d6..#Strings............#US.........#GUID...........#Blob...........W.........%3............*.......................q...w...#...........$...'.................{.........).....G.....U.....r.............................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79504
                                                                                                                                                                                                                                        Entropy (8bit):6.220009040083083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:lG8N6w60T7kWU8EDk26WxvrkJAsSVQ11XVBuBQkjHi/9LfII:lGY6w60T7kWU8EY26WhAAbQ11XVBlkl
                                                                                                                                                                                                                                        MD5:DA77DE075A56F5D84FD0097A28650ADD
                                                                                                                                                                                                                                        SHA1:AF8773B88D44A59088295EDB53E2B11DF1AD448B
                                                                                                                                                                                                                                        SHA-256:316DF4385DB10D7A426C3054007C99E0AD1446AA6E85455D7E7DEDFB6B5D5B5B
                                                                                                                                                                                                                                        SHA-512:6F2E124FCB1534C76D44CCDED3785043F68BB6D643B002EC71668730BDB4E3FB60186F55FBB65F339FAF9478DA253424C8AE646E850D358797A49D3073652D53
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0.................. ... ....... .......................`.......1....`.................................e...O.... ...................:...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........~..P...................8........................................0..(........._,..l(2...i...+...]-..*..X...1..*....*.0..S........./.r...ps3...z~.......+.......2..*..X....i2...`.+..(....,...Y.e],..*..X.. ....2..*..0..!.........Z.. ....6. .....1. ....*.(....*&.j.n\.jX*..0............nZ. d.jX.nZ. dm..*b.H.E...%.x...(4........*....0........................,..-..s5...z*Zri..p......(6...s7...zBr...p~z...(....z6.......(....z"..s8...*^r...p..(9...r...ps:...*:.(;.....}<...*:.{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.Tracing.TraceEvent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3072656
                                                                                                                                                                                                                                        Entropy (8bit):5.981049662169802
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:QGPhcAzmc+AzxpCqu6xX/mazyzDS/B6nEL8Esb2X+ThBtQvxqyfMzrvrBrVJ:pWOmczVpCkvmzzDC6nKsbSMQZqy8
                                                                                                                                                                                                                                        MD5:90999F7893D251FDBFEA7D5D9A13DCAE
                                                                                                                                                                                                                                        SHA1:BC2CBFE15456C6C22E8A73964DB6C32F490DCBE8
                                                                                                                                                                                                                                        SHA-256:F8A01AAACD600867AE37C7CD989155BE6729D65A0940813BA4ED0B1462E502DB
                                                                                                                                                                                                                                        SHA-512:AE73BC354B3CF627F6643C740562FEC045B61C872E29B21C468C4D68287BCF92EE70DE9BBFADCFDBB7099944008868EBEFD8E423F43624CDA7D727C00A4EE3AA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ......................../......./...`.....................................O........................:..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......L...L.............................................................{[...*..{\...*V.(].....}[.....}\...*...0..A........u........4.,/(^....{[....{[...o_...,.(`....{\....{\...oa...*.*.*. ... )UU.Z(^....{[...ob...X )UU.Z(`....{\...oc...X*...0..b........r...p......%..{[......%q.........-.&.+.......od....%..{\......%q.........-.&.+.......od....(e...*..{f...*..{g...*V.(].....}f.....}g...*.0..A........u........4.,/(^....{f....{f...o_...,.(`....{g....{g...oa...*.*.*. B.8' )UU.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.984207052315847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nN9VWhX3WrrjP9Z95Xa/rl9qX2Ip4X5wCjdAA1m5wMDBu:NGeHRKrLy2Ip4XCCxf1mlD0
                                                                                                                                                                                                                                        MD5:492C56C6D03D50225215F0FCCB31A2E5
                                                                                                                                                                                                                                        SHA1:B5C872D6D6DA4195D495B1AA55F10FF35CE1245F
                                                                                                                                                                                                                                        SHA-256:64F9B2FB46A353BC5F9AAFB240BD8E6A3B8AB6398B1915563CB6AF7AF256669A
                                                                                                                                                                                                                                        SHA-512:B6238BB5E095F3016DFDC0A667DFCA0B1EC1949F70C98D9C4FF520D42E1C68FC057285425685D4F203A6CE605981F8F8B6DDC9CA572CBF3C1C64F17D01443210
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@..0................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\OSExtensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32256
                                                                                                                                                                                                                                        Entropy (8bit):6.750742199085297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:lap2N4EhmXBk4iHj4o9dY6sHRKrLy2Ip4YTxf1mlA6aZ+:Ep23hmRP4nBsHi/9kfInaI
                                                                                                                                                                                                                                        MD5:3B62657ADB40EF9C4B26C49615A0173C
                                                                                                                                                                                                                                        SHA1:7F207570DE8F34EB93641FD60DE18108C487ECB6
                                                                                                                                                                                                                                        SHA-256:A4C41E535860E92FE2C6DA72D5852868CFD0C1D362C85E293E48AF9ADF1827CC
                                                                                                                                                                                                                                        SHA-512:408B4E904D982A6EE879A7CD5141A4EA89C36862EB240E9842B970AEE7CF13F7B389BF594C55BB9C438D0B4AEEB43E8EBBFBCEAD1591532735A254D9D5F4288A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.#..........." ..0..8.........."V... ...`....... ..............................LV....`..................................U..O....`...............@...>..........8U..8............................................ ............... ..H............text...(6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B.................V......H........,...(...................T......................................:........(....*..0.....................}&......}'..............(.........*...0..A...................}(......})......}*..............(......,..(....(....*N.-..* ..... ...._`*....0...............{7... ..@._,....,[s.......{7...(........(........(.......(.........Y.....1.r...ps....z....(....&.(.....(....*(......{7...(....f_}7........(....*....0..........~..... .........(.......|0... .b)" .a.. .K.. .....%.4.k.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1646728
                                                                                                                                                                                                                                        Entropy (8bit):6.550293918842392
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:CKBZFqX8TvXzlaPmAA6rKmEOwksSf0WBA:CK3/z0he
                                                                                                                                                                                                                                        MD5:3EC7CF091E6D6D30EDE3983A7C86756A
                                                                                                                                                                                                                                        SHA1:4E57D4370C2E7397FDE04E1B5821FDFEFC8A1CD6
                                                                                                                                                                                                                                        SHA-256:E2B48CE46D04F95DF87D49BEBC7A4A3275225D9AB27F278AFC4FDDF974FD6406
                                                                                                                                                                                                                                        SHA-512:AD8E1789DB2931FB3C879F62C539CA7DEB9CC9E3D929335CD1171FD164D3AB5C270F2237682E693EFE0F82647012161AD7C0938D2C2BF25928CB5AC20D857FA7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................:... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.AppContext.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.978744934396574
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:YDNxWQFWWrjP9Z95Xa/rl9qX2Ip4z2yTjdAA1m5wMAvru4LTrZIjQ7yyRs:YDNVTHRKrLy2Ip4LTxf1mlA6OZM8s
                                                                                                                                                                                                                                        MD5:979925F3CEF9F0B9ACC19D26E339912B
                                                                                                                                                                                                                                        SHA1:5C04FC85D3BFBDA4ACDEE480F3F9A6F30B25AF5B
                                                                                                                                                                                                                                        SHA-256:A479D89EFC4744AB6B3A91F24F2C63C8A7332786A6B65F87FD7046A101F62C40
                                                                                                                                                                                                                                        SHA-512:29A23B0A669FA20F880F1FB414F49C5A3D80682EBE3D88FED80B6168C61B7EDCDE3DEE17290967E3A34809D3EDD1E555199438FC4C7C53F4DB295BF08A63B729
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ....................................@..................................(..O....@...................>...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.042295947879012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Am2igOWnW8rWlrjP9Z95Xa/rl9qX2Ip4+/nTjdAA1m5wMAvru4LTeZIje:gtsHRKrLy2Ip4knTxf1mlA67Zd
                                                                                                                                                                                                                                        MD5:792D0C83FED25753C1DF8F08AD5A5E99
                                                                                                                                                                                                                                        SHA1:027A17662AB34D248388D6E7587BF3F125CAF0EA
                                                                                                                                                                                                                                        SHA-256:87E227E9F7AE7CAEE32625109F4C6D7DC2A7F73FABB07B8FB8C3E04FE549D79E
                                                                                                                                                                                                                                        SHA-512:26CCEE818AFDE2CEA0D6457DA34235D3535806727CBB4F1EF7A58BCBD7B46BF953F3D9211250AA955079CE6D55D0E6107EE4796621D7E4A5F201A3D7A0131550
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..D................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.027720924382012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3napn1iwwPWcGW8rjP9Z95Xa/rl9qX2Ip4QoyCjdAA1m5wMzsPue/:qDusHRKrLy2Ip4QPCxf1mlzze
                                                                                                                                                                                                                                        MD5:EE10259864E9701525FEB46AF8A2D668
                                                                                                                                                                                                                                        SHA1:EC412F80EDF85C5A0D72DE5C5943BCFEE8BC27BE
                                                                                                                                                                                                                                        SHA-256:3757611D8618E2DD166B23793E3D2FD42DE3C717153D265A83783AA70B832960
                                                                                                                                                                                                                                        SHA-512:74FDE33BFBD9F19120AB321325408314232FC6EAAE12DEC915811BE3AF0DD56CF14C896A6CE27AC259B0D21431FEBB75443A115C46047642114FA559E7E0741E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................<.....@.................................p)..O....@..@................:...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Specialized.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.0308593662962195
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:HHLaEav5aaUa6arWVLWnrjP9Z95Xa/rl9qX2Ip4HXCjdAA1m5wMDBuYQ:mPv5t/NO2HRKrLy2Ip43Cxf1mlD0YQ
                                                                                                                                                                                                                                        MD5:16D2C673AA6AD02E71C5D96C778E7994
                                                                                                                                                                                                                                        SHA1:54A6628F49B0A68B8F7F44C0822F8E072F3888EE
                                                                                                                                                                                                                                        SHA-256:81D9E455790D1093214BCE4058D879616CEF04C2EFF5410E930E496B4126559C
                                                                                                                                                                                                                                        SHA-512:FE5FCFA1E366C3B801C286CF940A75D9486F33DE03FF0CF516028E973F2FE47A7669571D74BA620685E679F4723F68F9FF688731D2562A7E65DBD70623BE0EC9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ...............................b....@..................................)..O....@..P................:...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.921371620507193
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J6iIJq56dOuWSKeWErjP9Z95Xa/rl9qX2Ip4K6gYCjdAA1m5wMDBu:XiAMHRKrLy2Ip4K6pCxf1mlD0
                                                                                                                                                                                                                                        MD5:9D3D19EE2BE4AAE01A0A9B0FB4D9E3E9
                                                                                                                                                                                                                                        SHA1:6C9DB4C90C9B88CEF86295F963212A38ECFF3CD9
                                                                                                                                                                                                                                        SHA-256:EA435047D3403FF0E2D6123FF96FD7BFE2021384AD8030AC1D973DB7E916C91F
                                                                                                                                                                                                                                        SHA-512:1AF379AB9452E809E48FA637218B7C64C4988B62A414B0DF2C74C5A7C6B49B7ADB003708C00AFEE4F0195A58D6F170702523840FBF6360660EA5E88F3B8D0A5C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................:...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.974894012448519
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:+nzz+MpSaLWW0+WarjP9Z95Xa/rl9qX2Ip4iCUPlTjdAA1m5wMAvru4LTLZIjt:QpuqHRKrLy2Ip4ibTxf1mlA62Zq
                                                                                                                                                                                                                                        MD5:48F51C415422EC4FE415F81402D73841
                                                                                                                                                                                                                                        SHA1:C6D3443DEFE15AA08722F6B6EFD63AB500A254B1
                                                                                                                                                                                                                                        SHA-256:D67F601AD228DF36C199467BD86EE62B47D18AE57B7A08E13B0502B667D3C187
                                                                                                                                                                                                                                        SHA-512:636EFD35AA0222E30B1C6828C3581A0698F1ACC8D617CF763E0332D75D8EF247686AEB25D73C21B4E42FCF1F5FD576EEC323A480582E244FA3507BD782124B37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ....................................@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.007544012128594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qGhr+YUfyHxsW/HWJrjP9Z95Xa/rl9qX2Ip4BTjdAA1m5wMAvru4LTIZIjay:ZkmcHRKrLy2Ip4BTxf1mlA6xZ7y
                                                                                                                                                                                                                                        MD5:A15F6061F42AF97FFDD51061BCA9C58D
                                                                                                                                                                                                                                        SHA1:A43B2FE6EE0E99DADDBCA6A40AC9B3A02CE3FA6B
                                                                                                                                                                                                                                        SHA-256:CBD238D92430EB86E08D79619F711B0E9EC11715819EF118721E1B981D980A87
                                                                                                                                                                                                                                        SHA-512:C0B2781D16DCF790FB9CDB623EC549A6893E26DF9B4DEB1A4606AB7FF12F31BC36AF4885C14B0EEC00B26ABAD23CBF3A55FE9376B198F0B5F9337C1FBAF265A2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ....................................@.................................<+..O....@..`................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.936578907474719
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dRE+ruiA5vzWeNWwrjP9Z95Xa/rl9qX2Ip4VgB6CjdAA1m5wM36QNuZL:dS9btHRKrLy2Ip4V+6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:360D42F24B4E08FA056AB58734A4CD36
                                                                                                                                                                                                                                        SHA1:DA6E32A298A749ED5C3FA3E05AC2541E1513DB21
                                                                                                                                                                                                                                        SHA-256:B3527A56EBC1FC120BD9E8F9B0E950A56E2D012DA3AD6976B4B7DBED61D9EC8F
                                                                                                                                                                                                                                        SHA-512:D83B5F80769842B29D7031A542EE8BDE192EA221BEB42E220DD28093C3808FB6CF361B33304D632D571597CBAD8EF339EF22D97FAB5D864ADA1B1D4D0C52D6D9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ...............................f....@................................../..O....@..p................:...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.008766161447553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VT+6ywnVvW0LWjrjP9Z95Xa/rl9qX2Ip4IrTjdAA1m5wMAvru4LTOZIjZmt:V99WHRKrLy2Ip4IrTxf1mlA6HZamt
                                                                                                                                                                                                                                        MD5:FA64C77091FC1B02F46CEB1913B7379D
                                                                                                                                                                                                                                        SHA1:F24025CABE1A9DC034186392ED24FF0BF3A495ED
                                                                                                                                                                                                                                        SHA-256:E098965040E3970F28869105CA43DE2E604E2DCA6294339A9D170E0A5DF24D42
                                                                                                                                                                                                                                        SHA-512:13AE6CBA7EB92DCA72BBBA98188B41CD5D58C525F036E5326F5D45D9257DACD65305503A1736380C6C6975616D767628DDF67B94CACA9CD594FAD17B993B8517
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................+....@..................................(..O....@...................>...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Console.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.004123985634671
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JRbzriaXT+WlEW7rjP9Z95Xa/rl9qX2Ip4NjTjdAA1m5wMAvru4LTMZIjvC63:T7ic7HRKrLy2Ip4lTxf1mlA6ZZ963
                                                                                                                                                                                                                                        MD5:86089A16F4C80394C5B404309C6026C0
                                                                                                                                                                                                                                        SHA1:D323D892C114316F838E4ED389BA79F6BD8A3B12
                                                                                                                                                                                                                                        SHA-256:435AF362523ADEDC9A74887C09FF85B6AF5EA3C2EFE87926C175A425313C4CBD
                                                                                                                                                                                                                                        SHA-512:EFB2FFA4F1F8892AD6AD9877BEA147A4ECE5889DD5F28FD87FC6F84CC03E05313CD99AFD8920967A85261E6F09BBBCFE995D4F499C568BF07E9212C44F914195
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ..............................<.....@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Data.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):154112
                                                                                                                                                                                                                                        Entropy (8bit):5.52229117256302
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:tHOdYYWg+GImdMEGK61wb5nx03LBblQ6Ndk66byYSI4Zki+BReD4pK/uYxtl+AHB:gdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+zq
                                                                                                                                                                                                                                        MD5:CD62016404CAC92504889687ABBB13B3
                                                                                                                                                                                                                                        SHA1:C8CFA6AA9D4EE5F203701BEBB78F598F5FBC4C39
                                                                                                                                                                                                                                        SHA-256:DE4D28275A972722AAD7B1C5EC4581665CEF87C6132B9F013530BAC92F70C592
                                                                                                                                                                                                                                        SHA-512:1859D37D46D373C00B1B2DBCE77C8121B47D550AEBE240274F2C29B3870E7F82A18F8AFE1A6A46600DC61F5B6C1D8B8D2158D4EACDD8BDA9CF393159EEAD147D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ....................................@..................................,..O....@...................>...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370320
                                                                                                                                                                                                                                        Entropy (8bit):6.097469567826013
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:WruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmg:VNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeL
                                                                                                                                                                                                                                        MD5:543B9388781D828B95E0952E62ECFC34
                                                                                                                                                                                                                                        SHA1:988750B82F4634BC793AA12E05403DEEC049B7DA
                                                                                                                                                                                                                                        SHA-256:6D1BBFF72AC4163FCA04F27797B1BA1667C37AA45DC3EA7786B0603578DC32A4
                                                                                                                                                                                                                                        SHA-512:97187D01075FC18C1187C99D629B3375F49ABB7225D25CECC8559F783C8D409592DC3687C65FC29F26FBCC831DE2979299499943C0138AA1B635F8D3BF9E7099
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ...............................n....`.....................................O.......$............l...:...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.978601082650283
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DRtRWjYWVrjP9Z95Xa/rl9qX2Ip4RaTjdAA1m5wMAvru4LTLZIj7:LiRHRKrLy2Ip4QTxf1mlA62Z8
                                                                                                                                                                                                                                        MD5:1A56767E8BAB0FA215068240A5C0C251
                                                                                                                                                                                                                                        SHA1:68AAD233EAA3659696120C2A13B7B3A148C52EA2
                                                                                                                                                                                                                                        SHA-256:12E6C5EB0047D97EDA672A6DB5DEB0888174B98974E78FAFB240351090DE4A2A
                                                                                                                                                                                                                                        SHA-512:FCB191A3A416932D5E9A0F549EA5238329369C6514E7E9C9C714154366347518864FDF3CAA3070437C0C715E07F016DEDA6C88FE8E360587F1A5896699AD408F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................ga....@.................................x*..O....@..@................>...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.036011842379594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:seWnoWxrjP9Z95Xa/rl9qX2Ip4CEB98TjdAA1m5wMAvru4LTGZIjm9:sn5HRKrLy2Ip4CEf8Txf1mlA63ZJ9
                                                                                                                                                                                                                                        MD5:39030D52ECCFAB9462169249022F465D
                                                                                                                                                                                                                                        SHA1:9DA51C6E644ECFB1F8E7DD559C55D6D014C0588B
                                                                                                                                                                                                                                        SHA-256:85785A739BDDDB73AB9F2CD23CB5AE6B4A01F739CE736783A4C1AFF7B24E5A85
                                                                                                                                                                                                                                        SHA-512:55760420F7293D47E77E76201BAF576B4888EFBFF6B2173006A47B3D9E5D99CEA0E41016F9AACCBDA8B4B6B898BC85AEAC827305DB0B431D2774A9D985509B09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................0....@.................................X)..O....@..$................>...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.006824968778004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Y6oWJjW8rjP9Z95Xa/rl9qX2Ip4ApTjdAA1m5wMBq5ul01vfh+c:Y6vDHRKrLy2Ip4WTxf1mlBqsqvR
                                                                                                                                                                                                                                        MD5:F9ADBEBACF225106BA1CEA626A0BC5C6
                                                                                                                                                                                                                                        SHA1:DFD1D956D719095CBC3AFDA71B722903E7EE5369
                                                                                                                                                                                                                                        SHA-256:D821A7EF1C9DA4F63DC8FD7AE01CE70B1DACEA3BB42BA238C0F15539F2F36D2E
                                                                                                                                                                                                                                        SHA-512:62DEC309E9F98CF3A3128186E050AF053D4750F34DE9CAF39BAB5F271C150FF21D964422F1C333361DFBF1F10E850F73DC40441A3B744E3CE2891DA8F404D63C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................4`....@.................................H(..O....@..p................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.933759249584018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mqk53/hW3fZ+zWbbrjP9Z95Xa/rl9qX2Ip46AVZ1CjdAA1m5wMzsPuj:mqk53MPZHRKrLy2Ip46AJCxf1mlzzj
                                                                                                                                                                                                                                        MD5:763BBEAE9A657ACFB2AAEBDACCCB5784
                                                                                                                                                                                                                                        SHA1:AD757B57673FFD4368AAB937CCFC04F34DAEF13B
                                                                                                                                                                                                                                        SHA-256:6E0949D0892F07EA494C2E9F39DE6EA8C1614ED80B3070EA66D6642B9322EE2D
                                                                                                                                                                                                                                        SHA-512:66CA8C7CDA20C247D361EB8130128B745C970874A7F0BB3B03C505A5DA0CCE87E7661B42883ECC67454BF1EE104CFA5DC6C0ADA6475AE74FB1DE4EB6FD728A7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ..............................u.....@..................................)..O....@..0................:...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                                                        Entropy (8bit):6.855678676687748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OFCc4Y4OJWfOWqWWOWirjP9Z95Xa/rl9qX2Ip4CJTjdAA1m5wMBq5ul0Svfh+lWt:eCcyCCHRKrLy2Ip4CJTxf1mlBqsBvOBW
                                                                                                                                                                                                                                        MD5:ACA4AC5F26F5CECDB95AEAC5689FCC05
                                                                                                                                                                                                                                        SHA1:7A73787A55A02FF16514E3EC815FFF9091D8E482
                                                                                                                                                                                                                                        SHA-256:4DF83F6363CF55DCD9B38ED549E0B136FD43AD36111AFAA364E1FAAF89D7C0AC
                                                                                                                                                                                                                                        SHA-512:629F7ABC7D43EA0AAD81A2E0AFBF8072B8EB2F93539337BE6B9FDCA1E36471A6074320BE0226DAEC44CA10841105C1D54B55D5FA36BB142F4F9E980F4EA82FA9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................>...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.027393084902794
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yAWxMWKrjP9Z95Xa/rl9qX2Ip43lTjdAA1m5wMAvru4LTXZIjV:yvwHRKrLy2Ip41Txf1mlA6+Zw
                                                                                                                                                                                                                                        MD5:EF1B2AABBCFEE45969F540DA71CEFF50
                                                                                                                                                                                                                                        SHA1:7D61CCDF119D7F95CC0A0128A45B945B96738378
                                                                                                                                                                                                                                        SHA-256:EC7FBA909949B623BA739E00E687B80D79BE9F1C6CC7A36F96004618504F6AAC
                                                                                                                                                                                                                                        SHA-512:5AB60A2294C04D2191B5B22D42D8CD2898E05AB39B69AD04A185CC6A33C9327CF4472C68C297F905F27CE561555E87B8A6870D0F9AA813459652348544BB0A7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@...................>...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.00802697135113
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CAlcWHaW9rjP9Z95Xa/rl9qX2Ip470oTjdAA1m5wMBq5ul0svfh+A8pu:b9XHRKrLy2Ip4ooTxf1mlBqs/v20
                                                                                                                                                                                                                                        MD5:8ABD5EA47E697C477ADE46806C4C4BF3
                                                                                                                                                                                                                                        SHA1:7AD67F762A6E690CA4454FDB0804A84E4159A741
                                                                                                                                                                                                                                        SHA-256:A003D90106B3AE1A7D6E04F3BC20AE1DAB7EB342B03F9E3B5D9C5CC507414914
                                                                                                                                                                                                                                        SHA-512:32AF2A53814190D6329F3D7F9A1A8C829DC771988EF40BFDF2B5E2E3F4421118884713B0C39C94F6E2FD3CA3EF80BFD6F7AD6C6E23E0323D2311E37CFA455E9A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.954525389333393
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:usIZnWlNWNrjP9Z95Xa/rl9qX2Ip4x+lTjdAA1m5wMAvru4LTNzbZIjdE:1UyiHRKrLy2Ip4GTxf1mlA64Z4E
                                                                                                                                                                                                                                        MD5:EBFEC60221C240FF2F2B33F112FEA014
                                                                                                                                                                                                                                        SHA1:9850A8DAFCA426D8FBEE01AFB6AFEC0E2D27ECD1
                                                                                                                                                                                                                                        SHA-256:D5E521B842062BC825E5DF4EC711718B420E459BA1E8CFD788C615901BF9696B
                                                                                                                                                                                                                                        SHA-512:48A553B3117CA2911ABD09DB448063F3D4E786F8517A208B653ED1B5CD4F31B10EF46A713C09E137A9D35AE203F79DA973F50550F1CF1E8C046BE8CA9CF0FEAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ..............................1.....@..................................)..O....@..P................>...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31232
                                                                                                                                                                                                                                        Entropy (8bit):6.687209756368598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:GQq33333333kX+TBi8FHRKrLy2Ip4ITxf1mlA6f7Zzf:Ju1i8FHi/90fInf7p
                                                                                                                                                                                                                                        MD5:682312A833402F2D407132E9D2215BD8
                                                                                                                                                                                                                                        SHA1:139C007DE6EFBA5D673211A5D82616D64BE6E7F2
                                                                                                                                                                                                                                        SHA-256:299C1FDCBBABF523761CF7591A567DAA6F116DE4775D684A664F30D31AD08911
                                                                                                                                                                                                                                        SHA-512:316C7B28940F8D223666CED22085477949F17D3C6609363DBBF0821E959F12FDAAFF0CFD562DE945F18F1640B700A87DF8C30687BB6E276205FAFFEE9484625B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ...................................@..................................L..O....`..x............<...>..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.008740634214412
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:u28YFlXulWY/W1rjP9Z95Xa/rl9qX2Ip4oe2NTjdAA1m5wMAvru4LTiMZIjTH7:u0q8HRKrLy2Ip4oLNTxf1mlA6mZ8H7
                                                                                                                                                                                                                                        MD5:A6DB195ADB646F05AA767594380DFC1D
                                                                                                                                                                                                                                        SHA1:006689DDCABDD879D70447A34EA1334B33ADFC0F
                                                                                                                                                                                                                                        SHA-256:8D160AF3A6D933B56F705875E2D7B2CDCF4B121B78C1DD8E11B897AF7A4979C2
                                                                                                                                                                                                                                        SHA-512:9C05631B74878EAAE4C986567308F9963AFCED6220D918C34DA27A79BD25D8CDE3C8492C6BA275563E3277B6E15E5524FDB157D62FC5B26B57670869083B4C59
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................f.....@..................................(..O....@.. ................>...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.9176080347073805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UuMLcdQ5MW9MWcrjP9Z95Xa/rl9qX2Ip4IDmTjdAA1m5wMAvru4LTEZIj0s:ZOcSpmHRKrLy2Ip43Txf1mlA6VZ3s
                                                                                                                                                                                                                                        MD5:6D52E868AB8D5D896D2B34F2324D3912
                                                                                                                                                                                                                                        SHA1:9AE22458D2EB81022174C3A16D94FFA9161A641F
                                                                                                                                                                                                                                        SHA-256:60361634D7F67DE07A9073598671D202E9EFD829429666BFA4C936563187777E
                                                                                                                                                                                                                                        SHA-512:83DA81F4BAC14E1643508765CBF7CB222F37FBA36526D60A972358F187E90F4962CAB5F1A83F6FF49F742140B16C5E4236B1B2A0334208A613842D32A0CA6AA9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ...............................E....@..................................+..O....@...................>...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.979331656555997
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KZ7RqXWDRqlRqj0RqFW9rjP9Z95Xa/rl9qX2Ip4CSuTjdAA1m5wMAvru4LTAZIjP:K9qKqjqjuqCHRKrLy2Ip4CSuTxf1mlAV
                                                                                                                                                                                                                                        MD5:3398DE072478B410EDC1AD3E328F6561
                                                                                                                                                                                                                                        SHA1:BF6C0ED75D46381DB214957B974E8226EFF57D2D
                                                                                                                                                                                                                                        SHA-256:2DED1A05A4B4E289A19187FC96B90C3987EF86CC10B590376462D492131FC490
                                                                                                                                                                                                                                        SHA-512:07EE3479DFAD2683207A1DCF00BDA5EF43D4545ED22FF7F80A2A6644AD332B4C5DE81C976F5CB2111BB26996BFFF30BD9EFE33F77FDA3CF9A4CBDE871959C750
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ....................................@.................................X*..O....@..P................>...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24720
                                                                                                                                                                                                                                        Entropy (8bit):6.791971497516804
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8vMhF2SzNzwu/Nlju6HRKrLy2Ip4OCxf1mlzzE6:8vMhaKTHi/9rfIPE
                                                                                                                                                                                                                                        MD5:48510914EF8C8C8A20DFCD2AA769B164
                                                                                                                                                                                                                                        SHA1:72629A00729E1F9546C13F4362C66AAF8C841AF9
                                                                                                                                                                                                                                        SHA-256:81FD0E624E822B0C95DF603325EEB7A7ACE7E04D10D575667F3C44F4EB456E7A
                                                                                                                                                                                                                                        SHA-512:029B9747486CF3C624CB2179A211EB7914C2AAA00359220652869B6848DEADE94894DC3446DF3C5C1FEEE93E894CAB6BD92CF42A8597D1E9BA2D587FCE8D9785
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...:...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.039009488547633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:oZ4RLWdRfRJ0RZWdrjP9Z95Xa/rl9qX2Ip40TjdAA1m5wMAvru4LTfNIZIj8h:oZK0pJuOHRKrLy2Ip40Txf1mlA6cNIZr
                                                                                                                                                                                                                                        MD5:1DE0EFFEA5081B9745DFA8418FCC934E
                                                                                                                                                                                                                                        SHA1:5C12AA1392C44103DA9266137E1A602894AD4B32
                                                                                                                                                                                                                                        SHA-256:E2149ACDF31CCD396730D2FD232F103A944307C9348119EF7D18D5B2BBD3499D
                                                                                                                                                                                                                                        SHA-512:4BA943B48A884DFB500EC6ED09844F9067BF110189754EB50A6260CF1630F363CB5DAE7A3404B53D487F80C0960E2E80F8E5449B53B4D3F2B91C3C2F253DE3AB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................h....@..................................)..O....@...................>...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.967890189655318
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kYWsmWYrjP9Z95Xa/rl9qX2Ip4JTjdAA1m5wMAvru4LTmZIjh0:k2gHRKrLy2Ip4JTxf1mlA6LZM0
                                                                                                                                                                                                                                        MD5:23F56878BDDC8C8CEEC3AD07D0C89FB9
                                                                                                                                                                                                                                        SHA1:932B93203E6936067293CE48154D99DDF0A05BFD
                                                                                                                                                                                                                                        SHA-256:52216915A70BBA9DF457552E46ADDCF4EDFD5489929210EC8B01552A2EE384C2
                                                                                                                                                                                                                                        SHA-512:95571DD03388126C04428A911DA5B1081398A20F84CCFAC78B159C6F17DC6832EC3E9298DAEC25D1674CEC2C16DDEDB03E219AF984DAB498A8973580F07C7B87
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ....................................@..................................'..O....@..@................>...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Compression.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109712
                                                                                                                                                                                                                                        Entropy (8bit):6.440388342659836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ovc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXbHi/9HfIP:wgk1tiLMYiDFvxqrWDWNoJX5
                                                                                                                                                                                                                                        MD5:9AA1E845DA38257FF1C418A41E7674BC
                                                                                                                                                                                                                                        SHA1:5C27458B364343CC78658E19D552947DA2ED6007
                                                                                                                                                                                                                                        SHA-256:556B30116823FD919415156137F4A7AB04AC317E599ED5647FFF9C8D892596FB
                                                                                                                                                                                                                                        SHA-512:19631E0736DAD754C19480F99BB7823E25602AD2ED576B62063822CE88A29050504AD28BFA61FA39B4ECC763CBCD68FE64F6E8AB993BCF736361ABF0C144E2B6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................=.....@.................................5W..O....................r...:...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012269943025893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BKcuz1W1cWFrjP9Z95Xa/rl9qX2Ip4uowTjdAA1m5wMAvru4LT7ZIjiDNt:bu8NHRKrLy2Ip4CTxf1mlA6OZn7
                                                                                                                                                                                                                                        MD5:6C03876D161F9CAD9BAD77F7247585DD
                                                                                                                                                                                                                                        SHA1:820121DCB6CC3CC05E14511796AA07E3352EDD45
                                                                                                                                                                                                                                        SHA-256:446E7BDCE29E103FC2D3C227F07FCEBB51F521EC928E38D63F949A3B92EB199C
                                                                                                                                                                                                                                        SHA-512:DAFD08673968493BC0A5371BA87466BD7512F782B1774C6139F82B9ACC376BA7EC46E376686B18021E27DD57CB90A6AD0EA7287CC86B98BDB0EADCD62C4353F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015596217362603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tJ+SWikW2rjP9Z95Xa/rl9qX2Ip4TTjdAA1m5wMAvru4LT8ZIjSO:r+eoHRKrLy2Ip4TTxf1mlA61ZjO
                                                                                                                                                                                                                                        MD5:B586826CED650BC66C94F93A323D8E8F
                                                                                                                                                                                                                                        SHA1:36F2F3A82790685AA95B6B11A612C2CD62EA9D5F
                                                                                                                                                                                                                                        SHA-256:4880A7167BBFE901C3583091B974CB226783B20AB8727DAC51EAB935314B692E
                                                                                                                                                                                                                                        SHA-512:B2D0CA5EF973DE567419F750C547CFF7C4FC5CF69DE24CBE4545D2F7965331212EECD85BE0CF73F3E8F46B6B4B4AAC8E8DC5F0ADA114C49A9C2753E03DD6C207
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................}.....@..................................(..O....@..P................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.045009892938906
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3AWzgWsxrjP9Z95Xa/rl9qX2Ip4ub+TjdAA1m5wMBq5ul0Ivfh+pS:3tuHRKrLy2Ip4uKTxf1mlBqsrv9
                                                                                                                                                                                                                                        MD5:974FE1E400F46AD556BF2CB96A0B3B39
                                                                                                                                                                                                                                        SHA1:E542A749C0ADAF80DB25D9ABE7C0DD2DF20A8817
                                                                                                                                                                                                                                        SHA-256:C0FE74081933567A56395F344E2333FF7BCAABD1DBA41DA6CC6A4A16373D7906
                                                                                                                                                                                                                                        SHA-512:28374864F465631D12264D40078CB7C88A3B4832CE33E008490188DF8102E715D1833FB444520C50759C646A074383F95FCD59F629847D1612D530CC5D1426D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................#.....@.................................p)..O....@..@................>...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.018571772835123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GBLRWbYWmrjP9Z95Xa/rl9qX2Ip4mTjdAA1m5wMAvru4LTEZIjd:GB2EHRKrLy2Ip4mTxf1mlA69ZW
                                                                                                                                                                                                                                        MD5:C4BF31F3F089FB4CFF61848A7E368E40
                                                                                                                                                                                                                                        SHA1:ABC6D15FDF0BAF685CB46AEE067E4B84065450B6
                                                                                                                                                                                                                                        SHA-256:2862B8B12EA41602C4F5FDC4E74B3534DF35D13154F4E4BFD25C2F1ADE5F44E4
                                                                                                                                                                                                                                        SHA-512:42C2EE70270999423895E66FF0C0736B8004FD9C820D2801C4B7D462F06C274C2DDC919ED68DDFFD23B0B89D541DF9CBCE088D5564249A8C9D2B8F51F2E28A82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................].....@..................................)..O....@...................>...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.005836250911921
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KHW4/WG+rjP9Z95Xa/rl9qX2Ip4lUlTjdAA1m5wMBq5ul0Hvfh+kq:KrrWHRKrLy2Ip4ClTxf1mlBqssvjq
                                                                                                                                                                                                                                        MD5:371578A79C29BB383005971BA4644675
                                                                                                                                                                                                                                        SHA1:C5E6EBBA9A3464C023FBF836474DEA05157D9EC8
                                                                                                                                                                                                                                        SHA-256:6DC48CC35F8BACB18039C37C39B1C379DFD6FA5BCC77B9575C9DE8187ED4A3F1
                                                                                                                                                                                                                                        SHA-512:0D589AF9490FA5D1DB519956AE3E2DD6C55B65C138A83366C679197BA270ADCB1D463ACAB680069AD9289680EC74650DC28E8C173CDC6536897E1587524FD41F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... .............................../....@..................................(..O....@.. ................>...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.041976655197995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bvk7hWmCWJrjP9Z95Xa/rl9qX2Ip4bTjdAA1m5wMBq5ul0Pmvfh+a0a:bs7/7HRKrLy2Ip4bTxf1mlBqs5vn
                                                                                                                                                                                                                                        MD5:7D2951DCB6B1172FA1EB015C208701D9
                                                                                                                                                                                                                                        SHA1:D55575258E967E28EB81BA5154BFFADF8FA4163A
                                                                                                                                                                                                                                        SHA-256:5DC1FDADF06103A5F26F43A4F1F39012A22E3CA38E1001ACBF2AEE4E80F0BE3B
                                                                                                                                                                                                                                        SHA-512:C0483B359E4239D50BE2CC8FEBAEB54E426F57A15F69F9A2DDC062BA92CC1E5973B04FEBBD4167C87312B2714441F42A5CD1FFADCC5058B8FE2EF5F626A82AFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................)Y....@.................................h)..O....@..0................>...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.Pipes.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.022018859408551
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SGMWCUWfrjP9Z95Xa/rl9qX2Ip4ZTjdAA1m5wMAvru4LTYDZIjk:S3rHRKrLy2Ip4ZTxf1mlA6nDZz
                                                                                                                                                                                                                                        MD5:CD03BB46CE2E0A96102B3D2FAA92CFBC
                                                                                                                                                                                                                                        SHA1:66497E909BA7F72E1A4C2B7CC8C7AF7A6558E5CE
                                                                                                                                                                                                                                        SHA-256:498302110BFC203FAF1670D5EF04FD79D2EDEBFE907AD1E6674A6A85EE56989C
                                                                                                                                                                                                                                        SHA-512:077C25BD1D1C49ECF9890A87E4D150A269CAD53759D53BF7E3023B08CE1E75770EE4BF09EC5041D17230D33AD346A424E345A37D48DB7F73738F9E138D75A0C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................&9....@.................................@)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.994997816444603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OBhwI7WSQWxrjP9Z95Xa/rl9qX2Ip4wgC6CjdAA1m5wM36QNuZL5c:ODwIBJHRKrLy2Ip4w6Cxf1ml36QgZFc
                                                                                                                                                                                                                                        MD5:567B31ABAA1476CDA6FB631FCBCA7EA8
                                                                                                                                                                                                                                        SHA1:A78FF09D358000BE3EC04EC6EF504A90C3A726B5
                                                                                                                                                                                                                                        SHA-256:F71CC788961A41E5E6B15D1400E064AAA9C3DD4D7EAA032758215388ADF57756
                                                                                                                                                                                                                                        SHA-512:A50EDB73A3732729C479087E1681AC882A64E081E9936D09387F239F2FA9E2DCBFF77610F8123B5E07CF173E24770CFC011F048BBA7A4A8DE549E656C21D4CCD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................:...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.IO.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.018735616462396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SyvPRW4lWfrjP9Z95Xa/rl9qX2Ip4qTjdAA1m5wMAvru4LTLZIjJ:339cHRKrLy2Ip4qTxf1mlA66Zi
                                                                                                                                                                                                                                        MD5:5058626C8519E190CFF67C918AFE0A4E
                                                                                                                                                                                                                                        SHA1:87D2F203F86AC99022334AC0244D1DD47D400A09
                                                                                                                                                                                                                                        SHA-256:486B5A0E6E47E92F89BE6F694B2B0F285B1C0367BC4CF8CB27FF821F3AC0EBCB
                                                                                                                                                                                                                                        SHA-512:EB4E8AACFDBA139C80C3A20582089495A4AA82E00483A91E7F1F82D80ABE694C3CE0B352945E4DE341838017746FA83BD41C2BAEE28575DD701F83D71B1D4CA4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................3.....@..................................)..O....@...................>...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Expressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.975680937062165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:S6RW6eWSrjP9Z95Xa/rl9qX2Ip4h8TjdAA1m5wMBq5ul0Wvfh+2a6P0:S67iHRKrLy2Ip4eTxf1mlBqslv3a1
                                                                                                                                                                                                                                        MD5:D239BA595AAADB0EA18B5987221AE091
                                                                                                                                                                                                                                        SHA1:44564DDC01DD0D8E4FEBB12B3232F646D3C06A7A
                                                                                                                                                                                                                                        SHA-256:CDDF808A755A9DCE7C9622C9EFC7A5C4E218CB191CBCF0FCF1B1FF5618AF0917
                                                                                                                                                                                                                                        SHA-512:27F9229021832CE386B795C8A438A4057E29AB90D1817012A192D6FBFFB75A3C882508E40711DECF9F6C7C1D54D57A42D522A31BD81C9E9D85E6B3BFB1077305
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ..............................?Z....@..................................-..O....@...................>...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.014555464183901
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eSUP9W70W1rjP9Z95Xa/rl9qX2Ip4zRFTjdAA1m5wMBq5ul0Ivfh+hm7:3UeNHRKrLy2Ip4XTxf1mlBqsHvZ
                                                                                                                                                                                                                                        MD5:A8460A5894B72975C63FB6D32F9D0C8D
                                                                                                                                                                                                                                        SHA1:0DD34691B7482E5EA6EC4A0087EDE169A0212B24
                                                                                                                                                                                                                                        SHA-256:14638F6195F5D6A617AC5C3B37C172FD1CD0E028D4F80160DCE2BC25E265CB50
                                                                                                                                                                                                                                        SHA-512:BFC9CF48649335AAE291B14C8FD8E8FCF971937C849651429B84B1042C16A646FB805BFECE101215AF612DC3B8926BD93DEC1F22D1A258F05147C6614F447BD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Queryable.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992849598041938
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:X8yg07W0/WhrjP9Z95Xa/rl9qX2Ip4Ob6CjdAA1m5wM36QNuZLU:XBHcHRKrLy2Ip4e6Cxf1ml36QgZY
                                                                                                                                                                                                                                        MD5:9B2AFCE22829448E52919ADC97FA0F75
                                                                                                                                                                                                                                        SHA1:4378B914393E30DCD67BCCB9F28FD956EF56DEB4
                                                                                                                                                                                                                                        SHA-256:306C43B5F695726D63BC347417F5189F7392719C788B953E4D9576925DAE4CDB
                                                                                                                                                                                                                                        SHA-512:40C27A9B0836BC74851890C3D633C4D1EE588F99DD19580A71C5FC6DB4A535F06FE5D4BD57C8E499E65982668C929C245A9D17C009F405AB347589375D4E8EC6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................T.....@..................................(..O....@...................:...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.984362208373399
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fe1WmRW6rjP9Z95Xa/rl9qX2Ip406TjdAA1m5wMAvru4LTwZIjjy:fejLHRKrLy2Ip47Txf1mlA6RZSy
                                                                                                                                                                                                                                        MD5:75197142BEB82E4E45074F809B4AC1ED
                                                                                                                                                                                                                                        SHA1:D359EC1D8084898FB77CDEE07031E952648D3285
                                                                                                                                                                                                                                        SHA-256:70B9D7B943C5BBB511A3943368411EC0969E55913FDB7639E35100EB0B993A49
                                                                                                                                                                                                                                        SHA-512:B4064F5E9A06F754748F28826F4F71D0484FFBBBC3D9D1FF2864C1DF4BCB2C317F874853C68985992FE83D2273A3553C4A1DAF4AF507976E8F5702706617A79D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................1....@.................................p(..O....@...................>...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Http.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):198144
                                                                                                                                                                                                                                        Entropy (8bit):6.164369117328881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgtH:cW60VcTvakcXcApOu
                                                                                                                                                                                                                                        MD5:8DC59D67663004627D8B2D0746533249
                                                                                                                                                                                                                                        SHA1:27F2D020233099882332945AA1E706DD412805EC
                                                                                                                                                                                                                                        SHA-256:62FB650E6211E74DF8D9EFAF2F5F36BCBECA0E8551C3CC3AF757FB4103725993
                                                                                                                                                                                                                                        SHA-512:8ED5FB6F9103A572C5CA22CFCC39CDD1017DAE827091EA7A4D2E5C406DC43D281DD2DE76C13B5FFF588C749BD82961FBFDA0A6001F5C8205A27D2E086C9BAF89
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ...........@.....................................O.......h................>........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NameResolution.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.980312715919581
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M6ZWYLW6rjP9Z95Xa/rl9qX2Ip4q31vy86CjdAA1m5wM36QNuZL5d8tY:M6l1HRKrLy2Ip4q3Jy86Cxf1ml36QgZf
                                                                                                                                                                                                                                        MD5:C19A4B2BEF8202293066556D39DDAF88
                                                                                                                                                                                                                                        SHA1:2CA6DCC8CC585FB282EBA89BC38B8B901181C9CD
                                                                                                                                                                                                                                        SHA-256:68628C824A222943C2BDDE8D7089E3F41FB9673CB711510297F2A8A78493BF58
                                                                                                                                                                                                                                        SHA-512:46D8FF9B0D1EDAAE45F32671A5961310ECEF445EEFAF08D153C10F5F417D5260269D95BFDD928C419661A146D92FBCFF7C4A4750BE3369D37D2E70891A1F6216
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................-.....@.................................T(..O....@.. ................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.954621838798846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k1W1WMQWArjP9Z95Xa/rl9qX2Ip4/CTjdAA1m5wMBq5ul0yvfh+l0O:H1yHRKrLy2Ip4/CTxf1mlBqsdvC
                                                                                                                                                                                                                                        MD5:E45BECF9266A273DF70331171A822EF9
                                                                                                                                                                                                                                        SHA1:4BC48FD9BFC184691F15EDC47EB412D13895B7BB
                                                                                                                                                                                                                                        SHA-256:4632590F6231C37250549C2BDB5D8C8FD1A7881E12AA7777BA07A9B443F1793E
                                                                                                                                                                                                                                        SHA-512:35269AECA1663F3DC4EFDA33BD713888FC7AB86C35D8E14D1C870E60F93A7B2EC104E1085FB27330450981F966201EE9FE7010C1F9A3510F76DFB0E8BB16B92A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ....................................@..................................,..O....@..@................>...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Ping.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.992639582476022
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BdSWSKWprjP9Z95Xa/rl9qX2Ip4wgTjdAA1m5wMAvru4LTCZIjtmUu:zOTHRKrLy2Ip4wgTxf1mlA6zZYpu
                                                                                                                                                                                                                                        MD5:11E4FE99627FCB3B157FB92D8D931F6C
                                                                                                                                                                                                                                        SHA1:214512E4FE71666C1C10D52969B89BA341F7C66C
                                                                                                                                                                                                                                        SHA-256:22D17B01651A7047AA52C7A6202299305F523E4394790CF058B87D7AB8A173DE
                                                                                                                                                                                                                                        SHA-512:FDBEFFBC5E9C4752AD1D8BC93B06521BD44AE14A235D31514A92426D874E7BB770B4BD4BAEBE4D8BCBC21696AEA1243DA7C381820C91A700CBA1FE3E409FF7C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................=.....@..................................(..O....@...................>...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.926380492711681
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PJEYA2WkIWVrjP9Z95Xa/rl9qX2Ip4VTjdAA1m5wMBq5ul0Avfh+r:PyYA8dHRKrLy2Ip4VTxf1mlBqsvvO
                                                                                                                                                                                                                                        MD5:B5E82B2D3167150A283BAEDF6635585C
                                                                                                                                                                                                                                        SHA1:A0B8D612E07D3D5357F2BC253E2394CA7CC62EF8
                                                                                                                                                                                                                                        SHA-256:1C4D07DF98A1C096B4F3B64F4C06A545A0099CCACB0CFC615AE78FD213327632
                                                                                                                                                                                                                                        SHA-512:A45E6D6DB25C9A52BE27FAEBB7D6FFDC0B3B6BE3F782696345F2F05830447F5251481B306BF98CFE3B6DB8C18E4F7A67F4EAE678DDDE52F68F7D42A2AE85920D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ..............................:.....@................................. ,..O....@...................>...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Requests.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.011172629188287
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:RJGWe4WdrjP9Z95Xa/rl9qX2Ip4tCCjdAA1m5wMzsPuK:Pm9HRKrLy2Ip4ECxf1mlzzK
                                                                                                                                                                                                                                        MD5:6784F9869E44E7B12ACF609B6EC7D9F0
                                                                                                                                                                                                                                        SHA1:121D7AC450832A5FF2161CEB4C1C053047AF61A5
                                                                                                                                                                                                                                        SHA-256:FBC98FBC3C67210115F69C8EA7685FC4DF6090499EFD4F26B2C3D8A359515026
                                                                                                                                                                                                                                        SHA-512:1DE77CE14B71655031DC158DCA06E798F17B8CE094C9245E2AF92B05A01F771D0A359317BC8518A241F2CF0AEC0BC712167B66EF5C0F5DE7C266808E6188DE7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................0)..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Security.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.956721913718706
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VdW1w3WesWRrjP9Z95Xa/rl9qX2Ip48jBMTjdAA1m5wMBq5ul05vfh+y:C1wxZHRKrLy2Ip48aTxf1mlBqsCvj
                                                                                                                                                                                                                                        MD5:11ECCC72C540BFB8569C41480DAEA7C5
                                                                                                                                                                                                                                        SHA1:3A1647D47975E818E71744A715682A836A7565C3
                                                                                                                                                                                                                                        SHA-256:16C9F88A141863D12DCBF5F7DE604DEE8852ED026E23956EED4D9758828DCADB
                                                                                                                                                                                                                                        SHA-512:008DA3D459D3F0BE8BD2D967BDC19BF03311712CF1F4A6636F28A84DA08D3EA2894024FAEF411932237E30AB4438CD695855A5BEB7567B8B1E898407CF646EC3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ..............................T.....@.................................,*..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Sockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.767850843576942
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Cyp12Bhkg3qnV/spMHRKrLy2Ip4mTxf1mlA6kZC:p12zkg3qV/spMHi/9GfInkE
                                                                                                                                                                                                                                        MD5:6C96760E10DD343BE96551945F9E8BAB
                                                                                                                                                                                                                                        SHA1:4A9EDD9D9DA52158CA3792D01DA3B2FE8FB4B918
                                                                                                                                                                                                                                        SHA-256:894929F99C214FA1748D163F8349D2A8D16901890C1DB7407D447E0A9E954CC6
                                                                                                                                                                                                                                        SHA-512:6084D7D66F1AB858C1910917455F3CC3486C773EB31BEAA309A9E1DF78BF1AA0120C5B50F005DEB2A4142F27DFDD0EC47C407105833EE95A0311FA888CB170CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ...............................c....@.................................gI..O....`...............8...>...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.013405463565456
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FHPAW1bWjrjP9Z95Xa/rl9qX2Ip4INETjdAA1m5wMAvru4LTYZIjVC7ggg:xrWHRKrLy2Ip4IKTxf1mlA6pZY4G
                                                                                                                                                                                                                                        MD5:7231EED833F6496EB34442B4AB87904C
                                                                                                                                                                                                                                        SHA1:BAD09DCA990E86CABDC82869639A7574501CA148
                                                                                                                                                                                                                                        SHA-256:9B0071C13569C3982F0A5CA91EC511D97DDCFAF807D2383E8EDDDC259FA44D07
                                                                                                                                                                                                                                        SHA-512:7FDFFE9FEFDCFF90279A004302408C245A620C13F812209F14BFFF07F5835AD496B8A1773A9048D4FA41A8D57381CF5D37021760B01B809848188027D797D88C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................v....@..................................(..O....@..P................>...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.994636032353121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ZNoqWD7WPrjP9Z95Xa/rl9qX2Ip4TeCjdAA1m5wMzsPu0or:ZNofOHRKrLy2Ip4iCxf1mlzzhr
                                                                                                                                                                                                                                        MD5:D6CC536E7AAD5F67830F0AD3B761A503
                                                                                                                                                                                                                                        SHA1:0D6F5D6DBCBB20BE3C94094DE5C93ED7752F1595
                                                                                                                                                                                                                                        SHA-256:CC6D8CDB7C37C39EBDEC1D494A0BC88B468BBB8B4F82B755052E816E553C5A2E
                                                                                                                                                                                                                                        SHA-512:EB3C327C22C1E8DA8838D37DE4D740D2BB4248ECCCDF63CEFB87CBBC8C69385F77758220BDEFF484C48F72C663E44525CB75A7B7D0C53B6D45B1D7C4488A8C39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................|(..O....@..@................:...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Net.WebSockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                                        Entropy (8bit):7.009270974622172
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FGETSAWUEWarjP9Z95Xa/rl9qX2Ip4RtoCjdAA1m5wMt+uKz2MDug2O:pT1QHRKrLy2Ip4noCxf1mltdKzNp
                                                                                                                                                                                                                                        MD5:D75F5F80E910C80B204717F9B95E745B
                                                                                                                                                                                                                                        SHA1:C597C5807DB40BB50FDBB93FEE780A5AE7C2426C
                                                                                                                                                                                                                                        SHA-256:627B337EBE82028FA425063807AACBECA00A3457EC1DE1FBD7667663B7048DF6
                                                                                                                                                                                                                                        SHA-512:347A0E007343B106509CE7469E0E724FD6B2B0CCACE90432971BD5119B98EE65B8640F9CB134330D3D6ADDAC3F6AE4D0D4154B456293BC6CF3FDD59500350DB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@..................x=...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.ObjectModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.9987016230024715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zcDagtDApWSKJW4rjP9Z95Xa/rl9qX2Ip4GTjdAA1m5wMT9YMWuuwSmNA5DO9:zPKBtHRKrLy2Ip4GTxf1mlTAwRN+o
                                                                                                                                                                                                                                        MD5:A603D98CF998417CE64C4539CDCA24AE
                                                                                                                                                                                                                                        SHA1:11A696FED63167B0B315EA77573BBFD65E01DFB6
                                                                                                                                                                                                                                        SHA-256:B919535D20819F90BD2C6A03BC9E962E56025F9C921A2266FF415E91D12723B6
                                                                                                                                                                                                                                        SHA-512:4190C9B267A5726D5E84D3EFFDD2B15A06794B1DB707B1C9619DED057880B9DE77C67F300E198E5B82A4D2EABBAAF14DA8CE020235D708777F465D8DA1082990
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................>...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.011374618700231
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sIWD4WWrjP9Z95Xa/rl9qX2Ip4zTjdAA1m5wMBq5ul0lvfh+0e:s18HRKrLy2Ip4zTxf1mlBqsWv2
                                                                                                                                                                                                                                        MD5:DD82DBBC223607A8AED7BA3516860A85
                                                                                                                                                                                                                                        SHA1:AEA2F102D1A003138742C9671BED3161922B8DD7
                                                                                                                                                                                                                                        SHA-256:FA8B5C160F798C9151F2A8DC2E4DB8FCF8EDF156EEE30B14197C11116E4D7917
                                                                                                                                                                                                                                        SHA-512:B0CDE160BF04A33A053C13E2DFB316C1D4C7E8B280F47646C3B60B3113A4A5BE7404F56BB4740FADEBA2401332E86C59DC314E9028C734FCBA44B42800002F06
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..@................>...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.940990584600268
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JMWzQWQrjP9Z95Xa/rl9qX2Ip4oooeCjdAA1m5wMzsPu:J5aHRKrLy2Ip4o+Cxf1mlzz
                                                                                                                                                                                                                                        MD5:7546D722FF86F3FABE21891C4912153D
                                                                                                                                                                                                                                        SHA1:B32377E75979E2FA1990590E9106CA99B9C552FF
                                                                                                                                                                                                                                        SHA-256:D2B775EFDC8BC0B9766A151B1AF1A6DCB9951D9123CB119ECE2E8C835897A4EA
                                                                                                                                                                                                                                        SHA-512:F337C1A2FD5AE062F686E7B0580F539B1F5B8F4E1F94B857CD3E0E07B14FCBAE0A64B39494D7D8E1544C7407AF66D3DFD879B49DEEF77DCFE30C6500F94421F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ..............................!.....@..................................)..O....@..@................:...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21888
                                                                                                                                                                                                                                        Entropy (8bit):6.900382977940602
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VxDHKWAMW6rjP9Z95Xa/rl9qX2Ip4eACjdAA1m5wMt+uKEK2MDug2:bD8UHRKrLy2Ip4eACxf1mltdKEKN
                                                                                                                                                                                                                                        MD5:B0E03F24261F0A5911BAEBF2DAC4F261
                                                                                                                                                                                                                                        SHA1:9E8DD1297F73F7537E4585317BAD2BBAE66CCBA9
                                                                                                                                                                                                                                        SHA-256:77D7DF7E179AB2780D0DB5C25DACF1998AD1A30DAD779DBE46CCDEE1072BF1A1
                                                                                                                                                                                                                                        SHA-512:B30C5881C22D90FACF29C855D92CB40EF5DC283A40C57556F27B5CA3AF4613E576E3F668DAE6C5D7DE646ADB8AE4508EF6B247C343DB37E29E7BBE23FFD473A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................&....@................................. ,..O....@...................=...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Reader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.988188886324482
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BLNBEW6pWTrjP9Z95Xa/rl9qX2Ip45CjdAA1m5wMt+uK562MDug2Eq:BbMMHRKrLy2Ip45Cxf1mltdK56NP
                                                                                                                                                                                                                                        MD5:4056B9B941A27EA3DB441088E2B73108
                                                                                                                                                                                                                                        SHA1:373CF0B09BD1FBF716C7BE234DFA99A341AB4626
                                                                                                                                                                                                                                        SHA-256:E180BDF8C805A85F86BEDED3A9FA37E7CF7D2E281A0FF87E2143604BCA1D82A7
                                                                                                                                                                                                                                        SHA-512:3FAD3AAEA333A0301B3F88FB7E667CA24CFE8BAA23B40F2076794F268ECDD8E92301CCC3717CB1D1E154BCA60BF0199D1F0832EF6FDA06AA799C904524EAB0D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ............................../.....@.................................D(..O....@...................=...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.010082222669093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:TKkHKW/tWmrjP9Z95Xa/rl9qX2Ip4VlKCjdAA1m5wMzsPuy8:2ujHRKrLy2Ip4rKCxf1mlzzy8
                                                                                                                                                                                                                                        MD5:95CAB5C70CA547404FC228753B5248F5
                                                                                                                                                                                                                                        SHA1:CA80094BE3458609EC72EE53A77883EB3CBEDA74
                                                                                                                                                                                                                                        SHA-256:10BAC8F44ED75AC497BC392EE2CB7457455C59C3BC7064C101B346BB6F8CE095
                                                                                                                                                                                                                                        SHA-512:86826B4B7EFD21ACCD5C052621A3D3C13444CEEFC603125F808C6626ECBCCEFF2085364A788742D0643D358ED7DC5D9D9D0830F29789D658EA0E9EBDD514FF18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................4.....@..................................(..O....@..`................:...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Resources.Writer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.977617239092562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ALnfIWqrWXrjP9Z95Xa/rl9qX2Ip4tyCjdAA1m5wMzsPukwZjNtY:ADf4GHRKrLy2Ip4oCxf1mlzzxj
                                                                                                                                                                                                                                        MD5:2280ED9104EB833B7EF3B5F96C322AEE
                                                                                                                                                                                                                                        SHA1:5E542572BDC4005660462968E4B50D3695DF58F7
                                                                                                                                                                                                                                        SHA-256:2B3E85B40E98C93C58A9E0C6EAD47EB8C1A2A59CBE62D85220D0D94D517E4C5A
                                                                                                                                                                                                                                        SHA-512:8CC31D50F5C35706706D8E372CC4D46CE6C673E16B15DB1BC1B4A5D870333800582C0BD854792C05EB7AB468B6AA943EE475C6ABCE5971786C0635C0CF22C63C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22672
                                                                                                                                                                                                                                        Entropy (8bit):6.814455866031959
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6qTO1PdhW1YWxvfrjP9Z95Xa/rl9qX2Ip4tACjdAA1m5wMzsPuz/4o0:6q6PSztHRKrLy2Ip4aCxf1mlzzzQo0
                                                                                                                                                                                                                                        MD5:FD44D69516412D1AC6D32F47F5C4BF3D
                                                                                                                                                                                                                                        SHA1:08A77249796ABF70C8DC3C8B11AC490577EF6B28
                                                                                                                                                                                                                                        SHA-256:2945E07168DD5856D36BA869BF12F91D0C2B7B5E9F4ED88E5163216FAE594C42
                                                                                                                                                                                                                                        SHA-512:06B15C163A8AD8A68A4DF40A8B9B75D9CDDF39E92EDFA61ACD5A33C43197D9DBEAA2B2D0B9E5120F09D0CBA708537E21D53A276A7E4653FF8AEBC92D45805B2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..[...........!.................1... ...@....@.. ..............................X.....@..................................1..K....@...................:...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ........................................|......<...rp....O..Ih.VvI..a,...%...(..@...7.v..v..N..x.6.._.....H^c~s_...]..Q@.,n.H(..CN..Q..<...%N`H..MV}%'x;.A.1..E..^.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.969946391198759
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Fna8WK1WbrjP9Z95Xa/rl9qX2Ip4FlCjdAA1m5wMt+uKb2MDug2E:Fna0gHRKrLy2Ip4DCxf1mltdKbNL
                                                                                                                                                                                                                                        MD5:130792957623ABA4B9A6699398314AA9
                                                                                                                                                                                                                                        SHA1:75D44C66FDF0D887553F788F1175666D03CA9950
                                                                                                                                                                                                                                        SHA-256:0AADE7D9F0C7E98884466AC2AF829227DC14BA469B2C7E55D9C2190B0578E34B
                                                                                                                                                                                                                                        SHA-512:4A8ADEFA5495B6DA1A451881FE089EF781C98E99A239378772FACE4D6A17CDB31E517557C6D6A731A35B3FA83E2DD89C12A08E645B6B3F20620978657FD30F38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ....................................@..................................*..O....@...................=...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.939048706998203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kBSWITWPrjP9Z95Xa/rl9qX2Ip4qCjdAA1m5wMt+uKE2MDug2:k6OHRKrLy2Ip4qCxf1mltdKEN
                                                                                                                                                                                                                                        MD5:007612D7CD9AB2F476488862FEE6DDF7
                                                                                                                                                                                                                                        SHA1:7A0EFA45E52FFA944876E9AFE7BBACC7A84FE8D8
                                                                                                                                                                                                                                        SHA-256:F24229E4F09D602B6681D51C30EB7A75FC01FAA83225885903B65A6114E359CB
                                                                                                                                                                                                                                        SHA-512:1B22132423E81EB15685D3BEACDBCDEFED6F6DAF12825F70E85FC07D51044B295B0BB3B32CB5903CF60704689BABC325EF368DBA42424AEB408FF54C241E7C44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ....................................@..................................)..O....@.. ................=...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Handles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.011676585489165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:188cIIWNoW4rjP9Z95Xa/rl9qX2Ip4X/4CjdAA1m5wMDBuvX:19cUmHRKrLy2Ip4wCxf1mlD0vX
                                                                                                                                                                                                                                        MD5:CFB008C51A954851C991442F9672BDCE
                                                                                                                                                                                                                                        SHA1:3200F25CB1CBEA3D0DA2DBD2F80324B6438E8FBF
                                                                                                                                                                                                                                        SHA-256:E79A0DAAB8BF70A360213FB3F3272BFA980B56EC40EBE0E66A7D06E2986FDB37
                                                                                                                                                                                                                                        SHA-512:3666CD8B94CCF6FB0CCD2C2A299415229E253278D2AF8FB90D7334B3E80003766C5AA7EAB450B845348B4993DA4FCCA4EECE0F8F8A49BFBCF4B5B206DBB8C4F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................'.....@..................................)..O....@...................:...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27280
                                                                                                                                                                                                                                        Entropy (8bit):6.771047348828758
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ErmoFmWdOpHRKrLy2Ip4wyNCxf1mlD0L:EaEFdOpHi/9L6fIIL
                                                                                                                                                                                                                                        MD5:9776D5F2CC7EB70D9F884683D7EEF5CC
                                                                                                                                                                                                                                        SHA1:598977D0FF922A1DF4794E89052E95FDF841EF0D
                                                                                                                                                                                                                                        SHA-256:71E20EA248C9E4BA3969EF99475978B93CACB3902BAD0AE856197D6C5B5805B9
                                                                                                                                                                                                                                        SHA-512:86887EAE9BB93E1332FD94BCF98FBA2BB18C5C3BB671F87C3746ED97DEACCF58C2109DB0B3C9141563F33AADB482300A6534ACD6FDEB562E1EEB409418A45C10
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................7.....@.................................PE..O....`..x............0...:...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23184
                                                                                                                                                                                                                                        Entropy (8bit):6.842912642172639
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsP:FOAghbsDCyVnVc3p/i2fBVlAO/BRU+pX
                                                                                                                                                                                                                                        MD5:16737B9D9DBA4E2D85B9C98379E3D04A
                                                                                                                                                                                                                                        SHA1:4BF9E51BFE7BA6993A2D4A590B4A7872EA650DF1
                                                                                                                                                                                                                                        SHA-256:25DC1EDED1EB569B6A423896506C13474E2732118B3F3BEE1D1DCE4A76EA5A4F
                                                                                                                                                                                                                                        SHA-512:2446915FEA03CC008EEB996735403CAE9ACA12DA23211EFE802F882115F60C3FA68D46690E40FF83B092F758800E2800D5F47A2A8B523DC53286E29B863EC6BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ...............................g....@................................. 5..O....@..P............ ...:...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.996432897343726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:u7W6RWhrjP9Z95Xa/rl9qX2Ip4XTjdAA1m5wMT9YMWuuwcNA5DCUCT:u5CHRKrLy2Ip4XTxf1mlTAwcN+GUA
                                                                                                                                                                                                                                        MD5:686EED1A62C5D0790DF8E4BB44FC7F7B
                                                                                                                                                                                                                                        SHA1:4DC98B4B3B3215ACF736737C74931BF97B9F3586
                                                                                                                                                                                                                                        SHA-256:8E9A766F5C6B7F67562E33AE7E8EF753049C09DD669E8CC40EB94887FDB23B94
                                                                                                                                                                                                                                        SHA-512:7270831B80389F0ED6D4F7F0A865106DE83B94018CB20FC84EBF56CACC37C0A1B023D9A90BADE1F9A8000A00316AE5236AE0FEAB901C2313613A1C33207F9411
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................|.....@.................................T(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.042668418966383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7I5HeWFwTBsWerjP9Z95Xa/rl9qX2Ip4VLZCjdAA1m5wMzsPuI:7I5HFwTBUHRKrLy2Ip4XCxf1mlzz
                                                                                                                                                                                                                                        MD5:90D3BEE58A0AA90CEFDEF09FE7D98576
                                                                                                                                                                                                                                        SHA1:34C517B1CB91281CBAB1253624BB9EE23984E96C
                                                                                                                                                                                                                                        SHA-256:CE53C0656DE14AB215AEAF436CF85CB056A89E8CFA5D3EE727444C80ED6DE8F7
                                                                                                                                                                                                                                        SHA-512:6E432D68B80AA461077617EA093A817C9A4412C3E81E77307C96BD1122DA2759899F2D9C649F502A1CD0EA3CE7F0B1E2974370077F2DA3C0F3C9CEDD61F4C6B7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................\....@.................................|)..O....@...................:...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.017159903856617
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2AJpVWbfkBnWprjP9Z95Xa/rl9qX2Ip4wO6CjdAA1m5wMDBu/:2AJpWfkBUHRKrLy2Ip4wlCxf1mlD0
                                                                                                                                                                                                                                        MD5:36D959C16C2B02B04D2EA24CCE6752D2
                                                                                                                                                                                                                                        SHA1:039F9E9DD22BC55A3CB941E8BF0C1A9BF7A07B2C
                                                                                                                                                                                                                                        SHA-256:FA4B7BB60E6F8113FB04E7B14632ABCF302C8D2A356F290BE1014BAAE61E4408
                                                                                                                                                                                                                                        SHA-512:DCBC4F4F0097EE52CC3933B70907AD7297C897B1AE2958624001D62A647B24FE9DF6D3BD6432A87737F74D13DF8A0AF3D1DDE7D75CE06EB9720593F63B891540
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ....................................@..................................(..O....@..`................:...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25744
                                                                                                                                                                                                                                        Entropy (8bit):6.721365603948899
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:v1dyAqgQBfqyTBxHRKrLy2Ip4AzCxf1mlzzlZ:NdK1LHi/9AsfIPl
                                                                                                                                                                                                                                        MD5:8D2D51E700D8F12730189C49EB521595
                                                                                                                                                                                                                                        SHA1:B10D09CB5DC37F189151EE9294FF1A0B227117CA
                                                                                                                                                                                                                                        SHA-256:73555D3D6F3A7C735ECBE7B5B2C71CAE7E67B9D3020DCB1E3FBAC976E6310763
                                                                                                                                                                                                                                        SHA-512:9BF1FEF67B08F9331A976DD9DC0CC453333208AEA20EA213BDF50309B246CD587EABCBA10B39905FFA00CA2A3EC092914BAB4E9105AE293320A52802AE60478C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................W.....@..................................8..O....@..8............*...:...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.8634763704059285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWIrjP9Z95Xa/rl9qX2Ip4qLTjdAAV:csPMQMI8COYyi4oBNw4tB4HRKrLy2IpR
                                                                                                                                                                                                                                        MD5:0FDA1C1123E1440735B8CBF796A0FF90
                                                                                                                                                                                                                                        SHA1:A41A480D7ACF146E1E772090A097BF84F8A37D4B
                                                                                                                                                                                                                                        SHA-256:568AE987E24F0494BB782F24BA19E43391A835877C48B6E6DF32B7F9D46AA465
                                                                                                                                                                                                                                        SHA-512:F8AED32FFBCC9C43F08DBBE1B89D2E14FF5443E0A4BC340E8A846AF6C19ADFC468CB99D301520FFD8BE6FAE1B37943265955E4109BD788C8D8DF008F5E1E3B37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ...............................M....@..................................3..O....@..............."...>...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28296
                                                                                                                                                                                                                                        Entropy (8bit):6.535649241097432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4bhigwLAuZtM66g/Id7WVXW8rjP9Z95Xa/rl9qX2Ip4hCjdAA1m5wMDBu96:4bhzkKsHHRKrLy2Ip4hCxf1mlD096
                                                                                                                                                                                                                                        MD5:4358C0FB7A3830CB3C0F65734D54E5F3
                                                                                                                                                                                                                                        SHA1:FE56EEA28B06C67B6532923978BE76A6C9E937BC
                                                                                                                                                                                                                                        SHA-256:CE5AB73A3EE94E0D0A4A1F894885A5D7822386615A2E0DB08D4E09688C0CE306
                                                                                                                                                                                                                                        SHA-512:61BA825633E6319B6C13FB449607156DDEABC9D9627356999752D2E0966D0383581A707A75BA081DDEECA146FEEAC2AC448B9E8A25C5C9410FE09D74ADAE637D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ....................................@..................................G..O....`...............4...:...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Claims.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.01018265988071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bUcX6W9aWGrjP9Z95Xa/rl9qX2Ip43KvCjdAA1m5wMt+uKW2MDug2uS:bUchqHRKrLy2Ip43KvCxf1mltdKWNq
                                                                                                                                                                                                                                        MD5:B5CD3546FB5660E318C478AE5702BF40
                                                                                                                                                                                                                                        SHA1:DB237901029B10313A378683FFDDCB2984295A1D
                                                                                                                                                                                                                                        SHA-256:C867C08AF648A1D7978CFEC4D19FF22A939BE213684B3E688A2C6B1945533092
                                                                                                                                                                                                                                        SHA-512:46351689E7B16788DD331FAB0FA22DF47FC781BED8FEE89798B0DA27DCB27959F536B2A7D2F11F281D85AC63B9D63251E03C8E39C34B83F1E87F6C2EBFCD983A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................=...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46464
                                                                                                                                                                                                                                        Entropy (8bit):6.164766431431803
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aoBj7kS+8mjvHTeaWKs0Sd4eeaHRKrLy2Ip48TCxf1mltdK3N0:5Pmb9WKs0PeeaHi/9/fI/K3i
                                                                                                                                                                                                                                        MD5:66281C77E5AB5C7F86A5F917B88E30F7
                                                                                                                                                                                                                                        SHA1:3DCE110B186BBF31D7BF1C64C94F7D979027206D
                                                                                                                                                                                                                                        SHA-256:1D209584D163008919CD0BA26146C9591BB91592FA1EBA51B54A3B6213C9FABF
                                                                                                                                                                                                                                        SHA-512:0624C0A44F2D076FF772F8ED47C559C7AD55D0BCD909CC195819220E1E4549EB93D741C098173BDB0187B69F317AF693855C63E28910616E23450F46FBF3FBC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x...=........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.028815476254108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yTI2pWPzW9rjP9Z95Xa/rl9qX2Ip4KTPCjdAA1m5wMt+uKb2MDug246:yE3cHRKrLy2Ip4uPCxf1mltdKbNo
                                                                                                                                                                                                                                        MD5:DF4B7A795571B55CE86F74A1C08249BC
                                                                                                                                                                                                                                        SHA1:9C8A478BE482094EB3AD4543E0239635A5F5A581
                                                                                                                                                                                                                                        SHA-256:496BE8AD65B5EEA31BDEDDC4284990D14988A9DA7CC9B19EEBDEBD034FF53022
                                                                                                                                                                                                                                        SHA-512:5910A7AEA09BDB2F3D6AFFEE9134ECEDAAEAC182F16E715FDC1FE9E890448DD938DDC9065AD36C7E6D852662FB62A5ACF83834BD125F6AB22F8D944A901AC6F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................nz....@..................................)..O....@..`................=...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043203018042703
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ucezoy4W04WoFrjP9Z95Xa/rl9qX2Ip4sQ8TjdAA1m5wMT9YMWuuwCNA5DFpk:uBzoy+KHRKrLy2Ip4sQ8Txf1mlTAwCNP
                                                                                                                                                                                                                                        MD5:1E2909FF20B8D95495308530A1A13676
                                                                                                                                                                                                                                        SHA1:3B72EEEE7D42BE66AC3BB7C1E4622A0DE2EE86B6
                                                                                                                                                                                                                                        SHA-256:C2714DFE9E5C9ABF062FF2F74E4671A7104962BCC707668537927F6290E6D00F
                                                                                                                                                                                                                                        SHA-512:96C5617BCCA5F39E92174337C3D03637FE56F2572DCDD7BA945CCA441AC5377C1CA87597524D0E52050EAF647BF1AA4ED26EACF1B06B1321C5C89E31DB5EF706
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ..............................p.....@.................................,)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.961404899955368
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JH/JWKpWFrjP9Z95Xa/rl9qX2Ip4xsxTjdAA1m5wMT9YMWuuwUNA5DQITB:JH/jOHRKrLy2Ip4exTxf1mlTAwUN+0M
                                                                                                                                                                                                                                        MD5:BC8A91C10FD4A5429AC54A015921A4C4
                                                                                                                                                                                                                                        SHA1:A85B915FFB5104CEBDE7D1D26FD646F09629CC44
                                                                                                                                                                                                                                        SHA-256:CDDA0D36EEC0BB62393ED72FA43D1BD5C241B2222E052AFDD070007B4B04ABF9
                                                                                                                                                                                                                                        SHA-512:270D7AD50775FA2FE50DF06C204562E61D323011828B534887F0EB83ED7BA20768B9964205C4121A9EC97F1A4F97C42B9E3BB6222202A308D1CC1BAF0613FB26
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ....................................@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.900106811884281
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sTjbocNsWMhWbrjP9Z95Xa/rl9qX2Ip4uux6CjdAA1m5wM36QNuZLL5:AboYyAHRKrLy2Ip4u46Cxf1ml36QgZH5
                                                                                                                                                                                                                                        MD5:A471FF1F9125DE39B50573F7803AF769
                                                                                                                                                                                                                                        SHA1:75F39916F239075C34470A2BB730FFE9DE14438A
                                                                                                                                                                                                                                        SHA-256:9647FE75BB47364CEA56B78828840E8752482A7D83BB369771681B5E3810387C
                                                                                                                                                                                                                                        SHA-512:8209F8FFC6DE5830092876360F6A4DC0107EC8748808ABB49FC09DE73B78B5D028A0A26CACF921D85349532160643F0907CFABC8967DF12F55DB861CF75E310F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ..............................k.....@..................................-..O....@...................:...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Principal.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.9886717572167285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ISKiWIhW5rjP9Z95Xa/rl9qX2Ip40Z+566CjdAA1m5wM36QNuZLX3:ISK8iHRKrLy2Ip40ZA66Cxf1ml36QgZ7
                                                                                                                                                                                                                                        MD5:540D04AA9B9CA639DFA78EB6BC11E195
                                                                                                                                                                                                                                        SHA1:78530FA7D8A68F67145DC2B98604E871AD411228
                                                                                                                                                                                                                                        SHA-256:C882A29AAB3E323719D129D9E75FB878DB909A3F2AB76D65C5696459B01FE90B
                                                                                                                                                                                                                                        SHA-512:18DAF10638A899552B80AFEC035EA0BDC03CA65963336896002AC415826C5C1004D5C7617599338DE50F9266D6AC75117C1B8A2606E88A28B3B488C878F176DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................t(..O....@.. ................:...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Security.SecureString.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.952579369169005
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M0KbZWApWmWTpWNrjP9Z95Xa/rl9qX2Ip4DTnTjdAA1m5wMT9YMWuuwVNA5DyOI4:DKRyiHRKrLy2Ip4DTnTxf1mlTAwVN+uQ
                                                                                                                                                                                                                                        MD5:C22EFC2F987821406E7F39E6432DBDF5
                                                                                                                                                                                                                                        SHA1:BC2CD24C4578EE3E7BDBE524D7703583F1D4B70E
                                                                                                                                                                                                                                        SHA-256:11C03D5D29516D82FCFC512777AE49D9B5594FC48F399CC5198D21C251F8B9D3
                                                                                                                                                                                                                                        SHA-512:2AAD2733729E58BF4D7A7EFA8B8B5B97ACA49C453C9272CAF7E85474731CB0EA29E8BE04DE47F22CCD3458AAF25FE70D7504C8DE916682941CF14AFB600C056B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ....................................@.................................>)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.01078174815367
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xb1nWCXWzrjP9Z95Xa/rl9qX2Ip4yCjdAA1m5wMDBupe:17yHRKrLy2Ip4yCxf1mlD0pe
                                                                                                                                                                                                                                        MD5:5177EDC078028D8E88FA55A3960328F2
                                                                                                                                                                                                                                        SHA1:19D84FDFF5B3D1164A7AF7CD53B1DD7A285A3224
                                                                                                                                                                                                                                        SHA-256:320A063AA8FF50E6684BAEA892F023AF5DD7B4B33B1E3ACEBD5E47DD1F778D97
                                                                                                                                                                                                                                        SHA-512:F83871D0BE1F5A598A2E9A88DD4FCB648FBA2997DDA981150827F02331929D50BC067F4543A9FD476384919AD3302E0A7858BC2C93181B27CF2D4E73D9B94A2D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................Ky....@..................................(..O....@..T................:...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Text.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.933857173145757
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:YxyW7TW4rjP9Z95Xa/rl9qX2Ip4HjCjdAA1m5wMDBuS4:+fHHRKrLy2Ip4DCxf1mlD0S4
                                                                                                                                                                                                                                        MD5:E92883D9D3772678F18EBCACF8DE60C1
                                                                                                                                                                                                                                        SHA1:E12BB87179A5F5C3E78C8A883C430C9E53A5B464
                                                                                                                                                                                                                                        SHA-256:7ED94887C9F14C1032147C9EAF993EDF9B5F40532A888A889E1E6A1AF353B842
                                                                                                                                                                                                                                        SHA-512:8AC6D6D20D2F2CE74E1AF5CA157E381CD4507605C5D0DB92829654CC07A5BB37684609212EF3D7CA7B5D77FDBCD085E0E9E873EFFFE497726B5FB41E94F25910
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...................................@..................................)..O....@...................:...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043584942077097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fd6Rb32WVzW5rjP9Z95Xa/rl9qX2Ip43chTjdAA1m5wMT9YMWuuwmNA5Dk:fERb3dkHRKrLy2Ip43chTxf1mlTAwmNp
                                                                                                                                                                                                                                        MD5:A9822B47A1E850BF593CB61B4B0DA6A5
                                                                                                                                                                                                                                        SHA1:443308B64C9BD1B24DEF286F5D118B5D4D46A59F
                                                                                                                                                                                                                                        SHA-256:0E276865A2877403DD7C8DF94F9AA7CA15A5EE49A3FC7A9A866B9CAB7E1198F8
                                                                                                                                                                                                                                        SHA-512:930D3CC22411665E36A789000A5F45679E1E9CD5D9BC07863DFE777C7A7A9CF36932AF79D8FFFDB2A01C2EC3B2F609EDA6D3AD96EEEF0684B3C1AA399638BB42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..P................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36496
                                                                                                                                                                                                                                        Entropy (8bit):6.692065690331391
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ou5I+sqOylryry8qqIfUc7a5AHRKrLy2Ip4d6Cxf1ml36QgZx:oYIVBpry8qqIfUcm5AHi/9xfI5g
                                                                                                                                                                                                                                        MD5:928FFE2B02C8C07B69B235D52C179EB1
                                                                                                                                                                                                                                        SHA1:766DDE57768588CCAA43602E57B0F46E1608AB82
                                                                                                                                                                                                                                        SHA-256:71C1DD3E2683D124B65237376FB4DF2D6FFD85079038FAAB827C281DA69A6D69
                                                                                                                                                                                                                                        SHA-512:2E2EAA3AD7F167E6E412DC9AC04B49409FA4F297710DC4A1CF9BAC152C7561CCC31D99E0DDFF5CA423298F0A69F0D59F55B6AF34251D7279F910BC179DDF99F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ...................................@..................................c..O.......x............T...:...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20880
                                                                                                                                                                                                                                        Entropy (8bit):7.0167424902341216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xvn4HREpWiQWdrjP9Z95Xa/rl9qX2Ip4TFqjdAA1m5wMcJcouCPiK0z:uShHRKrLy2Ip4xqxf1mlcJqCPm
                                                                                                                                                                                                                                        MD5:0F8E8070A4B0B55480AB85A85EB22B9D
                                                                                                                                                                                                                                        SHA1:B60E58FD0ECED6BFDB7CF2441EAE88EE6A6FAEAB
                                                                                                                                                                                                                                        SHA-256:E72C6D3A7E9E23C0D6332AA4CDB8140E127A7913484E8FFB6CCD384491BC51D9
                                                                                                                                                                                                                                        SHA-512:903731D067496952B5582A5839491B36C90A9BB21E50BB70130288D4AFB50628A1A0D4AB9DAE7F0121E9A14C923A4D98B4B02E31E0985BA85A0042983853F879
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..P................=...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.925388301948598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:M8MjKb47T3UCcqFMkJ59WdtWhrjP9Z95Xa/rl9qX2Ip4PJCDCjdAA1m5wMDBu/:9MjKb4vcGdOmHRKrLy2Ip4PyCxf1mlD+
                                                                                                                                                                                                                                        MD5:B09E7D715D06FEBF8F0731AF593B2151
                                                                                                                                                                                                                                        SHA1:16966B4503352D387EECDBD358CB77ABF55960B9
                                                                                                                                                                                                                                        SHA-256:767041162E62EB43DEAAB00F6D4E79890C15D7D3B2150CABD48948B51D0D37EF
                                                                                                                                                                                                                                        SHA-512:CC60BA9571F1BC3EF4604C15864A6A27EC87DA519E0F636CF9B21F1200E0D06D84A76331196EAABBC5BFCCBC43E8BFCA8FCC31105639C0E849CD94C0AD9C38F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...................................@.................................`,..O....@...................:...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Thread.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.001945686038119
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fzyNXd4+BW6FWbrjP9Z95Xa/rl9qX2Ip4j93MCjdAA1m5wMDBuh:ezMHRKrLy2Ip4qCxf1mlD0
                                                                                                                                                                                                                                        MD5:209FFB98068B9A091F03DE3EA4A02A83
                                                                                                                                                                                                                                        SHA1:CB7DD764550163D9F8D156CF9565CC1071CF05DA
                                                                                                                                                                                                                                        SHA-256:5961BFBC94256103198F867E0F0A22A2EA2039B572F81FE8B75168DD7225EBBD
                                                                                                                                                                                                                                        SHA-512:4FBB9DF6CA43D582B18E28F8F0C10C1189E59FDFB18F87FEE24E49E8BA446AFEDE56F409F9A49B09A7C127CE54051384F8335217E2844B3A9108AAD9CF20C472
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................I....@..................................(..O....@...................:...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012131761847572
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pvs2Q3HKJNrWWRWErjP9Z95Xa/rl9qX2Ip4Jy714TjdAA1m5wMBq5ul09vfh+JVI:puMRHRKrLy2Ip4JI4Txf1mlBqsqv5
                                                                                                                                                                                                                                        MD5:A32EADC37E0A1ED37FEC41FC2E045CFD
                                                                                                                                                                                                                                        SHA1:4BA3FFE3A6FA3DA342CE83F5AEF5CBAC86D2311E
                                                                                                                                                                                                                                        SHA-256:2039B9EC93FA1251E5DA3E1A2B96B8F3450B01C44413EEFBDD4BC455274FE354
                                                                                                                                                                                                                                        SHA-512:5F158EE1C682E0670CCAF2A7FC44693492A9D2A46A73E5BADCA3B2999F19B08F89C8CD210E3C0665FFFDB1527ECF2D125FB4CC07F9B6BA34BDC9CD1EACA50B51
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................p.....@..................................(..O....@..4................>...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Timer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.9924618472479105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xFz0Q6gcqRhcsMWdMWDrjP9Z95Xa/rl9qX2Ip4/bVTjdAA1m5wMT9YMWuuwmNA5k:xFz1c6THRKrLy2Ip4DVTxf1mlTAwmN+k
                                                                                                                                                                                                                                        MD5:3A428C73A353ED7509FBFB4942604D72
                                                                                                                                                                                                                                        SHA1:D807D591C8257C0FC1EC8F4FAFD403447A164C22
                                                                                                                                                                                                                                        SHA-256:74CF34024678952427D238FBF286E1D3A53C81E4ED3F8FBB6651356A3D1A8D01
                                                                                                                                                                                                                                        SHA-512:4D0E9F3E7C11727260AD2628CC42274698474E45EF2AD63FF98938E90230F4ABBD3BF4A95A647443A24CFB63377FB6EB69F1A06F7E832FD36EDDB49079AE2845
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................L(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.912168734049125
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:z6xWA3W4aW/NWUrjP9Z95Xa/rl9qX2Ip4bTjdAA1m5wMQhKuVd4m5vZqIcNOE:zaBJHRKrLy2Ip4bTxf1mlQh5Vd4m5ExT
                                                                                                                                                                                                                                        MD5:DA0A017A7B27E4E070FC451B78509F12
                                                                                                                                                                                                                                        SHA1:770C7BBDD3579F4C0C4A7E0747A2CCC0C3F5F740
                                                                                                                                                                                                                                        SHA-256:7DC2B072A5431B0CBF5F7DF8B19E0A4CAFC43ACDDD3EBA0F8E77D3B87161FC6A
                                                                                                                                                                                                                                        SHA-512:49AE7C5849A2ED81A32FDD06DCCC78556AA2F695BDD4062F9C090330C49B0698178B68B5DF1268280A3C5D7DC158E3FCABB3C2F7A7D64B4EAE0747B217BADAB0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):78848
                                                                                                                                                                                                                                        Entropy (8bit):6.068451904343695
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:QIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh79xHi/96m:QIuAaGbeGq5rKASI0ICh9fG/
                                                                                                                                                                                                                                        MD5:497DBE1C655A103B64BF60DD1B9742DA
                                                                                                                                                                                                                                        SHA1:739CAA4AA085FE23B4CFD24CCFF12D9578EDEB5A
                                                                                                                                                                                                                                        SHA-256:C80225BBCF11FBF421DE9169191C2316C96B9E5858C0B2749C53EEEA8993148E
                                                                                                                                                                                                                                        SHA-512:093C06FB355BC5CD8148332689C183F80732960D88647D0A75E3CEE234A2B83C55235F100D23748B8BA6748736DEC5D8A465593642EB92EDE4EC1F214EC84A84
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............~.... ... ....... .......................`......Ja....@.................................,...O.... ..x................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B................`.......H.......................d.......t.......................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o...........o ...........o!........*...o"..........o#..........o$...........o%...........o&........*....0..L.........o'..........o(..........o)...........o*...........o+...........o,........*.0..Y.........o-..........o...........o/...........o0...........o1...........o2...........o3.... ...*....0..k.........o4....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21400
                                                                                                                                                                                                                                        Entropy (8bit):6.994018550233344
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2r97WquWzrjP9Z95Xa/rl9qX2Ip4o9mqjdAA1m5wMRv3cquhqjlLBd:2RJBHRKrLy2Ip4Hqxf1mlRv3cZhqj
                                                                                                                                                                                                                                        MD5:E2143D1AA04BCC81A1079CC3D502C85F
                                                                                                                                                                                                                                        SHA1:60D8889978337C74D9CDB209EC50DFFC79796C68
                                                                                                                                                                                                                                        SHA-256:AB28A9025F8537F3ADC4673F5D9DA769C688AD14DBBFF9C2022B99264C360A05
                                                                                                                                                                                                                                        SHA-512:0FAC48EA0651D638416019540EAE37C349C4DB25BB2075C13C855B60A4524DC51E001B23A0559ED56CCC81FED9141E4FB6D8E5AEFD1D00DEB9EBA29AC3567FDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... .............................../....@.................................\+..O....@...................=...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.966463595778793
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J16eWLDWxrjP9Z95Xa/rl9qX2Ip4XTjdAA1m5wMBq5ul04vfh+Yg2:L6LgHRKrLy2Ip4XTxf1mlBqs3v7L
                                                                                                                                                                                                                                        MD5:6A2A6B51A7FA9D5D06FA735E70E40BF0
                                                                                                                                                                                                                                        SHA1:C5BE68952FE78208F1A8E306A556E96C4B190C93
                                                                                                                                                                                                                                        SHA-256:A08770C6344602101FC611FED68F71579FD06CB7823ED8FEEBC511B1D1AE4150
                                                                                                                                                                                                                                        SHA-512:C341134693BCAF3F13979AA5DE59508ED64E1AA3674572FEAD41E20320BCA8FFFC27BED3EA1874AB898E540B5CFCE016DDD1A3B520A55D3E16A7EBCAE65F1AF6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@...................>...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.952372708304721
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:D8G4YC2W+wW8WpwWJrjP9Z95Xa/rl9qX2Ip43dTjdAA1m5wMBq5ul01vfh+Z92:gGZ5JHRKrLy2Ip43dTxf1mlBqsOv8Q
                                                                                                                                                                                                                                        MD5:CD4894F1E77B8A9EDEDF5CD9775001CD
                                                                                                                                                                                                                                        SHA1:B3CE1EA8BD191F5CC34512D832A3A2D9EDB51811
                                                                                                                                                                                                                                        SHA-256:E9BC548E0052F85BD3D2E640987905404E2FE27F8A31D90648192937A4E9E4D1
                                                                                                                                                                                                                                        SHA-512:A5D8B5E9B66F3967C2192180938658B44CAA29B4D83E84D39B104A8DE8951B922A545712BAD0265E607E5EBBEDDD09A7FA837E13A893592FC370C25FEE604189
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ..............................k.....@.................................z+..O....@..x................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XPath.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.0376762989157
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:D6ziqTEkGWvRWZrjP9Z95Xa/rl9qX2Ip48JETjdAA1m5wMQhKuVdAm5vZczsoJ:DYT1eHRKrLy2Ip48WTxf1mlQh5VdAm5E
                                                                                                                                                                                                                                        MD5:00BBE6D832B673963EE8BC6404CBB1DB
                                                                                                                                                                                                                                        SHA1:05E1CBBF4D9774EF62A61BAB601F2EDA1E72DA0F
                                                                                                                                                                                                                                        SHA-256:3BF178AA6FDC46926C574D3F307B30EBE87D4481C7400EF527E1BD0D4DF7DF91
                                                                                                                                                                                                                                        SHA-512:4C20639B211264009A83BE85D28CDF21A553DB3E2BFDE04EB716C9C1C082D37E23E95E197BFF0C0019429A44C22997CC6AAC44A72D4371D2E82BD6A56B1FE176
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................TJ....@..................................)..O....@...................>...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.975166502138063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0Uv7c7iWNCWjrjP9Z95Xa/rl9qX2Ip4TTjdAA1m5wMAvru4LTXZIjNJ:0M7c1tHRKrLy2Ip4TTxf1mlA6KZ8
                                                                                                                                                                                                                                        MD5:2F66F0F5AD5EF1F67F0D6096BF10A553
                                                                                                                                                                                                                                        SHA1:8AE3D7E780EC9177073D618F28D5DE7A1211CFE0
                                                                                                                                                                                                                                        SHA-256:FD46E5FA1C263C127BF8386A53D457A2E1619AD15A79EC0DB6CC956D5925CDD0
                                                                                                                                                                                                                                        SHA-512:26E0788910E6417919306F47C3A1590177A3F0403EE28EC869280D94B8839A2EE1401C41EEBA33555405C99ECE686785337BBB3EDC73F8D34E703F5F9D079806
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................>...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21392
                                                                                                                                                                                                                                        Entropy (8bit):6.998832177906868
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iSWnRWLrjP9Z95Xa/rl9qX2Ip4EeqjdAA1m5wMRv3cquhWjlLo:izcHRKrLy2Ip4xqxf1mlRv3cZhWjW
                                                                                                                                                                                                                                        MD5:BEC0755730B206089B82B42109DC0A6A
                                                                                                                                                                                                                                        SHA1:57FB2797D73991F48A5ED1211BED5B7AECE85803
                                                                                                                                                                                                                                        SHA-256:071AC56D8E9A64A1C1E32DCD0880C5E328BE47050DE776323BEF6F70FA0AC487
                                                                                                                                                                                                                                        SHA-512:936F3DDA594D4421A61B12C58C4A0AAF4FAC3A9EF8DA7131FBF763461D5C74C991DEED5A2F21063B40A6978CDF72D470604D95D421EF1AF38185C80FEB74633C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ..............................%.....@.................................L+..O....@..$................=...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\TraceReloggerLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23040
                                                                                                                                                                                                                                        Entropy (8bit):6.947773246140973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aoMeAKyr1jSC6rrjP9Z95Xa/rl9qX2Ip4STjdAA1m5wMBq5ul0Rvfh+q:aoMbKK1OBpHRKrLy2Ip4STxf1mlBqs+f
                                                                                                                                                                                                                                        MD5:4CD2BE5105CD5E9AF7D4BFFF40F99B6F
                                                                                                                                                                                                                                        SHA1:B0B83308D8007A7B1FD9EFB4D28373B532C713A2
                                                                                                                                                                                                                                        SHA-256:2A9D8653F09B4FBA3A39E03FECB6C2D1747813D8051C0F9060EE81B62C082DAF
                                                                                                                                                                                                                                        SHA-512:329CB6AEBA3DFAB79806075D0C1255CD53EA8A2D8566F2E3A16ECC3C04D3301702485D292DE30E3D262A282E64B00CE56950A13AEBB3CDB7AFC8F906E4881F88
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.NZ...........!.................2... ...@....@.. ...............................~....@..................................1..S....@...................>...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........ ......................P .......................................t..Ar..(9...8.7.Y*(...x.R.[#.e..3.A.8]...a?..o...W..%...,U.8Rn...^..?N ...0....f..X...G.P..Z.X.....ih.Du.UPxSh.............BSJB............v4.0.30319......l...h...#~......d...#Strings....8.......#US.@.......#GUID...P.......#Blob...........W.........%3................)..."...'.........................................p.........).....L.....d.....r............................................... .....5...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\Uninstall.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96000
                                                                                                                                                                                                                                        Entropy (8bit):6.9811464858641346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:OsuNLvSFVVeozLpPu0jgbWjjWcJorX/wC/wPqaWVxEdHi/9NfIc30fP:O1NjcVVnLpPun8jvqPw5fXPH
                                                                                                                                                                                                                                        MD5:5D58234A8024444C73B39CEBB62BD3BD
                                                                                                                                                                                                                                        SHA1:0667616E58B31F72FE95EA59B6092D68B747B014
                                                                                                                                                                                                                                        SHA-256:400C678A095C17DE027DD6A878267A23CD14BF7428FA9CEF106B9E846FFCA346
                                                                                                                                                                                                                                        SHA-512:2DBEEB5628EDAA3C7BC2D0104B07CE16E39FE27027E823C4F645A603C447C4D67CCC4EF43DE4CA28D946BEAF18B9FC96666464F58694E17CD6969AF7D91498C4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L....Oa.................f...*.......4............@..........................p............@..............................................m...........9...>...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata...P...............................rsrc....m.......n..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\amd64\KernelTraceControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):234496
                                                                                                                                                                                                                                        Entropy (8bit):6.308803769130203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:+X5gE72vcK8s7pTxEl7Onygi9wDO4z4WSYB0JuPrOAjT//P2jVFU10xNA:+XX20y7HNz14RU0J/AL2bUqA
                                                                                                                                                                                                                                        MD5:BF3E4DEEBA78482CF19018DD55751642
                                                                                                                                                                                                                                        SHA1:9166B4449953624995004544326CBDACDE285E77
                                                                                                                                                                                                                                        SHA-256:E172168748E0A2E7B2582F3E941E7262A366D8B292B6C2FDA3B6ABDA3DF1A455
                                                                                                                                                                                                                                        SHA-512:D012A20926A6EE5DD54227CEA9EA0E51CF2A40DFCDC4146E99482A8747E18BAFD615C4CCC72373A47D050062CAF5EC7744BC174EF0DEE104E329AF631F3702D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>..jz..9z..9z..9.$b9y..9.$a9w..9z..9...9.$|9i..9.$}9{..9.$d9l..9.$`9|..9.$~9{..9.$c9{..9Richz..9........................PE..d....S.V.........." .....l...........H....................................................`A........................................ %.......%...............P.......V...>..........p...8........................... ........................$..@....................text...5k.......l.................. ..`.rdata...............p..............@..@.data........@.......*..............@....pdata.......P.......,..............@..@.didat.......p.......J..............@....rsrc................L..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\amd64\msdia140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1692048
                                                                                                                                                                                                                                        Entropy (8bit):6.326801866800496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:x+8Gg7kWyJnk8kvXfX+WquRLvbKG5pkKMV2Dzbcn3P88/UTlXe:x+bWE+TvTRLv/y2DzbcnU8/UTw
                                                                                                                                                                                                                                        MD5:B0B902CF5B6F147211370A7BC97765B4
                                                                                                                                                                                                                                        SHA1:1993129A785CB3C99F80A948D2FA75DA454D4E85
                                                                                                                                                                                                                                        SHA-256:9418B43B8F26DEF716E15EC9138C49AE4DF08306F9D1FF4C65455F2A729715EF
                                                                                                                                                                                                                                        SHA-512:E556BFD25A6B6AB9E1FFEA82CB5D4813B4BFE8CF90C77EC154D6295AD257625FE431A303185F3CAC5271583881F500869478CD6AD6268D938C9F35ACEE7B4E69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:..si..si..si.3.i..siS.rh..si..wh..si..ph..si..vh..siS.wh..siS.ph..siS.vh.si.3.i..si..ri".siS.{h..siS.sh..siS.i..siS.qh..siRich..si........PE..d....8.^.........." .................b.......................................0......}.....`A....................................................<.......x................=.......H......8...............................0...............p............................text...~........................... ..`.rdata..\...........................@..@.data...(........b..................@....pdata...............,..............@..@.didat...............8..............@..._RDATA...............:..............@..@.rsrc...x............<..............@..@.reloc...H.......J...J..............@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\amd64\msvcp140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):589824
                                                                                                                                                                                                                                        Entropy (8bit):6.46320033169136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ut8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3HC:uCMm9pyp35bQEKZm+jWodEExi
                                                                                                                                                                                                                                        MD5:6BA8C51379494D612E4EF69550A6CE8C
                                                                                                                                                                                                                                        SHA1:2D642A9FA5C9435E43D009C8734E0FDE44327C29
                                                                                                                                                                                                                                        SHA-256:F832E41CC246B1037289D731804D2207837E8B8D0385F357B1A7592E94308932
                                                                                                                                                                                                                                        SHA-512:2426DD48264F6C0189C5A840B6F11DC877C9096472A50C267EF52125A39011DA8D4D755572CCC71B77D6701359A7364C95BB3473E2BE49C2FA32EA861E81A389
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n...*...*...*.....w.(...#...<...*......./.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;.......>......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):99984
                                                                                                                                                                                                                                        Entropy (8bit):6.5538732748545305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Xy6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bnHi/9vfII:XlXfRXqQw+PHLrCZh9xecbStV
                                                                                                                                                                                                                                        MD5:6430909108F315614AB8C02265ECF041
                                                                                                                                                                                                                                        SHA1:7BD0CF29CB2D17E730170F8264CCAF90ECB662D4
                                                                                                                                                                                                                                        SHA-256:27DD79BD367559A0DE592D33B015F7204A9C4483192BFAACDEC9DE07BF460FF2
                                                                                                                                                                                                                                        SHA-512:A1313FB85EC019AADF1BB449FA333B998D1813D54A037CAC06F9CC37A50F6C70D8F41B434AFCD51A7B97BAC43C7F291DE5111C2D787352207A6160D4FF9234BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... ................................................P....`A........................................`1..4....9.......p.......P.......L...:..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):43520
                                                                                                                                                                                                                                        Entropy (8bit):6.64690620367382
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8JnUUV7xPg4RdPvv1DHkhh+JHRKrLy2Ip4eTxf1mlA6qZe:8aY7XN7I+JHi/9+fInqM
                                                                                                                                                                                                                                        MD5:3382104CEE2BE75491991D2631EC056A
                                                                                                                                                                                                                                        SHA1:8DC3AF340121BBFDC69CA2E04388CBD1E37DB5EC
                                                                                                                                                                                                                                        SHA-256:40147F671339275AAF711388EEEB5F8F313864DEE717E099116085A57286CAA4
                                                                                                                                                                                                                                        SHA-512:EE613917FF5CD539E4B1526BE1CF48A6C478F0D72291865CC1167AA508DCAF017EE22226C1494D69CCD3513E9F4761C345BE8C5DAAE6B40B1C79CDC71D450C64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..j...j...j....l.h....y..h...cq..a...j...[....y..o....y..m....y..p....y..k....y|.k....y..k...Richj...................PE..d...Q8.^.........." .....:...4......pA....................................................`A........................................Pk.......k..x....................l...>......8...(b..T............................b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97424
                                                                                                                                                                                                                                        Entropy (8bit):5.617357157968208
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:x2Ec05j4eAH64rh5fSt5T9nFcI94W0Hi/9efII:glK4eA7mDmWJ
                                                                                                                                                                                                                                        MD5:D316F297D51844DB28FC96A847ACC05B
                                                                                                                                                                                                                                        SHA1:2A046FC6DEFE22033A76F2F6B18112738CBDD5C4
                                                                                                                                                                                                                                        SHA-256:057FF7A5BBDAA0BDD437D68FC9E0534CD0DFB42EB70DFE87AB864DC8EDB086A9
                                                                                                                                                                                                                                        SHA-512:C1DAC8920B7DB1B6AA13639DB223C4AA02594F7EB57810891C615B850A3C8CA4ADD9C5BF64B8AA8C28EE1528B3018945C72F850305BA8223577EAB498AF5E1ED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\EDR\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................u....@..................................U..O....`..,............B...:........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):177152
                                                                                                                                                                                                                                        Entropy (8bit):6.55862728173861
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:oSHreWE0uOeOyqN8ROsKQsN3gVTAg3mZtrOYDf1gwBvDO:fLeWEPOyqNnys+K1trOOSx
                                                                                                                                                                                                                                        MD5:27C1AC30C9AE3BD7665FB4648AC2648E
                                                                                                                                                                                                                                        SHA1:B07C7A939CA2ED27F3491835CEC2B5F4BAC9B25E
                                                                                                                                                                                                                                        SHA-256:86D05E66E4AC5DBC46BA6270E8A57B5D12E2E31D58A4ECE1BA95F3F381F6CCBF
                                                                                                                                                                                                                                        SHA-512:BD21AFE8BD5243934DF9CF0B04310DBFAB100F76AD17EEF7CA39D2D3C6FDCD9D071BEDBC947C52FD58457F1460715BE65E44B5D441864E2C82BBCF3B84D2C5CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.............!..0..l..........>.... ........@.. ....................................`.....................................K.......T............v...>........................................................... ............... ..H............text...Dj... ...l.................. ..`.rsrc...T............n..............@..@.reloc...............t..............@..B................ .......H.......Hi..l................~..&........................................(....(....*:+.(Ar.[.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.z.....0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*Ad......G.......Y...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsEDRLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1648784
                                                                                                                                                                                                                                        Entropy (8bit):7.665089270086584
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:YHRJ4hTCfcsbCQUVu1B/NwOBsG/F7vL6E7wFGk3OwdKZa1zBwSUnn3KNEIq5ZXta:E+TbsbGVWvBB/ROEA3FIUninM1q5
                                                                                                                                                                                                                                        MD5:3E7DD0248ABCB1B24AB54ED6E09E15FE
                                                                                                                                                                                                                                        SHA1:3513AE79BADEE569D8C6E0B459851C60FEA08F27
                                                                                                                                                                                                                                        SHA-256:765F56F16FA3E15069DD882A59BFD755CA14B123A287E0841596D3EC371AFFC5
                                                                                                                                                                                                                                        SHA-512:07816CAA3E2E62F10D40462B373D06567F8C012999D145BC0815A0DB3FE460F023EBBAC5254EE71073FDE5680BF721EDC75A9343B1105C00F4B31B3C991D0253
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRLib.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j.............. ..0.................. ....@...... .......................@............`...@......@............... ............................... ...................:..........^................................................................ ..H............text........ ...................... ..`.rsrc........ ......................@..@........................................H.......................B...............................................(....(....*:+.(...P.(....*..0.............*AL..........K.......@...........8...t.......;...............T...................*....0.............*AL..........I.......;...............z...4...;...........f.../................0.............*AL......p...F.......^...................I...;...............Y...................*....0.............*AL......l...D.......;.......................;...........2...9...k............0..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):163328
                                                                                                                                                                                                                                        Entropy (8bit):6.264821948719024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qeD9b8uzpNi8br556FpwsdxcNfBBFaS8o92WnTbEZBtQ3rvXeX:qeD184NijpTsNfBBF392WcBQC
                                                                                                                                                                                                                                        MD5:6B03DAEF1CAA676A0BC6E13B4BC8F89B
                                                                                                                                                                                                                                        SHA1:3985879BA05C56C0FA1839B569EA4643731A052C
                                                                                                                                                                                                                                        SHA-256:DF2B1F19DBCF4E1787AD625AE73D844B129D126661861971F8E13E794646906A
                                                                                                                                                                                                                                        SHA-512:741517162EC051D199CD69ED768D6FFE48C75ADBE1CCC06BE1272FE4C6A2C45B64414E84673B036B2BB85CF7B49175107AA03627ED216CDD2E79D47027A73166
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEDRSvc.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a.|...............0..6............... ....@...... ....................................`...@......@............... ...............................`...............@...>...........U............................................................... ..H............text....5... ...6.................. ..`.rsrc........`.......8..............@..@........................................H.......................(....:..+U.......................................(....(....*:+.(vlpI.(....*..0.............*........GU.J.....0.............*........LZ.E.....0.............*......K..f.............J.....0.............*.................0.............*.(....(....*....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..........+.(X...8........E........8....(....8.....(...........s....o.... 3...8........E6......."...................3.............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):334336
                                                                                                                                                                                                                                        Entropy (8bit):7.162095871589973
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UUkuU/9vnxhTmdaXlumDgLhhgV+AhV30ZwI+3U:tg9vn+dSBDahgEADu/
                                                                                                                                                                                                                                        MD5:C2538DD971AA2D4F2E863695FB4C585E
                                                                                                                                                                                                                                        SHA1:46B1814C5155DD5148DE7EB06D58B7AE2E5CD6AD
                                                                                                                                                                                                                                        SHA-256:D1781B732CDE702764A8007F76EE8CA0B464C4F4EA30A6E0C67AB562C9F509DC
                                                                                                                                                                                                                                        SHA-512:8587B2141F8A14235B9058EEA876A4202152AC79505B68C5CCEDF21265EC86CF732E769365F4CAE95E9C8B31C49DBCD48D302A8D2D1928E69B78D9B07866DA1C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...npA............!..0.............N.... ........@.. .......................@......p.....`.....................................K.......h................>... ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...h...........................@..@.reloc....... ......................@..B................0.......H............/..............'...4........................................(....(....*.0.............*AL..........K..._...;...................,...;...........]...V...................*....0.............*AL..........I.../...;...............j.......@...........8.......W............0.............*AL..........K...g...;...............p...%...Y...........;...b...................*....0.............*AL......Y...D.......c...................f...@...........d...L................0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.JSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):139264
                                                                                                                                                                                                                                        Entropy (8bit):6.18944717645377
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:f2DD4JcSb+rfzHr+fWPu0yHHFx9EqJvhSYNBcFFlngCTltxeR8LmsvDiHi/9nfIt:QP++X9W0gFx9B9N+FFhgCThLms7knt
                                                                                                                                                                                                                                        MD5:747A3CBD0A2B77BE3CF507BCD4DF1BDA
                                                                                                                                                                                                                                        SHA1:565EC03E0DC06B00C09E3890ADACA584871EB180
                                                                                                                                                                                                                                        SHA-256:263BC382848CBAE80BD641AA0654A23971E2887E07BC1D6F4182DAFF84C501C0
                                                                                                                                                                                                                                        SHA-512:661C6CD0CD4290C2D27669291A9CCD746C6E57A90CC753BE06DD9D55012F16119CEBE0E7D24352400FC21E5626D41AF79ABBC92A72245EA1AB5E6F3C368C31FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.JSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2............!..0.................. ........@.. .......................@............`.................................@...K.......h................>... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc....... ......................@..B................p.......H........_...o..........d....%..q........................................(g...(....*:+.(8L`@.(]...*.....*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*.................0.............*....................*.......*.......*....0.............*....*....0.............*........1E.......0.............*......&.Sy......B(g...( ...(!...*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*...B(g...(]

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):146432
                                                                                                                                                                                                                                        Entropy (8bit):6.2745753496402985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qmFLQiVm1Ie2cDQHOhsK21h8iFT9Z6avH6SCZlmm:zQwm1IeSHOeKmmOC5
                                                                                                                                                                                                                                        MD5:2487994259AE9E8166F22FE39790C671
                                                                                                                                                                                                                                        SHA1:09E1D13605AACCFC0F6EF3858AA53AE0135746B6
                                                                                                                                                                                                                                        SHA-256:4AD77036EEFF9E015C1E6FE1886A465845ADDBDB56AAF5ADAC238AD1CCB91AD3
                                                                                                                                                                                                                                        SHA-512:9A1C3D6A94C954C093547134F621ED69C897C08E3305409FDF3FB17ADC960A17EC03066005AAB16ECDA7F89A55B31FD1006EFA54E5C8C59375BEF05639937F59
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Loggers.Application.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.I............!..0.................. ... ....@.. .......................`...........`.................................`...K.... ...................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......pc...w..........$...q5...........................................(q...(....*:+.(..d>.(g...*..0.............*.0.............*........g..;.....0.............*.................0.............*.................0.............*.................0.............*........**.......0.............*.................0.............*........**.......0.............*.................0.............*........**.......0.............*.................0.............*........ff.......0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2261504
                                                                                                                                                                                                                                        Entropy (8bit):7.596639757213537
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wdm0hCMOJwV1isz+0DxhCHPpdiiobYCI8:w45HWgszsKQ8
                                                                                                                                                                                                                                        MD5:0E5519F6202594F1990CC0F623B43DEC
                                                                                                                                                                                                                                        SHA1:7845F116F5AA74F89A2AB1A9C0AE746E54250FAA
                                                                                                                                                                                                                                        SHA-256:6793F731558A2123E8031E511E9FCF680FB391604383E78C6FB29F132E0E75A0
                                                                                                                                                                                                                                        SHA-512:09139A5EE60309483219EEFA0C7C18659ACF7002B27993B5172BE19AABD7CE51013348AAEC2971F42C84517312A5BD3E318D94784C069AFDAFDFB19ABA088200
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsEngine.Utilities.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..:"..........X".. ...`"...@.. ........................"......."...`..................................X".K....`"..............D"..>...."....._X".............................................. ............... ..H............text....9".. ...:"................. ..`.rsrc........`"......<".............@..@.reloc........"......B".............@..B.................X".....H........L...h..............Jg...W"......................................(....(....*.0.............*AL......_...K.......@................... ...@...........]...V...................*....0.............*AL..........D...-...;...............j.......;...........8.......W............0.............*AL..........K...Z...;...............p.......@...........[...P...................*....0.............*AL..........D...X...Y.......................;...........h...m................0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):222208
                                                                                                                                                                                                                                        Entropy (8bit):6.786565578522807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qT4Ahf0UCXbEb89D4KT+/vi+55uHr3Yv+rDi8TV5l1mVb3OFZj:qTfLsbEKDY/3K3YkzTV5lkK/
                                                                                                                                                                                                                                        MD5:C6F7D6A83C38E3BA04C8CEA017B5BF56
                                                                                                                                                                                                                                        SHA1:4447ED64AD603FC438B9D2C67DC9DA6D33D01E3A
                                                                                                                                                                                                                                        SHA-256:69F0E9B57759CB06D79F6121311E768A87BEA1972344D7FBB6852B48D9FBCFE4
                                                                                                                                                                                                                                        SHA-512:3CA8067CA1E1F969B389E0EAC6D88CB1E8489E32CDBDCD778D8415DA58EBC15961D5A2878C4E8CC4F0BD84B7D2692CBD0D794D37FE6CFE8CE8BDFD0F7C7C31C2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\EDR\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...uM.............!..0.............N;... ...@....@.. ....................................`..................................;..K....@..D............&...>...`.......:............................................... ............... ..H............text...T.... ...................... ..`.rsrc...D....@......................@..@.reloc.......`.......$..............@..B................0;......H........~...............S......7:.......................................(....(....*.0.............*A...........)...1...:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*....0.............*....*.......*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\EDR\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1647616
                                                                                                                                                                                                                                        Entropy (8bit):6.5512299586037255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:IKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB2:IK3/z0hY
                                                                                                                                                                                                                                        MD5:221FB15A1D7C97DE76335176E6E44203
                                                                                                                                                                                                                                        SHA1:D73D7308497BC30471BD3ACA93868C7BAB9FF9DC
                                                                                                                                                                                                                                        SHA-256:BD91F6FD71B802815D563065AC0B43527D4CDF726E9BCCF98C52338A8067E181
                                                                                                                                                                                                                                        SHA-512:0B0AFF2B0B1D03C9006C8E2C06BB0F46F4CFE9FD003BE1744CA1ADFE8FB0357BA86A2E3D17476166BE31C5BD9B70CF975CC31A2745956A8D50D8D083516FAE7C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................>... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\InstallUtil.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsWSC.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1253
                                                                                                                                                                                                                                        Entropy (8bit):4.713861705385405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:Us43XVolmMY3ipNVeolmMYYNXpsgOhPs43XVo8mMYsipNVeo8mMYLNXpsgOhn:unV/t6e/85qnVgW6egT5c
                                                                                                                                                                                                                                        MD5:EC71480B0C9D97299779B9E2C9DF9EA4
                                                                                                                                                                                                                                        SHA1:0F751CE93B81D37C8C1E4685C603BCDF861CE95C
                                                                                                                                                                                                                                        SHA-256:B0F6C6CDECFEF54CFE75AF1EC9D1EBA67571B60350D3584301F9CE6523B55212
                                                                                                                                                                                                                                        SHA-512:FBA232399801551EB289849FD34C3D0C5970B37E3D2E346E8B7E179A522A37B08B96374DED76CDB563A93AA6B3862D56922D4534F6E0DFE5E580F6EA9245084D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files\ReasonLabs\EPP\rsWSC.exe assembly's progress...The file is located at C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files\ReasonLabs\EPP\rsWSC.exe assembly's progress...The file is located at C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog.....The Commit phase completed successfully.....The transacted install has completed.....Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe assembly's progress...The file is located at C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):342528
                                                                                                                                                                                                                                        Entropy (8bit):6.319695730516836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Bc4hrbRETiqEVVtrSiitN4J4RVk87Uo0zEWEpnSAJVGN937taTVD7zsih7Kn9s0T:uMnqEVtmLtRRVB7UoQI80zsihmn9dZ
                                                                                                                                                                                                                                        MD5:135353974CBEBF94B8BC48D682F8F5D8
                                                                                                                                                                                                                                        SHA1:0D8911EFA7759516FC80961EC42ED6E15764CEB8
                                                                                                                                                                                                                                        SHA-256:3DA6DB19E909805066BB41B1674B76B9B1946E99AEFDEE3EF96A0EE73B9914C1
                                                                                                                                                                                                                                        SHA-512:1896E77B05162F9624ECC2139866186260B1ADFB6A1918F04F9696DDE2E7B5B4C2FB64533C20ABC44EA0BC42AFED692381CFF956A458B1FB420E5B490F26F998
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\InstallerLib.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....yY............!..0.............N.... ... ....@.. .......................`......Fm....`.....................................K.... ..|................>...@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...|.... ......................@....reloc.......@......................@..B................0.......H........,.. 4...........`..Z...3........................................*..B(w...(....(....*.....(l...*..(....*....*..................{J...9......(.... .H.. ....a~D...{#...a(q...(....~....%:....&~......B...s....%.....(...+....(....9).....(.... 4K.V ..54a~D...{-...a(q...(....... .... ..va .U8Ca~D...{<...a(q.....(......r...p..s....o......(.... .M_. .t_.a~D...{7...a(q...(.......(.... .. i..VY 9..Aa~D...{....a(q...(.......(.... .q{.e ...^a~D...{c...a(q...(...... ...ze ...a~D

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Microsoft.Bcl.HashCode.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.760851730168963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:4v6lknrJ93rkPKCHRKrLy2Ip4ZxTxf1mlA6AZr:9m33lCHi/9ZjfInAh
                                                                                                                                                                                                                                        MD5:ACB3B8B030A178D204A6C32414CB16F0
                                                                                                                                                                                                                                        SHA1:C7D1703BE7C2B6F0F327A4353C08285E3171567C
                                                                                                                                                                                                                                        SHA-256:19A884B8D348DBE3D90816052193A24D83B01FB1BD5D6540FC25EF1CC6993A8E
                                                                                                                                                                                                                                        SHA-512:6F7C05555319F3EC1C97DD4A7BDE0F6A42B992386BD8B717CEEA2A911F816DF70E5FC4B8873AB93D74A1D1D38AC7708B3D067D37BEE40F5AEA4C29A44E65A97E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E.&..........." ..0..............M... ...`....... ...............................+....`.................................jM..O....`...............8...>...........L..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H........,..|...........0J......HL........................................(....*^.(.......!...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..6.......(....-.(.......!......o.......(.....(.......,..o.....*...........+........(....*.0..............(.....*..0..4.............-..+.........o.....(.......X...(......(......*.0..U.............-..+.........o...........-..+.........o.....(.......X...(.......(......(......*....0..w.............-..+.........o...........-..+.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.FastSerialization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):80896
                                                                                                                                                                                                                                        Entropy (8bit):6.2332467019367135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:uGQVC/QSnsZIHMkJAsSQQ11pJXWmWHi/9wfInX2:uGkC/QXI/A6Q11pJXXpm
                                                                                                                                                                                                                                        MD5:CF1EDCCF60725C2F4BA3C1B87D8ED683
                                                                                                                                                                                                                                        SHA1:C1EB3691E4058A0FCFB2D5F27C515DD1D4199E4A
                                                                                                                                                                                                                                        SHA-256:5503DD2AB5C36751E2752FA790E73CC60A273872FA30FC6D2680C7D7377A8902
                                                                                                                                                                                                                                        SHA-512:13B7035AE83B4075150C41B8ABEF9463EE74F0C022AF1536C50CD990695C86768B93362E61D27981D9804D78B1D7AD8D0D075411FC54AA54B6028A03A9D940F1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3A..........." ..0.................. ... ....... .......................`......\R....`.................................W...O.... ...................>...@......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......................................................................0..(........._,..l(2...i...+...]-..*..X...1..*....*.0..S........./.r...ps3...z~.......+.......2..*..X....i2...`.+..(....,...Y.e],..*..X.. ....2..*..0..!.........Z.. ....6. .....1. ....*.(....*&.j.n\.jX*..0............nZ. d.jX.nZ. dm..*b.H.F...%.|...(4........*....0........................,..-..s5...z*Zri..p......(6...s7...zBr...p~~...(....z6.......(....z"..s8...*^r...p..(9...r...ps:...*:.(;.....}<...*:.{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Microsoft.Diagnostics.Tracing.TraceEvent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3168256
                                                                                                                                                                                                                                        Entropy (8bit):5.997335561761779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:82D77md4XviutkNNnh9k/kCC0Ps6MrwMvAcZU28MHAmXyFlDH3n9:3D7y4qutkNlICUTMHlXyv9
                                                                                                                                                                                                                                        MD5:6E70D569E1A4A1D8DFE4884286643C95
                                                                                                                                                                                                                                        SHA1:A90A5BF9D736FA595FEA49CDD5B4A644E1ED8A7D
                                                                                                                                                                                                                                        SHA-256:4DD85290401BD1F59BDF9157A74D0DEFF03755D1A0DBCC6E1DF214B618E64287
                                                                                                                                                                                                                                        SHA-512:7ED8E219DC80507300131CA0808BE5EA3EDD5E4966FB67DB3860A9CD48792AF15EAD9BE50C730A73B3323EBDD43832C0B033F546BAFD8CCAAD46D1401DFFCF39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........." ..0...0.........*/0.. ...@0...... ........................0......\0...`...................................0.O....@0...............0..>...`0......-0.T............................................ ............... ..H............text...0.0.. ....0................. ..`.rsrc........@0.......0.............@..@.reloc.......`0.......0.............@..B................./0.....H........j......................\-0.......................................{_...*..{`...*V.(a.....}_.....}`...*...0..A........u........4.,/(b....{_....{_...oc...,.(d....{`....{`...oe...*.*.*. ... )UU.Z(b....{_...of...X )UU.Z(d....{`...og...X*...0..b........r...p......%..{_......%q.........-.&.+.......oh....%..{`......%q.........-.&.+.......oh....(i...*..{j...*..{k...*V.(a.....}j.....}k...*.0..A........u........4.,/(b....{j....{j...oc...,.(d....{k....{k...oe...*.*.*. B.8' )UU.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.999968626712184
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UN9VWhX3WwrjP9Z95Xa/rl9qX2Ip4jcTjdAA1m5wMT9YMWuuwsNA5DuQ/f:4GrHRKrLy2Ip4jcTxf1mlTAwsN+iQH
                                                                                                                                                                                                                                        MD5:9BF3077927261B22D370B5B3CA57D038
                                                                                                                                                                                                                                        SHA1:B17769BE1674A4E2714E739B2563D300144C904D
                                                                                                                                                                                                                                        SHA-256:3FD59AA9EB5F647528F1E6B44320CA7DF4A29C45C3632A3D568BBA6BA6518E55
                                                                                                                                                                                                                                        SHA-512:414AC4A704EE5E776F5F35361A497FD43B564B0FA8E8D38462BE8AA159B9588DF63F2005C8C62B51D871DB6550BFB6B42E1E806C58785CEB0A7560382CDC3151
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................CD....@.................................T(..O....@..0................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31232
                                                                                                                                                                                                                                        Entropy (8bit):6.545145822499441
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:biE9HCViR9ymljiqHRKrLy2Ip4WjTxf1mlA6mRZmV:G0CViR9ymljiqHi/9IfInmRA
                                                                                                                                                                                                                                        MD5:B8BC5CFB09FC20C3AAC34B61F938FDA8
                                                                                                                                                                                                                                        SHA1:4317695A609106D4BCCDA3413ADE56871079CB7E
                                                                                                                                                                                                                                        SHA-256:6EFB32D2EB38B0226CB930BBCA3C6D421D1A425EECD843D2F72DE85610C09E26
                                                                                                                                                                                                                                        SHA-512:D2169F1280C45C6389285D9D8D17C4AA61C202C512EEC27BC7E105DD11C7231099407B7F6EF9F94C55F9D4330C1F79D10032289DCA05A07BF82EC41D228C00FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..,..........6K... ...`....... ....................................@..................................J..O....`..(............<...>..........8J............................................... ............... ..H............text...<+... ...,.................. ..`.rsrc...(....`......................@..@.reloc...............:..............@..B.................K......H........"..x...........8<.......I......................................j~....%-.&("...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r?..p.(....*2rg..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r7..p.(....*2r_..p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):349696
                                                                                                                                                                                                                                        Entropy (8bit):6.202386229973413
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:81sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfD:81sSmRIt/xhtsOju1DH5NXnIKAcW
                                                                                                                                                                                                                                        MD5:312DDE0440242AC225AADF3C1F72DA30
                                                                                                                                                                                                                                        SHA1:DF1F5B38F76A1661380EAF660936FF8721A16E34
                                                                                                                                                                                                                                        SHA-256:1908B436373C8813C21D777124E715363D0AB7EDBE8238AE71C6FD6F24C95B69
                                                                                                                                                                                                                                        SHA-512:21A7C48004313A254BA928B4CD238C2C5AB33B70C4016E82BF29561A882AD2F3D8067E2CF014E0EC815736594ACB7F10DE40C7CF7B38B284DBC11D2D235C1F34
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ..............................{.....`.................................0-..O....@...................>...`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\NAudio.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):529408
                                                                                                                                                                                                                                        Entropy (8bit):6.092519311604388
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:hnfnRe200wJT4WQ+NOStYVlJHMGwH7fug:1DIrQ+NOS2HMGwHT/
                                                                                                                                                                                                                                        MD5:C7EB00862B2ACF71D32CB1CDF6E02581
                                                                                                                                                                                                                                        SHA1:3C6E5B0AE8EBA473FE0E5DB17ADC98AC2B5F276C
                                                                                                                                                                                                                                        SHA-256:AA4BAFD2B0D064BAA00996DCECFBCB4C0C118F7534CECE4AF9B137ECB42B3268
                                                                                                                                                                                                                                        SHA-512:A753137140B6CBC9040BE95F07C5DC3681747FD82FDA48535E09E10F2ADCACD64932E2F635B6A78A89E7C199DF26039A11A8186165BE6D657B2E0F9D35EE2F77
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q............" ..0.................. ........... .......................@...........@.................................1...O........................>... ......d...T............................................ ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................e.......H........i...[............................................................{<...*..{=...*V.(>.....}<.....}=...*...0..;........u(.....,/(?....{<....{<...o@...,.(A....{=....{=...oB...*.*. ... )UU.Z(?....{<...oC...X )UU.Z(A....{=...oD...X*.0..X........r...p......%..{<........+...-.&.+...+...oE....%..{=........,...-.&.+...,...oE....(F...*r...(....(G.....}......}....*JrG..p.......(H...*2.,...s....z*..{....*N.,...i./...s......*N.,...i./...l......*....0..............+....,..*..X....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ReasonLabs-EPP.7z

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26330316
                                                                                                                                                                                                                                        Entropy (8bit):7.999983860384319
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:786432:HezmrWVYcTY2IQnlfHBDy255kAfgO11YqBLPmHd9q:HeDDgQnVEIIq1Rm9Q
                                                                                                                                                                                                                                        MD5:44DE10A0C7BFAD8466A5FB454B47517F
                                                                                                                                                                                                                                        SHA1:D2FAA11E23616DECDE7D3893B8306D7F802AEC7A
                                                                                                                                                                                                                                        SHA-256:3ADDD6F2758FAF11DE2332E8E14374221142D53661C7E348474BB8B75E12B34E
                                                                                                                                                                                                                                        SHA-512:A7BC6D414F7D997969A527880881DFE9DC1CA2B0FFF6D233402636D89880F8A0306077E1375BE70A9B8B4DB8C39833B40CF6B60C1569252C0372B8117E4578D8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:7z..'.....fx.......&........{......].......f......{4.Y.!..h.A...z...v..h.G.y.G.bg(6.<C...C....Q.{..U...e.X.-1...6.gQ..(....&../*-.."0NT.z=.U..].....w..:. .b.Vr..5@\~.....p...,.d...o.|jGrBC_..I..X...d<...{...t...v...GP...X.`4k0...J>Ps..+..1.4.JZ...+.`Ka.7.....f......t0...p.i...@..............+...>0.......4-.....!C.>..]I$.....?.3.u... ..%3.$..fZ..P..)L...?.1.b.o"<.j.<......W....!..e..........N......h......`..X.B..'WQt.J....Fc.{...#.u{.x6...Mm....fy'z6.{A.0...W.. Z}..v..N....(...>e...4D Wo..S.....n.G..1A......Qj.4....*.{pG0.f...hW.......*....&._K.&..XA7.Cs#...8.x..0.BB.j....B..&..bs..?.%@.'....9.h..Ms..2....c.R8.Z. 8.x5 ...7,..b.'.*.uJu.]N.D...H.I..z...s^am..@....^...c.w.?.I...x....9..xsl..=.....\E0......*9.}.1..Y..?.).X/.....`..f#,.!.........#.t....f.*?.......o...ti..g.....O"XPO..d4....?.9(F.x.}...%.!.=.cri..d...3xx2.$..u...D.*...w.......u&.@.?..l+3.}.^.....a.t.q..v......*(?....G.Njk.M.T..9.........C.7.e.....^.V.....n....c..l..Kx

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1647616
                                                                                                                                                                                                                                        Entropy (8bit):6.551177299884059
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:HKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB/:HK3/z0hZ
                                                                                                                                                                                                                                        MD5:D208CAB80627C09A9E7E69FF31FE95F7
                                                                                                                                                                                                                                        SHA1:A36E96E21AD21638046BC9820E07724E8A202CCE
                                                                                                                                                                                                                                        SHA-256:29842A886DC678A7CAFF5F741FFF20E9825E064144BA09CA3BBD47E09EA7CFCE
                                                                                                                                                                                                                                        SHA-512:1CAF5E430AD5E295C5BD4EEF698E44025F826FE1E70079C1AE214885A8962D3170E3465494AB24B36365CC1CF25AF9C6F6EF5A3409BF6B4C8CFA1C8A1877F154
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@............`..........................................V..X1......<.......<................>... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\SecurityProductInformation.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):112
                                                                                                                                                                                                                                        Entropy (8bit):4.9372191821953795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:LBQBIGqr2igRUGLsW7/ZA783dEcsAVCXoA0Ayn:1U2rwRUGZA783dAAVCXoA7y
                                                                                                                                                                                                                                        MD5:AA76741FF18EEF8DADD607315B86815D
                                                                                                                                                                                                                                        SHA1:F71E92F4ABDC7DC7FBEAF8583A8415A83948F2DA
                                                                                                                                                                                                                                        SHA-256:3F8B58A5E9F78367AC1F366488004B409BC1526439D1C3FAA344A95BCA445D32
                                                                                                                                                                                                                                        SHA-512:7FBE625D421AD9A6DFB1AF1956CC4B65320385E05B1013054922E17AFCF990857B8996EED02E2497F978CFAF07460D7EC9487B070BB1287074DD3DA4A5055164
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[Products] ..Name=Reason Cybersecurity ..Version=3.5.0 ..Company=Reason Software Company, Inc ..Upgrade=FALSE ..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Signatures.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2022592
                                                                                                                                                                                                                                        Entropy (8bit):5.999974579136952
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:+dK+qRAhQZWnHFRGGbk0kLHYCFOEx3BMHAE4d/R0l7lRmRj5/Kz3PYez2OQJBmx0:eKYdRxknOEx352P57PFj1xVYNcXsn
                                                                                                                                                                                                                                        MD5:FB84325FD7362B5634C4DE62B3A2C001
                                                                                                                                                                                                                                        SHA1:EBB54EC78A071CE47A1C86F47903D56D77B34CF7
                                                                                                                                                                                                                                        SHA-256:23BDCCB16E5900857C621B67C779B2A49179ACA564EEAF1E74FD10C4EB1651EF
                                                                                                                                                                                                                                        SHA-512:D59933302521C9B3EEAD330A38577FAF1DF0378AA926690C6001186D495ABE4FC470BF578BC9DEABD82E26D7B1F8ED446957494122BD65047456C657DC9BADE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:LtAADqVO7UZPm5M2i6U0Ut+519EhIs7fDC28Wl1pQ3a5caHSrw+Gx5gPpgKjm6512l6HKUBJcXQoHbNGYOCA49Q3BTXE41yS8brQXEozdrMJ/QdDxGcC56TGJwEI91lQyrkOtRfocRkRscRbJGGAiyLm3qgIwtTxwz1Jjb4Pecxp6sC2gikNX1FsfN9m6z1LyQNZnfcuQ/6nD0PPsgLRx3rKTfu8eICM9LWsz2LcMcH5EgncDPPlUBccIAOoNxcwirnig5V7fYkq5PCmIeJV/foKrhkvtj2sNYOZMBtbUvSWsEGn6a6TOU/Piv2Sl43XCYBaSV+MbZD2Fa7N4XNtgSjNH8CbppSZk5+xCm2MtTAwzdHIONHn1L8zBeGZwdAbocx7Qon0DNvHkJmVNpIMiH03GwfpOb7+a7jO6UjzphzFDZTTetf0odM6bxJE5mmTkX8tHVeJZDsSRtH/kxPrlWwaJ/GDcy18HIbQYhCSoTZ7U2D0D6O+3vJNh/gXcd1/hA9EWe8sZr9+92Z7fQPHW0W1X9gXdbysOmQ53nZiTGa2LVaen84GWnaQmiNuAr8KeAYqKQLpTCHHt8HnwIB+EKPHbi5fTgHNK+5QnHZnexdkrlNEG8iJhoHPW5yMNGtxKY2j6SHQVMPeRC7IyRSSfHZjarSYlrbAwmLjM9omyK9uScT2ZUWhDXLAB5t1g/C+YFWFKgCi/fZM9BZZd6gBosg+t/ajXVDxgq4JXCDTGuarqflQgnAhx9f4UizVRedmiupelpZ7OYPPKxRHxRUXxFaijSPvFqUNjwVHEiq1D2CWLAiq1EmGZBvW5DXozhpi/Ibsj9v1rVkmO365wPql2zKxSwA41CV/ezqtyB2v9YoEFEhD5ovN6/RgP/chRBlu617VTprMUa0OiPA6jkDPVwo+H1iSLxJVFAUW7SgkDPwAmu5aL88lIJz74HBh6gEKsS/qYtzEJHt34OdPBAf+FcrmWK4rQ9vzpdNjNDmX

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.AppContext.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.978537519188193
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/DNxWQFWWrjP9Z95Xa/rl9qX2Ip4z2TTjdAA1m5wMT9YMWuuwlNA5DdD:/DNVTHRKrLy2Ip42Txf1mlTAwlN+p
                                                                                                                                                                                                                                        MD5:2DFF1B9CA7F8F5306847F4E9A3B6986A
                                                                                                                                                                                                                                        SHA1:0972B9A567C63F8D9A9DAA5E53F05B6C9A2DB5D0
                                                                                                                                                                                                                                        SHA-256:606611B5159500AC591813A658540F59A147C66100F622AD8B44A5540E573FE7
                                                                                                                                                                                                                                        SHA-512:8E9EBEFE85B0000BF6ACB1ADE4A42832D61E56675386351A6CCA8B65E711B29091A6985DA9D92D1FC316B6BCE2ADC1742518FD8053673C153EFC2005317DB308
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ...................................@..................................(..O....@...................>...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038714011015616
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9m2igOWnW8rWGrjP9Z95Xa/rl9qX2Ip4i/jTjdAA1m5wMT9YMWuuwkNA5D6v:lthHRKrLy2Ip4AjTxf1mlTAwkN+o
                                                                                                                                                                                                                                        MD5:7AC4FDFD4937947B05A24FBC521B3F94
                                                                                                                                                                                                                                        SHA1:684BA6B2AE151A48CEA3838B8AB13D44A988757B
                                                                                                                                                                                                                                        SHA-256:3356CCEC48B70923560CAE1FC92A8778CB22089D1B955AC691B6BF49C1A682B4
                                                                                                                                                                                                                                        SHA-512:B0D9D93C81268C33EBDEC4D50220A2014D950BE17D50382248051E4E38756DFDB04A26762B87AF03A7344FB2C8646A4B76919073BCE0D61935F226471B5ECD4A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ............................../.....@.................................t)..O....@..D................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038869248646308
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dnapn1iwwPWcGWHrjP9Z95Xa/rl9qX2Ip48qTjdAA1m5wMT9YMWuuwWNA5DT:EDuFHRKrLy2Ip48qTxf1mlTAwWN+v
                                                                                                                                                                                                                                        MD5:DE4F6EEF2E6CA33D0ADFAC45FD34103B
                                                                                                                                                                                                                                        SHA1:FFA22597139DE334AC0E4DA91B13067E1B6AC391
                                                                                                                                                                                                                                        SHA-256:90A0E014766A51776A99260E21268A320B30C4024AF276FB0FB25414A15559D5
                                                                                                                                                                                                                                        SHA-512:2FD3B491675B3BB4349251D1113992D098AF61C1055EAFFBA33AE939720FA2EA9A60FFD755AFE5F55CBF4F8358BB97AD32605F66698614215E8CD87E3AD3C964
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................iw....@.................................p)..O....@..@................>...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Collections.Specialized.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.038266147487603
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aHLaEav5aaUa6arWVLWNrjP9Z95Xa/rl9qX2Ip4CCjdAA1m5wMt+uKn2MDug26U:rPv5t/NOEHRKrLy2Ip4CCxf1mltdKnNb
                                                                                                                                                                                                                                        MD5:73590CA143A8BDB34145D491F3D146FC
                                                                                                                                                                                                                                        SHA1:0F1EF5093DFF48D9B0FC0A8E3351D151AA87F0AD
                                                                                                                                                                                                                                        SHA-256:B090BAF1A8A5CAC4835F3DE5D60B8B98C550349915E9FBE360605CD143C68777
                                                                                                                                                                                                                                        SHA-512:28678930E560D79FD34C31FF5F58BDAC53012BB8D5F2E7DC750E119C0DA12B5FCA830C0ACBEA5FA800B2D5534AB4850FEB11EECEFAADED1691B4AE2FC62C3639
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................`.....@..................................)..O....@..P................=...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Collections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.9403371462839605
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:56iIJq56dOuWSKeWHrjP9Z95Xa/rl9qX2Ip4e6LTjdAA1m5wMQhKuVdJm5vZYaG:niA9HRKrLy2Ip4e6LTxf1mlQh5VdJm5G
                                                                                                                                                                                                                                        MD5:3787FD49F76887523CA6EE358EFE211B
                                                                                                                                                                                                                                        SHA1:39CC297E1CB3A02608C9A687FA063DFC37124AE4
                                                                                                                                                                                                                                        SHA-256:E8A46F40D416E1636F067C621C69FA64C959915AA59922F3FFFE61C349FC0BF5
                                                                                                                                                                                                                                        SHA-512:C6F4EEEA71C55BA5C5A77248539FC5D454953BB2A58A8553677419EAC5B9BC7F5CFF5E53EBD89126BCE16BA6372BE833A43BC7D2AE242AE62DB57FF39F83AD39
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ..............................g.....@..................................*..O....@...................>...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.969557757793759
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:onzz+MpSaLWW0+W3rjP9Z95Xa/rl9qX2Ip4aCU9CjdAA1m5wMt+uKu2MDug2Ecf:mpuNHRKrLy2Ip4a3Cxf1mltdKuN
                                                                                                                                                                                                                                        MD5:205CFCD6412BD6E73B6D76AB425FEE45
                                                                                                                                                                                                                                        SHA1:1F81DD9DC0794C7C700894A76DC409A1EC734228
                                                                                                                                                                                                                                        SHA-256:9DB96E9B00B7D4761890BADC3CA6988C882CA98C67693FC9C969603B07F5C912
                                                                                                                                                                                                                                        SHA-512:60277DC31CE4C6ED9543CC3284F7640B79B84D033478A2C6D01E79E292A424CD17DB8AC9D8023661A3E21E6931D543BAA8954BADA8540D04B05B35C16587BDCE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ...............................!....@..................................)..O....@...................=...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):7.003252995869171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0Ghr+YUfyHxsW/HWIrjP9Z95Xa/rl9qX2Ip43CjdAA1m5wMt+uKj2MDug23:DkmDHRKrLy2Ip43Cxf1mltdKjN
                                                                                                                                                                                                                                        MD5:FAAE39EA5667034ACA5FE9695F7842AF
                                                                                                                                                                                                                                        SHA1:D14F68156029D6A69CB831AD5935DDC08F3C7B1D
                                                                                                                                                                                                                                        SHA-256:C5DE6F3CA7476F1EB517A24C96CC4D654CEEA3F5679946A8887CF48F10A603DF
                                                                                                                                                                                                                                        SHA-512:15117974C027B03CBD81B07CEE0330336247D48D696187A1CA10A48FBC71F696DB58C4C1C326CC805B668A21697AD3CC81C196749C388E37125FF783E4B11189
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ..............................a?....@.................................<+..O....@..`................=...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22400
                                                                                                                                                                                                                                        Entropy (8bit):6.946606868220202
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sRE+ruiA5vzWeNWqrjP9Z95Xa/rl9qX2Ip4BtCjdAA1m5wMt+uKz2MDug27Q:sS9bHHRKrLy2Ip4BtCxf1mltdKzNy
                                                                                                                                                                                                                                        MD5:32EDB888088E971503F899257BDF5C3E
                                                                                                                                                                                                                                        SHA1:E8A3AFAAC560318591A9DA9E64258F2C1F2B93DA
                                                                                                                                                                                                                                        SHA-256:F07FDB5720B64DFC55FD49742F041D07BFB9C006167E12DD68033077F6FFB529
                                                                                                                                                                                                                                        SHA-512:DF68B9FE96B68A2B138DCD482470369AD902792CA6CC97FE16EFA61D517E85E0A612213CB79B809D7527CF5C87792E7D41871589173C0A4BCF0AD915D0B084BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ....................................@................................../..O....@..p................=...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.ComponentModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992218618555366
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dT+6ywnVvW0LWYrjP9Z95Xa/rl9qX2Ip4sk6CjdAA1m5wMzsPu:d99DHRKrLy2Ip4sjCxf1mlzz
                                                                                                                                                                                                                                        MD5:AD599C4F1182F117CB2EFFD67B81FE00
                                                                                                                                                                                                                                        SHA1:72DE534F8AD7DDAAC63AF05CCE5F09118F002718
                                                                                                                                                                                                                                        SHA-256:A2F1BB86811D01DD872DC22C1791C906C8761EB9E277E16F67CCEBC34525E558
                                                                                                                                                                                                                                        SHA-512:E78D3614EA65F507C6882EDCE51FE6BA7435C3AFBC70D26A6787620F5205AD8DFC39268350D87A874832BFD6D7ECEB36BCD67005B05E5D47D766C6AEDEA45ACE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................>.....@..................................(..O....@...................:...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Console.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.9972717627617875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LRbzriaXT+WlEW6rjP9Z95Xa/rl9qX2Ip40CjdAA1m5wMt+uKb2MDug2K:N7icoHRKrLy2Ip40Cxf1mltdKbN
                                                                                                                                                                                                                                        MD5:D04BAB647A4535646AF7907572D2F416
                                                                                                                                                                                                                                        SHA1:29D08751EF6296F3CD817A85D7FA8734B90E5452
                                                                                                                                                                                                                                        SHA-256:AA607E257803A266057CD3A3231BF28656164636753A73153FD69AD374E52B79
                                                                                                                                                                                                                                        SHA-512:1A4E4A00BCBC81CA473C2F7C58E4D059B763C3BEE88837FD9CB419E34F552307BFEC08DB57C35E0A91C1998792A311CF0DF4DE9D91097FF2D66D17985BA93307
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ....................................@..................................(..O....@...................=...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Data.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153984
                                                                                                                                                                                                                                        Entropy (8bit):5.51941877191699
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rHOdYYWg+GImdMEGK61wb5nx03LBblQ6Ndk66byYSI4Zki+BReD4pK/uYxtl+DH1:KdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+Q
                                                                                                                                                                                                                                        MD5:38AE6C349E82C48143368F320E9D3334
                                                                                                                                                                                                                                        SHA1:FEAFB1B6F68B2B2B4BADCD26E955392132EC0598
                                                                                                                                                                                                                                        SHA-256:C6689E8B6D972E3F3B8C8D553D3297013280FCD254CE67A253F8C5599D6251C0
                                                                                                                                                                                                                                        SHA-512:4244F1A46E867D69165555CCADBAFC802F2CAF911E64F817D86444307625CB71B4055DBDB343B74F027A050A2E0F5D2BA5DBFF5238CDAD6239EB45129E4EF9C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ..............................d.....@..................................,..O....@...................=...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370320
                                                                                                                                                                                                                                        Entropy (8bit):6.097287838038304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:1ruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmg:oNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeL
                                                                                                                                                                                                                                        MD5:0ABD891534524A6F338A47D9FB607809
                                                                                                                                                                                                                                        SHA1:5DFD01F659AC840B59B98108E5ABE7519CA29E59
                                                                                                                                                                                                                                        SHA-256:69BACBBCC9F64B4A3A5E4AC155306139410740776780856C6F268B4778EC8672
                                                                                                                                                                                                                                        SHA-512:D2F5316282F874F9B132829209326B9A6C5CC85EA953EFD9828B076D38F65CBC6A0CADA901C6E53FA90072774C6C2087F242616481354C569F4E3F2981325D7F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ..............................n@....`.....................................O.......$............l...:...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.97137335485154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mRtRWjYWQrjP9Z95Xa/rl9qX2Ip4p5CjdAA1m5wMt+uKp2MDug2:QiqHRKrLy2Ip4TCxf1mltdKpN
                                                                                                                                                                                                                                        MD5:46C3A5D639EA85E10F9D1586D4A5DEF9
                                                                                                                                                                                                                                        SHA1:AE021C65C29185807DEFD8704BBDE13A5C0CCE79
                                                                                                                                                                                                                                        SHA-256:D5E78C7417B778A2225FB1AA518D32714E12974B5B9B51177A27DC8AD811F850
                                                                                                                                                                                                                                        SHA-512:E5412FE8BBD065D819CD20D3C5EFCDAD9672479D9DBD0E2F52C13AEADEE1BA0FBBBA6056D577F263BF8CA8F8119A8F8A5A65C2E99E1F3ED9ECB9EBF571555CBB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ....................................@.................................x*..O....@..@................=...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038357471463953
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hjeWnoWxrjP9Z95Xa/rl9qX2Ip4CEB9MTjdAA1m5wMAvru4LTgZIjhIEOnD:hjn5HRKrLy2Ip4CEfMTxf1mlA6tZgOD
                                                                                                                                                                                                                                        MD5:D04EE873D87F1CF5695D31F86CBA4278
                                                                                                                                                                                                                                        SHA1:73AEC30B5428C3F0E10CD9B98FF4C19A2190CAAB
                                                                                                                                                                                                                                        SHA-256:83F8910AE3F0D1B95AAD265A42AF82012BBE88476842B71F768D3EB5ED0D2316
                                                                                                                                                                                                                                        SHA-512:18D8A69AFE3DCE5074907ABFE81D09C7D9B880D53F912CF19848AC5C4F54F134B75FFB491392EA97A0B240CBAA06402A4CABDA809BD105CF8CCF375EC172ADB3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................X)..O....@..$................>...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.001464127739083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:x6oWJjWtrjP9Z95Xa/rl9qX2Ip4SCjdAA1m5wMt+uKt2MDug2X:x6v0HRKrLy2Ip4SCxf1mltdKtNm
                                                                                                                                                                                                                                        MD5:47510476D42A1E6DD5F9E6CFA8E9D6D8
                                                                                                                                                                                                                                        SHA1:376574A12D975EF0D78F99ADA722D5B11059E712
                                                                                                                                                                                                                                        SHA-256:70E554C0E1D4C4EC7016BA649E141AE58594D413D5A1D90B5AC754A3F44D5B55
                                                                                                                                                                                                                                        SHA-512:9FC00B095BA4A60E0EAB56E6812F35CBCE2D668F409917DE3CE4055A010AC9D8D911F2417421B8F2EADAFF77098E14BBF6FC340795E795A6A87164D3B22D99CE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................(.....@.................................H(..O....@..p................=...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.945463408943383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Cqk53/hW3fZ+zWVbrjP9Z95Xa/rl9qX2Ip4WAVgCjdAA1m5wMt+uKU2MDug2:Cqk53M5ZHRKrLy2Ip4WAyCxf1mltdKUN
                                                                                                                                                                                                                                        MD5:4CFB2E34693018E465658F779B0BDDE6
                                                                                                                                                                                                                                        SHA1:2CD83A865FF0BF72F12117BD175231AEC50BF700
                                                                                                                                                                                                                                        SHA-256:0B92293628B413CF914D6E7AD16D6976C307C115EB0B101B2BC9A966C3CF6516
                                                                                                                                                                                                                                        SHA-512:166CB361C2E0AB7E5F570B11EB11AB89888758FD552942D21E5C2A73D94A46308F27DC16A585AC8FE9B410C3D96AEBCF5AD454EE7EDF014F8DE848B2C4D6413C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ..............................D.....@..................................)..O....@..0................=...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                                                        Entropy (8bit):6.855660382428409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MFCc4Y4OJWfOWqWWOWdrjP9Z95Xa/rl9qX2Ip4+FTjdAA1m5wMAvru4LTWZIjBsp:ICcyCzHRKrLy2Ip4+FTxf1mlA6PZHp
                                                                                                                                                                                                                                        MD5:798570CC1DB66CC342FA38F275D75D4F
                                                                                                                                                                                                                                        SHA1:819D8F7806C26ECCF670D593AB9660285ACC8FC9
                                                                                                                                                                                                                                        SHA-256:E823C5C674318872ADFD5F9E5FBB83965E7F5030ADF24292D7EEFF5E53184606
                                                                                                                                                                                                                                        SHA-512:175005A2D32C2BA628108484CF1E63DCD23EBEEDAB2B500E08F75EC5276D3AE9F7AB62DF2FC3EE15F4657E9F3B2927FB0B5CE21A5482DBEF750EBD7DC09F2CCE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@...................>...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.016242383612687
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nAWxMWQrjP9Z95Xa/rl9qX2Ip4L/nCjdAA1m5wMt+uK5v2MDug2:nv6HRKrLy2Ip47Cxf1mltdK5vN
                                                                                                                                                                                                                                        MD5:08E3E0F118B430982B94ED6ABB25382B
                                                                                                                                                                                                                                        SHA1:406F98E588A9F7EECEC07792B851C452B52E1B75
                                                                                                                                                                                                                                        SHA-256:C3E6DDACB8D0B505BFE81CF063FD9843DC7173AAD30C9E6DE3D46F9CB8771DA4
                                                                                                                                                                                                                                        SHA-512:D921C2E8DB77B9A1ECE0A59412A9D4199076886AF88710B53CF9D68DDD6DEE8EB0AB6748860EDD62A1588D7EC7CF5F7978A6E858179A29AAA52C4A5DA52506A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................`....@..................................(..O....@...................=...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):6.995066534914386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:8AlcWHaWZrjP9Z95Xa/rl9qX2Ip4jlRCjdAA1m5wMzsPugRt:19jHRKrLy2Ip4BRCxf1mlzzgRt
                                                                                                                                                                                                                                        MD5:278F5B46B1C9E6109A65CA5FBE594A89
                                                                                                                                                                                                                                        SHA1:E6648323BA045947C0411419F621E83BD7D223E8
                                                                                                                                                                                                                                        SHA-256:F18350E20E583009BE9D758EBC998158BF4BAD6E68D4B19CBADEC6898156C36F
                                                                                                                                                                                                                                        SHA-512:346B0E93EB8F15B78A3BD3995A8C708041BEA40EF6925DEA2898D6339A2C426E7A298CE618F6E068CA20F1D50659393E6F93261256BE7E6EC3995BB6806EE309
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................n.....@..................................(..O....@.. ................:...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.947354078253707
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9lIZnWlNWErjP9Z95Xa/rl9qX2Ip4pX9CjdAA1m5wMt+uKE2MDug2:TUyVHRKrLy2Ip4jCxf1mltdKEN
                                                                                                                                                                                                                                        MD5:4A8846936A8E09232C82977B877A9B20
                                                                                                                                                                                                                                        SHA1:7FE242D157DC0B3D0627CC94390C90CF44B09D8D
                                                                                                                                                                                                                                        SHA-256:E8D49993C6FD98CE6B356D9EF3F8866214D08F900899453A254015A8D4069333
                                                                                                                                                                                                                                        SHA-512:7AF5B55A38A7A93558DD7BC4B15CEA22AC9639148FDA5E9F50335C2F5A98A24A39DBCCB3BB09D13066CF2F4077F1159A03402608FFD24319FFF73C22976FB4D4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ....................................@..................................)..O....@..P................=...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30344
                                                                                                                                                                                                                                        Entropy (8bit):6.663317009056621
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:eQq33333333kX+TBi8xHRKrLy2Ip4JCxf1mlzzd:xu1i8xHi/9efIPd
                                                                                                                                                                                                                                        MD5:D1DA0724F22A4FBCB7758EB7EF38696A
                                                                                                                                                                                                                                        SHA1:0E798048BE830BF25431469FDE0BE7EC4F487AF0
                                                                                                                                                                                                                                        SHA-256:666841D9F5BC6AE09A49DD1489CED8AFB992BE962A86FC59C4FA0D1B371FF9D0
                                                                                                                                                                                                                                        SHA-512:F88EF2B992DA027257D73D75A124F20BA94A09DB95211DEA42E22D3FF43B3CB2039EE7B1060357B9ECA08483866D76106D26D5F09AAE04D526F40F6E022574D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<...:..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.DirectoryServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):114832
                                                                                                                                                                                                                                        Entropy (8bit):6.2259167984140324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:j781mqR5JriAGnUKh17T6glQ6xBIwNSB:vu5wAGnUM1ZzPIwN
                                                                                                                                                                                                                                        MD5:8464F5D99D9A00AC125A48F656867B61
                                                                                                                                                                                                                                        SHA1:011DCBF2DB20C8A67E552FAC80C49208F17BA80C
                                                                                                                                                                                                                                        SHA-256:5F755B209F31B531796CAF3FAE5CB018E402A3431E51F5C56A482F10CFF2148C
                                                                                                                                                                                                                                        SHA-512:B114379487EC341B13F2F5A0B7F1BE00A59C4151CB4F58A414BD2396CD3821D66D020C8EBA6160EEDBDD4D5FAEE3DA0FC21E865AD7CC89AA1EFC67A3104D4CFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....W.........." ..0..|..........j.... .........c. ....................................`.....................................O.......h................:........................................................... ............... ..H............text....{... ...|.................. ..`.rsrc...h............~..............@..@.reloc..............................@..B................L.......H........&...................j...................................................................0...........0...........0...........0...........0...........0...............0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0...........0......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.993611820038077
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J28YFlXulWY/WKrjP9Z95Xa/rl9qX2Ip4Ee2XLCjdAA1m5wMzsPuHi:J0qRHRKrLy2Ip4EL7Cxf1mlzzHi
                                                                                                                                                                                                                                        MD5:C26D67F215E17C4173AD7725DE4A9130
                                                                                                                                                                                                                                        SHA1:C65379A9B92ED71511EA5F7E2393BC0D00ABBE15
                                                                                                                                                                                                                                        SHA-256:3DD500CA615786015FEBCB9A7B6F2BEC1C19D24FB90AAF810831D772FA18F959
                                                                                                                                                                                                                                        SHA-512:3C7F5C1F66873A5112E5262FE514B7FC5F3397B18EA27A66FEF2DA9351AED081F8B7548F5128859B8F566689D6AEA14C1920D12DA0B638C6CCDA2A0950D529C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................:...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.895040972202649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VuMLcdQ5MW9MWfrjP9Z95Xa/rl9qX2Ip48DS/CjdAA1m5wMzsPu:EOcSpzHRKrLy2Ip4LCxf1mlzz
                                                                                                                                                                                                                                        MD5:79D4D3FEF35DE357C3E9B0DA22230BD7
                                                                                                                                                                                                                                        SHA1:130063A58B3CCCD4EC889D8C0347E7521E8DC160
                                                                                                                                                                                                                                        SHA-256:8485B02BC0A877B2719652935FE4B81F83B05EBB7444CF373D35153A0936C32B
                                                                                                                                                                                                                                        SHA-512:7144EFF5D1311B03BE4D5A713399FC8B726ED896A5B624704E249781530F20EFE08880CC855A718EAF2E7BCD03C5920FE09E87C444D676367AA11DA20971807B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ..............................h.....@..................................+..O....@...................:...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.961688394250093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VZ7RqXWDRqlRqj0RqFWOrjP9Z95Xa/rl9qX2Ip42STjCjdAA1m5wMzsPuo:z9qKqjqjuq/HRKrLy2Ip42SPCxf1mlzU
                                                                                                                                                                                                                                        MD5:368EF630398E8653410CEA57695551EA
                                                                                                                                                                                                                                        SHA1:0D20730CCE83B5DFB7B22821E44C81FDB5411630
                                                                                                                                                                                                                                        SHA-256:C68B619757B9F5B7662F4E93A242E1A4181EFAAE4365DB394DE97C5C9731BB04
                                                                                                                                                                                                                                        SHA-512:1CD4963673C882E64E0D4E80A155790EFFEAAC4B298A3DFAF20F3C65759FCA3C68CD40D83AF6751A8BE68E8D5594BCFD2F910727BD49B3C06F9F8AE3E125EECA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ...............................S....@.................................X*..O....@..P................:...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25472
                                                                                                                                                                                                                                        Entropy (8bit):6.806988625442559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:3vMhF2SzNzwu/NljuQHRKrLy2Ip4wCxf1mltdK1N:3vMhaKRHi/9BfI/K1
                                                                                                                                                                                                                                        MD5:998B608546A2129C7A0A6250E23BDA86
                                                                                                                                                                                                                                        SHA1:BF519F3A049F7FD131486E17592FAE69E80718A0
                                                                                                                                                                                                                                        SHA-256:2CC4C989B76BC93251881273E8274D0D5F4B3FEEA67F04A69FFC707539AF41C9
                                                                                                                                                                                                                                        SHA-512:9CF2F2955B35D5DE925903FCED9F1DD9995CFD721B47FD15DD724065856F0D628838CE1CB296C1300B820E6DBFD74870CE919A972DD0B1A1413ADB99A8757408
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&...=...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Globalization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):7.025957682532363
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EZ4RLWdRfRJ0RZW1rjP9Z95Xa/rl9qX2Ip43CjdAA1m5wMzsPuREx:EZK0pJumHRKrLy2Ip43Cxf1mlzzRW
                                                                                                                                                                                                                                        MD5:9E68EF9807635098495C4691027E2894
                                                                                                                                                                                                                                        SHA1:A51F0061A74A95F80E75DB502A76842C4C6B6FB7
                                                                                                                                                                                                                                        SHA-256:A88DD60478376843166145F91ED97D4BC1047ADE4769BAB4EBB7E14570117A3C
                                                                                                                                                                                                                                        SHA-512:31A98EE8EC3D6C1F55AE55E7B90E71AA3B1B42CD5CFB1ACB9DE9109D7FA166E1ECFD505DFE14E7A03839B57858274972887A0370A916A38975EDD29564A5058C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@...................:...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.961301734790314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4YWsmWVrjP9Z95Xa/rl9qX2Ip4hv9CjdAA1m5wMt+uKQ2MDug2:42DHRKrLy2Ip4h1Cxf1mltdKQN
                                                                                                                                                                                                                                        MD5:36F75710F33734896D90F65CAD7C2AD9
                                                                                                                                                                                                                                        SHA1:44F39226CDD1F55F1E5AFB13ACC1C24CC88E8AEC
                                                                                                                                                                                                                                        SHA-256:40F80C59D227234209E372CF13B68CB68F1DD60903BBF2AD402086174E62645B
                                                                                                                                                                                                                                        SHA-512:69161D15DBD399DBF0F5F1C2BCB20C4518B37F5E13A06C2B7F0C8AA97306946F83DFB1FDCCB59018FFE6CC4BEC11C67B00151601C5047CC3BF29A0DC19947802
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ....................................@..................................'..O....@..@................=...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.Compression.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):110464
                                                                                                                                                                                                                                        Entropy (8bit):6.4473067267179065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:7vc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXlHi/9ZfI/KYX:bgk1tiLMYiDFvxqrWDWNoJXZ
                                                                                                                                                                                                                                        MD5:DAF3E5DD2EE18B843AA7AE7EA626707F
                                                                                                                                                                                                                                        SHA1:415F56AB834B4C6154B508929AB45869C08C8153
                                                                                                                                                                                                                                        SHA-256:F061FE1B914A06B26B286E0CF240504E906F3A2E84C1568B5155C9595B0F4C2C
                                                                                                                                                                                                                                        SHA-512:E7AAEDA753427CE2BB5744FCCA75B54FA9DD5194BC4455A6B2782845DCE3AEC674155A141AB836E2AABD043117FEAAD0E5A92F006A196B6763A27DDA06373C61
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ....................................@.................................5W..O....................r...=...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.004024120526974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:gKcuz1W1cWcrjP9Z95Xa/rl9qX2Ip4Wo2CjdAA1m5wMt+uKf2MDug2bK:wu8CHRKrLy2Ip4oCxf1mltdKfNJ
                                                                                                                                                                                                                                        MD5:AAB985F9BAF075B8FEF0A285437B1C2C
                                                                                                                                                                                                                                        SHA1:B6F26238DE84C30244BABCEEE9E5C23B4957B1BE
                                                                                                                                                                                                                                        SHA-256:6EF4FB27066AA0F4B84E94912F1B4E39F2FB6DEDCB46CE9BFF8F07C9B7B452CB
                                                                                                                                                                                                                                        SHA-512:A737B55AA4F4B670B418A87BF7AA75C59600DE61CB56A5BACF6FB84AA120D866AEEDDB6448719C486CD03D2CD7F47FD8B08710A72E864BDF440D6F4691806F09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................I....@..................................(..O....@..P................=...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015928217476137
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:1+SWikW2rjP9Z95Xa/rl9qX2Ip4yTjdAA1m5wMBq5ul0Wevfh+C2:1+eoHRKrLy2Ip4yTxf1mlBqsCvJ2
                                                                                                                                                                                                                                        MD5:E73A79701E00DFDE3FCBC7BE60AB6031
                                                                                                                                                                                                                                        SHA1:1B3966632B3292C7DE09A6496AD7AA5A41068245
                                                                                                                                                                                                                                        SHA-256:073592FE8FBADEAFD388CB9327C462C953C2D844F252B170B87A4150AFC92263
                                                                                                                                                                                                                                        SHA-512:BCEF67565C355549131942FFE4F808508D301E395EC127C5E68C3B944A34C2FE5EA8F3FAC15536BA11BDFC5A7A81FE4E6B8984B60FF3FE9BFA8A7C0D31ED2DDA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.033515096452303
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GAWzgWJxrjP9Z95Xa/rl9qX2Ip4SbJnCjdAA1m5wMzsPu:GtLHRKrLy2Ip4SRCxf1mlzz
                                                                                                                                                                                                                                        MD5:16FE78EDC4C2B0435ABBD8B57BFF1683
                                                                                                                                                                                                                                        SHA1:E9E1797801F0CDEAC79520795F3405774599F4E8
                                                                                                                                                                                                                                        SHA-256:D87BAA2359DB3584B098ABD3D376B2E7B00DF21FD2408DED9F5CC4195B27D5E5
                                                                                                                                                                                                                                        SHA-512:2B13B83707E43C8553EAE1056DCDBB433ECE88A1E9F92910E00448F502B2AEA3B361A4350520CF8F6CFD73967152013EDA3237617BE110C5F6818E96B34F68FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................p)..O....@..@................:...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.FileSystem.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.010993463774131
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:UBLRWbYWfrjP9Z95Xa/rl9qX2Ip4JCjdAA1m5wMt+uKd2MDug2l:UB2XHRKrLy2Ip4JCxf1mltdKdN
                                                                                                                                                                                                                                        MD5:627658C98D56F21BA4B4869528DF47D0
                                                                                                                                                                                                                                        SHA1:B1BFD69286D77C5C39D90A06DB1AF4C9724A4735
                                                                                                                                                                                                                                        SHA-256:DC09C0286397AD1A567F5C45ED279C2B2F68BD9775CBD20638A388D848BA8C4B
                                                                                                                                                                                                                                        SHA-512:86D2C7E69C99D62EBDD40DD60AE50E8F622277803266056C246E2E8EF4EA1086846BB96879533F6425CB3C1ED671B1783CEBF298CCFC0817259FCBFA6616B3C3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................h.....@..................................)..O....@...................=...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.992158648190345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:XHW4/Wh+rjP9Z95Xa/rl9qX2Ip4Bh3ZCjdAA1m5wMzsPu8z:XrEWHRKrLy2Ip4vZCxf1mlzz8
                                                                                                                                                                                                                                        MD5:4D5FC69F7C0B4A69AC7DEDCBACDEE8B7
                                                                                                                                                                                                                                        SHA1:D239969D823374B41C5A0B2C51620E559C4351AC
                                                                                                                                                                                                                                        SHA-256:F86BC2D92EFDF25991B67D96572581FEB3985880ADAD2C10556B550A10295ED2
                                                                                                                                                                                                                                        SHA-512:E4D29A2085968A6CEFEF7BCB5D25D6F18DBD238D406C5F9B9DB447C6C0DA79A14335118C0AAD6AE012133543B25F882D9DAFB4AA1FFDDEB51192472930257EF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................Zi....@..................................(..O....@.. ................:...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.044497037369271
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Ovk7hWmCWJrjP9Z95Xa/rl9qX2Ip4jTjdAA1m5wMAvru4LTuZIjOz:Os7/7HRKrLy2Ip4jTxf1mlA6vZ5z
                                                                                                                                                                                                                                        MD5:12CF683B4FC3D703092F203EAD04168A
                                                                                                                                                                                                                                        SHA1:830F120CB51BE0536E04D3D4A5E5495621EB06BD
                                                                                                                                                                                                                                        SHA-256:8A3C25B70BC1F5C9481E6D1F9E1F22E7FC3CEFCFEA5FA156258720063551BC37
                                                                                                                                                                                                                                        SHA-512:C87BB035026A50256F7DA00EF144D6F6201519ADAA82809F388A18A12A2EB357586108088E25A84587D314250536BD54446E8438F6F18DB18842F83F793D4112
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................h)..O....@..0................>...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.Pipes.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.006094828452657
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dGMWCUW4rjP9Z95Xa/rl9qX2Ip4N+CjdAA1m5wMzsPuT:d36HRKrLy2Ip4kCxf1mlzzT
                                                                                                                                                                                                                                        MD5:14E892A0E1F04DD40F0BF129EFB0D170
                                                                                                                                                                                                                                        SHA1:5A79D45A7748065D9EF2ECE5E19E919625A34450
                                                                                                                                                                                                                                        SHA-256:A394584966884F781A52C0EBD04AFCC76B3B9B64B3E271E25EB645D272A6EBF5
                                                                                                                                                                                                                                        SHA-512:642DF58022D04794AF4ADF8C11E24D037E96A338BC4C587076DFDFFED7E7D8B4AFB319236A28BD1127FA2D5026705724C045E56FA801DDAD42480A56991F5947
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................,.....@.................................@)..O....@...................:...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20888
                                                                                                                                                                                                                                        Entropy (8bit):7.0015647853208876
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cBhwI7WSQWzrjP9Z95Xa/rl9qX2Ip40JqjdAA1m5wMRv3cquhqjlLb:cDwIBjHRKrLy2Ip4uqxf1mlRv3cZhqj
                                                                                                                                                                                                                                        MD5:D44D5DD154CAD3B1C6B9ABB5DF068DDD
                                                                                                                                                                                                                                        SHA1:81969B84137CC13E83D58ABC70341B05D1FADA1C
                                                                                                                                                                                                                                        SHA-256:8667D8765649E1F7BF3DDB72A3C1BD69D21B797D42BEBBC472C1DEACD8353C6A
                                                                                                                                                                                                                                        SHA-512:B30C1F8BA6872E477978321BEB0B3AED75E78F3DE96878EE1A315E236952D68F44C25328AE415C9CE092561E0E35DA9A2398BA3586B3B0697E497B46E8F19D1F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P................=...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.IO.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                                        Entropy (8bit):7.0141346287170565
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6yvPRW4lWtrjP9Z95Xa/rl9qX2Ip4OCjdAA1m5wMt+uKZ2MDug2E:/39yHRKrLy2Ip4OCxf1mltdKZNX
                                                                                                                                                                                                                                        MD5:9FF070C6EB7760F09DB611BD2F5B318A
                                                                                                                                                                                                                                        SHA1:6F481AF69D8A7BD589C1BCA7CF3E4D60AFDB6E56
                                                                                                                                                                                                                                        SHA-256:35770C71A9F9FB00A1670FC84C4F2F3F8EC4D9B916B989797AC2617D12A9B234
                                                                                                                                                                                                                                        SHA-512:5AF364BB4016F9283287F3F4FDB7B672338A750AA50828FF5366CFB5726CC9658465C1B0405500EBFE4803F26A53960DAAA2D9F171072F809546F12C22FBB10A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................v....@..................................)..O....@..................x=...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Linq.Expressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.974962300073246
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:96RW6eWSrjP9Z95Xa/rl9qX2Ip4hUTjdAA1m5wMBq5ul0fvfh+7sA:967iHRKrLy2Ip4mTxf1mlBqs4v7A
                                                                                                                                                                                                                                        MD5:8785C40B625CB1CA0EA659E020A7E6E7
                                                                                                                                                                                                                                        SHA1:4D3F0F5D090C0A0C203F5768029C527533475263
                                                                                                                                                                                                                                        SHA-256:7788B97CEEC5516732CA7D9B28811510406834C7C2CD61B61FE43218806C2B08
                                                                                                                                                                                                                                        SHA-512:64D1F2BECFDA8D4CC7E272BD31D3ADB8BC305A8765E20F8BE92F96E540EE84F3BDDBB0E1F4533640FCAE3C42E83B994E33F0B249593810246F9EC8A1199DA9C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ...............................0....@..................................-..O....@...................>...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Linq.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.014336643161851
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xSUP9W70W1rjP9Z95Xa/rl9qX2Ip4zRQTjdAA1m5wMBq5ul0dvfh+Q2eE:4UeNHRKrLy2Ip46Txf1mlBqsSvkr
                                                                                                                                                                                                                                        MD5:C0D9607847BAA5B0CCAA5665B1EA0CE6
                                                                                                                                                                                                                                        SHA1:F10332D5D80917CAA332291B9995AC3435FFB268
                                                                                                                                                                                                                                        SHA-256:358F5A8DC2E4D95D833E07425624450700157AC0193B43DEC899363777A2CBDF
                                                                                                                                                                                                                                        SHA-512:BAD4B3FBCDF7D675790BAC05A66AF1D3E8954370E9C40491C3693EDB069788ECE42D22CD1962E74DAD6D44CB32EFA6BDE7D7C1CA36C7549D5BB4EBE6853FF080
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................V....@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Linq.Queryable.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.009137368657855
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:38yg07W0/W+rjP9Z95Xa/rl9qX2Ip4YTjdAA1m5wMBq5ul0svfh+5w:3BHZHRKrLy2Ip4YTxf1mlBqsfvr
                                                                                                                                                                                                                                        MD5:497A902D35AB8232116EE89D21E38D66
                                                                                                                                                                                                                                        SHA1:C4822D2D2B4B4C4F42AA8476C1B079CBE826D0AC
                                                                                                                                                                                                                                        SHA-256:89CC50C586627CBA755433C5F5553523EEBD098CC62390CF7DA3B01488301603
                                                                                                                                                                                                                                        SHA-512:2E7B6C5AC6F3B5B1D66E42BE50CBC1E0892D0802B5ACFB56FC4B9CC9722792AB16E192B395CC4936E5AA2C1C6E9E25C3997F2A3FEFE736141B77AFE0BF3B6906
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................(....@..................................(..O....@...................>...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.976370301041513
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:We1WmRW/rjP9Z95Xa/rl9qX2Ip4cqCjdAA1m5wMt+uKz2MDug2W+:WejkHRKrLy2Ip4NCxf1mltdKzN
                                                                                                                                                                                                                                        MD5:B559A8455E4270263625C155F0686265
                                                                                                                                                                                                                                        SHA1:67931AF4D0813B6827FBCA1944632E2771CF606E
                                                                                                                                                                                                                                        SHA-256:FB0B1D70F997EAB63CAA50A41CB3E164456DDB26C17547E1C874C881CFC156CA
                                                                                                                                                                                                                                        SHA-512:125BD456B80904A7CD4DA64B516FC2DDF1DAB1912984BD91E3101BDCE9EEBDE6B31BE644999BC2BF83604DEA1033D6D6B7B2588A013B3B55F7CE705B575175A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................1r....@.................................p(..O....@...................=...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.Http.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):198144
                                                                                                                                                                                                                                        Entropy (8bit):6.163642467505993
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgNy:cW60VcTvakcXcApOL
                                                                                                                                                                                                                                        MD5:A6305F8C82C0CCF2D0BE25887BCC625F
                                                                                                                                                                                                                                        SHA1:BEEC702FCDA79322193BA4207F82924ACA0BB364
                                                                                                                                                                                                                                        SHA-256:9A1ABA67CD581E40A4DAA2BCA86276F5568608D011D0D2070BB83D76F80E4E77
                                                                                                                                                                                                                                        SHA-512:281FCFDB90E45DE12CA91EDBF9BADA4FCEA64F1416C37840F2C5D7F1AD55B14BAF23EB8C7124475A027AC7715FB9828249DAEF8F4E6519D12C801F49166199BC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ......P ....@.....................................O.......h................>........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.NameResolution.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.983124585784105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:g6ZWYLW6rjP9Z95Xa/rl9qX2Ip4q31vcCjdAA1m5wMzsPu9:g6l1HRKrLy2Ip4q3JcCxf1mlzz
                                                                                                                                                                                                                                        MD5:BC3F5D6D722774A570B3A1DE58E2EBBC
                                                                                                                                                                                                                                        SHA1:C579AEBDFDF288064705CBC2F1AD178E258AF039
                                                                                                                                                                                                                                        SHA-256:BC53C02FA05BCBBB8144E6D9B8AC036362332EED3B67A6FDA073C2D015D86701
                                                                                                                                                                                                                                        SHA-512:ABFE28100E4603F6C48AEB9C8E7F8D2C6559B533E566DED65A69B489C96D275A0137AB29CF43718972323E763B98B77273D30A8E1C6D64654859F03E9CE6766D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................R....@.................................T(..O....@.. ................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.940990717284523
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:A1W1WMQWvrjP9Z95Xa/rl9qX2Ip4zq7CjdAA1m5wMzsPuG:b17HRKrLy2Ip4zsCxf1mlzz
                                                                                                                                                                                                                                        MD5:360717B2996F9A21186CB6C6333015CE
                                                                                                                                                                                                                                        SHA1:D0EFE923ECAC3D152F0B34EBC693EC85D7A13092
                                                                                                                                                                                                                                        SHA-256:A13B2B226C3153B81D12DBC33A9966030D9330069FDDC9A474D35408AA452E7D
                                                                                                                                                                                                                                        SHA-512:CA010E618AB0EEFFB38D825A66FE90521EBABDDD8A91E8F04EE512D43C9910E84BE74FB759F64484D42B2E343BACAC33903F3BBCB0A51CC45125D1430B2C02B5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ...............................G....@..................................,..O....@..@................:...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.Ping.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):6.9839807358827395
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LdSWSKWIrjP9Z95Xa/rl9qX2Ip4YOCjdAA1m5wMt+uK42MDug22:ROcHRKrLy2Ip4YOCxf1mltdK4N
                                                                                                                                                                                                                                        MD5:A96BEA342F91D186767C7A03BC6D3A65
                                                                                                                                                                                                                                        SHA1:716D819F7DA2893C5265836EC11BE33951413F29
                                                                                                                                                                                                                                        SHA-256:0E7B4A7119FD0E19DB10BD9E3C9B7BC76486BDC88C5BC24CCE3B0CEAE5AF7EB4
                                                                                                                                                                                                                                        SHA-512:CC6E1CCABCCEFC8513395A5ECC3DBF03F539C6E5DE513283946D0FEF1FDD4789D223CC368F8A64DF38B6943B2165B5E1E7AE96324E515C27CA6C9449B8928C2A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................A.....@..................................(..O....@...................=...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21888
                                                                                                                                                                                                                                        Entropy (8bit):6.917946536927677
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:EJEYA2WkIW8rjP9Z95Xa/rl9qX2Ip4/CjdAA1m5wMt+uK82MDug2T:EyYA8CHRKrLy2Ip4/Cxf1mltdK8Nu
                                                                                                                                                                                                                                        MD5:78AE99457050BBE396A1AD9F4369B093
                                                                                                                                                                                                                                        SHA1:35DED67BD7D99FA6E561ECC19BE92E96E4A7C32B
                                                                                                                                                                                                                                        SHA-256:3B0A67438822ABDC4BD07B61CA4E7F089E235885F1F98B72F0A10EFF9F7165A0
                                                                                                                                                                                                                                        SHA-512:0C1808D342F1A9F2E5145A55E02A48487D40A1F97FAA36D6853870310F728461C3D53F178C5E55000F6CCC132180D4F1FB033C814B1ACB1ABFFB5728E45E6A47
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................u....@................................. ,..O....@...................=...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.Requests.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.024383643761439
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3JGWe4WKrjP9Z95Xa/rl9qX2Ip4vTjdAA1m5wMBq5ul04vfh+7L:ZmgHRKrLy2Ip4vTxf1mlBqsHvm
                                                                                                                                                                                                                                        MD5:07D1968A9D4796A602BDD87D1DE640DA
                                                                                                                                                                                                                                        SHA1:032E8EB6C6ED8802F444C1A3AF213ABDA6680C2A
                                                                                                                                                                                                                                        SHA-256:FF56F726AD14116AD4760AE1211A916B177B1796CC5CFA9C1AFE53A25DFF0306
                                                                                                                                                                                                                                        SHA-512:0D860913063F11CD5E17F78AFC48B7E11094AA3C5937CC5BF492DD4443A122E293AFACA9C6A4128C8BA6256AC96EEA9C8CD93F11FDA5C6525642F15CCBDBD98D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................B.....@.................................0)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.Security.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                                                        Entropy (8bit):6.949503664344784
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BdW1w3WesWorjP9Z95Xa/rl9qX2Ip4kjBdCjdAA1m5wMt+uKu2MDug2:e1wx2HRKrLy2Ip4k7Cxf1mltdKuN
                                                                                                                                                                                                                                        MD5:67F5D9F0420089641C4A586F67E4AD8E
                                                                                                                                                                                                                                        SHA1:46F305FAD2BC4394E204285D115C99911F0BD2CC
                                                                                                                                                                                                                                        SHA-256:6DE73632E3B5C91C65A8EF22D0DCDEFD5F4D79401D6106AC45EFF9FF62308452
                                                                                                                                                                                                                                        SHA-512:3EEC96DC2D36CAC18BEEF1E84822D25B2F4CD871FA53CC9A7D0919A450BE07D4E50AC1B2BCB76ACFE106D59025AA20311C8A7D3DB4D3F6621140F5030CC4088F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ....................................@.................................,*..O....@...................=...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.Sockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30208
                                                                                                                                                                                                                                        Entropy (8bit):6.767793329723504
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Nyp12Bhkg3qnV/sPMHRKrLy2Ip4ATxf1mlBqsQuvEk:y12zkg3qV/sPMHi/9MfIQs/D
                                                                                                                                                                                                                                        MD5:536E8F3C34410C25A83952179FCA8862
                                                                                                                                                                                                                                        SHA1:137C88DCD584D0741994FAA263B47359D10C018B
                                                                                                                                                                                                                                        SHA-256:730C10E5A6ACB38DD0D58B4EC4A296D609392385494EBBC77D064E60833EF99D
                                                                                                                                                                                                                                        SHA-512:96CCC78A577BB063ECCC91562E368C114845F7ED60207E95867DAD75ADD6EC261750D5EC9A2E44521BEE94DEC90D791BC97505C1B4A41835C11669E4A5C8A498
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ..............................`"....@.................................gI..O....`...............8...>...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.012312379517373
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yHPAW1bWjrjP9Z95Xa/rl9qX2Ip4IN3TjdAA1m5wMBq5ul0Qvfh+C:qrWHRKrLy2Ip4I9Txf1mlBqsXv7
                                                                                                                                                                                                                                        MD5:093EEEDB8C88A75C6A4EFFC1424552FC
                                                                                                                                                                                                                                        SHA1:91B63883B48FE79F7FDC5276DB4875272EE8A8D3
                                                                                                                                                                                                                                        SHA-256:FAC3EE2E6DD6ABFEBA4043F69AFD6D8761CB96763DE2B4CBA0567E61220E8D21
                                                                                                                                                                                                                                        SHA-512:83BCBFCD0A5E5B0C37C52E25E9B4ED4821670D65FAFAA42F6807B683533BE9110E196C57F1B435A16C2373659BFFF5B1FFF4E11ABDA0C69A0B861AB4D4A9A8BF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P................>...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.990449962762576
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KNoqWD7WPrjP9Z95Xa/rl9qX2Ip4TaCjdAA1m5wMzsPu:KNofOHRKrLy2Ip4mCxf1mlzz
                                                                                                                                                                                                                                        MD5:FCFD3EDDED347FC06BA08FD9A4874E0F
                                                                                                                                                                                                                                        SHA1:8869063AAF7EBB264E3C8D8CEA1933364A9FE8B4
                                                                                                                                                                                                                                        SHA-256:3AC4F6D4D123671D92CCF1C70D594CF0DDDB20D10658E494994D23E686EFC5AB
                                                                                                                                                                                                                                        SHA-512:C6DCC2D0D280320F13E7212B03D672803F2DE684F98153DF9371777D403CDF2E328266858E0A3371E5E7C1572F3E9863AEC07E1C6FBE54841DD45FAE85BCAC55
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................-(....@.................................|(..O....@..@................:...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Net.WebSockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.016070802680104
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cGETSAWUEWIrjP9Z95Xa/rl9qX2Ip4dtaTjdAA1m5wMBq5ul0nvfh+4:ST1CHRKrLy2Ip47aTxf1mlBqs4vt
                                                                                                                                                                                                                                        MD5:48A9F245C1FCD9CD421526374C8FC42A
                                                                                                                                                                                                                                        SHA1:78D5DB17A57F476CD8DA8BE5E9AD8721CFB2638B
                                                                                                                                                                                                                                        SHA-256:C2D8D7D77B50991327DC9940B896306AAAA7A63D682EA708BB48F12EBAB1CE6D
                                                                                                                                                                                                                                        SHA-512:D038949B35F84ACEB6F405FB389820EC3241E712797C82F1E4FAB1E0F5734FF715DF24677ED81F67F5B5A67201ED4AC073D4E9CAB681EAF0EF808A9886560F6F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.ObjectModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.985562996876628
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:lcDagtDApWSKJWnrjP9Z95Xa/rl9qX2Ip4FOCjdAA1m5wMzsPu:lPKBAHRKrLy2Ip44Cxf1mlzz
                                                                                                                                                                                                                                        MD5:3B88B9BE220E36D7F8729B488EE4F6DC
                                                                                                                                                                                                                                        SHA1:34BE6187882F312305C45D440BF427CD695013CA
                                                                                                                                                                                                                                        SHA-256:B0C016655C302D3DC25F369D6087D669B2D4EDC05CA48AAF9CBA48EF239DF41F
                                                                                                                                                                                                                                        SHA-512:5F1F48A77F4A46C4BD5275F5466AB24E830C965A80400C7CC314A888D904A90254E335BD9A0F7B08ABD9451DF4CF0E3B2966A99C3EA05C7A8FE3F9F228BED8BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@...................:...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20864
                                                                                                                                                                                                                                        Entropy (8bit):7.004484897309742
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fIWD4WPrjP9Z95Xa/rl9qX2Ip4dCjdAA1m5wMt+uKA2MDug2GwW:f1/HRKrLy2Ip4dCxf1mltdKANP
                                                                                                                                                                                                                                        MD5:1D5F9A52D4F45D8A9410EAEDADBA77EA
                                                                                                                                                                                                                                        SHA1:EB5A23D3842F1BDFC074D9A0D47DBBFD8AA71771
                                                                                                                                                                                                                                        SHA-256:A531CD972442CF7A6C98446EC3CBB607B8F147B2DD762C97B2D4AA397DFEF300
                                                                                                                                                                                                                                        SHA-512:730CE31E52EFAE2882394552F7A8DE774C4E0887764CC0DAE5308F7F18D81D6FE5930106563D7AFCC7232216ABA444ADA618BB4A13FAD75C14D8E364A6C528AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................=....@..................................(..O....@..@................=...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.956883982952257
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iMWzQW3rjP9Z95Xa/rl9qX2Ip4UoOTjdAA1m5wMBq5ul0Vvfh+1f:i57HRKrLy2Ip4UhTxf1mlBqs2vif
                                                                                                                                                                                                                                        MD5:FD2AB5130049284E205256F6D21B4FF9
                                                                                                                                                                                                                                        SHA1:F5BCB68D775ED244205716AA2AF6BFC31C336DFD
                                                                                                                                                                                                                                        SHA-256:45E8FFB0FDF3B114E717333EA544E8438DE146778A7CFF9EEA1E39063E538011
                                                                                                                                                                                                                                        SHA-512:A9998074ED4F8FE09D667DDC2B9E8F15C338E07D2C13098F454C95E54610555C18909E8809820C88D1846FA52B783887C9B39030988945B339ED392729E97725
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ...............................W....@..................................)..O....@..@................>...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Reflection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.907071338300692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wxDHKWAMWHrjP9Z95Xa/rl9qX2Ip4bYTjdAA1m5wMQhKuVdRm5vZf:4D8bHRKrLy2Ip4bYTxf1mlQh5VdRm5t
                                                                                                                                                                                                                                        MD5:8A252F1FB85086D035FAD4B976F84421
                                                                                                                                                                                                                                        SHA1:B2BB9B4CE4B6D25B35091B6765AC080D1779CBC1
                                                                                                                                                                                                                                        SHA-256:BB05FA6215A3B9FD9B2EB0F559FE7A30E944F03F07F7D79CDF4DDD7B57DEEE01
                                                                                                                                                                                                                                        SHA-512:8482D445DE1B26EBEE5E486C36C27B3FDFACC09AED8619F66EFF4106CC717EC393D2DB181891F58A6B696053AE8F5E5402F2B9D62AA5F3E0C3494E10CC850864
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...................................@................................. ,..O....@...................>...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Resources.Reader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.993420993671583
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cLNBEW6pWerjP9Z95Xa/rl9qX2Ip4UTjdAA1m5wMQhKuVdDm5vZyo8:cbMzHRKrLy2Ip4UTxf1mlQh5VdDm5UL
                                                                                                                                                                                                                                        MD5:5353D2CC4393D2DE1EAE1A00B7848BB9
                                                                                                                                                                                                                                        SHA1:017ED99087BCE6A35826FD861E555869D3B1550F
                                                                                                                                                                                                                                        SHA-256:5734A2041DAFC60696583043AD4E5613306C760B9F895F80E58C049AB63B7EB0
                                                                                                                                                                                                                                        SHA-512:A856661DB9B3068B6D64F202B1C9C71A0129658CDD6F25C6E3C219A3CCA63AB20C708ED12B6C0FBD17BF6EB13C27A04F6BB8F74DC22040EA3B6D6DFFC9603F1D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.0244524304384015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:CKkHKW/tWNrjP9Z95Xa/rl9qX2Ip4OeTjdAA1m5wMBq5ul0ovfh+YV:XuWHRKrLy2Ip4OeTxf1mlBqs3vN
                                                                                                                                                                                                                                        MD5:26478EDBE547D0DBDDCAC468D8A4FAE1
                                                                                                                                                                                                                                        SHA1:FE1B850C11229BC091E725FE4DB6EC379030AE40
                                                                                                                                                                                                                                        SHA-256:ECE642BD2BB8CE7B18583961C68C1F050DC639C7459581CD4E3C4068B6A67516
                                                                                                                                                                                                                                        SHA-512:E4AFDD796F8CA6FFDF2B57B761C78A872DF6A881C30576F36EF5EAAABB58C26C53E9D1B220BE86B9CBED28ECED2E14BB10CA8BC29403A159466E7C6235207286
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................].....@..................................(..O....@..`................>...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Resources.Writer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.978820551680673
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BLnfIWqrWXrjP9Z95Xa/rl9qX2Ip4tf6CjdAA1m5wM36QNuZLQrQY:BDf4GHRKrLy2Ip4B6Cxf1ml36QgZS
                                                                                                                                                                                                                                        MD5:0DC9CCC1D26214E4A95847F7C6335926
                                                                                                                                                                                                                                        SHA1:A7F4E12DBA444C5EEA2624F7A88F77142AAA74FE
                                                                                                                                                                                                                                        SHA-256:A739636CD6CB162D927E6C203F4BA8E9164E5EB44E1AAD9F045470B61CEE39DF
                                                                                                                                                                                                                                        SHA-512:A3DB6DB5710C985B78F3FF706FAE31C797937A3AE5B50439C7C18A2F222000ECF85686C86B8FECE69593972C6A5E1DA327A200ABD8DC9D3DE5E163143066BFC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................B....@.................................D(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.800053693288702
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eybU8ndrbbT9NWB2WTrjP9Z95Xa/rl9qX2Ip4j/TjdAA1m5wMQhKuVd3gm5vZ2:ey5ndvWZHRKrLy2Ip4LTxf1mlQh5Vdwz
                                                                                                                                                                                                                                        MD5:0F9957AD9E020ABF5F3B4B06E5D6B953
                                                                                                                                                                                                                                        SHA1:AF9BD1B21D22421D6B95C191007267393F9FD8BC
                                                                                                                                                                                                                                        SHA-256:381F5473A17720FBED4F960867E9457C035EE22F76AEEBCEB3DBA60009A0B45E
                                                                                                                                                                                                                                        SHA-512:19611204AC5D1A64D6E8726FCBF83DE84BAE8C6C35980D3EBE2711ADF3B219AA39C887197B1CF8369719AC398AB3CC56AF3F0B831BD79D4ED84A17F025894C79
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ..............................o.....@..................................6..K....@..............."...>...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.976445569058889
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:jna8WK1WWrjP9Z95Xa/rl9qX2Ip48YTjdAA1m5wMQhKuVdygm5vZssqy:jna0/HRKrLy2Ip4PTxf1mlQh5Vdygm5F
                                                                                                                                                                                                                                        MD5:5862163035701C1C8C83E0A00EA0A4EE
                                                                                                                                                                                                                                        SHA1:69C1AFAF61FA70CB70EE4E638B610E2350C88001
                                                                                                                                                                                                                                        SHA-256:2CB315BD1C4E9050C35F6DD253C9C499FB4AACB76593240438B2BC56792E3B92
                                                                                                                                                                                                                                        SHA-512:9DD8FE1B96238310DEA332699BBD062EB89924C37C2DB0FB1B7ED0C7AF9A4627A2B8BFEFD3A608449033F401F191C51F5ADF4170A3AE4120F5A3B718195FC51C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ...............................=....@..................................*..O....@...................>...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.9265541297950595
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4BSWITWprjP9Z95Xa/rl9qX2Ip4Iky6CjdAA1m5wM36QNuZL:46YHRKrLy2Ip4Ly6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:806ACB0354C1DE48BB61DF96E2FAD5D1
                                                                                                                                                                                                                                        SHA1:ACC1AE918D897C8BC3279B6C1F6A96485546AB86
                                                                                                                                                                                                                                        SHA-256:AA84EE4FE186F4CCFBCAFACAE30016A8CF877787C56E05CC6B12D9C228E19831
                                                                                                                                                                                                                                        SHA-512:20872A5896FE19C087E9C374410108BDB3074D7C284C2BF7F0CD09DD207E3FE141B1637152C56C98B1F29178604CB43C2804073588D3E03C8AF89DD64B8B49B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ...............................!....@..................................)..O....@.. ................:...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.Handles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.024914500099341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:C88cIIWNoWLrjP9Z95Xa/rl9qX2Ip4z/6TjdAA1m5wMQhKuVdcm5vZ97CU:C9cUbHRKrLy2Ip4GTxf1mlQh5Vdcm5P
                                                                                                                                                                                                                                        MD5:1DF480B3EF676A09D9DD11890C70EE66
                                                                                                                                                                                                                                        SHA1:8E827424C2B2766D71A36742501F4B631C34FD6E
                                                                                                                                                                                                                                        SHA-256:D2C88FE15D78332989A507E36EA1A8A2C4CC8B25BE7500C855E9F76D4991585B
                                                                                                                                                                                                                                        SHA-512:4E3FF3B1C6A2402A69A435D207A33E7D504683E0F8FE7F25D6E31EC04B717495F065FC2DBF513F8DDE7C27B520CA864CC501D24E69C247FE1E4F1D8CC92A252F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................2'....@..................................)..O....@...................>...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28160
                                                                                                                                                                                                                                        Entropy (8bit):6.790350767912065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:crmoFmWdO9HRKrLy2Ip44ODTxf1mlQh5Vdkm5n:caEFdO9Hi/9/BfI+vkGn
                                                                                                                                                                                                                                        MD5:562379760F9E686652297B3180E05C1C
                                                                                                                                                                                                                                        SHA1:24B16EC8CF800C81C789E1F279E64CBC55BAC596
                                                                                                                                                                                                                                        SHA-256:24B63A98A0D136BACDD057DBFD173A95C10EFCF706A71A51942741983C383EC8
                                                                                                                                                                                                                                        SHA-512:C60057EB8D985204E0816A397252668F8CCD5170961DDAE052E67E4EAD43F470780D79D6B7602E35455EDC72DBBCEEEAD50241711B87BC3E1DD0FD328E77609A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................b.....@.................................PE..O....`..x............0...>...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                                                        Entropy (8bit):6.86244677413669
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:O09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsz:3OAghbsDCyVnVc3p/i2fBVlAO/BRU+pF
                                                                                                                                                                                                                                        MD5:4B9E6A397BAF62480D1D642C539982D2
                                                                                                                                                                                                                                        SHA1:EFDBFF45B098CE1A36F08D07D4F70B474FB29B54
                                                                                                                                                                                                                                        SHA-256:A602F22DE6691C1ECDE9CB9A186541A60759B87AC3C1FD281BD5E5FF9CE7D64D
                                                                                                                                                                                                                                        SHA-512:DB65D862A86567262FF79009C08139C280CE0912A015351118151E1AB64E5CD88906954285707AEE38E180EAB9B2DBDA1D53F611334EAB1F078992826EDF6F0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ..............................L6....@................................. 5..O....@..P............ ...>...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.98121423453462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:G7W6RW+rjP9Z95Xa/rl9qX2Ip4+C6CjdAA1m5wM36QNuZLRv:G5rHRKrLy2Ip4z6Cxf1ml36QgZFv
                                                                                                                                                                                                                                        MD5:F030F3E4D0EEE23DF31E5C684BEDAD97
                                                                                                                                                                                                                                        SHA1:322FB4F7CFC4BB2DFADC2F71B1216B2A6F82F0D6
                                                                                                                                                                                                                                        SHA-256:37073DA1F5A20BF1FE1B33CCB42F0B29D32196241BFCF1A3A2A70FD601EDF1F3
                                                                                                                                                                                                                                        SHA-512:0AD034960ABDFF4FBF506DAF87CAABB5DE6F79C0394D019FC05A8A5D90D5828FA938E96868DC7E058E04FA8CCD199DD5CEE7900A03008345F791C6DC70417C0B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................>....@.................................T(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.05428802807611
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qI5HeWFwTBsWNrjP9Z95Xa/rl9qX2Ip4JKTjdAA1m5wMQhKuVd2m5vZL:qI5HFwTBlHRKrLy2Ip48Txf1mlQh5Vdl
                                                                                                                                                                                                                                        MD5:799BBB26B86D38A7F621AF8FFFDD8E01
                                                                                                                                                                                                                                        SHA1:CEC6F288C85E4581CB8876733E3EE6681808F249
                                                                                                                                                                                                                                        SHA-256:E6098F2253327D950B81076337EE0B92667EF6508F41F527372F7FCAB57E36F1
                                                                                                                                                                                                                                        SHA-512:AF67B37AE0BBDB17FB0A798D085630904CD23D0E56FE502E4CDE8B984FCCFCFA1CFD82BD7C8BCD20CE2E316568DFA5C49FE34E73EBC4C5393275D40807237E50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................u....@.................................|)..O....@...................>...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.032938959830146
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iAJpVWbfkBnW6rjP9Z95Xa/rl9qX2Ip4scTjdAA1m5wMBq5ul0zvfh+BzR:iAJpWfkBdHRKrLy2Ip4scTxf1mlBqs8m
                                                                                                                                                                                                                                        MD5:A8FFF498E33FFB86C678046527186133
                                                                                                                                                                                                                                        SHA1:A9749F87CF0F7FA8685EFE1F22DCA999C56E6475
                                                                                                                                                                                                                                        SHA-256:B5303D326DC0D0CA787EF8569AAA6F2EB15A73BC0B901920CCCEB00BFE16567F
                                                                                                                                                                                                                                        SHA-512:57AEED077A4A27CD08AC7221A3A1C3D5B938AE07B6E1A9896339651530B9B438C7A5C61BC7C9ADE8F22AC71938240F91F7B8B44818E2469A11124A29E45D9E1A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ...............................u....@..................................(..O....@..`................>...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26624
                                                                                                                                                                                                                                        Entropy (8bit):6.744878476669213
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:W1dyAqgQBfqyTBQHRKrLy2Ip4kWTxf1mlA6RZy:YdK1WHi/9kWfInRU
                                                                                                                                                                                                                                        MD5:CC2E63CBCBB9960B8D20AB217B6753D8
                                                                                                                                                                                                                                        SHA1:792ACA3B73401780A272EB8F0B2AD242E2057C22
                                                                                                                                                                                                                                        SHA-256:8816399ACCD5340398DFE2825666C0EE95CBD7A10A435BE9BF3F4F0C5C42A845
                                                                                                                                                                                                                                        SHA-512:27FE73E2D221E60B48BA5D3876F685C33C656E1D78CB1B2E44DD90C232621B5CCB32D917261D9824D7D9116BF5E6BF5B551D14B540E6AEAE5CAA4CF3AACAC16D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................o.....@..................................8..O....@..8............*...>...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):6.862001295533237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWIrjP9Z95Xa/rl9qX2Ip4qyTjdAAs:XsPMQMI8COYyi4oBNw4tB4HRKrLy2IpH
                                                                                                                                                                                                                                        MD5:91F23081484BE9044502E179DFFD0B5B
                                                                                                                                                                                                                                        SHA1:C8767E1515A3B453B7E9EA386CD892B6BB9566CB
                                                                                                                                                                                                                                        SHA-256:CB21115EEC55C3B2998D4E820C0B609535660CCA8B8FFBCBF044CD6A879AB2E5
                                                                                                                                                                                                                                        SHA-512:6E202B60FC061D7C1A5B97ECC69381F902EFF7CFD2E61D4C90050190CADB1D0FA72D3492628F543C5E9BAA43E8B664D407BE3AB11F9E0A9B3C5423639BB4B91B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ..............................,{....@..................................3..O....@..............."...>...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29184
                                                                                                                                                                                                                                        Entropy (8bit):6.563794164270402
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nbhigwLAuZtM66g/Id7WVXW0rjP9Z95Xa/rl9qX2Ip4HTjdAA1m5wMBq5ul0Avf0:nbhzkKs7HRKrLy2Ip4HTxf1mlBqsTvBC
                                                                                                                                                                                                                                        MD5:3D4BB4CA05BA61CF938055E75C74E93B
                                                                                                                                                                                                                                        SHA1:688F6D9B94C76CF251632BB61642CBC4BFD973ED
                                                                                                                                                                                                                                        SHA-256:4C4FD044311E64557A9C5D48C86A92D0B7A6C7A3B36B4657762F9EDC0AD01973
                                                                                                                                                                                                                                        SHA-512:297CCF91CEA0E1DF52490A696413BE638B9C66562C703B18EFAA9803FC903D00A116B4335ADA3C586953E4FF936277FAC077687EA19B260C57F5FB95427A01C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ...................................@..................................G..O....`...............4...>...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.AccessControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38912
                                                                                                                                                                                                                                        Entropy (8bit):6.258801189412649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:yTIrKFsESvNsStEpOqPOmizx1qYDpjhHsH5KDs6L5C4ioDElwr1ZWBky351iQHRa:d6lw1IbiQHi/9VSfIQsCq
                                                                                                                                                                                                                                        MD5:C60DB20B29E88958D9465CF180B78944
                                                                                                                                                                                                                                        SHA1:354F0623DD0FD9868B27758737FC25B96C8E0B97
                                                                                                                                                                                                                                        SHA-256:68DD8B93139014803DC11A5398CCAFB1ABF5450635AB4FA6E5DE7C27098ABAA3
                                                                                                                                                                                                                                        SHA-512:E17EA0E31A2F246C096E7D0CC94A6B20789AD2BB3A39CE28A89DC5A310A044F0595CDD1CDBE3CB25A0BD01864D4016AECF277F637E3AB853C078E8067F723EC1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..J..........>h... ........... ..............................& ....@..................................g..O.......h............Z...>..........8g............................................... ............... ..H............text...DH... ...J.................. ..`.rsrc...h............L..............@..@.reloc...............X..............@..B................ h......H........#..8)...........M.......f......................................j~....%-.&(7...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r9..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r3..p.(....*2rk..p.(....*2r...p.(....*2r;..p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Claims.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):7.002325554132072
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:1UcX6W9aWsrjP9Z95Xa/rl9qX2Ip4LKGY6CjdAA1m5wM36QNuZLin:1UchwHRKrLy2Ip4LKt6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:0347D6FA68EF104062D2F03BD2836C51
                                                                                                                                                                                                                                        SHA1:907FEBC4AA739CCED0AFAD90CB2457335CFB174F
                                                                                                                                                                                                                                        SHA-256:5F5BB112A5ADC3D3999DEB912D8C428EECDAAD68CA3B65FE62492B82655D7A4A
                                                                                                                                                                                                                                        SHA-512:093F240E2C1F8857BB991AF1BE4ED60DCFC9C9D28CF8A660B7822474408436B9D05C0579F8B3644BA1A74876C4D0DB1C0F14DC127637B4C7096B5B168FFAD3A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................:...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                                                                                        Entropy (8bit):6.171207295782074
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:+oBj7kS+8mjvHTeaWKs0Sd4eehHRKrLy2Ip4kOTxf1mlBqsqv/e:FPmb9WKs0PeehHi/9vfIQsqO
                                                                                                                                                                                                                                        MD5:368CDE2C1517D0370689048DFEFBBE01
                                                                                                                                                                                                                                        SHA1:18B56375A8FF8D0B5A51C2EF09154F4F598F4966
                                                                                                                                                                                                                                        SHA-256:D100C10F273171C43BD6A6DB1F08FB8EF7E69D0A65470566EFECAB68AD5EE150
                                                                                                                                                                                                                                        SHA-512:E25E29290F49E71B4291042D255F24FB877D04FB4B56B76249DD6188C601E4201CBDA6EE0205CCD58B84AF26D43B4E7755F2EE62AF5196E83A20025E4F1198D8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x...>........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.036231673830498
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:STI2pWPzWkrjP9Z95Xa/rl9qX2Ip4STyTjdAA1m5wMBq5ul0fvfh+7U:SE3zHRKrLy2Ip42yTxf1mlBqskviU
                                                                                                                                                                                                                                        MD5:DE4C7C34DE0EE77E22BE7BD4DCB12EF6
                                                                                                                                                                                                                                        SHA1:F292FAE6FE6443516156BD63CD424CCEE1162F76
                                                                                                                                                                                                                                        SHA-256:6D1B52839B5C28352B4B5DC63D40253BFC9A05C1D93F76042AB2A0F324A5C88F
                                                                                                                                                                                                                                        SHA-512:1D847BE48A9F9370E3CA239314CAD3C20322033C52AA74568F1F2A24A5C4D053510F3F93C53B0CDD0B16400D5D57743527E5E2F376EA52D14809B9C13662060A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ..............................lw....@..................................)..O....@..`................>...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.043752496308506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zcezoy4W04WxFrjP9Z95Xa/rl9qX2Ip4wQoTjdAA1m5wMBq5ul0gvfh+9o:zBzoy+fHRKrLy2Ip4wQoTxf1mlBqsbvj
                                                                                                                                                                                                                                        MD5:C706B0668387A2ACF3E8C6E2A11390EF
                                                                                                                                                                                                                                        SHA1:6108CEDFE1301AE1A381AB15D05E6F1ECABC5885
                                                                                                                                                                                                                                        SHA-256:ACC37223E0389865D94131FF72E7E9A81A468A73F5E648E66496E11ADF68D72F
                                                                                                                                                                                                                                        SHA-512:4B880649BFFA7B8DBBE4EA2CE23F2A4D9462518DB1A41C44A2D64CC75D327032FC7A2C4C7159D99BB712E4D0B3B872F5F5B507951A467FED0063D810C1CD7A10
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ....................................@.................................,)..O....@...................>...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.964569325909888
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DH/JWKpW5rjP9Z95Xa/rl9qX2Ip4psrpTjdAA1m5wMQhKuVdbYm5vZdb:DH/jyHRKrLy2Ip4WtTxf1mlQh5VdMm5
                                                                                                                                                                                                                                        MD5:16F83A3369AFD8F913FD9FBF2BE2E09E
                                                                                                                                                                                                                                        SHA1:DE0D9DF9581050AEEC9F77CAD32D452E021A6A72
                                                                                                                                                                                                                                        SHA-256:29451952BF4887D95F2F34A47EB5F1487B0371B93D14CBBE3AB12634356CC505
                                                                                                                                                                                                                                        SHA-512:68106DF7EF3C8D23FD4C5849DD8575C6CE23821B408BEC175CCE61D5D0A77BC4D1E7B016942117B7BEC588762A9A1CA8A39002F63A5B1160EC20ADB76F391FED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ..............................2N....@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.918646557026692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KTjbocNsWMhWwrjP9Z95Xa/rl9qX2Ip465TjdAA1m5wMQhKuVd4m5vZXVy:aboYyxHRKrLy2Ip465Txf1mlQh5Vd4mY
                                                                                                                                                                                                                                        MD5:053CDE539558C043EF0D98D277A225E4
                                                                                                                                                                                                                                        SHA1:433526427E83F939C8074C326367703A94A5D6B5
                                                                                                                                                                                                                                        SHA-256:923C9B96CC5F054C309816CC90C0A1B2C65E9432B2E38AEE50CCA1557B051FC7
                                                                                                                                                                                                                                        SHA-512:0F3150292BF8BB20D1C106251E8C670AC959C4A42CE84475DF0BF90010BED07D8608561D5F87CBE0045E1572800BC324296E532070770521D0A62B001F234042
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ....................................@..................................-..O....@...................>...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23040
                                                                                                                                                                                                                                        Entropy (8bit):6.890329778208696
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ResTEpq4YiZUlW/AWXIZWWAWXkrjP9Z95Xa/rl9qX2Ip4LF0TjdAA1m5wMAvru4x:FwTiuHRKrLy2Ip4LF0Txf1mlA6XfZ9W
                                                                                                                                                                                                                                        MD5:C5B6F82F05364033B9FD4B5204E34F26
                                                                                                                                                                                                                                        SHA1:9255FEFDDEE9FE6568B91665ADA3C19C3246D480
                                                                                                                                                                                                                                        SHA-256:24DDDE4EB0276C3CB82E3FCC3B5A4EAEA32867004A7D2EC0F885ADAE06A6EA66
                                                                                                                                                                                                                                        SHA-512:9F86A85915E45DFD7D7987AF92A895AD73754C9AD4245040FBE14A3F343C71F7995F7A754E8E3DC6D1A1B3DC4950846D95CCE604679BA3C7D17EADBA6AD07B0D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oY.........." ..0..............+... ...@....... ....................................@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................T*......................................BSJB............v4.0.30319......l...l...#~..........#Strings............#US.........#GUID...........#Blob............T.........3.........................................._.........-............./...../.........O...........I.....f........................................._.............................y.............................!.....).....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .....&.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.Principal.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.003345288923658
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MSKiWIhW+rjP9Z95Xa/rl9qX2Ip4YZh4TjdAA1m5wMBq5ul0Qvfh+r:MSK8jHRKrLy2Ip4YZh4Txf1mlBqsTvC
                                                                                                                                                                                                                                        MD5:BA49CEC30FB0DB7466AAA605878CDDD1
                                                                                                                                                                                                                                        SHA1:0C7F6967FCB69D76EC8FAEB8CAB1BFEBB1DEF616
                                                                                                                                                                                                                                        SHA-256:45E5B19DFF471EF416B6F46B42AD3FDBE4C58DAB33C1C12D3D0D71982E62CFC5
                                                                                                                                                                                                                                        SHA-512:B10CED8BB341E51A82CB395B072B0960AF5B18BD93E916B1D82373CA74F1028927245204F9B03A461AC08A73B5B61955DBFE15CA87F61A7C8881EBC6494A65BE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................:q....@.................................t(..O....@.. ................>...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Security.SecureString.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.952617106985068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:40KbZWApWmWTpWNrjP9Z95Xa/rl9qX2Ip4DThTjdAA1m5wMBq5ul0Nvfh+Vt:nKRyiHRKrLy2Ip4DThTxf1mlBqsqvkt
                                                                                                                                                                                                                                        MD5:24046188160DAD513AD213EEBB9BF585
                                                                                                                                                                                                                                        SHA1:53D4E09F3F739D2A8E5EB59D156A52A7748D106D
                                                                                                                                                                                                                                        SHA-256:B28ED96F3D699D5A6B1B88A3E4E2D855945C8BD9F10EAE62F42A910FE7D31377
                                                                                                                                                                                                                                        SHA-512:5D5462F87D9720FFFB9FBA73DA246C25475F854B65AACDFC27C302570DF3290C3EFE1CEB2A9CF9B02CDA8327B4C7A951117DA08853D5056CBBD341D281856E5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ..............................._....@.................................>)..O....@...................>...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.025793572253596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:yb1nWCXWbrjP9Z95Xa/rl9qX2Ip4fTjdAA1m5wMAvru4LTyZIjWYzF:M7mHRKrLy2Ip4fTxf1mlA6TZfYzF
                                                                                                                                                                                                                                        MD5:4C471F1FA1733D378B9F76125EA13D4D
                                                                                                                                                                                                                                        SHA1:DF3165A865220EA5AF741F7293CC131F6D58A375
                                                                                                                                                                                                                                        SHA-256:714736E69B61DAC9D6C3EF6C7D36AAA8ECAB2D1B02DB018C6FA24E5641AD1424
                                                                                                                                                                                                                                        SHA-512:70A1ED5B34BC2D5ABD955C1B37BA3C6D0C8AB4509E08263FC469BC134946E6188E593BB9E129D735B09F0FA5AB8B2EA3199558E5B0F2F36C7B16549D7808A1C6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................;.....@..................................(..O....@..T................>...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Text.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.950125579722336
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:5NyW7TWXrjP9Z95Xa/rl9qX2Ip4cTjdAA1m5wMBq5ul0uvfh+0PL:vf2HRKrLy2Ip4cTxf1mlBqs1vfL
                                                                                                                                                                                                                                        MD5:D93D4BFA4526FB0C604410F445BA6C83
                                                                                                                                                                                                                                        SHA1:820E6E420D2FE3C97F0B22489EAA95449F6F08B2
                                                                                                                                                                                                                                        SHA-256:35B54B143B778769511843B4C493952F63B5F08F7A5947885B3CCFCB349894F9
                                                                                                                                                                                                                                        SHA-512:2E892D8C05337DD7BC553C29A70462B8548159EBFACB548DEB7120000845792DDA83E4B801D8EDEAD4F20100EFB28C09C5BEA33DE1BD814CE0CA9B494F49ACFD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...............................1....@..................................)..O....@...................>...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.044767989073116
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:k6Rb32WVzW5rjP9Z95Xa/rl9qX2Ip43cVTjdAA1m5wMQhKuVdUm5vZ4:zRb3dkHRKrLy2Ip43cVTxf1mlQh5VdUZ
                                                                                                                                                                                                                                        MD5:CCC96D3D8E531D7411636B2D3F24E55C
                                                                                                                                                                                                                                        SHA1:57FEE930236DFD4571A68B41657DBA8FF08614B4
                                                                                                                                                                                                                                        SHA-256:7EC1720789541966183A2538BBD46D271333A7B382EDD0A2B142F49BF123A20E
                                                                                                                                                                                                                                        SHA-512:8D9EB4C6F692B856DAA3CA60D1912542F580B1692E8EE31A16641EB026CFB156630B9FECDBFA19F283568AD99CC92D35E26AFA8E8357059FEB186F25468CDEC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................M.....@.................................t)..O....@..P................>...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36496
                                                                                                                                                                                                                                        Entropy (8bit):6.6902083286878415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:du5I+sqOylryry8qqIfUc7a5AHRKrLy2Ip476Cxf1ml36QgZI5:dYIVBpry8qqIfUcm5AHi/9zfI5gC5
                                                                                                                                                                                                                                        MD5:4D8FD560D264D9D2F9CC360809053DE8
                                                                                                                                                                                                                                        SHA1:20F80B422BF59D580A59514D2F06EB1E00316553
                                                                                                                                                                                                                                        SHA-256:555962091DAE5AABF44DEFCDDE0A2D98CD46E94DDC6C199AADD73DE08DA5B93B
                                                                                                                                                                                                                                        SHA-512:B911AFCA1DC43D010FC8053451DB2104982FC2F7E69CF7FB1D136D1AFAD08BA9D5AB54BD36F11FB4BC7D5117EB699A77145080EC3CA3E8EE51AF2F5B932589F2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ...............................P....@..................................c..O.......x............T...:...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.02247507672201
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fvn4HREpWiQW3rjP9Z95Xa/rl9qX2Ip43ETjdAA1m5wMQhKuVdnm5vZWM9:4SXHRKrLy2Ip4UTxf1mlQh5Vdnm5v
                                                                                                                                                                                                                                        MD5:1C6034027DF04E156FF60B0F09A12DAC
                                                                                                                                                                                                                                        SHA1:651400F7A2F86C4C6273D1225C19631049894DCC
                                                                                                                                                                                                                                        SHA-256:358A76309D3D26CAC4C021E8FC5DB847C9D45FE6A1474B0789004E57B9BB3135
                                                                                                                                                                                                                                        SHA-512:2618C604EA80AE5210AAAA4ECFCF12182475252642EA86F709CA8DFF1579909F83E4B342D2471A567674E48C2F2BEB8E9A2241FC1EB4CEA2CFD4C237E7EAC473
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................VX....@..................................(..O....@..P................>...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Threading.Tasks.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.946165235196381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:r8MjKb47T3UCcqFMkJ59WdtWurjP9Z95Xa/rl9qX2Ip4jJoTjdAA1m5wMQhKuVd8:wMjKb4vcGdOnHRKrLy2Ip4j2Txf1mlQ0
                                                                                                                                                                                                                                        MD5:FD32901AD58EDA4E8BA9A56187C360B5
                                                                                                                                                                                                                                        SHA1:090398A1AC61FA530596DF1B6C42CA651F698A27
                                                                                                                                                                                                                                        SHA-256:37A4BC0B6C9873F1FA36F1372C0A2AEABA038430D8CB649151626A2CFE5EE972
                                                                                                                                                                                                                                        SHA-512:DFE1101D0B6F56ABE153542B90A2F766E3C420DB7279A77652E560CD8ADD998A56838AEAF170F18E27A2B82A9372F1CD93C9AEF33CA8BBDF241724B7315FCFFC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................4b....@.................................`,..O....@...................>...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Threading.Thread.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.015976194477571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3zyNXd4+BW6FW8rjP9Z95Xa/rl9qX2Ip4ne3TjdAA1m5wMAvru4LTUZIjP:mzZHRKrLy2Ip4oTxf1mlA6VZk
                                                                                                                                                                                                                                        MD5:939491A792A9A207C16E50C4D76D63D2
                                                                                                                                                                                                                                        SHA1:0CB73A19297E30369703D1A57EC68648B349CD38
                                                                                                                                                                                                                                        SHA-256:3F9461B26DA4236B975BF0DBA56B6E9FECBD333BA0E84AC9DABCE7D7F8968DCE
                                                                                                                                                                                                                                        SHA-512:143E0650F4876996337AA870659955D705DEA24873BD614A43B0D36B558F0D13A43258B071FA71317609E5A61C83C7E588AACD5FE0BB5CA214B2AC0CCE186C93
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@...................>...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20104
                                                                                                                                                                                                                                        Entropy (8bit):6.999581586913751
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Wvs2Q3HKJNrWWRWkrjP9Z95Xa/rl9qX2Ip4By7mdCjdAA1m5wMzsPuO:WuMRHRKrLy2Ip4B3dCxf1mlzzO
                                                                                                                                                                                                                                        MD5:1F4B2EF214A0E6E0A74D9F7AD997FA55
                                                                                                                                                                                                                                        SHA1:70D9D29C100A5E1DE5A55511FEDB3D320F1336F1
                                                                                                                                                                                                                                        SHA-256:6A37AE19E656D95778D917D68686994C0BF899CF4033646B12CD2476DBEEED2A
                                                                                                                                                                                                                                        SHA-512:2101C4681DD9F915C617215BFB3BE986D203A837D906DA4EA6D49C401B03E5322409FB0EBC6C44E77D812A83F8328F0138F4E2B8097BEAB6232D6AFCBBD65DAE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................!....@..................................(..O....@..4................:...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Threading.Timer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20112
                                                                                                                                                                                                                                        Entropy (8bit):6.980722029632896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GFz0Q6gcqRhcsMWdMW0rjP9Z95Xa/rl9qX2Ip4bbkOCjdAA1m5wMzsPu9:GFz1c6KHRKrLy2Ip4HPCxf1mlzz
                                                                                                                                                                                                                                        MD5:69074C045653E6A61DB94CC48F74778C
                                                                                                                                                                                                                                        SHA1:98852A0E6B68AB3E1E28F192E57C1EB77C15B77B
                                                                                                                                                                                                                                        SHA-256:F52AA52FCF186B83B56500B2D50F6B3A72C4DDC9CB6E474CDAAB9FAF5E64EE87
                                                                                                                                                                                                                                        SHA-512:C01A3DB152C3B3DD03C92B126985A70803EB4C349EDDF6B32F90D1E7C0845D6ED57B06BEAF17EC4B4777491BF04D059FEB0D7B0966D05E1C4D757CCE8894D74C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................@.....@.................................L(..O....@...................:...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Threading.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.910677968918354
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:K6xWA3W4aW/NWUrjP9Z95Xa/rl9qX2Ip4OTjdAA1m5wMQhKuVdAm5vZ9q1:KaBJHRKrLy2Ip4OTxf1mlQh5VdAm56
                                                                                                                                                                                                                                        MD5:418BE29B62A24A1ACA13E31A72415198
                                                                                                                                                                                                                                        SHA1:31BD7839E973C5ACA50AD50AC8E1FD3BCB85994B
                                                                                                                                                                                                                                        SHA-256:4A2D205DCF3607CA4B9723325B94ABDF0E795FEE5AE357B76C6BA47422F642F5
                                                                                                                                                                                                                                        SHA-512:CEB86E3ED47AF6B4C78AA5391E041F24B0C703DA720BE68CB30344C770336CB7148BC1872792445092D3789A0D70655C92669DF7B5720C879E258EFA6DF4065F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................RM....@..................................+..O....@...................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):77960
                                                                                                                                                                                                                                        Entropy (8bit):6.069856591381686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:L784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSATHi/9XfI5gs:L7NV8v36tI0XCKAv5h
                                                                                                                                                                                                                                        MD5:062043C4CBF910C829E24CFE5941A9E5
                                                                                                                                                                                                                                        SHA1:88527923E47525DA468EC708D3D4E6FE0F044A0F
                                                                                                                                                                                                                                        SHA-256:BD7B95E588DC552A4092D5CA917E75FCC0643DC00A90C9051DA0B4EB24FFFF71
                                                                                                                                                                                                                                        SHA-512:FC22DE7A246FC6BC56A535F7AAB379D0F46CD4AA5C91DA1F5022BC9DD7736E7EEA049FB5A5778366EEDD2C7D663C03F4A09097FCC7E2925DA5FC51C6D19AAF67
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`....../.....@.....................................O.... ..P................:...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.004031307297091
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mr97WquW+rjP9Z95Xa/rl9qX2Ip4Q9ATjdAA1m5wMQhKuVdqm5vZaj:mRJGHRKrLy2Ip4jTxf1mlQh5Vdqm5Uj
                                                                                                                                                                                                                                        MD5:D92A0F1DDF807D1BCC3EB3E6E166690A
                                                                                                                                                                                                                                        SHA1:CB158BA1F7AEB5CF6EE80E7F31421F4F6E6A91DD
                                                                                                                                                                                                                                        SHA-256:F8C65EBD07C69DA5577515174011E704E362611E6B092E3E0017E6913325DED5
                                                                                                                                                                                                                                        SHA-512:AECB1AC24F60332D763D116E022A848E9F0F2A4F912E46D1D6247C262D83CD5E79E5916AD5AE05AF38C62572EC79958B9D0AADCDD716057229167D9ADB081874
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ..............................t.....@.................................\+..O....@...................>...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Xml.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.968105530882379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:G16eWLDWxrjP9Z95Xa/rl9qX2Ip4lTjdAA1m5wMQhKuVdem5vZyYB:C6LgHRKrLy2Ip4lTxf1mlQh5Vdem5LB
                                                                                                                                                                                                                                        MD5:60C26F8A9719F7B4FB617429DA9A3158
                                                                                                                                                                                                                                        SHA1:376356D56F21FACAE15172E80C75A5C49122246C
                                                                                                                                                                                                                                        SHA-256:F1BFCBDF1CAC8AF8295EACCB3F8E66218A95F7FFCD2CF8D5EA4AD0CE9C5F9D83
                                                                                                                                                                                                                                        SHA-512:0F5FF0C16C268DB1B7FF0E71D811239F8007126AF21146693457CD6787E976F38F5269908D0B708FFACC105F6D6AFDADB65BF960A0D72023F4EB6600E6DD3963
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@...................>...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                                        Entropy (8bit):6.936296264713254
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:c8G4YC2W+wW8WpwW+rjP9Z95Xa/rl9qX2Ip4jdM6CjdAA1m5wM36QNuZL0:/GZ5sHRKrLy2Ip4jq6Cxf1ml36QgZ
                                                                                                                                                                                                                                        MD5:4ACDFE5373BDCAEF6F79F9EB64DDEE1D
                                                                                                                                                                                                                                        SHA1:C090D98D272A627525F9D1166E63A5E2DD799D2E
                                                                                                                                                                                                                                        SHA-256:2ECC2C6B418B04EAFD00F6C2C2278FB13DA6E853194FB56478D315655DF8FBA3
                                                                                                                                                                                                                                        SHA-512:5D740D96FDED5409FD543399D5CFF52D6F9F42FAC1B4CB269E8241921FB7EB5A96A65B273F0F26478C18177D704ACF4BC2FEBFB69A11542709D811B727901811
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ....................................@.................................z+..O....@..x................:...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):7.038633483362159
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:L6ziqTEkGWvRWZrjP9Z95Xa/rl9qX2Ip48JnTjdAA1m5wMBq5ul00vfh+F5:LYT1eHRKrLy2Ip48dTxf1mlBqsjva
                                                                                                                                                                                                                                        MD5:825AD627DBA9F0C3C7A770F696E6947F
                                                                                                                                                                                                                                        SHA1:2066D011588BD747763AA95492DB045BA3096F9A
                                                                                                                                                                                                                                        SHA-256:274BFBE88FDDD305E371DBA66C940BB67B26AC51E5C4CF1F74F72557B375F3E4
                                                                                                                                                                                                                                        SHA-512:DF6A7C5AEE18E9200EA095EA917AA8161A80D6767D2AAEC527471EAEF7905214B64FB2FCA847A642D1C70379D2632A21CAAE6E00B3FF513F6058FEE29A21F456
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................e....@..................................)..O....@...................>...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):6.975499885006936
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:FUv7c7iWNCWjrjP9Z95Xa/rl9qX2Ip4HTjdAA1m5wMBq5ul0Pvfh+8Q:FM7c1tHRKrLy2Ip4HTxf1mlBqssv/Q
                                                                                                                                                                                                                                        MD5:CBACEA8BBF166AED9AAEC25EFD2819A0
                                                                                                                                                                                                                                        SHA1:7E055A8842B4F6FB75C4F5A94FA4F4BEC39146A4
                                                                                                                                                                                                                                        SHA-256:A8C93DE53CBA7166EFC70B2EE73EC6499132C4F4E2E42112FFF1E56231E3D046
                                                                                                                                                                                                                                        SHA-512:7C91480657B086D22B3BAFEC5E1351661FC5F19F4EED06E3D1C9C397B7F7D49AA4F763820B35B344F31A5EEF12D45769B91C1EE725DC7927DD28AD2846170FE4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@...................>...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):7.00528420868397
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bSWnRWCrjP9Z95Xa/rl9qX2Ip40KTjdAA1m5wMBq5ul06vfh+2v:bzXHRKrLy2Ip4LTxf1mlBqsBv3
                                                                                                                                                                                                                                        MD5:07EABA4F76B4E982E4D3B7EC268A6DEA
                                                                                                                                                                                                                                        SHA1:75442424E3196F4B3B339079FDC3143D16AE2354
                                                                                                                                                                                                                                        SHA-256:DA38AB286AB29491AD8FD0F34C5CD9A0AC32119A85EB1AB3B313743311CA68CE
                                                                                                                                                                                                                                        SHA-512:019054285EAF91E55CAD4F1323D8DC67901378E21B519522BC8DC1859D7F983EBCD696E6C517E6850B95EDBBABB7037D0F4D8F7970B114B8AC9CB82EC602CD9E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ...............................7....@.................................L+..O....@..$................>...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22160
                                                                                                                                                                                                                                        Entropy (8bit):6.932114236344035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eoMeAKyr1jSC6ErjP9Z95Xa/rl9qX2Ip4eR6CjdAA1m5wM36QNuZL3y:eoMbKK1OBMHRKrLy2Ip4Y6Cxf1ml36QC
                                                                                                                                                                                                                                        MD5:55CFC9F443E2D115AFE56DC32B60E523
                                                                                                                                                                                                                                        SHA1:CDEA8BCC2A11BE43C6B13B4AD535620C66B4D5DE
                                                                                                                                                                                                                                        SHA-256:3A0CD656D1AAA8667BA91C36FBED4034A0115423498AA1BD16E678F5083F37D7
                                                                                                                                                                                                                                        SHA-512:250A92485CDE3729DC3CBD2B32924F7CB700817E8B796830520C4EB4BE3DF8C0F7C8E30E083D2B23376EEE5DE5836A6A71105AB685076856A1353010087ED1ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.NZ...........!.................2... ...@....@.. ..............................[.....@..................................1..S....@...................:...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........ ......................P .......................................t..Ar..(9...8.7.Y*(...x.R.[#.e..3.A.8]...a?..o...W..%...,U.8Rn...^..?N ...0....f..X...G.P..Z.X.....ih.Du.UPxSh.............BSJB............v4.0.30319......l...h...#~......d...#Strings....8.......#US.@.......#GUID...P.......#Blob...........W.........%3................)..."...'.........................................p.........).....L.....d.....r............................................... .....5...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\Uninstall.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1952048
                                                                                                                                                                                                                                        Entropy (8bit):7.807172940827822
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:oTl+Ffl0KCV8rEKbhHJikCz/NqoNcugBhnem0Xm:oTl+xLRHAVLVNcpip2
                                                                                                                                                                                                                                        MD5:436F7DECB25CBA7886B44FA4D6305F91
                                                                                                                                                                                                                                        SHA1:C202CB4669E5290ED14761E48D7D03F81FFBA97A
                                                                                                                                                                                                                                        SHA-256:0AC12D76AB20D866D6C6E00284B30561A9E400CE955E6479E4779D57B0832515
                                                                                                                                                                                                                                        SHA-512:612D75F6220F372C8E58167C3AF38D5FF2EC53A4C9800D9B5651051F7F70C04088BD5D018894D4204FFF18F051FBA50A078747404707E356E6D9838D92CEF331
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................f...".......5............@.................................>.....@.............................................(............i..x_...........................................................................................text...ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata...p...............................rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\WhiteList.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):377176
                                                                                                                                                                                                                                        Entropy (8bit):5.999945871691186
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:1BDotCsX0mytklk/i2PziH5XiX2huoW9h7dp9Q5FG85I2YYCQLk6j:jWCsDytkxMzUhYhFH/i/eLkA6j
                                                                                                                                                                                                                                        MD5:F2C339446D80393CF12236A064FA5182
                                                                                                                                                                                                                                        SHA1:4274F6487AC9249FD4B49DD5D22EB7CF60A67046
                                                                                                                                                                                                                                        SHA-256:863A22F58523D47B94E1273ECF9E2F280D0715FFC20A46D704993A32F54829BE
                                                                                                                                                                                                                                        SHA-512:E65CF3BBD78AB8DE244E47AEA6BFFE1CCD3B22B32A2260C9BA761D2C1F00A03AED17E6144E271435DC44C1F139AD74743F4F52A6140253B77842DEEDEA4DCF00
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:ECc+ipJzcwkbZhHH6D1ciQjLEdRYh2hxwL6t/gI/aKzFhP0JZ+o5RIJUuC6/SkyIcfEFK5ngKBkQ1fvVMN//LTvf565Sl+AVaap/4k4EptyHPj7I4OILB+ncy7swuiZtl3+1Wp6PX+vCWTGe4GqB4ngQZT9u8DhbT1rCWvkw2WT3Y9DEfpISoufMWf3NoVOzqCIojN21hORpmAQGvoajCOuhLkVo1t05PggD8+Et608IkI7f5XwJOlxQc5UQRikZNMOmJvi1LncghPiSSeM+a5bjR3DuO1jhUPDTVnQODj2RvNHwNZwYBCr64Av8cQT2gKS+Hs5Lui/gpf5xf5fGZuVAm56ioEBqOO9DZGQ/SQahAU1yudisgt5XB0z9efK+b6/EAPVLrUgZ3wHKwOZZtpECfmVrXRxUm5k5pgLlyMRBN2b8I9Wmqf9X+rfv0OhkLYM/yw3xSIo3ge3BOI+h1vmtfYHahQZWoEKC3rTcFRu19M8ii/gCiD7NiTuu1F2z1l/oxXz4XLr2r4QBGSBM19jsFpaaqITyTIEqwRCde7v6PSekbGgg6ZkklM2dC0HKq35eHdDQZni4kMhyqGlFWYudbMpxARQFtI0yEyKCgiF2VALSsHpckoW+JBC77U81je2vYYd1HjbeFBHdjPxYuiL5tVGWfPXvyKbMMPCMhOJCvrQTLusJs8Wxkl4KLJ0whNNdHJrPCTYREEf0K1PhYTJhIoCJcgEcD9FiK4LLBVGwgtFwLNQbFAC1dVI8EaT7c4ajDWdBB6ZwdFyiOsgaVSJIiykb0icL5G8I2mt7KkzCZed+2VY4AS8X5IiERwRolxc946p7jXl5YLwQXCPFJBAqI+z2mC+DK8bMF1/d8mymt0zXXmFuvnusX9R+/VUB27QIHT6iAj66SwD++dVDnut2Dhf9LSuNQTOD6QXDUY+VqquajycJ0iodaqasTCKzYXubGVjq1mOfsPKubp5P5IPqmCQoU/idhouWq58V

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\amd64\KernelTraceControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):273920
                                                                                                                                                                                                                                        Entropy (8bit):6.063893530470953
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:jlPLikZqxz9Prt9e1bd6JcAMaLD0qjR0FC4YPHnG:jFmX9e1bd6JcAMq+FpGG
                                                                                                                                                                                                                                        MD5:5F3DD6D4469C25B3100035493E84B287
                                                                                                                                                                                                                                        SHA1:375784997D26D0F30D5BCDB9B37E1C481F0C3D60
                                                                                                                                                                                                                                        SHA-256:04BAAF4E558FC18828E65002CEB130CE0CF79AAED507FB1C5A2ACA5B4A37182F
                                                                                                                                                                                                                                        SHA-512:27C61ECBA96DC53945A0881C29AF457C7DC9EB174D2FE1C854DC26143A80906023D9FFA4504014DA7CFF924F0ED05325158AEAB352F6D63208C1F1D38D822B3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................y................`..y......y......y......y......y......y.@....y.B....y......Rich...................PE..d....5............" .........P......................................................z-....`A.........................................X.......Y..........x................>......$.......p...........................p...8...................pW..@....................text...;........................... ..`.rdata..............................@..@.data... (....... ..................@....pdata........... ..................@..@.didat..@...........................@....rsrc...x...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\amd64\msdia140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1804288
                                                                                                                                                                                                                                        Entropy (8bit):6.342131904971123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:frPHIDLY5h/Ud23lAy7ldZyzjIK3Y9bni0QwURlG3xA44jqfBlMoTVe:fUo/Ud2V17liz29utwURluxN4B
                                                                                                                                                                                                                                        MD5:0D12B6457B990E150388E5906F61C6BB
                                                                                                                                                                                                                                        SHA1:28B8087E023783DDA50C6BAEC351416F68BD5628
                                                                                                                                                                                                                                        SHA-256:214DC7E1C6E93CF7CC902E824E36F091FCF54A90754247F6A221299978AD2E9C
                                                                                                                                                                                                                                        SHA-512:718F162C96D896FFEA6AA3A3AB2FCF6E2054C8D1DBE1FD138B273A86D80A39869041FCAF1B17B6AB5F212A10D55F54F8B10485385B53FA66F7C6F7A5ED6E2A90
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]............K.......K...5...K.......<.......<.......<......K.........../...<.......<.......<.4.....<.......Rich............................PE..d....)?t.........." ...$.....z......`....................................................`A...................................................(....p..X....0.......J...>.......H... ..T.................... ..(....m..@............0......t........................text...L........................... ..`.rdata..zm...0...n..................@..@.data...@........:..................@....pdata.......0......................@..@.didat.......P......................@..._RDATA..\....`......................@..@.rsrc...X....p......................@..@.reloc...H.......J..................@..B................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2357
                                                                                                                                                                                                                                        Entropy (8bit):4.908284940509403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:o55s8iPgzK7W96MhM5IVkZJElInU/9ysI1qNA:o550ozK7WFhM5I6eo89ysI1qNA
                                                                                                                                                                                                                                        MD5:2AF5B11A9B5F5B7C2BFEA7A3D7186B85
                                                                                                                                                                                                                                        SHA1:E1F32261FD6D3D4679740B69E923CB053B30CE5F
                                                                                                                                                                                                                                        SHA-256:6953F1DB3172307E77B65295FDE86915E77A0589B6669EB80ADFCDB8056802A6
                                                                                                                                                                                                                                        SHA-512:4BD531D81FE46B1ABE933258C945683D98209E3C83BA3B3A0AB136F6D1A3D22D8731131FD6D11B58D8FD7B642E324C3DB1942BA22E9033CB76302E110E8D01DF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version='1.0' encoding='utf-8' standalone='yes'?>....<instrumentationManifest.. xmlns="http://schemas.microsoft.com/win/2004/08/events".. xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events".. xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd">.. <instrumentation>.. <events>.. <provider.. guid="{b5a0bda9-50fe-4d0e-a83d-bae3f58c94d6}".. messageFileName="%SystemRoot%\System32\drivers\rsElam.sys".. name="Reason ELAM Driver".. resourceFileName="%SystemRoot%\System32\drivers\rsElam.sys".. symbol="DriverControlGuid">.. <channels>.. <importChannel.. chid="SYSTEM".. name="System" />.. </channels>.. <templates>.. <template tid="AllEventsTemplate">.. <data name="message" inType="win:UnicodeString" outType="xs:string">..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\elam\rsElam.inf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1716
                                                                                                                                                                                                                                        Entropy (8bit):5.230162000430176
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:FhHP8wMlKnfM2nnwrIP5yHvb2/oyzvTB+X:zkDlE0ow2yHvb2XzLB2
                                                                                                                                                                                                                                        MD5:EC813E1F8F193DCE5B07ADA4FEE1D43A
                                                                                                                                                                                                                                        SHA1:9464FB33B041B54E20BC71D4BD67185B255A3809
                                                                                                                                                                                                                                        SHA-256:FDACE7F8EBF8CD4A8CA18A172A604132CC2BCF000083DF69A4B9D54A10DC1BE6
                                                                                                                                                                                                                                        SHA-512:9EE51D25D5F7679C3038F0B77AECF0AC29DE57E4065BCE3105AD21A9D37CF9818F67B2AF32823E781E5D38E360BC249E46979F674BDF1DCE85072ADA4795CC5E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[Version]..Signature = "$Windows NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider = %ManufacturerName%..DriverVer = 04/12/2022,0.0.0.6..CatalogFile = rsElam.cat......[DestinationDirs]..DefaultDestDir = 12....[DefaultInstall.NTamd64]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTamd64.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTamd64]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[DefaultInstall.NTx86]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTx86.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTx86]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[ElamDelReg]..HKLM, "SYSTEM\ControlSet001\Services\rsElam"....[rsElam_Service]..DisplayName = %rsElamDisplayName%..Description = %rsElamDescription%..ServiceType

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19944
                                                                                                                                                                                                                                        Entropy (8bit):6.115904530529
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:L22mPMNY+DHa3eLzeCvUkjWHhELVWQ4aWSWDqF9e+X01k9z3AzsJO4gdHfQhW:L4M1u3LCskJpWe99R9zusZwfQhW
                                                                                                                                                                                                                                        MD5:8129C96D6EBDAEBBE771EE034555BF8F
                                                                                                                                                                                                                                        SHA1:9B41FB541A273086D3EEF0BA4149F88022EFBAFF
                                                                                                                                                                                                                                        SHA-256:8BCC210669BC5931A3A69FC63ED288CB74013A92C84CA0ABA89E3F4E56E3AE51
                                                                                                                                                                                                                                        SHA-512:CCD92987DA4BDA7A0F6386308611AFB7951395158FC6D10A0596B0A0DB4A61DF202120460E2383D2D2F34CBB4D4E33E4F2E091A717D2FC1859ED7F58DB3B7A18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q...q...q...e...r...e...t...q...y...e...p...e...r......p......p......p...Richq...........................PE..d...n.Ub.........."............................@....................................4S.....A.................................................P..<....`..x....@.......(...%...p..$....$..T............................%............... ..P............................text............................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT....^....P...................... ..b.rsrc...x....`......................@..B.reloc..$....p.......&..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\elam\rselam.cat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11062
                                                                                                                                                                                                                                        Entropy (8bit):7.302964587285633
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:TohIuPyyJCx0jnyKQvAIFWQFljudcCFaqDu0K9X01k9z3APi5t:000ivAIFR78cCFYj9R9zqSt
                                                                                                                                                                                                                                        MD5:DF4EAED5CF816C9F03DBC95AB74BC8A8
                                                                                                                                                                                                                                        SHA1:CA40FF3D91D3D3D75286EFD1C320CD1DCCB6C3DC
                                                                                                                                                                                                                                        SHA-256:34C442AA2B53F2256108FC54CAD61C820884C8195193CECDA2BCBBE33D05359E
                                                                                                                                                                                                                                        SHA-512:E53F25823A9B875EB67C16888E61566357853CCECDBB287AFCE8637FE08674EFF5EAB825CA687F66838AC6F01A1B0A1CC561F4BA12BCFB756DD20CB8B102BF50
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0.+2..*.H........+#0.+....1.0...`.H.e......0.....+.....7......0...0...+.....7.....).#...\J.@.RL.<...220412160200Z0...+.....7.....0..G0.... ....zg.X?w .!.{...`.Mp..~^..n..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ....zg.X?w .!.{...`.Mp..~^..n..0... VG..k..V..P.xg.'......,.......G1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... VG..k..V..P.xg.'......,.......G0........k.+t...1.U4J9.h1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s...0......J.c..t.!?..|.a...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f......10..-0J..+.....7....<0:.&

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\manifest.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):74
                                                                                                                                                                                                                                        Entropy (8bit):4.005190565270453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:3H9ifFQtJdVQWNtNg/IBF+WVlIvDn:3HW2trVfNgKYWyD
                                                                                                                                                                                                                                        MD5:B887FD9A0E3798FD3482667E21561155
                                                                                                                                                                                                                                        SHA1:87188CDC055C857561333942FB24E7F209C51178
                                                                                                                                                                                                                                        SHA-256:F698ED945129085C527E4E79C0475D989DB367EF223F0A6E833AD151E31ED5DA
                                                                                                                                                                                                                                        SHA-512:533AEF3F4E4CB4619881B391388FE465608936A525B18EC6B9A5B0B5F80802CEEE6717B390C178CA71B6D121B5D77B3988C4C695C04047BD4F51DD865E9A1214
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "name": "epp",.. "dependencies": {.. "epp-ui": "5.30.4".. }..}..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\mc.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1102848
                                                                                                                                                                                                                                        Entropy (8bit):7.3551536456680635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:g1F/DU/0v79/tgAOA+dGog4gGxHn2CbEXZndw:WF3TgA5+rxH2CbeG
                                                                                                                                                                                                                                        MD5:C85B6E5CBC8CD0CD668A95378CF2339F
                                                                                                                                                                                                                                        SHA1:A53D71A00A4D1EE74DE71543846DDBEB568B29A1
                                                                                                                                                                                                                                        SHA-256:EF6F5493F21FA5FDAC8B6B669AC6DBC0923E5C7C794F075413F27CA6EBEEB4B1
                                                                                                                                                                                                                                        SHA-512:7067887375C5AA40B1732D648185A0D231B8D87A43B63FB3670DC5099A56C7C7356CCE43DC48CAD6E96C1585FDB2955AFA8A50D3A1C7DF1994E80705F76AAEC2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\mc.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0.................. ........@.. ..............................3.....`.................................P...K.......8................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H........t...<...........................................................(6...(,...*.0.............*.0.............*AL......i.......|...Y...........w...A.......@...........+.......>............0.............*......../B.......0.............*.........8.y.....0.............*AL......`...............................2...................m...{...t...........*....0.............*......D...........D..e.......0.............*.0.............*.0.............*.0.............*.0.............*

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\netstandard.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97424
                                                                                                                                                                                                                                        Entropy (8bit):5.6163370964241635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:C2Ec05j4eAH64rh5fSt5T9nFcI94W0Hi/9ufIP:xlK4eA7mDmWV
                                                                                                                                                                                                                                        MD5:C91FFF17BFA6C8C8ED4E001A8C58BF87
                                                                                                                                                                                                                                        SHA1:4D6D22AF0EB8499E2AC8D349CBAAE9A5C622E4FC
                                                                                                                                                                                                                                        SHA-256:EDF0CEF60BBF8118937606D878FAE05B8EAA9B486EA4B45992029BF5FC07EA36
                                                                                                                                                                                                                                        SHA-512:A1AED700093E42F1E805CD50B314E59125C879F2FC0E7D206F146D84E3335F47868A520CBE60D8BC86837DE63104E1E3B71179A951CB9C750390A6E4F6BC4BBC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ...............................f....@..................................U..O....`..,............B...:........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsAssistant.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1352192
                                                                                                                                                                                                                                        Entropy (8bit):6.5007445296681965
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:CrXxKmWyc6Xwb9/BSWh/7Ds0x1QbD+JRyxpCcLwg4LjXPpS2FV4VFAFh0lhSMXla:CrXxKmWyc6dWh/7DQLpqp/FmVFAcq
                                                                                                                                                                                                                                        MD5:526C976F4BE230C8DEE35360EE51F483
                                                                                                                                                                                                                                        SHA1:DFF228568C2BC51BDE041A679A6DE76151846033
                                                                                                                                                                                                                                        SHA-256:691C72DE6BE0FE2BD90DCCBF9B9E162A3FB7C320D7DF7E82AC09B7BD441C0EC2
                                                                                                                                                                                                                                        SHA-512:A4C09F13C5506BEE016CB161B6A5DFBBCB90AE5FB513A64684710EB644EE2E868E2CCD5E531F2E06B62FC91C7B7FB82ED6B8CC4389BACBBED7B82ADF74621465
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......%...a.c.a.c.a.c.*.`.l.c.*.f..c.*.g.}.c...g.r.c...f..c...`.m.c...`.`.c...f.R.c.*.b.n.c.a.b.e.c.u.j.r.c.u..`.c.a...`.c.u.a.`.c.Richa.c.........................PE..d....M.d.........."....$.......................@....................................N.......................................................|...........h.......t....d...>.......%.....p.......................(.......@............................................text...l........................... ..`.rdata..............................@..@.data....D..........................@....pdata..t...........................@..@_RDATA..\............6..............@..@.rsrc...h............8..............@..@.reloc...%.......&...>..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsAtom.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162816
                                                                                                                                                                                                                                        Entropy (8bit):6.4347197585730385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OX5TgLoWlo6zvLblsvv5Emm16e68QNmTNh3l2AuZejZnjjWr:KOom9Av6RvfltqEZ+r
                                                                                                                                                                                                                                        MD5:044D60780B0C40D3F9B0B5A3FC040948
                                                                                                                                                                                                                                        SHA1:2E16C926F11ED5FAAE22D9AF5D935748C57EC1F8
                                                                                                                                                                                                                                        SHA-256:7493F645BB04092AEE30A47A681494251C79A38A941C9A3D2DEE4293A265F428
                                                                                                                                                                                                                                        SHA-512:7653A0A46E3EB9331E92A09937754302F939100ADBFB283242C25BF0F73F8508D6F7E9D5AA08DBBEFDD14BF682AD7D0D77F4999B3274D329D281E22934C445EA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..4...........R... ...`....@.. ....................................`..................................Q..K....`..T............>...>...........Q............................................... ............... ..H............text...$2... ...4.................. ..`.rsrc...T....`.......6..............@..@.reloc...............<..............@..B.................R......H........g.................1X...Q.......................................(....(....*:+.([.%^.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.u.....0.............*B(....( ...(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsBridge.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):154112
                                                                                                                                                                                                                                        Entropy (8bit):6.1143850196696885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TW6KrX3r/EEgTUSNc24mY5n1sclb2sDzgWGE:TW6MX3gEgTUp6cld/n
                                                                                                                                                                                                                                        MD5:B6984D0E136E087316B339D8AAD2DFD1
                                                                                                                                                                                                                                        SHA1:3B2F7BE133AA525B76AAC9D9049A9730D76237D3
                                                                                                                                                                                                                                        SHA-256:491A021E4F3E5ABDC937C1329E35028CC805F78F84D10398C2DB692E7E2FB43D
                                                                                                                                                                                                                                        SHA-512:781556A889855ED5F7203ED21D3559EB0DCD007F859349DCC1286A0EB05BECD2D841570FD19DFC6941053F2F1A07D65D8E779EF3C55C263DFF459189CEB7123B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsBridge.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q8.............!..0.............N0... ...@....@.. ...............................Z....`..................................0..K....@...................>...`......./............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@....reloc.......`......................@..B................00......H..........................m...5/.......................................*..B(....(....(....*.....(....*..(....*.0..W.......(.... ........8........E........9...|.......................].......8....~....(....8....(....8...........s(........ ....8....(.... ....~....{y...:....& ....8v..........s-........ ........8S...(.... ....~....{]...9>...& ....83...~....(.... ....8....~....(.... ....8...........s#........ ....8....~....(.... ....8....*.......s2........ ....8......*......*...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsBuild.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20624
                                                                                                                                                                                                                                        Entropy (8bit):6.903857312303968
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zGK3h8ZRSrjP9Z95Xa/rl9qX2Ip4CIhCjdAA1m5wMDBuZ:6K3h8niHRKrLy2Ip4CECxf1mlD0
                                                                                                                                                                                                                                        MD5:0069E67AF86418ADD8F693EEB86A384D
                                                                                                                                                                                                                                        SHA1:8B6490755B0B78342C192518141BAA08212ED65F
                                                                                                                                                                                                                                        SHA-256:90AFF2D97BEF3BF98A1BD315379094D361194184EE35C6ED2661DBFD65DC619C
                                                                                                                                                                                                                                        SHA-512:AEEBCDBB39737D7FB1A7BB397A4EA9DC2B26F20CCBB131480FFF787087A1CCD5742D3D20D6507CD07CAB63B46808F52DABD5FD4596CFC83A800D19679FA48CE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............."*... ...@....... ...............................`....`..................................)..O....@..x................:...`......0)..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................*......H........ ..|..........................................................."..(....*V.(......}......}....*:.(......}....*..(....*..(....*:.(......}....*:.(......}....*..(....*BSJB............v4.0.30319......l.......#~..l...$...#Strings............#US.........#GUID...........#Blob...........W..........3............................................................$...........|.f.....................D.....x.....]...................y.........<...........d...........Q.................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsClient.Protection.Microphone.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                        Entropy (8bit):6.70434675005567
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:m4wXL42btPdC3h8YcHRKrLy2Ip46Txf1mlBqsnvcY:yDbtMR8YcHi/9yfIQsnj
                                                                                                                                                                                                                                        MD5:107CA49B4915F14FB922F5D5ABEBE845
                                                                                                                                                                                                                                        SHA1:E4EF5C0FD743B9228945E62D00482AC3DA9711A8
                                                                                                                                                                                                                                        SHA-256:F165BC0C4E4622171B2967CFD5C4379473E07D1EF16EA4CA3ECD12C3B3F0EC72
                                                                                                                                                                                                                                        SHA-512:25D51D21801693DFB964A2B554A1DA0CFD232DFA21BEDC8B7D51FEF749C7D32CDD1087906B2FA254FD8A8A433E6FBD7E2C893FE18007F0EFDDFE2EBCF5CFC8ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C..........." ..0..(...........F... ...`....... ....................................`.................................uF..O....`...............2...>...........E..8............................................ ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H........)..(............................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..:.......~....--~..........(....~....-.s............,..(.....~....*...........*......v.s....}.....s....}.....(....*...0...........{....,.*..s#...}.....{...........s4...o.....{......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsClient.Protection.Microphone.dll.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):161
                                                                                                                                                                                                                                        Entropy (8bit):5.010777093927904
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRyAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRyAqDQIm
                                                                                                                                                                                                                                        MD5:DDC25AEFCAE9826CCE1754C2C89E959D
                                                                                                                                                                                                                                        SHA1:36899490B8B0CF36AE8A1477468F3884C0CC9664
                                                                                                                                                                                                                                        SHA-256:F8AD17C37D444521B3905CCBD75EA6CB6E3D2763B16EB56B2E1AA4274173E614
                                                                                                                                                                                                                                        SHA-512:4C52E02E4E6A17FD36714E3769D34BC14675D47BE0322B14F4BBB13268C34DFE647A37DB7DF0DE7D8C31494BF878B597EDF85913E7FB648CB0D993E89FB5D611
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup></configuration>..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):673280
                                                                                                                                                                                                                                        Entropy (8bit):6.493909069727573
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:rOguoezLfVAMFgCNS+MvHY/8j+7rmboDhgkEHoNOvPar/z:rOgud/jFgq6Is+7rmbGhcHsg2
                                                                                                                                                                                                                                        MD5:9170244A34CB903FC5DFBE4159DB6F16
                                                                                                                                                                                                                                        SHA1:F70791F187F14DD11B3893CF378E2B2871B40D7D
                                                                                                                                                                                                                                        SHA-256:C843C458A26D98D0AE7A4B280F77AD193225B84882EC98650EBBA7B51B322D44
                                                                                                                                                                                                                                        SHA-512:BC50DB62BAA8FC60469982E0D986E89EA094497C617D4A1C6849403911457E11DFF98E5F2CDD7F9F6453EF3D0363A1DC4664FA38DB83155CF850108706EFF128
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z3.`.R.3.R.3.R.3U*.2.R.3U*.2.R.3U*.2.R.3L'.2.R.3L'.2.R.3L'.2@R.3U*.2.R.3.R.3.R.3.'.2.R.3.'C3.R.3.R+3.R.3.'.2.R.3Rich.R.3........PE..d....GPf.........."......H.....................@.............................`.......z....`..........................................................@..l.......hI.......>...P..........p...........................@...8............`...............................text...~F.......H.................. ..`.rdata..z?...`...@...L..............@..@.data....;..........................@....pdata..hI.......J..................@..@_RDATA.......0......................@..@.rsrc...l....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsDatabase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):175104
                                                                                                                                                                                                                                        Entropy (8bit):6.477895770562103
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:MSa2SASiV7/3JThFoPdXTssFBSKvvvvnPPH6Gi5tPArrYeiYiPKiA15/ph9r6rrP:HjiWbJTPo1XTPPSKvvvvnPPH6Gi5tPAK
                                                                                                                                                                                                                                        MD5:D58DD4CFD84A514AE70E1A72C037A161
                                                                                                                                                                                                                                        SHA1:FD134A72D801261CB6E143A54A868696FCE22474
                                                                                                                                                                                                                                        SHA-256:D9DF5C9CF429C714615770480AA9076D1EC2A25F9D52CBDF6D7300000C3BBC39
                                                                                                                                                                                                                                        SHA-512:2A3A5673DE138B47C969BB8078CF6A95BEEF4A822633A91AD728CB68D6DB8E461D43A739A8546FBBAEE4FD5716E4AF86C131EDC292334CD3F019C9FE2B80C73B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsDatabase.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0..d............... ........@.. ....................................`.................................P...K.......\............n...>........................................................... ............... ..H............text....b... ...d.................. ..`.rsrc...\............f..............@..@.reloc...............l..............@..B........................H........v..<................k...........................................(....(....*:+.([..X.(....*..0.............*....*....0.............*.0.............*......"....Y.....0.............*........VV.Q ....0.............*............ ....0.............*AL......Z.......q...................j...........................................*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*A4..................;...............P...X....... ....0..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.API.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254608
                                                                                                                                                                                                                                        Entropy (8bit):6.109726763458205
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:fdsKWU2shBl9Dsj6sUxZwIgC3ZWkd5n5WiSdlJRt:fRpdDsj6fxr5na
                                                                                                                                                                                                                                        MD5:AD6AB7F88A7F20DCFF9364FE3C606EB1
                                                                                                                                                                                                                                        SHA1:F7877ED46BC5E07D0397F5DD268FC5FCC0BE49A6
                                                                                                                                                                                                                                        SHA-256:666DB7971ADD6AEFBF31E599E1784AF2977F714439DBA20B6676CA4DC03DCD4F
                                                                                                                                                                                                                                        SHA-512:EC53720D20AA67A2C272F1C3D738F794CBD78F988B458432772A21CFB73106389954C2C487B85A5ED062CA4385FD4AB84064709C8270C8933DAA52482071C16A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.API.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ........@.. ...................................`.....................................K.......h................:..........s................................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@....reloc..............................@..B.......................H.......d...............`p...I..........................................*..B(c...(....(....*.....(X...*..(....*....*................8........E....a...\...n.......k...8\...r...p*r...p.. ....~....{....:....& ....8....r...p*.o....:.... ....~....{r...9....& ....8....8....8......*.(+....(,.....8Y.......E........+.......8....s...... ....~....{....9....& ....8.....(/..... ....8........E....:.......................85.....o....(5..... ....8.............i(2...8........E....+...8&.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224256
                                                                                                                                                                                                                                        Entropy (8bit):6.2226977365106215
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:5gieg/fp3Rublq6d4VKl9RQx504T9jP19:eieOfB62VVx5zJ9
                                                                                                                                                                                                                                        MD5:30AECE1972D91CEC63777681926A73B7
                                                                                                                                                                                                                                        SHA1:192550747A794D2054654589068C5BDD23ACE302
                                                                                                                                                                                                                                        SHA-256:CF74774291BFA8F6B6B5EBE54DEFAD51D52E08FC97614558FD4F1CC7FA54855C
                                                                                                                                                                                                                                        SHA-512:BCF64ADD4E1698D3A6E55EE74088C35926A090E6105EA51C430FD63F6072E4A60D34FCF122A950904F4A1CEC0201388A3054665BB7FEE95F160A9E42A149ADB6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.Messages.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.............!..0..$...........B... ...`....@.. ..............................0.....`..................................B..K....`...................>..........8B............................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@....reloc...............,..............@..B.................B......H.......@...X...............+G...A.......................................*..B(V...(....(....*.....(K...*..(....*....*..................(.... ....8....8........E........+...R...x...=...8......}.... ....~....{....:....& ....8.......}.... ....8......}.... ........8......}.... ....~....{....:z...& ....8o...*.......*...............{....s"...*.....*......*B(V...(....(....*.......*.......*....*......*.......*.......*.......*..................a~....{....a(P...s.....(......o....*.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):369664
                                                                                                                                                                                                                                        Entropy (8bit):6.625460113459136
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:i0yhs1rgLEr7DBPAqz5x9Sw7UDBvmLUMPHEJnCs11PAVhLvruoQe9PZD6e3Cc5NU:Awhlx9SMc4RPqnBMN9dJD3CcHLI6/Ywe
                                                                                                                                                                                                                                        MD5:AB81BAB4ADFD7DF6DC8F9BF867603E81
                                                                                                                                                                                                                                        SHA1:5B46F2D85B63C3F115AC9BEABE756143B90B5EF9
                                                                                                                                                                                                                                        SHA-256:5FE722B79C37605C713C61FCC530A0A1C42F791584AF5B74CACD9C1DF8720EDC
                                                                                                                                                                                                                                        SHA-512:271952E237C2186083AAB496ECA4909F5EFBEA3D4700C93130BF37ADFC3B4DC6BF57108B2A0E3E9B9290DF552ECC67B22D92DE7FC46F53AEA8DBF7937B366DF9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Client.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.............!..0..\..........~z... ........@.. ...............................5....`.................................0z..K.......t............f...>...........y............................................... ............... ..H............text....Z... ...\.................. ..`.rsrc...t............^..............@....reloc...............d..............@..B................`z......H...........h...........0+..9L..^y.......................................*..B(....(....(....*.....(....*..(....*....*................8........E....1.......^.......[...8,...r...p*r...p.. ....~....{....9....& ....8.....(+....(,..... ....~....{....:....& ....8........E....Y...Z.......8T... B...e .hRfa~....{....a(...........%....(....s...... ....~....{1...:....& ....8.....(-..... ....8........E........>...=...........2...8......(3...(4..... ....~....{....9....& ....8......o....8

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):354304
                                                                                                                                                                                                                                        Entropy (8bit):6.112385200418826
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Mvm33r4BCvAQZn7fboYz+Mbvkqqx0J1aeL22/ISPAyXDiJ6:Mvm33ryC7Z7fkYSMbUxO1d/ISYas6
                                                                                                                                                                                                                                        MD5:FA16D0DC50B77C9F8703B5B36D774107
                                                                                                                                                                                                                                        SHA1:EC426639F3BF3A563491AC53B70BB5EB92E5C314
                                                                                                                                                                                                                                        SHA-256:94AD9F2B387A5E6CBD0F7B2259E37533CA80AAA69BA044DB6A022661EAEB606D
                                                                                                                                                                                                                                        SHA-512:B2E50634A6A7A116C71BB56DC045F29F79ABD5D831ED1AC4A4FB7AB6A452321A814B9877B1C98CC0E185C6B6CAB5BFE3E9435A43F9F4D1FF4D515109779372CD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E=............!..0.. ...........?... ...@....@.. ....................................`..................................>..K....@..h............*...>...`.......>............................................... ............... ..H............text...$.... ... .................. ..`.rsrc...h....@......."..............@....reloc.......`.......(..............@..B.................?......H........s..xE..........\........>.......................................*..B(....(....(....*.....(....*....*................8........E....W.......f...A...K.../...8R....()...:1... ....~h...{....:....& ....8......*8.... ....8....r...p*.(*...9....8....8.... ....8}....(+....(,..... ....~h...{....:....& ....8........E............c...8.....(/..... ....8........E................F...[...Y...8........(3....s...... ....~h...{l...9....& ....8......(4... ....8......o....(6.....8........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):184320
                                                                                                                                                                                                                                        Entropy (8bit):6.221783549418622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:9bISftpuc0OA1pxW4kNnDZaXNG0Qir2XviGMSFCKq7PcwixGt:9bPlB0OA1SqXNzQLKaQcC
                                                                                                                                                                                                                                        MD5:99692C5CC13EF293197CDE6C912379CA
                                                                                                                                                                                                                                        SHA1:17C504578DCB26E7DF87955362A7EEFB12386555
                                                                                                                                                                                                                                        SHA-256:41950668DB2EB5AB7017484AB74955B664EEDFB543FBD078F6DAE21078EA319E
                                                                                                                                                                                                                                        SHA-512:BDFF8F225933462ECD166359473AD0F0A7A9EE84F92E1EC1B0706AA97257348F134490176E73B6E08E8A586C765C2BE59590135E6F266E076A94B12ED82EF7C5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Data.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.Z............!..0.............n.... ........@.. ..............................8J....`................................. ...K.......h................>.......................................................... ............... ..H............text...t.... ...................... ..`.rsrc...h...........................@....reloc..............................@..B................P.......H........................l..s7..S........................................*..B(....(....(....*.....(....*....*................8........E....w...T........... ...8r...*.........(...+.. ....8........@+...8....~...... ....~....{....:....& ....8........ ....~....{l...:{...& ....8p......(....t...... ....8W........*................E....@...X.......W...8;...~......8`............(...+.. ....~....{....9....& ....8........@(... ........8....*...(....t...... ....8z....... ....~....{s...:b

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196096
                                                                                                                                                                                                                                        Entropy (8bit):6.250386192319483
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:UOASlPt5xg7Osb2bPszL5YeYtS8i4cTASYk4IMa6Ldlw:UOASFt5xv0zLxpTvoaF
                                                                                                                                                                                                                                        MD5:A802608C39518F4D5AA0D0ACA476F2F7
                                                                                                                                                                                                                                        SHA1:B67E4ADCE2DE5984818131375A8C0A7239D7AEE1
                                                                                                                                                                                                                                        SHA-256:11374C4265F281819C7DB93B648C8B072D07E0EC599EA203C95C427D5E0CE97E
                                                                                                                                                                                                                                        SHA-512:23AF5CB8AACD5AD060A428185306D57162058CDA1AE52BE576E5BCBA4DFE7901F06D9C0DEED96A7281CCFEBC9DB65C7945B00BD0F6B074DC5EE874FB0533807D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@B............!..0.................. ........@.. ....................... ............`.....................................K........................>..........7................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@....reloc..............................@..B........................H............................@...........................................*..B(....(....(....*.......*................... .Q.Ve ".U.a~....{g...a(.... ..S. ....b .!..a~....{m...a(............(..... .B.> .d.?a~....{s...a(.... ...5 .k1.a~....{d...a(....."o.... ....8........E............=.......8......;V... ....8.......(.... ....~....{....:....& ....8.... .... .VZ.a~....{....a(....8&...8.... .... .G(Y &...a~....{....a(..........(....& ....~....{c...:H...& ....8=.........8.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):141968
                                                                                                                                                                                                                                        Entropy (8bit):6.095571910595917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:q5qgBA2D+nqGVAZvG3hnrTvvvviYPPLG6Gi5tPUrYeiYiPTizo5i0s/KXrrii55G:Sqgy2qq1U3RTvvvviYPPLG6Gi5tPUrYa
                                                                                                                                                                                                                                        MD5:63F68035F2EDE62811EEECF169136E55
                                                                                                                                                                                                                                        SHA1:DBDE8D4BBDCA350080F4701934301C12CD88211F
                                                                                                                                                                                                                                        SHA-256:FFEE7222A6202BF31B2F3058B5003ED0E7A98FD9C5F245B362F64371FF69D497
                                                                                                                                                                                                                                        SHA-512:F3AD7C90B3B48117885778E0721D678CEB47EB7C432FBAB1A60ED6D11AF803EC333822C56ED279C80E9217C64259EBB7EC1CB6F3AC66C28720551C3043E499B2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Features.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V............!..0.................. ... ....@.. .......................`......r.....`.................................`...K.... ...................:...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H.......8m..0...........h...:............................................*..B(U...(....(....*.....(J...*....*................~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~.....%.~......(...+~....%:....&~......!...s....%.....(...+(...+...9,... ... ....b .wlWa~h...{....a(O....(....8!... 8{.= ...a ..".a~h...{....a(O.....(...& .P. R...Y ...a~h...{....a(O..........*.............(.....0..|.......(U... ........8........E................@...v...0...g...................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153088
                                                                                                                                                                                                                                        Entropy (8bit):6.096015765166375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Rar5BdXMvCqqYMpshETiAwnOd5FIE/lSs1veWzn:RatBdcv2ZgRO2Q/n
                                                                                                                                                                                                                                        MD5:FBE815423A8D6D1C06FD83F3CC06E76C
                                                                                                                                                                                                                                        SHA1:F854D1C2F917B7E40435CCB2F5AF46CB887F046A
                                                                                                                                                                                                                                        SHA-256:1720C9D432A5DB0216B12BAFD315E86A6719EE138F3D09C4B91A0214F1281333
                                                                                                                                                                                                                                        SHA-512:C60BD6B8558ADB880778B9E8B2C1A3ACA7F14ED881F5165250596A959BD30CF2048615AD5A8E653706F51733C5D8F7688B1B6317AD34A0FFC3CEAFC1DCC44AEE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Helper.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w..............!..0..............-... ...@....@.. ....................................`.................................@-..K....@..t................>...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc...t....@......................@....reloc.......`......................@..B................p-......H.......T.............. ...a...i,.......................................*..B(_...(T...(....*.....(....*....*................8........E....(... .......T...8#........(.... ....~....{s...:....& ....8........E....=...L.......88...s......... ....~....{....:....& ....8....8.... ....8....~....9....8..........:?...8........E....)...O...8$...8E... ....~....{f...9....& ....8......(.... ....~....{l...:....& ....8..... ....~....{....9....& ....8.......8....~....*~...... ....~....{....9

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Application.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):155136
                                                                                                                                                                                                                                        Entropy (8bit):6.100208779846344
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mXXryQmjkr+ff93/q9LrWI1wdfKVwon8IVWDX0IxxRrasF6aDOm:ymj++XNcjwdKVG+Y
                                                                                                                                                                                                                                        MD5:1DB37D2AA8DFAD273BC92B2860B4EFA8
                                                                                                                                                                                                                                        SHA1:CD6AFB90C28905F1592D50013F081A6C45371BD2
                                                                                                                                                                                                                                        SHA-256:BDA4BEEA60EF8FB05073B6CD1DE57B77A4B2E29068411E7128803B90E7359859
                                                                                                                                                                                                                                        SHA-512:78FE5ECE62D36641FA7CDC90D7389D493A8AFFAFE987602AA73AB7FB7EFF65A258B1399B1503DFA30C2463E8AEABD1259D1DD819F9A78D7AA486E048A8EAB066
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V.............!..0..............3... ...@....@.. ...............................'....`..................................3..K....@............... ...>...`......U3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................3......H.......l...p....................2.......................................*..B(y...(....(....*.....(n...*..(....*....*..................s....}....8.....s....}....8.....(.... ....~....{....:....& ....8....8........E............8....*.s....}.... ....~....{....9....& ....8...........*................8........E........<...'...v...P...8....... ....~....{{...9....& ....8....~....9.... ....~....{....:....& ....8....~...... ....~....{U...9|...& ....8q........(.... ....~....{M...:....&

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):202752
                                                                                                                                                                                                                                        Entropy (8bit):6.084395898584841
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:IhI3WaidnUVoKnRV3+ovvBR8OKql4qxoAMrZlhMvxS7BE4YV3vxYzh+jW:oeWagUD+ovvBKg4Y7F3/xA
                                                                                                                                                                                                                                        MD5:5751FC3807356C1857B5B91E7DE45B5D
                                                                                                                                                                                                                                        SHA1:D64906E807DFA80C69C82907395A9660A4AC7FE9
                                                                                                                                                                                                                                        SHA-256:73E2992C703DC532C2205A8956A4E08BA78B3B5D4AED07DB39D7A55547B83E66
                                                                                                                                                                                                                                        SHA-512:BA2FFB30DD22FF0FF743369573D02264154F7AE7DEED16C2D39FC957AFE5FC8020131BA18D621AEF122D498D86109CAD2D9D8A29DB02551610ADF963BA4B0B65
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Loggers.Business.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g;.............!..0.................. ........@.. .......................@............`.....................................K........................>... ......U................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B........................H........... ................/...........................................*..B(....(....(....*.......*................8........E............5..._.......8....r...p*.()...9.... ....~....{....9....& ....8.....((...9.... ....~....{....:....& ....8....8?... ....~....{....:o...& ....8d....(*....(+..... ....~....{....:....& ....8........E............a...8.....(,..... ....~....{....:....& ....8........E....d...)...............X...8_............i(0...8........E....+...8&.....(1... ....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):151040
                                                                                                                                                                                                                                        Entropy (8bit):6.110094403881827
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:uszfe8gqYmOuYOfzzyb2Dkji1FQaEOV18GcAw0v+PYaxNu4md:usLe8gqYfgybGKaEAr/WXk
                                                                                                                                                                                                                                        MD5:50A6E9A1962918386B795C23F3D51071
                                                                                                                                                                                                                                        SHA1:678185A86ADC440859F78F54442BAC328A327521
                                                                                                                                                                                                                                        SHA-256:16D0311D1487F6EEA7594FA8D1836434F49BACC7536E7A98960A9C6B9D99C402
                                                                                                                                                                                                                                        SHA-512:830651C72AD83FB7509B78E792406CFBEEA4BF8789D5A13078EBA3428A14AC5E5BD60183C3601CB1C5D610F238FF4FEF7980CBC52E98862E992EB1E2ACE2D349
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Needle.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1..............!..0.............~%... ...@....@.. ...............................C....`.................................0%..K....@..t................>...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc...t....@......................@....reloc.......`......................@..B................`%......H..............................Y$.......................................*..B(q...(....(....*.....(f...*..(....*....*................8........E............O...s...8.... ...U .,.[a~w...{....a(k...s....z. ....~w...{K...:....& ....8....~....*..*8.... ....~w...{....:....& ....8x...(....(....9.... ....8_....~....(.....>.... ....~w...{I...:....& ....8........E....u...<...............8p....i... ........8....8.... ....~w...{....9....& ....8....~....(....{.... ..E ?.HDa~w...{c...a(..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):149648
                                                                                                                                                                                                                                        Entropy (8bit):6.105238189284848
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:gVZJLDlibf9fHhD1+/17Fp/XE1wVR2wG1HxY:WJHiZD1+561
                                                                                                                                                                                                                                        MD5:489BF057DCFC83929FA8FE632FA70DCD
                                                                                                                                                                                                                                        SHA1:2EB2FCA6C0FC58590C5618149768D7AAF560F870
                                                                                                                                                                                                                                        SHA-256:B1CFFCCE2079D2FB7AB641F8BBAE7D8844C28B3B6ACC55DC2802D6F97A68436D
                                                                                                                                                                                                                                        SHA-512:EF57E882A05D090964710FFD140E3A1C9D2A7C64EBEB5775B6219BB332E0E635E9D13F74D6242CF0BBBD85EAFF74AF628C1B1C57AA414BF63BDCD81D077A68F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....H............!..0..............#... ...@....@.. ....................................`..................................#..K....@...................:...`......Y#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................#......H.......H~..............P........".......................................*..B(}...(r...(....*.......*................8........E........:...h...8.... ..R R.:1a~....{....a(....s....z(....(....:3...8[...(....(....:.... ....~....{....9....& ....8.....*(.... V..O ....a~....{e...a(w...(....(....*(....(....9.... ....~....{c...:7...& ....8,.........*................8........E....3.......8....(....(....9)... ....~....{\...9....& ....8....8,...8.... 8y2. ....b 8.d.a~....{....a(w...s..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):248976
                                                                                                                                                                                                                                        Entropy (8bit):6.089407589245316
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fCdWsprbc/X+sa4UmBR9OBvkqkzmTfQtFfVqmgCmOpypx/mYWzJzoxR:LOrpsRavkmfSqmgCmRLmYYz
                                                                                                                                                                                                                                        MD5:6CAA478DF71ADA01A4651A96FA422322
                                                                                                                                                                                                                                        SHA1:3175422D1A11076C2970324A702145C3DB8E1E07
                                                                                                                                                                                                                                        SHA-256:943EEB938CDEC5BEA182CE8AA2CA479CA9A3275D9255C2A47DB3D9DB01B1008A
                                                                                                                                                                                                                                        SHA-512:D045863187BAA25CF4CCABA5C1AF91C55E3F8E5111D0DA1E571E721EB0A459AF45B62532B7E0A4488985D2BE18286A918C2DADF51CB566C292B67031047BE3C1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.BTScan.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E.............!..0.................. ........@.. ....................................`.....................................K........................:..........Q................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc..............................@..B.......................H.......4f...............]...F..........................................*..B(i...(....(....*.....(^...*....*................E....B.......~...8=....(.....(+..... ....8........E............r...8.....(...... ........8........E............ ...O...........8..........(,...(.... ....8.............io....8........E....+...8&.....o.... ....~....{....:....& ....8..........:5... ....~....{....9....& ....8........E....+...5...8&.....o.... ....~....{....9....& ....8....8....8..... ....~.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196744
                                                                                                                                                                                                                                        Entropy (8bit):6.1481222343305175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Ef05aI0u7OhDTEutfz8kjbS30RKsboQi8S8MGTqApA5upj+hcDllfyu5dc:Ef0wIT78Dt4kfVRHoQi8l3pOPE5o
                                                                                                                                                                                                                                        MD5:F4A4B6F512164745D16EE1DC826302F2
                                                                                                                                                                                                                                        SHA1:79A9C24DF7476E7B3B5083931CCD4EC6E17EAB0E
                                                                                                                                                                                                                                        SHA-256:C40F961E08F614D11404D3D66D25B7D257E3BBBDDBA7B709FEDA16DC05DD333F
                                                                                                                                                                                                                                        SHA-512:F5C4D26C06440C259137321C9F75CC37970D93E30DE75ADC56CA8B86A96EDA231D531BBF2B6F8A8613D698AAC1DB91225B1951079E14D98A4127FC4CD300335D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Camera.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.v............!..0.................. ........@.. ....................... ............`.....................................K........................:..........o................................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@....reloc..............................@..B........................H.......x...(...............g4...........................................*..B(&...(....(....*.....(....*..(....*....*..................(.... ....~....{....9....& ....8....8........E........8....*.B(&...(....(....*.......*....*......*.......*.......*..................(.... ....~....{....9....& ....8....8........E........8....*.B(&...(....(....*.......*.......*....*......*.......*.......*.......*.................:'...8.... 3.YWe J[..a~....{....a( ...s....z d.D.e 'fcfa~....{....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142992
                                                                                                                                                                                                                                        Entropy (8bit):6.073743042549598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mpf+vwThHIsceScHje/Jk9ZXOOGNiFCDZrSztUuiW:XwxbTSCqJm4OuGT
                                                                                                                                                                                                                                        MD5:6AB35008C89413796D5D0CAABE0244BB
                                                                                                                                                                                                                                        SHA1:6ADA52E9AB24007308064FB26E37E3C96197F269
                                                                                                                                                                                                                                        SHA-256:19F9083ECFB8D33C85F494DD4F96F37827D25A8E23C3E5836C2B8ED55EDB52A7
                                                                                                                                                                                                                                        SHA-512:DE4BF52E7E7AA5015E5618E68F3F65ED7407B3B58D664B648087A5C7A53901015B0D31DE82B63654E4FD2CFDE6D737749269DBE94C804D2E68CF9AA4EEF25C80
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Edr.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y..............!..0.............~.... ... ....@.. .......................`.......:....`.................................0...K.... ...................:...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B................`.......H........o..................V...V........................................*..B(Q...(....(....*.....(F...*....*...................*...8....*......*..................%...%....%....(....8.........*...................%...%...%....%....%....%....(....8..........*..................(.... ....~L...{....9....& ....8....8........E........8....*..0..........(Q... ........8........E........H.......$...8....s.........8....(.... ....8....*(.... ....~L...{....:....& ....8....(F... ....~L...{

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):172176
                                                                                                                                                                                                                                        Entropy (8bit):6.157002851606526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BnDciVGhexCSXHa6aw0Pts5mMUFmq6dCs2yjrX7HbPgW:xDciVNQt6awM7MB9C8b
                                                                                                                                                                                                                                        MD5:3A7ED929230A613C54604A443E35EDF7
                                                                                                                                                                                                                                        SHA1:DC74D6F7892253E6647952764506F5C52D39D16F
                                                                                                                                                                                                                                        SHA-256:B5F24733328A24C240FA87963A50F8D0C16AD3A1BD76BC91D44C19C446CE6A04
                                                                                                                                                                                                                                        SHA-512:F6F6900A44475A5FB806E1CC1E8CADB9AB4D7371FBCF45F831E2BEA92601F24BB1CF278BC273D7037A8E407D842400420C76CC4121720EBA374E54B734911878
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Microphone.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..\...........y... ........@.. ....................................`..................................y..K....................f...:..........Ry............................................... ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@....reloc...............d..............@..B.................y......H...........H...........LN...(...x.......................................*..B(....(....(....*.....(....*..(....*....*..................(.... ....~....{~...9....& ....8....8........E........8....*.B(....(....(....*.......*....*......*.......*.......*................. ...X $_p.a~....{t...a(....s....z D..ve J..a~....{....a(....(....*(....(....:....8..........*................8........E........u.......8.... .... .@.VY E?ena~....{....a(....s....z .... ....a~....{v...a(..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):332800
                                                                                                                                                                                                                                        Entropy (8bit):6.178315042612466
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:DNzdJXMSRhdSvGYtbp/chiZEs9d1PomUfyGzph2:xJJXnhL439d1P/Uayc
                                                                                                                                                                                                                                        MD5:289FA505F765127810156291E21695C3
                                                                                                                                                                                                                                        SHA1:842695BEA52D01E5673B6675A88F2FC9FEE5221E
                                                                                                                                                                                                                                        SHA-256:D20872D6DE07D18E6BF92AC729D9A078CDBBAC23C302E5AB761531B1949820B9
                                                                                                                                                                                                                                        SHA-512:EE97C0BA5575AB23631E98D46C8EC0F99935A2CDC94D115B83227F5D16D5B07CB666685A7FBDF3F99105D6BAC165D5AFEAD255409FBDA7CB751A85FE97D292E6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Programs.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6dG............!..0.................. ........@.. .......................@......B(....`.....................................K........................>... ......9................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B........................H.......\...d............^...............................................*..B(w...(....(....*.....(l...*....*................8........E....5...........'...80...r...p*.(*...:.... ....~....{....9....& ....8.....(+....o......8@.......E........~.......8....s...... ....~....{....9....& ....8.... ._.; hK.ua~....{~...a(q..........%.>...(,...s...... ....~....{....9|...& ....8q....(-.....8c.......E........q........... .......8........(1....s...... ....8.............i(2... ....~....{..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1521296
                                                                                                                                                                                                                                        Entropy (8bit):7.847329578221486
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:LKCYNFxuyWWTcH4IMkfS0HCHp7z00CxeTrTg3mh3/y86joi+7bxKCa7z8JgQtU:Ro1WxMgSCCHlzDCxqrk2h3/ync7b3
                                                                                                                                                                                                                                        MD5:2885C6DA9DB101EE2CD99F69A2C7E431
                                                                                                                                                                                                                                        SHA1:F9065CB9D42E7CAB8ECF7755D8DC79D263E79307
                                                                                                                                                                                                                                        SHA-256:79B529C7373C56AEF90B0FDB6BDD0A69ACBE4E914955A87A70A3C7CB056CEE12
                                                                                                                                                                                                                                        SHA-512:99DEC4C58C6194AFC4AA8A5F2238905D34A239CA5F8465B4C280987F80171AA77B970DD116FBE5BE22A905FA417BC769935F7FC1DA8FE9CEB501D529711C28B1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ... ....@.. .......................`............`.....................................K.... ...................:...@......4................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H...........T...........$................................................*..B(....(....(....*.......*................E........n...a...1...8....r...p*r...p.. ....~....{....9....& ....8....r...p*.()...:.... ....~....{....9....& ....8.....(*....o...... ........8........E................8.... >.0t .&.Ha ..%Aa~....{....a(+..........%.P...(....s...... ....~....{....9....& ....8.....(...... ....~....{....:....& ....8........E....G...........w.......T...8B.....(1... ........8......(3

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):171520
                                                                                                                                                                                                                                        Entropy (8bit):6.170576629726866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:rl9yiQCmAf0TW629ElqcpcGlLQJ5/xvttOqzmnWS:rlA4mNWF9Elfp3LE5p/O6w
                                                                                                                                                                                                                                        MD5:3E3C2B5EEBCF2967204602A6CBCB7517
                                                                                                                                                                                                                                        SHA1:FD94F8433D46C762D18D5CDF95D7653730436062
                                                                                                                                                                                                                                        SHA-256:C580120DD5B29E5FF34D4ED41B86FF45CD596FE102914508C7D67CE112FE0DF6
                                                                                                                                                                                                                                        SHA-512:87C71D2D52FE19AF261B422AC764E477172F1C13B25B891768E7ADDCE88594C72B1DD808E109A6A107C2BB07A1B3AEC5A0387CAF45EDDB8141254CA7137EDE96
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Self.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.S............!..0..V...........u... ........@.. ....................................`..................................u..K....................`...>...........u............................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@....reloc...............^..............@..B.................u......H.......................HN..~$...t.......................................*..B(....(....(....*.....(....*..(....*....*................8........E....*...................8%.....*..R ....~....{....:....& ....8....(....(....9.... ........8.......(....9.... ....~....{....:....& ....8........E1...............3...........8.......<...i...v.......................................-...................d...................p.......p..._...........W...I...n...........................J.......W

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):160400
                                                                                                                                                                                                                                        Entropy (8bit):6.153604832369825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:CdWzTvFO5YfsLs3DR/zduFTeGuZN4GEQzecGv7yu/R+Ysq/R+FZ:CdOTvFc0somT4z3ifkViR+
                                                                                                                                                                                                                                        MD5:E5F0DD373E7B18B968FDC1087734F249
                                                                                                                                                                                                                                        SHA1:7AA65A636B7308F2BF9857530928DD50F0ED23E5
                                                                                                                                                                                                                                        SHA-256:EE4ADDB2FDFB0196F64D291F658377E7911643840DDE4D360AA2C7EEA3BCC020
                                                                                                                                                                                                                                        SHA-512:0CF3FD3A0FEEC3FF292BC0A81A33F022E46F1DD8BEE84D830628C80E96F2033975671D3B2C9B2386554074E3595A20DFE4EC3C0360FCF6B3FDF4AA1D1BD086B8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Detections.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6:.............!..0..............M... ...`....@.. ...............................O....`..................................M..K....`...............8...:..........'M............................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@....reloc...............6..............@..B.................M......H...............................L.......................................*..B(....(....(....*.......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):514560
                                                                                                                                                                                                                                        Entropy (8bit):6.409490598681187
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:xzAxZAn4A7V7xZ8dKOpMjampeKWBg1at/MKBVIMtYBeNVLq:x/4AxdBedrMKpZdq
                                                                                                                                                                                                                                        MD5:73452F58EA360501168391ED51967414
                                                                                                                                                                                                                                        SHA1:CCA89D6093F987572967042CD6321D13B1FF342B
                                                                                                                                                                                                                                        SHA-256:D314FE22DCB040B8A7AD183C15C872E4B0E14ECBB169AA8F4DDE84389A1513DB
                                                                                                                                                                                                                                        SHA-512:6E663E9462E5A1A1BB88A7B88DB35994B8B9A2A5FB0C47DA5D6038524439790F72D2A3A5EE8602AA3E49CE9EE24708D3E3F368D8DF931491794BD598F6481F08
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnAccess.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7.............!..0................. ........@.. ....................................`.....................................K........................>..........O................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc..............................@..B.......................H............T...........m..7@..........................................*..B(....(....(....*.....(....*....*................8........E....q...K...2.......$...8l...*.........(...+.. ........8........@D...8.......(D...t)..... ....8....~...... ....~5...{....:....& ....8v....... ....~5...{t...9^...& ....8S........*................8........E....i...[...j...-...F...8d.......@M... ....~5...{I...:....& ....8.......(G...t)..... ....8.............(...+..8........ ....8~...*~...... ...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):472064
                                                                                                                                                                                                                                        Entropy (8bit):6.199008548625321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:cCz7cTxZKL1JmzPydmULmHQ1c6yqmZ4EdzktLRuCXzYbdWrFQEp5ze:cCMT20P5vD67wvzsRudWrFfze
                                                                                                                                                                                                                                        MD5:D39E273EE94BBC10711BD117681C012C
                                                                                                                                                                                                                                        SHA1:DBA8D0169DC6010C78F323194558AA0CF4675983
                                                                                                                                                                                                                                        SHA-256:A2B2ABF5E7B80135C07A35BB9200BADD4C0C12B997234B063D6F6E1EE395A55C
                                                                                                                                                                                                                                        SHA-512:2CA1432FF29212CB8F33F220650314B93F415A4203A10DA55E58D7B6B22CE2A71EF9AA6C79F82B168152DA4D36A4D9AC150DDBAED806B98D4AF9F6ACB8C61A59
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.OnDemand.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..............!..0.................. ... ....@.. .......................`....... ....`.................................P...K.... ...................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H.......0....k...........*.._...r........................................*..B(#...(....(....*.....(....*....*................E................2.......8......*8+... ....8.....(+....(,.....8........E............Y...8.... ....f ..0}a~x...{....a(-..........%.....(....s...... ....~x...{~...:....& ....8.....(/..... ....~x...{....9....& ....8........E........l...........4...Z...8......... (0...(1... ....~x...{....9....& ....8......(7... ....~x...{t...9....& ....8........(3....s.....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):416400
                                                                                                                                                                                                                                        Entropy (8bit):6.284768478175249
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:8CeUGvX2vrwWyfKVuiDBvnFLJevzfXjvZ:8zUGv2Dw/yVugnFLJevzfF
                                                                                                                                                                                                                                        MD5:FEF47B4E7B63CB25325B309501C1277F
                                                                                                                                                                                                                                        SHA1:1855189CC7572FA17E6140100930F33B7C567883
                                                                                                                                                                                                                                        SHA-256:426C7A2EB540DB5B688D9D49DFAB819178AF4D1EEBD23ADF979BB0178EC6FE5B
                                                                                                                                                                                                                                        SHA-512:316ED1CF7F6438481E13BAFBE5DD21550A86AB7AC20A1FDFFA4AA9A934757A0E570745E1D96B6AD28DA665C0B63E5EB460FDE1F5676445A18A71745B78D54850
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.Quarantine.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8N.............!..0..............5... ...@....@.. ..............................M.....`..................................4..K....@............... ...:...`......k4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................4......H........7...!...........X..*....3.......................................*..B(....(....(....*.....(....*....*................8........E....................0.......8.....(.....o...... ....~....{....:....& ....8........E........$.......8.....(+..... ....~....{....:....& ....8........E....?...n...8.......^...s...8:.....(2...(3..... ....8........o.....s...... ....8......(0... ....~....{5...9....& ....8..........o....(....8.............i(/... ....~....{....9....& ....8........E...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2771600
                                                                                                                                                                                                                                        Entropy (8bit):6.630252356589734
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Vo5aD7iyJuZetjPsDpGg+LHH4YvbCPv7KOuNXU9QtCofuHMBgNTaH9+4/V5WE7li:VRscg+i7KXlCKQ+8uN7lEUjkAW
                                                                                                                                                                                                                                        MD5:E3AEDD60FA756973BFA4BF4DF12D0E3C
                                                                                                                                                                                                                                        SHA1:8C4ADFF407EE0FAFE72F3FD6AEE2D2EE56B53819
                                                                                                                                                                                                                                        SHA-256:A634608BCECA94C010B383B1B4CCC4750F875C41C458C3FC26A1941F2F09D836
                                                                                                                                                                                                                                        SHA-512:2C1725561C2E43DEB329CFA50E7A1E185AFE8E5C84E52F00A14C1BE81684D5EDA2708231F69DA5B9FA5FD94DF0F32DF809A581CA1D13809E7565535FCDBB3EB0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Scan.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P.q............!..0...*.........^$*.. ...@*...@.. ........................*.......*...`..................................$*.K....@*.h.............*..:...`*......#*.............................................. ............... ..H............text...d.*.. ....*................. ..`.rsrc...h....@*.......*.............@....reloc.......`*.......*.............@..B................@$*.....H........<..|...........(....?..C#*......................................*..B(Q...(F...(....*.....(....*....*................8........E....5...S.......Y...\...80...r...p*.(*...:L... ....~....{....9....& ....8....8.... ....~....{....:....& ....8......*r...p*r...p..8.....(.....o...... ....8........E........5...A...8.....(...... ....~....{....:....& ....8........E....W...|...B.......O...4...8R.........o....(.... ....~....{....9....& ....8........(/....s...... ....8......o....(..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):218112
                                                                                                                                                                                                                                        Entropy (8bit):6.125510337455106
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:dHfzQNeguktxKD8AOQnzdGp/uaONd3aDDqnuHkFSSSqw9ZG9G+4c3TP:xoeg5wD8AOuztNcDD2lSZN+4cL
                                                                                                                                                                                                                                        MD5:E921ED7413602B2083B92D2A59B3CED8
                                                                                                                                                                                                                                        SHA1:D7D39380690EBF37980478BF0147355706AF90F6
                                                                                                                                                                                                                                        SHA-256:E97376D9A88F7162CA726B09F275C3C8AC9D46245F596B0F70670B1F6B211624
                                                                                                                                                                                                                                        SHA-512:256B7D71E8E31F4ADE989D6CBCDA70D49897F88E591298C3E19DD06E97218EEBB92D47B7A959F2FB9C100B7D706E141D2BFDF2AA20623948B78C3807E2D1FE08
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.UDI.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..............*... ...@....@.. ....................................`..................................)..K....@..h................>...`.......)............................................... ............... ..H............text...4.... ...................... ..`.rsrc...h....@......................@....reloc.......`......................@..B.................*......H........1..0...............k8...).......................................*..B(_...(T...(....*.....(....*....*.......*.......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*................8..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):166400
                                                                                                                                                                                                                                        Entropy (8bit):6.158608866537054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DXjdRFYnUGOU5EkAOb1G4/bYEDJNsg8Ta/PM38ovau1FHdGXa7:DXjLFYn7GkPXbYU+vt1F9Go
                                                                                                                                                                                                                                        MD5:E0D4F80FBCEEC79CCE5938FE9F01CFC1
                                                                                                                                                                                                                                        SHA1:DBCDFC09652F84486671121BE2F1CA37F043C94C
                                                                                                                                                                                                                                        SHA-256:ECCAEEDE0D5EC2B32DCDCFC96E1A4BB0D6C495B04B1EAEE5A56A8314C5B5DFA5
                                                                                                                                                                                                                                        SHA-512:A9E303EBF5392DF9AC804B220846116FDC9EF308E99920C6F2F240F20B8EBDC2C696A02730DD429D15E5D8E22AEBEB280BB2222E23D3DE0E19D249CADAD858BA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Updater.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f............!..0..B...........`... ........@.. ..............................8u....`.................................p`..K....................L...>.........."`............................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@....reloc...............J..............@..B.................`......H...........4............;...!..._.......................................*..B(....(....(....*.....(....*..(....*....*................8........E............n...+.......8|...~...... ....~o...{N...:....& ....8.......(....t......8.............(...+.. ....~o...{....9....& ....8y.......@.... ....8f....... ....8X...*.....*................8........E....:.......i.......w...85...*....@Z...8....~...... ....~o...{....9....& ....8.............(...+.. ....~o...{....:....& ....8~....... ...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):534016
                                                                                                                                                                                                                                        Entropy (8bit):6.1378496343217614
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ruFjirA1cQ3luN7Ce9+YLgtXsXNvSgKc4D7SBinCCwCy:r6jUA1cQ3luN2e9hLGsXN6A4D7TnCl5
                                                                                                                                                                                                                                        MD5:3D99E12DEB19BAA369F7FDCD78602852
                                                                                                                                                                                                                                        SHA1:D2C3DCAC19A1F2E6F0766830B034D3792708C5C6
                                                                                                                                                                                                                                        SHA-256:25D5733DE291FC13A5377E293A1DB0628BF46028C1A75451363218043EDC71B7
                                                                                                                                                                                                                                        SHA-512:EB600DB4E7A4139FF105995E2F6A58278772AECF66EFD7406C1B2461312554756CD2F1423CD5C69202FC5D4FBE5F274B1A7F46A4A5C2894EBDD34AE99AF4DB4E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5.............!..0.............~.... ........@.. .......................@............`.................................0...K........................>... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@....reloc....... ......................@..B................`.......H............<...........'......Y........................................*..B(....(....(....*.....(....*..(....*....*..................9......o....(....9......o....(....9......o....(....9......o....(....9......o.....*...".......*.....................E....*.......8%...... ....~....{`...:....& ....8......*.~....(....(....(.... ..4. ....a~....{....a(....r...p(....(...... ........8........E:...........O...".......C.......................:...~...............>...........,..........

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2464400
                                                                                                                                                                                                                                        Entropy (8bit):6.218158032777317
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:26nuotpeZ9F9wQ7YO6GWZ1VlB6F00QEXiAuT6A6yl2XhKNO8s3+WB:C2QMDHCTAHemO8I1
                                                                                                                                                                                                                                        MD5:3E90B6DE455F8A6EBF19F909EEF0F2BD
                                                                                                                                                                                                                                        SHA1:EF08B47F6A311DE7FBE94B64A5BA3FF30B4CDEE7
                                                                                                                                                                                                                                        SHA-256:57BF1B550404462301C0610BF33865B504B5D0B09C87B6F97F55B089E059A6D1
                                                                                                                                                                                                                                        SHA-512:1A92732CA78D52076D16A751882AB9A9CBAB8558BF3DC1558C39854547E7430A7D278D048433459A6D3FC4D06820FDE74DDA6B4BC109B057DB6480B5ED4B38D0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f..............!..0..V%.........~t%.. ....%...@.. ........................%.......%...`.................................0t%.K.....%..............`%..:....%......s%.............................................. ............... ..H............text....T%.. ...V%................. ..`.rsrc.........%......X%.............@....reloc........%......^%.............@..B................`t%.....H.......X=..,S............ .....`s%......................................*..B(....(....(....*.....(....*..(....*....*................8........E....2.......{.../...G...<...8-....(....:;... ....~y...{....9....& ....8......*8....8....8.... ....8....r...p*.o....9.... ....~y...{a...9s...& ....8h....(*....(+.....8........E....O...X...u...8J... .!.. .@.>a~y...{w...a(,......#...%....(-...s...... ....~y...{3...:....& ....8.....(...... ....~y...{....9....& ....8........E..............

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.Wsc.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142848
                                                                                                                                                                                                                                        Entropy (8bit):6.084168906551222
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:U0ufITLt74jugCBnwQ5pbYehtBw2uF1/A/zTkRK1b6jeWpV:U0ufITJ74agCJwQ56ehtBw2ubYV1bx6
                                                                                                                                                                                                                                        MD5:C52264E3E8AAA14A7F8F5101BBA18730
                                                                                                                                                                                                                                        SHA1:A19A6C8BE9BB38FEECD49EDB09A66BD725312A26
                                                                                                                                                                                                                                        SHA-256:ADFFE3F17B6812A7B0AAE6AA8BD97645E62F91B79E10E405905F03C78EBC07C9
                                                                                                                                                                                                                                        SHA-512:8BCFB822EEBC4E1A70328FAEF907CF028CCBE11A60C6E2A98343E022524B840DEDBE9189E723B7758A2C77187E5B0E471EF1FC47E97B82B6736FDD7435AD64F4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngine.Wsc.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0.................. ... ....@.. .......................`......I.....`.................................p...K.... ..h................>...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...h.... ......................@....reloc.......@......................@..B........................H.......lo..............$................................................*..B(R...(....(....*.....(G...*..(....*....*................8........E........e...........8.........(....8K.......E....Y.......}.......F...8T...s......... ....~R...{_...:....& ....8....~....:E... ........8....8.... ........8.....9... ....~R...{y...:u...& ....8j...~...... ....~R...{....:O...& ....8D..........:5... ....~R...{a...:....& ....8........E....5...+...80.....(.... ....~R...{....:....& ....8....8.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngine.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (5824), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5824
                                                                                                                                                                                                                                        Entropy (8bit):5.99179572850437
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Rw99zAT1M+bHIEwrgiYlBk9x/rcohy9Q/GDFSf1Ru/M7j0C0wXfAXBT5A:RwLzAZxrIt0Bk7+QZz7jh0wI5K
                                                                                                                                                                                                                                        MD5:0195B6F2D3E0F5A4947F353E48E15D8C
                                                                                                                                                                                                                                        SHA1:F29FB502B68A486FFEE0C55ED343C15E5110E6F9
                                                                                                                                                                                                                                        SHA-256:52B9FF10C412162CE0AC5ECE6CD56B1164C209AF1AD8B3B8E334149ED6E4EA56
                                                                                                                                                                                                                                        SHA-512:65BA63D1645A1C507C2A8C4728DF0F1F660F3574333925386F1B5B07F11E4E894D8404767A478A384D6A5910915FF040698C6C761047A4CE53A9FABD2D788BEF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SeNHHAozzDzx8xafGs52O02M3LrbDRSLIJ5xixluCuxOz2RE7hbtSEc4h5uwlDrbNRkIuc4wJhx4cXXt/BOt9Z+36zGIYFX8XISHgLWcpFjCNyTrdgn2YOwLq7Y7bAKO5yDJj86mhhScMYzZBlyORgFRJ147EDfwm0fcGGR0sjv0p2Gn/ZV4AgD66Ocu+Msv8hkX9Iv4Ny94mQ/t8HdSZcpl3Vs1/Y2/w1eWrsjffIJRQPTst3kD+6PkJ6wESCkalyNysMY7Xym7/aS1fSZWmUxP0m0VZihGj6AV+J3d8we9Z3Jd/GK2Eyq8xg+d0D03kWzKYSSWH6IurX1f0MJ/RdIqVoXOToOeW8FXmrL/mVu1P0Sk9q5GCosFlPYAQdEkM+k9JNb0YPcOmlrbVVF+CU2PekpKhwWF/u6kFjbT3EZbXcfjB4XPqNremlWvMtCo2mOnMIs9Omm9ROlhD28LolaA9zpxsgDoqLGVSb56MA8Z2ho9DdUQHixQWphsJ7efUATXjTeoitUN7qTrigGJXAeGYCeHtHISIi8LkQB6uba4L8w6imPsL/ak8FtVyW2OYkpELVVcBdg5NTDT7hhkgBYjSRz4udHNJAwrHJtQkDcZRu81LGNQBmeEER99cN71j06CjH6xiw5y6Q/bgmQ8OvH0WTMXXcCc3fkVWDHgSDKvj6owxB9+Z3KGjnEbmpOzfxDkI8h4JF2ALQbKSxhTEaLUDm7zsJuljmB7VBsCEAw0yStGo/aTERF+U4Hlh6RrC6jTRnB6hMMY3NJf7nqG7jlAcyoi6/btEFUz0MmFZ6PF7rOuPsIuD3QHWgZdFQIH/TZskLj1YAEXDsU/HSQR/ukB/If5hjj5Lk4ZkZ621Upjc2OVvyFMrSEC8chhTVfauV72ZEIvueY5TFjx+AxdEvShXzTTJJjlss3nI8Qsy2+k/bUAuaJO9qlH6KuWoYT5keJ7IZxJQP0DE1Lfzb6ZWNMcwZLxYXCpR4lLNHDb

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):660
                                                                                                                                                                                                                                        Entropy (8bit):4.794264233963525
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:qLLnR8IJomf6WELXsEjXnC9xkKxkwCsx/nR8IJomf6WS:qLruIF69L9jXIxkKxkwCsxuIF6b
                                                                                                                                                                                                                                        MD5:705ACE5DF076489BDE34BD8F44C09901
                                                                                                                                                                                                                                        SHA1:B867F35786F09405C324B6BF692E479FFECDFA9C
                                                                                                                                                                                                                                        SHA-256:F05A09811F6377D1341E9B41C63AA7B84A5C246055C43B0BE09723BF29480950
                                                                                                                                                                                                                                        SHA-512:1F490F09B7D21075E8CDF2FE16F232A98428BEF5C487BADF4891647053FFEF02987517CD41DDDBDC998BEF9F2B0DDD33A3F3D2850B7B99AE7A4B3C115B0EEFF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.Installing assembly 'C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe.. logfile = C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog..Installing service rsEngineSvc.....Service rsEngineSvc has been successfully installed...Creating EventLog source rsEngineSvc in log Application.....Committing assembly 'C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe.. logfile = C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallState

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7466
                                                                                                                                                                                                                                        Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                        MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                        SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                        SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                        SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):167424
                                                                                                                                                                                                                                        Entropy (8bit):6.165456000712779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TdtSl7bGtt5g6RBJ3jqXc6AFBnMkV21vbzy:Zt2bgn32KMc
                                                                                                                                                                                                                                        MD5:327345B3F3E66A7429BFD822F6C20553
                                                                                                                                                                                                                                        SHA1:D2A8E73744B1F266B16E18FBA4C61AA5C5B50CC7
                                                                                                                                                                                                                                        SHA-256:AD6C80D0BE80A6581DAAE0C9A851586D5511C60FD2C2CA4705027259591DD2A2
                                                                                                                                                                                                                                        SHA-512:B7C1476196782942DC15198B8CE8DF92EAB4E4B388A4C8DF5DE39FC47947A4638FC94EA7657F5636D88A1B8E8098753B80862F5CF87DE47FCDE14A0D40613AC2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.Proxy.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.............!..0..F...........d... ........@.. ....................................`..................................c..K....................P...>..........qc............................................... ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@....reloc...............N..............@..B.................c......H.......l................=...#...b.......................................*..B(a...(....(....*.....(V...*..(....*....*................E........M.......Z...8.............(...+.. ....8.......(....t...... ....~....{h...9....& ....8....*~......8(.......@.... ....~....{....9t...& ....8i....... ....8[.........*................8........E....G...4...n...U.......8B............(...+.. ....~....{....:....& ....8........ ........8....*....@....8.......( ...t...... ....8y...~...... ....~..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):309248
                                                                                                                                                                                                                                        Entropy (8bit):6.231027305537471
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:JY9xWi4IKRdUa3n5Xuj8NZsaJ6BrdvtFmso7UT+mTDNfXDfKrB+3fCyhM4TKBj7y:JaBjHa3RpZsa4BrdVF9o7UPD0+PDki
                                                                                                                                                                                                                                        MD5:EDAFCF4340BE2E065FD54D20CBD3DC58
                                                                                                                                                                                                                                        SHA1:77491716599FC8D874D9E3F320379CD2309D394B
                                                                                                                                                                                                                                        SHA-256:3F29E100DB1DA87A42B9CD30E96AE9FB1066C0E7ADCB774C76E0A1DE7481875A
                                                                                                                                                                                                                                        SHA-512:29CD20A20506227FE9F04BBCE632B39B39648EE7621A053D9DC7CAF81F0D586A79E32CEAF29C7B0FF36324FAE08F8CAD5FAE5F5D20E9FCA194F9F5F4E818D1F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.JSONInterface.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....GPf...........!.....p..........^.... ........@.. ..............................^c....@.....................................K....................z...>........................................................... ............... ..H............text...dn... ...p.................. ..`.rsrc................r..............@....reloc...............x..............@..B................@.......H.......l...t...........................................................*..B(....(....(....*.....(....*..(....*....*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*..................t.........~....o.....i.@.......i...s....(.......j...s....(.......k...s....(.......l...s....(.......m...s....(.......n...s....(.......o...s....(.......p...s....( ......q...s!...("......r...s#...($......s...s%...(&......t...s'...((....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):190464
                                                                                                                                                                                                                                        Entropy (8bit):6.260050422590562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:pk4fIhz6wRxDxwWEIW8lReMzF8hakNzijRcuQGK1mTw:pZfkz6iDx9xmh1VuX4
                                                                                                                                                                                                                                        MD5:6586DD2E2192CC016D40D6A0439B1923
                                                                                                                                                                                                                                        SHA1:2A30D5A172BDB44FD4C0A91AD729C684EFF068CB
                                                                                                                                                                                                                                        SHA-256:6D5EC23B8E664ABDEF46A39A2AE0BB86674A29D342DC11CF9ACA356EEC6C6D07
                                                                                                                                                                                                                                        SHA-512:3F1A945AC993C6009D8DA2AD466A48CC87B1CE3D702F53448A3F8E253DA7797B4CE9484434A1C9D4B462AE8A0BF808A9CE5A2B3CE4539822A5F461E13700C5FD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.RPC.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Vm............!..0.............^.... ........@.. ..............................E.....`.....................................K.......t................>........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...t...........................@....reloc..............................@..B................@.......H.......................p....-..<........................................*..B(....(....(....*.....(....*..(....*....*.................(....t............(...+...@....*......*.................(....t............(...+...@....*......*...................(....&8....*....*................8........E........q... .......K...8....8.... ....8......;^...8....(....%:H...& ....~....{....:....& ....8......;.... ....~....{....9....& ....8v....*(....*(....%:"...& ....~....{....9N...& ....8C....

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):364688
                                                                                                                                                                                                                                        Entropy (8bit):6.349300837557166
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:IhN7hsWFCYn1OccgbaLUGj13/ILPYngdruWO8ITeN8fl31171ntnPQvpQ4zc+eMR:ShsWFT1Oc1ijZ/IDddaWGl111BuvRc+
                                                                                                                                                                                                                                        MD5:D8053B9FDBDBB3E32CF583AACB29D1EE
                                                                                                                                                                                                                                        SHA1:43D1F93711C410C9458F0C10F98BB89690661F1B
                                                                                                                                                                                                                                        SHA-256:D241E1EE561D0161455520676504E581CC2FEF4BEA6680C9D447FD2253678B2E
                                                                                                                                                                                                                                        SHA-512:C436FA0B982E3212A2D7379F3DAE8DCB2984973889544719B6E68CC8FC53A7CCB31BB2190FF7D868A74ED65D5A93435D71A8A5BE6BD4AFA8E075EBDA9C94075C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0..J...........i... ........@.. ..............................z.....`..................................h..K.......$............V...:...........h............................................... ............... ..H............text...$I... ...J.................. ..`.rsrc...$............L..............@....reloc...............T..............@..B.................i......H.......TQ...m..........\........h.......................................*..B(/...(....(....*.....($...*..(....*....*.................po.... '...8........Ec...4...........!...........P.......Y...........a.......6.......+...!...................4.......................@...............A...........p...(...........}.......5...........................C...........`...<...<...................j...R...........................!...................?...[..................."...8...........[

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153600
                                                                                                                                                                                                                                        Entropy (8bit):6.136407498903004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:6K86KKJ/0hDGadf+DZZC3J5Qdl+4e4cwJ5EqP4qCq1RY09:6KvKKShKe5QdM4e4cGT/n
                                                                                                                                                                                                                                        MD5:42FFE698DABC46C3993D74E2BC6116D5
                                                                                                                                                                                                                                        SHA1:19D937886A469C3A7EAB1CC4F662476D37E22C44
                                                                                                                                                                                                                                        SHA-256:031348435351CC53C63FB0C0365AB0612FF405D34DD25D97C2EDA90F00BA3E1E
                                                                                                                                                                                                                                        SHA-512:9F11A2E661390834D34472D92CA2750B499B379D1E1368E67B48ECCE56BA464F22D3C713DF1AE7805895E9E9568EA91537988232213BE919F58B2E056116FCDC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............~,... ...@....@.. ..............................4.....`.................................0,..K....@...................>...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@....reloc.......`......................@..B................`,......H.......0...T.......Y...........h+.......................................*..B(....(....(....*.......*................8........E....l...........C.......8g......... ....8....(....o....9m... ....~w...{r...9....& ....8....(....(.... ....~w...{m...9....& ....8{...8.... ....~w...{N...9b...& ....8W...*.(....8.........*...(...+*......*................E....9.......:.......|...84....(....9....8....8 ... ....~w...{I...:....& ....8....** ..y ..xa I.<sa~w...{....a(.....s.....o....(....:

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsExtensionHost.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsFrame.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                                        Entropy (8bit):6.868915768817926
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:BYzPTJH3h8Eq7rjP9Z95Xa/rl9qX2Ip4VnTjdAA1m5wMBq5ul043Ovfh+LLX:BYztH3h8Eq5HRKrLy2Ip4VnTxf1mlBqi
                                                                                                                                                                                                                                        MD5:C104DA9AADDEBF969962F11EA3F7F42F
                                                                                                                                                                                                                                        SHA1:546EC88DB080684694860C9B0B4B2EEA48B9953C
                                                                                                                                                                                                                                        SHA-256:9E5714777C010A693FCCB69AF0FD3909DF486360B8D8DA67A257F338D0CD3D16
                                                                                                                                                                                                                                        SHA-512:EE0AE4101130A5E852254543930B5915D74D54145738084DEEC661C74B4D09924D323E7A4FCDBA559FFE38C7522C785FA92CBAA02C1CB24262724BB93C9B4A1E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............".... ...@....... ...............................v....`..................................-..O....@..H................>...`......D-..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B........................H.......H$...............................................................0..t..........(.....0...R......*.-...R......*. ....j5...6.r...ps....z.i.................Yo.......1...X...1...2.....s....z..R..*.0..E.........i..,-.j%(.......X..........(.......o........o....*..(........o....*..(....*....0..^........~....7T.~....7J.~....7@.~....76.~....7,.~....7".~....7..~....7..~....7...*..*.*.*.*.*.*.*.*.*...0..B........(............T...J...XT....j_ ....j`...d%..-...J.Y.....%G.._.R.*..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsHelper.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143872
                                                                                                                                                                                                                                        Entropy (8bit):6.099711845700752
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:/Wy17X7LCWgHARJGojSkT3j+iCFCKJVLgEYyoE/58ceViIZF45Lw2aR8PTMDz+VK:/WQLJDTGh83qhsKbLzoke74I0Fn32io
                                                                                                                                                                                                                                        MD5:FBEE628345F36CDDE1AA68500C805888
                                                                                                                                                                                                                                        SHA1:990C2FF6F1CCD1B3AECF7137C8EEE764EFECD754
                                                                                                                                                                                                                                        SHA-256:BD8DBBF36AEB46474A5C087B939F96979C65E3EDFAF0B0C889EDF4B3316E0FC0
                                                                                                                                                                                                                                        SHA-512:B3A0285AE5B6F614EC1DEA34C9276A9F44982B5E16F01A71FC7168424F035B05093AC95BC47888B80EDC607C5E7865A253D5FF6996E9F7FCCC9CA1CB6DBC6E8B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsHelper.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?...............0.................. ... ....@.. .......................`............`.................................p...K.... ...................>...@......)................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H........k...............................................................*..B(f...(....(....*.....([...*....*................8........E....9.......)...v...............84......... ....8....(....r...p(....8>....(.... ....8....(....(....:.... ....~....{....:....& ....8x...(.... ....8i...(.... ....8Z...*(....(.... ....~....{....9;...& ....80.........*................8........E....*.......8%...(.... ....~....{....9....& ....8....*......8........*................E..................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsHelper.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18070
                                                                                                                                                                                                                                        Entropy (8bit):4.992549577385435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrkUwfx0GReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZedUaw:hrU5PUDRTHffIz
                                                                                                                                                                                                                                        MD5:5EF4DC031D352D4CDCEFAF5B37A4843B
                                                                                                                                                                                                                                        SHA1:128285EC63297232B5109587DC97B7C3EBD500A6
                                                                                                                                                                                                                                        SHA-256:4B094B7BD38E5BF01900E468DDD545B42369AE510EC2366427804A57DA5013A7
                                                                                                                                                                                                                                        SHA-512:38B0444E4F07AD0B50891E2B0DA6374B0033CB9656A4918E9EAAE34E381D95671978D19ABBCF2B8FDB079921B85E20DBE2C4392B15984CE6051B48B4A05A172F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Collectio

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsJSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224400
                                                                                                                                                                                                                                        Entropy (8bit):6.7771936576354355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:R7IEMtFMZZi+Ng9999994f9oMlnhcNx3Bn:BZi/MlevB
                                                                                                                                                                                                                                        MD5:FA63504382F4F3F92FA86841D9E97F29
                                                                                                                                                                                                                                        SHA1:0BDE02C98741BB24EAF501BD8E2D9738742CD042
                                                                                                                                                                                                                                        SHA-256:5F0764E1998464F63C6583F870DD3784921B752B91D8E450FE2C90153CB5E58D
                                                                                                                                                                                                                                        SHA-512:C8483D9060A6800C8DEDB4D5FEA7CDA346F742CA1A149C3EB608823209AFF1F00BFCC5B0CAF9C482C7B01D75F6E198EDFAE3B0100CB0DCA6E5B5F18336ABDEE5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3..............!..0..(..........nG... ...`....@.. ...............................)....`................................. G..K....`..D............2...:...........F............................................... ............... ..H............text...t'... ...(.................. ..`.rsrc...D....`.......*..............@..@.reloc...............0..............@..B................PG......H....... ...P...........p\......_F.......................................(....(....*:+.(.N.R.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*....*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsLitmus.A.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):111616
                                                                                                                                                                                                                                        Entropy (8bit):6.294958596524468
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:XfL+72PsK9Qd/RpgyxMkJfjQmMCdwMzTVVAP:XCqkK2/Rp5DzTVKP
                                                                                                                                                                                                                                        MD5:25E82984602B03AE3572A1AE582B3392
                                                                                                                                                                                                                                        SHA1:7407428D1B7E82F5266B1FD9F010F9C63079B7E3
                                                                                                                                                                                                                                        SHA-256:D1DBA91B162DA215E091701BAA4A662EDF22911CAE67C64DF0ECA8FF7A1EAA78
                                                                                                                                                                                                                                        SHA-512:72CE8E33C1A1D2AA8AA68906A89787AC589DA86845211E066E5D1B41948FD3D7FE16FDBBA8A6CDFCF5DC944943A8ABD4ED4E582D959D1C6A1AC802DB3D5F5480
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Lq..-..-..-...E..-...E..-...E...-...X..-...X..-...X..-...E..-..-...-..;X..-..;X..-..;X..-..Rich.-..........................PE..d......b.........."............................@.............................................................................................V..(...............t....v...>......8....E..p...........................@F..8............... ............................text............................... ..`.rdata..V...........................@..@.data........`.......R..............@....pdata..t............\..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc..8............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsLitmus.S.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):105456
                                                                                                                                                                                                                                        Entropy (8bit):6.166230469207198
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8fL+72PsK9Qd/RpgyxMkJfjQmMCdwMzTVK:8CqkK2/Rp5DzTVK
                                                                                                                                                                                                                                        MD5:7C97046701CB82E4E409DF20AF386275
                                                                                                                                                                                                                                        SHA1:051267E447CF42B2ECA5F695526F18ADD1CCF3E4
                                                                                                                                                                                                                                        SHA-256:38CA46547C8C7C5C0C8E394EA355A03C26A08ADB63B39FC95AA5461B5321DA7C
                                                                                                                                                                                                                                        SHA-512:22E2CFBDA6E47D62E0F87535F4F61ECC67408EFDF020C41A29993BD80FAC9CC40D4513708C0BC96CBAA0D70686BBBD2D7CB1FBB95BD273937159D6516452B691
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Lq..-..-..-...E..-...E..-...E...-...X..-...X..-...X..-...E..-..-...-..;X..-..;X..-..;X..-..Rich.-..........................PE..d......b.........."............................@.............................................................................................V..(...............t....v...%......8....E..p...........................@F..8............... ............................text............................... ..`.rdata..V...........................@..@.data........`.......R..............@....pdata..t............\..............@..@_RDATA...............j..............@..@.rsrc................l..............@..@.reloc..8............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsLogger.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182920
                                                                                                                                                                                                                                        Entropy (8bit):6.549984856278825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5Uy/CR6dEfViQ+7gLmiEw/zrQUTkkySNP0dbNIprWrL:Cy/CVQILmil/zrQV2YbNGy
                                                                                                                                                                                                                                        MD5:E3FA0916F33BEE8A14F28421D2DCDC9F
                                                                                                                                                                                                                                        SHA1:FD3DCA4DB55E81EBFFC7609C5D63A4FFBD6629B2
                                                                                                                                                                                                                                        SHA-256:29AAFF11E775C800575B1A5D4160DAEC749DDE528E68BC3B6E9B340279ED991D
                                                                                                                                                                                                                                        SHA-512:FE96EFD3CF162BBB766634C3D90F707D868378DD04E47AA9D55C03E03130F54827F781639383B053C9335D022CCD6B244B67E586197C2B40D193DD58A4EE8CB6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsLogger.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...oe.............!..0.................. ........@.. ..............................Y.....`.................................P...K.......P................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H........s..d...........t".. ............................................(....(}...*".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*........00......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsPerformance.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):43152
                                                                                                                                                                                                                                        Entropy (8bit):6.52771924462892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NWti03xJqc90G9LylSEJHRKrLy2Ip4PCxf1mlzzA:NWtbq80S4bJHi/9AfIPA
                                                                                                                                                                                                                                        MD5:3418BCC93F638C6546B5E65B178F3FB4
                                                                                                                                                                                                                                        SHA1:75A5668656A41FBF9010C2A06A42A4A03B4BE17D
                                                                                                                                                                                                                                        SHA-256:E5E37F425D3DB3ADE0340CA8D0D787A00C1CB3FA392BC525A56632D6A8983B9F
                                                                                                                                                                                                                                        SHA-512:173CAD6D3787BDED545D8DF9A4C1CE248E9AABF4DA3AF9DB80E9B2BBCEE59923CF6FF32F9021EC7FD880AF609680C3EF3DD3F3C7E7E6B231D9113CF306ECE73C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.w..........." ..0..f............... ........... ..............................3.....`.................................l...O....................n...:.............8............................................ ............... ..H............text...xe... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B........................H........>...D............................................................(....*..(....*..(....*.0...........~....}.....s....}.......(*....~....s....}......{ ...r...p(....}......+&..{.....{!.........(2...(1...}......X...{!....i2...{....(3...}....*~.(_....|.....(.....|....(....&*..0..2.......sa......}A.....}B....{.....{B......b...s....o....*...0..$.........(......o ....0.~....*.{.....(!...*.0...........|.....(......("...-..(#...,.~....*.-..|....($...+..|.....j(%....{......{...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsRemediation.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):141968
                                                                                                                                                                                                                                        Entropy (8bit):6.096258611111406
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:0wGLJwGeXmUy1hjvSn27sXc95eOioAXUxuIORpDa06i9i:rGLidXXKw2Mc95eLo/MQU
                                                                                                                                                                                                                                        MD5:AFB4F88146753AE0BB5C19E4DAECBB63
                                                                                                                                                                                                                                        SHA1:2A69DE6264B486D92D0CF08013209E997816D529
                                                                                                                                                                                                                                        SHA-256:E51CF661C3D51CD72B1D70DAC281579C4A94A7BA691D5933C316BE3718C1251E
                                                                                                                                                                                                                                        SHA-512:88C2C090190C9CA920C55CA2B02B31D345634418AEDEE742437197737EA67EAA38252F7453DA5D09CC9C283D0DE76B8984D3B655B2AB56F722BD0A0E5A77E605
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsRemediation.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.................0.................. ... ....@.. .......................`......hb....`.................................p...K.... ...................:...@......#................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@....reloc.......@......................@..B........................H........j..p...........`...[............................................*..B(N...(....(....*.....(C...*.0.......... ........8........E....$.......5...............|.......+...........3...w...{...........8......9.... ....~....{l...:....& ....8..... ...r w)..Y .Z.a~....{N...a(H...(....(...+9.... ....~....{....:K...& ....8@...8.... ....~....{j...:'...& ....8.....9.... ....8....(Z... ....~....{....:....& ....8...........s....(....*. .@.. ....b ..a~....{V...a(H...(....(...+9/..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsRemediation.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):532
                                                                                                                                                                                                                                        Entropy (8bit):5.071669869884946
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdG3VOcrL59LNFF7ap+5EPf/2/+ZS9FicYo4xT:2dErvPF7NEPH2/+w39y
                                                                                                                                                                                                                                        MD5:801C6F8CE1CA9EAC249D7CD896E49649
                                                                                                                                                                                                                                        SHA1:6C39302A125ED0D5B4E7FAB0F04231264B5E59FE
                                                                                                                                                                                                                                        SHA-256:30F7E43D8512DE6CD64FAA58F6AD86046DA331E979AB4AF38F57BE57F7469EBD
                                                                                                                                                                                                                                        SHA-512:CC310126D9FE3857ED7F335400C11749911611EE782C172426F31ED7B6B7B3921C53BBFA5FEAB3BF1B0637A53581ACA231A7ED144D77F7B0237C77E4096F4D76
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsServiceController.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):179072
                                                                                                                                                                                                                                        Entropy (8bit):6.562871128885791
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fT9nvidN3G9nZm4feQPMYGQh5AB9vaTiYuzdNd6iB6KA5U:fT9nvDB75Fq91dNd6iB6K
                                                                                                                                                                                                                                        MD5:8DCD92DE516608670F57193D74824A3B
                                                                                                                                                                                                                                        SHA1:C67C347DFA47C2DB1628FAB8BF9906C353F33DD9
                                                                                                                                                                                                                                        SHA-256:96DB49DB4DD12B9F86144FEDF83AC7DC12D855C5D7E3C863FD5B1696966AC345
                                                                                                                                                                                                                                        SHA-512:E5FDE81AE57E68DF69FC7695B9E16D8C7D188A30A4D68FFB682A3DCFEDF2C028874145815AAD2F957A02B0EAD6AD8F1442635DFA580339816110E7B1CDBC0C0E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsServiceController.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.C............!..0..t.............. ........@.. ..............................".....`.....................................K....................~...=..........A................................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H........q..<...........$................................................(....(....*.0.............*A...........(...;...:........0.............*.................0.............*.0.............*......,....5.....0.............*......L..6.:.....0.............*AL..................Y.......................^...............~................0.............*......T..".......0.............*.0.............*.0.............*A.......C...........c.......B(....(....(5...*.......*.......*.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsTime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21136
                                                                                                                                                                                                                                        Entropy (8bit):6.90635157752554
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hYZv554sAHo3T8VNrjP9Z95Xa/rl9qX2Ip4EDeCjdAA1m5wMzsPuMV:hYr9P3T8VTHRKrLy2Ip4tCxf1mlzzu
                                                                                                                                                                                                                                        MD5:3B2E281F09FCA19A7DDFA60F05566101
                                                                                                                                                                                                                                        SHA1:2F03319A5840EB8C2E12DAF8C9E7870FB022EAEB
                                                                                                                                                                                                                                        SHA-256:4041ECEC136A63E97B5FF0C980B95A4A5A193F95024C36BF56BC45DFBAC0558F
                                                                                                                                                                                                                                        SHA-512:F0C261714666BD5FF804BF6FD72C71AEFAAC0C9F13A74A1551FF65D5808B5E2C624A6B660B611B64714583C9B3363A33426C30223AEAF9D95F7770D06AD039F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$ k..........." ..0.............~,... ...@....... ..............................N.....`.................................,,..O....@..H................:...`.......+..8............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................`,......H.......l"..8............................................................0..E.........(.........(........(....(......,...(....+...(.....#.........(....j*....0..2........(.......j1..,....l(....+....l(.......3...(......*2(.....(....*J ...........s....*...0..|.........(....,....j...(.........(...._,..........*.(...........(............(...._-&......(....-..........*...(....Ys....*.js....*.0............j/..j*.(......./...Y*.j*...0..|.........(....,....j...(.........(...._,.......

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsWSC.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):606
                                                                                                                                                                                                                                        Entropy (8bit):4.827799104208526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:qLLnY8bomf6uLZA2tXnC9xkKxA2YCsx/nY8bomf6U:qLr3X6uLFXIxkKxaCsx3X6U
                                                                                                                                                                                                                                        MD5:43FBBD79C6A85B1DFB782C199FF1F0E7
                                                                                                                                                                                                                                        SHA1:CAD46A3DE56CD064E32B79C07CED5ABEC6BC1543
                                                                                                                                                                                                                                        SHA-256:19537CCFFEB8552C0D4A8E0F22A859B4465DE1723D6DB139C73C885C00BD03E0
                                                                                                                                                                                                                                        SHA-512:79B4F5DCCD4F45D9B42623EBC7EE58F67A8386CE69E804F8F11441A04B941DA9395AA791806BBC8B6CE9A9AA04127E93F6E720823445DE9740A11A52370A92EA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.Installing assembly 'C:\Program Files\ReasonLabs\EPP\rsWSC.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files\ReasonLabs\EPP\rsWSC.exe.. logfile = C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog..Installing service rsWSC.....Service rsWSC has been successfully installed...Creating EventLog source rsWSC in log Application.....Committing assembly 'C:\Program Files\ReasonLabs\EPP\rsWSC.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files\ReasonLabs\EPP\rsWSC.exe.. logfile = C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog..

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsWSC.InstallState

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsWSC.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7466
                                                                                                                                                                                                                                        Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                        MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                        SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                        SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                        SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsWSC.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):208416
                                                                                                                                                                                                                                        Entropy (8bit):6.66794417577223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DelSSyM0edH6EPcfkUlpOepc4b6SBw8b+tjzyXOjnBYJwdkJjd/09xHcxOz:8SSl08EfkUlnp96Sa2u/yuBpdcu3h
                                                                                                                                                                                                                                        MD5:D8021F3B7E9C952B7EC33B929183E8EF
                                                                                                                                                                                                                                        SHA1:ED2D1DF3E7CAE24754DF2B59AB69263CA2EC8D13
                                                                                                                                                                                                                                        SHA-256:3744DB07F72992950FF14D39E7E82302B99557592649A855497C18DB3D7A3B39
                                                                                                                                                                                                                                        SHA-512:07C7DF63D4DD21B65ECE55BD6EF6D513F9DF400F5FE456BEDBCD24AE5C58800F4FB189CE00B2C0BB05B724234FA227904C021C4160D8C5541CD4B599DB2AAB47
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0R...............0..~............... ........@.. ..............................5 ......................................`...K.......l............... ..........."................................................ ............... ..H............text....}... ...~.................. ..`.rsrc...l...........................@..@.reloc..............................@..B........................H..................=....<..2^...........................................(k...(....*:+.(.^K5.(a...*..0.............*.0.............*.0.............*....*....0.............*.(k...(....*....*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*......Y....44.....Y....95....0.............*AL..........E...M...8...4...........E.......8...7...........E.......8...5....0.............*Ad..................:...5...........~.......=...4...........~.......8...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\rsWSCClient.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):167056
                                                                                                                                                                                                                                        Entropy (8bit):6.47173453338494
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:X2kniFpIq4pOYs2sMR0i4xcHlyMTz4cU2bf3CLkPUWv2hK:mkniRQOYs2jRr4xcr3ELkPUY
                                                                                                                                                                                                                                        MD5:FD49CDA141634DFD2CB9538878D4FB0D
                                                                                                                                                                                                                                        SHA1:E52637CBF9724A59EDB51194A8F9B2784D019465
                                                                                                                                                                                                                                        SHA-256:9D7B2A3F3B53A3999B085466F4D12C80B062812FB871AAE34A621082EBC81BD7
                                                                                                                                                                                                                                        SHA-512:69BB9B3234B2EDBF93010DB72C47B00DE1D3C39E5F72FF8DDD7F408334709CDA3C6B27981F90E3BC1DFE43CEA82CD4363241A74C7824FC04BB189E0A622DBE2F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsWSCClient.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..H..........>f... ........@.. ....................................`..................................e..K.......\............R...:...........e............................................... ............... ..H............text...DF... ...H.................. ..`.rsrc...\............J..............@..@.reloc...............P..............@..B................ f......H........l..L...........X....i..!e.......................................(....(....*:+.(...W.(....*..0.............*....*....0.............*.(......E.........l.p..c......^..?.......0.............*....*....0.............*A...................}........0.............*.0.............*........t...".......t..}.....0.............*.0.............*......$.k..}....B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*...

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2285056
                                                                                                                                                                                                                                        Entropy (8bit):2.0558079294683314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BWaGrR1sGXh2YGmO+OB69vV7GVrKEu1aeBv1L8ajGCsCMldD:BWaGrQGXhZ7OS9vV7G5MphKlV
                                                                                                                                                                                                                                        MD5:4BE222B0796DF9D496E9FF02C389C304
                                                                                                                                                                                                                                        SHA1:A50131CC3683AED3C32847CDD0B8B976951296BA
                                                                                                                                                                                                                                        SHA-256:AE6D512A1D4F0F4B91A699C80EB6B97ACD3BC59B22375A3039D74B58B31E9C2D
                                                                                                                                                                                                                                        SHA-512:26CCCEA83B3F1DFE84C63CACD4698D9EEA373219CDF810F5DBC1ACE313B1478D753EB5547CA186076E878883B462364DD80136805D7AADABD5917CF485A55EAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........I...I...I.......L..............C.......Y.......@.......b.......H.......L...I...........H.....E.H.......H...RichI...........................PE..d...X>Pf.........."......H...T!.....PJ.........@..............................#.....ke#...`.....................................................<....`.... ..0..X....."..>....".t.......p........................... ...8............`..h............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..X....0......................@..@_RDATA.......P......................@..@.rsrc..... ..`.... .................@..@.reloc..t.....".......".............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ui\app.asar

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19517294
                                                                                                                                                                                                                                        Entropy (8bit):6.694656838901371
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:d+ST74motPO6kP2yKFZ18eBEUuvO2iVTmkPF6F5iyNbQ0/ynL:4STsdhB2UUiVBP0IIsL
                                                                                                                                                                                                                                        MD5:5B3C96E8253407BB4D731B00F64F42C3
                                                                                                                                                                                                                                        SHA1:F6F1C01CCA4DEBF091A8A6A76CF65D8FE47E9881
                                                                                                                                                                                                                                        SHA-256:8EE98FEC98550BFB5404406191838972977EFBE8B38B043D91BE2D2A5DF80C4D
                                                                                                                                                                                                                                        SHA-512:F257F5BAE982DE279D29475CBAD159C79B3BF7834434F944FF92CC34B6190C84489B755BAF513203578F105A106405428E84A58A6A3978D8A666765523CDFC42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................{"files":{"asset-manifest.json":{"size":22307,"offset":"0","integrity":{"algorithm":"SHA256","hash":"1c397dbeb5572ee886bf7ad240ec1d6a49fdc39467eef0435c0bc2ec078d1b28","blockSize":4194304,"blocks":["1c397dbeb5572ee886bf7ad240ec1d6a49fdc39467eef0435c0bc2ec078d1b28"]}},"electron":{"files":{"assets":{"files":{"icon.ico":{"size":2127654,"offset":"22307","integrity":{"algorithm":"SHA256","hash":"b79838b15a988ea1aaaead3ba1353d54085cc76008489fb42f614e96f8b46aab","blockSize":4194304,"blocks":["b79838b15a988ea1aaaead3ba1353d54085cc76008489fb42f614e96f8b46aab"]}},"tray_icon_notification.ico":{"size":16836,"offset":"2149961","integrity":{"algorithm":"SHA256","hash":"195607d97318343d29f77215740adce9a8029f7944db37f912a4b1b2290f115e","blockSize":4194304,"blocks":["195607d97318343d29f77215740adce9a8029f7944db37f912a4b1b2290f115e"]}},"tray_icon_rtp.ico":{"size":28078,"offset":"2166797","integrity":{"algorithm":"SHA256","hash":"ac1878c446d7434ad43262739b23085830a9bd4c67864ea0fc57228ea218

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ui\app.asar.sig

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (684)
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):685
                                                                                                                                                                                                                                        Entropy (8bit):5.950928481801507
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:ctCb0Vz+/Zq+hQrXSx2zIAtw3LAvljajTo25nmEOAIKb2d+MQRs0Cv8Q3Tz2On1+:4809+/fm7Se23LmzcncAxW+MQe0Cv/ut
                                                                                                                                                                                                                                        MD5:39990FB3FBE164F5CCA526FFF6678787
                                                                                                                                                                                                                                        SHA1:7037190DC2C2D10C9220B30A6AC3E5186215CC8C
                                                                                                                                                                                                                                        SHA-256:513EEC3066E2C6ABAA5654D14157DAC092B8546A22F88F64F17A3B0FA31FDFB5
                                                                                                                                                                                                                                        SHA-512:FD2F93C033B1A35BCEDF459573E12DF9529ACAF919AEBAB0F0296E90230E0A2D1C758FCD5DC1EB6533DEC4EF11077D832C245F284FCF38E4B1188FDAF8749C3B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:NNWiHoYKUNP4wim/xps0pIZW91JrzgVqVKdk6/6p/0VFB+U6s116mOKSdx+CEtHEJQa5FpngO7YuDx5amohtSnS9F5vpFqIAFTpczGGYHkDJ7J0+RvDIrR6IxDEJB/8M5yEw4Df8NV2dvKjHoYEVgKgpDIASXxDufeJW4syXz3+UCdWaS2rSz03vmSmBlsQNIwMTBD/PVpSEqLvT49UiP9b+Dy5zopLHWd/F5zo+DUJnX98OZCQ1DYAwwqHyXIvPBDamJraD4ja3C7ARVl0ALRif5Ju/ONOqPsVBQRvhM43X7zwZfnpWJZ+8FwWu+3UnRXZfbP3FX1D71/tCLUb44bykmgaKEkH0kMA8TAkEWlSmYZTr+Zt+n8l2HzB/5gX1mfcqDAJxWGlyAQu/6mzzmnWaJgdWR7HmsIPZ3LrR/aGHuJp9RVpj5xmkkiWPSkt+Kh79kKit44CzavGzx+5VLTuGghqBbfTKRzklFAAEMKRNEfj9Y5FD+ort4NwD0HKmehYcrv5G6dN33P11BWIe0CYAme6aJjqJ3CkxG7+2g3CAJM1I7dbRysLWD6gunrkYvjvVJKd+ew2ol9Af5Y0ROYYTupmTFRGoV6ZSx6E7mLL7/Mu+hNPdual3xBaLYR8Ac7Yjb4QEkFGziaFPRZz8qp0ywLbjqgHKqcHFEzL69yQ=.

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron-core\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):204800
                                                                                                                                                                                                                                        Entropy (8bit):6.408978814111418
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Bxa137c+Jw+7mlU6UFyAIJXw9AlbLI+aYroEWOV4iDh:Bo37c+JwGIApIJA9AlbuJEfbN
                                                                                                                                                                                                                                        MD5:9504727B1D15A8BDF74F28F40C85D1F3
                                                                                                                                                                                                                                        SHA1:DBDFCB492A583EE82C86013FD03C3F9FA1288D59
                                                                                                                                                                                                                                        SHA-256:F5DD2E25F142BFC75060DD1000B858349998497196C2509D508368131A89FDD5
                                                                                                                                                                                                                                        SHA-512:4EF87E1507C95C4B012F03D7E9D1664D3CA73FED8960D48D1E791C9C16A2A57855EE299526DEE0BE89ADE9B98A0E76B7CD6065B312DB1D559267FB8381FF2DD6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A... .. .. ..@P.. ..@P.." ..@P.. ...U.. ...U.. ...U.. ..@P.. .. ..+ ...U.. ...U.. ...U1. ...U.. ..Rich. ..........................PE..d...*..b.........." .........................................................@............`.........................................P...D.......<.... ..........(........>...0.......~..p............................v..8......................@....................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..(...........................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):204800
                                                                                                                                                                                                                                        Entropy (8bit):6.408619361294289
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:6xa137c+Jw+7mlU6UFyAIJXw9AlbLI+aYroEWOV4iCY:6o37c+JwGIApIJA9AlbuJEfbz
                                                                                                                                                                                                                                        MD5:CEDCC6CEAFF8EB1C4BE2A5E6E2B012C3
                                                                                                                                                                                                                                        SHA1:D53FAB8D1FA4A2AFF8E490C8F7F13F5B1C691C8E
                                                                                                                                                                                                                                        SHA-256:282519F369B7D642BE6B1AEBDCF83B113101B812896C379E53D99A859A39B8DA
                                                                                                                                                                                                                                        SHA-512:D3F4A6C01EEC58418DA43BCCE2BB74C8FCB4B75CCF6140CEB402CFEEB05997324F7E583249F905CB31750E2C00703E3A04F7823681AEEDE84C07E0018C635AA1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A... .. .. ..@P.. ..@P.." ..@P.. ...U.. ...U.. ...U.. ..@P.. .. ..+ ...U.. ...U.. ...U1. ...U.. ..Rich. ..........................PE..d...*..b.........." .........................................................@............`.........................................P...D.......<.... ..........(........>...0.......~..p............................v..8......................@....................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..(...........................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):124560
                                                                                                                                                                                                                                        Entropy (8bit):6.262453461799155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:N+rSugvaDzJGezUUSBxlezTESfWwjbE42qyGHzdHKcQsWydp9dlscxHi/9afI5g:N+rSu15XslsTEMPs42qyqKaB+cs5
                                                                                                                                                                                                                                        MD5:04BFFD5DEC81CBD4A75C00D36A1E0510
                                                                                                                                                                                                                                        SHA1:48B7E059157AECF0CEE08F7C5273929572499704
                                                                                                                                                                                                                                        SHA-256:F17416F61D9DDAEF528CC1121205E6526AAA0600114A61535D6C1D7CB76DEB00
                                                                                                                                                                                                                                        SHA-512:67CA87F152D7B63030BD24F2DE1E60F8C9ACC6A2B401350AF168CC03A1A7C8FBCCB81D097F6E4AA6608FF4E8FB119A426F1397BB0DFAAA02D86B99FBF84D76D5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............N..N..N...O..N...Ol.N...O..N...O..N...O..N...O..N...O..N..N..NS..O..NS..O..NS.eN..NS..O..NRich..N................PE..d.....a.........." ................................................................P.....`.............................................h.......<........................:......d...P{..p...........................0x..8...................T...@....................text...@........................... ..`.rdata..z...........................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\ui\manifest.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):117
                                                                                                                                                                                                                                        Entropy (8bit):4.19896048699559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:mifFQiXvF9+GNHfFQ3TRpvF/FHEYd7QWNwFiOv8KAfFHURXPFMY:v2KdgGjYVC4OFAt0RSY
                                                                                                                                                                                                                                        MD5:E250CCE095CCDBA7CF7B0399DC8D8970
                                                                                                                                                                                                                                        SHA1:49A4AA2D4240C6E68BC2E4A17C1006ACA156EF6B
                                                                                                                                                                                                                                        SHA-256:8188F879E93D568204BCD78E8F1B43F120A6F0917DCA9B045EAB946D84907A3F
                                                                                                                                                                                                                                        SHA-512:248832E5358BA06338C061AB675CC1CF6F01B17CAE5BD62FE1A65E8A9BD46BEBCEE76EC187628C27B67AB919040558F636698DB9A08335AE431CEE4964715373
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{. "name": "epp-ui",. "arch": [. "x64",. "arm64". ],. "dependencies": {. "electron-shell": "1.4.2". }.}

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\uninstall.ico

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174592
                                                                                                                                                                                                                                        Entropy (8bit):3.1176056240139736
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:URqHi9xDnRbDPi6ag9rucqkerzUCgIMSfZHqdefc8+YZ9:SqmpD66h9lqkerzgIPfF+efc+
                                                                                                                                                                                                                                        MD5:AF1C23B1E641E56B3DE26F5F643EB7D9
                                                                                                                                                                                                                                        SHA1:6C23DEB9B7B0C930533FDBEEA0863173D99CF323
                                                                                                                                                                                                                                        SHA-256:0D3A05E1B06403F2130A6E827B1982D2AF0495CDD42DEB180CA0CE4F20DB5058
                                                                                                                                                                                                                                        SHA-512:0C503EC7E83A5BFD59EC8CCC80F6C54412263AFD24835B8B4272A79C440A0C106875B5C3B9A521A937F0615EB4F112D1D6826948AD5FB6FD173C5C51CB7168F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ ..1..Vx..(....... ..... .............................................RRR....n...........e???'..................................................................q...................................................................y....................pppQ...........WWWC........vvvF...........```8............................1116................YYYC...........}.........................................................................................................................................................888,................1116.........................|Z....b...........5551........NNN3...........sssM.....................................................................................0.................................6....................{{{Mzzz....2...W...................M...6.......................0..............X...&...........#~~

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\7z64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1857536
                                                                                                                                                                                                                                        Entropy (8bit):6.308114326702068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:y8sHeHKHplfu94i55tbhris2CCEnWaWBvYyozGUIjnRnUC:y8Y/Q94iZNrP2t0ZyyIjnRnUC
                                                                                                                                                                                                                                        MD5:ECC83C860D6D7A1B8A6206948900FC0C
                                                                                                                                                                                                                                        SHA1:E07003B71BCF02DF865F65B5F763268AEC60D05A
                                                                                                                                                                                                                                        SHA-256:AEDB54DDA1ED189430E942D85DC50031565544694C8229FC8F6D4394235764CF
                                                                                                                                                                                                                                        SHA-512:A260B1DFD2985E565231A66939D7966204EB8861159CBD88A2C0DA96F0747214B8B52EA25420D157FE244E34862F1A2C8025A54965E01F5C54CAE11DBFA4C47C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..07.sc7.sc7.scA-.c6.scA-.c<.sc7.rcR.scA-.c.sc!.wb4.scA-.c..sc..pb0.scA-.c6.scA-.c6.scA-.c6.scRich7.sc................PE..d....\.d.........." ................pe...............................................@....`..........................................-.......$..x................1.......>.......!...................................................................................text...]........................... ..`.rdata...^.......`..................@..@.data........0......."..............@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...3.......4..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1646736
                                                                                                                                                                                                                                        Entropy (8bit):6.5502084862762135
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:JKBZFqX8TvXzlaPmAA6rKmEOwksSf0WB:JK3/z0h
                                                                                                                                                                                                                                        MD5:5796085AF562C2E98939B4230AE14723
                                                                                                                                                                                                                                        SHA1:3049BEA83BA556F021E34D8B4B8176A8B29B8096
                                                                                                                                                                                                                                        SHA-256:31560913EF14B54FAE7A0A3AA38F531E7705ACB0BA69E50483B5F6447E1805D4
                                                                                                                                                                                                                                        SHA-512:A39903B3E321DDE00EFD6C4E1FC19D2F2E9601AE221C8EE6A51D6BB5D35AB1AEF65F282A74A846AA6AE2A2EA8CC338ACF89F8A31DE4ABFF473D9B218536BE338
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O..7...d...d...d.i.d...d.i.d...d.i.d(..d0..e...d0..e...d0..e...d..=d...d...d...d...e...d...e...d...d...d...e...dRich...d........PE..d....<.].........." .........J...............................................@...........`..........................................V..X1......<.......<................:... ..$.......p............................................................................text............................... ..`.rdata..............................@..@.data....L.......6..................@....pdata..............................@..@.gfids..............................@..@.rsrc...<...........................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\ext_x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):378368
                                                                                                                                                                                                                                        Entropy (8bit):6.323464271782006
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:eBYqz/61Z2lKHQM/QX1ahKrJQRB2XHbV7iFGrwGav4VohWrtdmXR:eJ/UIwQM/qo4rGREXH1o8oR
                                                                                                                                                                                                                                        MD5:56C7619C00F192566EB83574A8DB52DE
                                                                                                                                                                                                                                        SHA1:04B70963A8A4DD097D5485F5955A9CB8EAEF688E
                                                                                                                                                                                                                                        SHA-256:89C96ABE36042E6486D1E6A5A3233B30F9D8CDD08C8300237C75F33BC2F46610
                                                                                                                                                                                                                                        SHA-512:CE5B801CD8B3E9C10F0AFAAE39DD98A75E9FFD32EBDB6E38C6BF6803A9543FB364B1E60969BC398B020CF7534E8699E178CB2E4191D36D052E454D44AA505E1C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................3~+....3~)....3~(......................Z..........................%..........Rich...................PE..d.....]Y.........." .................`...............................................e....`......................................... 4.......4..P........................>.............p.......................(...`................................................text............................... ..`.rdata.............................@..@.data....2...@.......&..............@....pdata...........0...@..............@..@.tls.................p..............@....gfids...............r..............@..@.rsrc................v..............@..@.reloc...............x..............@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\lz4_x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):121856
                                                                                                                                                                                                                                        Entropy (8bit):6.2949477851647835
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8vysFz2cyiAtLfc57mfngv6ALQ09tNdUNtDfBv5XvEX6c+y:8vy6z2GAtLfcCgv6ALehJcR
                                                                                                                                                                                                                                        MD5:499BA5735A47E2B547C86BE363DF89C2
                                                                                                                                                                                                                                        SHA1:9FB9BCA2DA6D33B54761D9B4F739F9DA2DEF5B25
                                                                                                                                                                                                                                        SHA-256:8488F38CA4DBB8A3AF6C39281C8774A6BD9F3E0AED2E3B046FA250C238875D24
                                                                                                                                                                                                                                        SHA-512:BE9BA4494AFBF630906AA27E7B3AF63A63D28D666C5EBA7613192DE0F3196E011AADD442FFED2C69ED8BE9255B77F1070A5FB969D7CB4CD18FE3445DEC78AA75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L^."..".."...!.."...&.."...'..."...!.."...&.."...'.."...#.."..#..."...+.."...".."......"... ..".Rich.".........................PE..d....HSZ.........." ................D/...............................................=....`..........................................|..d...$}..(........................>......L....c..p............................d..................(............................text...`........................... ..`.rdata..~...........................@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\rsCamFilter020502.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):48944
                                                                                                                                                                                                                                        Entropy (8bit):6.755780295147749
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:68vbBtr3uL645Mx5wm9sKN6DRtoQpH3e6n9yEM1didV1VaXLkj3XV13hwOOPO9z4:Hp3uORwOO3/c1dGP0+xnOiz4
                                                                                                                                                                                                                                        MD5:633861D85B60EB7DE2E820F4FAC586E0
                                                                                                                                                                                                                                        SHA1:E5666AECD7B9D97627C4A0FC06D52AEA59D7C37D
                                                                                                                                                                                                                                        SHA-256:8EEBBE6A69D030FF7944524E22126218B6AE8CDB349C97FEEDB83CD0686BBB38
                                                                                                                                                                                                                                        SHA-512:8F26D38ABEF1CA2B365A2B1CC6B2A49C55319C59D790C32EC8D5728596FDDCF9252230C200ABAE4609884CBA3449B3EA778785244330F98C8C21CADF8C921AE1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'F..tF..tF..tF..tG..t...uC..tF..t...t...uA..t...uN..t...u@..t..*tG..t...uG..tRichF..t................PE..d....<|d.........."....".L.....................@.....................................`....`A................................................t...<.......h....`..`....l..0S......$....D..8...........................`C..@............@..H............................text............0.................. ..h.rdata.......@.......4..............@..H.data...@....P.......B..............@....pdata..`....`.......D..............@..HPAGE....a....p.......H.............. ..`INIT.................V.............. ..b.rsrc...h............d..............@..B.reloc..$............j..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\rsJournal-x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136328
                                                                                                                                                                                                                                        Entropy (8bit):6.275782785750883
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:TOJMZaVYm1tAF3f5tqKhRWmGBASRua3jXKqMVqhcWMsWCdt9dl3RDsp3rPHi/92X:TOJMucfP9WmSAmNzaqM0hnF9BRDsJMM9
                                                                                                                                                                                                                                        MD5:9BFDBCFA3233482D9DEB99F115505CC5
                                                                                                                                                                                                                                        SHA1:FCCE0D2EF738808E203DE6923EA5F463D1132C33
                                                                                                                                                                                                                                        SHA-256:AA4A93069098D1D67BF6A731FE87CFE877886B25ED18FA8EC30811C30636EA22
                                                                                                                                                                                                                                        SHA-512:90A9933ED21C68D18A5CAC2D41889FAF428EF6B2A137D5D809F8DE63A9331EA1C8E78BB5693AF3B80E25E3D8151C216ADCCD11C1557361674FCA51796D5DEAB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V2.`.S.3.S.3.S.3.!.2.S.3.!.2.S.3.!.2.S.3@&.27S.3@&.2.S.3@&.2.S.3.!.2.S.3.S.3OS.3.&.2.S.3.&.2.S.3.&v3.S.3.S.3.S.3.&.2.S.3Rich.S.3........................PE..d....Ia.........." .........................................................0......Jl....`.........................................@..........(.......h................:... ..l.......p...........................p...8............ ..x............................text............................... ..`.rdata..$.... ......................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...h...........................@..@.reloc..l.... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3063
                                                                                                                                                                                                                                        Entropy (8bit):5.014088126389475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:utXfcDLNthOyA9Bd8WMv/EhtF/qi/Oaucosld2dVBBiBklmP55I4kYlIRF7osFrr:uNfcDLNPOyALd81v+tVR/qlPsBklA5IL
                                                                                                                                                                                                                                        MD5:E8EF8570898C8ED883B4F9354D8207AE
                                                                                                                                                                                                                                        SHA1:5CC645EF9926FD6A3E85DBC87D62E7D62AB8246D
                                                                                                                                                                                                                                        SHA-256:EDC8579DEA9FAF89275F0A0BABEA442ED1C6DCC7B4F436424E6E495C6805D988
                                                                                                                                                                                                                                        SHA-512:971DD20773288C7D68FB19B39F9F5ED4AF15868BA564814199D149C32F6E16F1FD3DA05DE0F3C2ADA02C0F3D1FF665B1B7D13CE91D2164E01B77CE1A125DE397
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:;;;..;;; rsKernelEngine..;;;..;;;..;;; Copyright (c) Microsoft Corporation..;;;....[Version]..Signature = "$Windows NT$"..Class = "ContentScreener" ;This is determined by the work this filter driver does..ClassGuid = {3e3f0674-c83c-4558-bb26-9820e1eba5c5} ;This value is determined by the Class..Provider = %ProviderString%..DriverVer = 03/25/2021,1.0.0.2..CatalogFile = rsKernelEngine.cat......[DestinationDirs]..DefaultDestDir = 12..rsKernelEngine.DriverFiles = 12 ;%windir%\system32\drivers..rsKernelEngine.UserFiles = 10,FltMgr ;%windir%\FltMgr....;;..;; Default install sections..;;....[DefaultInstall]..OptionDesc = %ServiceDescription%..;CopyFiles = rsKernelEngine.DriverFiles..;, rsKernelEngine.UserFiles....[DefaultInstall.Services]..AddService = %ServiceName%,,rsKernelEngine.Service....;;..;; Default uninstall sections..;;....[DefaultUninstall]..;DelFiles = rsKernelEngine.DriverF

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49456
                                                                                                                                                                                                                                        Entropy (8bit):6.631066056716293
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768://Vqt92EbtYnekejiYF5blvhBVu8suwIppriCAVUValkjvJt3Hy5Z:EmeLT0CpprAqs6tXqZ
                                                                                                                                                                                                                                        MD5:F77B9B6CCCA206535EB9672266A462B1
                                                                                                                                                                                                                                        SHA1:479345A89FB7362CAE53A3040F4EFCEE55B92BF7
                                                                                                                                                                                                                                        SHA-256:BC4EBE3656BE0F502B65A2CA247FFA1B3065EC6FE2E76D3AF21511A0616F855C
                                                                                                                                                                                                                                        SHA-512:9C80E9C83A58C9E2C63F22C17E4FD4DF227F04960AA2212C66A1308512FE02E71CB7300455965109A7E3931ABD38EBD15162FE3CB46C3328F28D1AE175B4EFE3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2.P.Sg..Sg..Sg..Sf..Sg..5f..Sg..5c..Sg..5d..Sg.C:c..Sg.C:...Sg..S...Sg.C:e..Sg.Rich.Sg.................PE..d...".\`.........."......H...&................@....................................A......A................................................4...<....... ....P.......r..0O......D....5..8........................... 6...............0...............................text...D........................... ..h.rdata.......0......."..............@..H.data...$....@.......2..............@....pdata.......P.......4..............@..HPAGE....N....`.......8.............. ..`INIT....6............R.............. ..b.rsrc... ............b..............@..B.reloc..D............p..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2368144
                                                                                                                                                                                                                                        Entropy (8bit):6.822279556639425
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:EGtlqmIU6i9WVwASOgrXZLIgUivtw6jx5+8678vcWs4jdNsgiPLI:w+3zjdsZF4jTsgsI
                                                                                                                                                                                                                                        MD5:A43118B1455E67429B40C004379D0EC7
                                                                                                                                                                                                                                        SHA1:862B1B00F881BAEF639D517C6772DAAFE06B135D
                                                                                                                                                                                                                                        SHA-256:0E020A3A096FF4A161ADBC501C3D71F2B4B0587735E86CF8673544286808494E
                                                                                                                                                                                                                                        SHA-512:887A0E7E46804CD79C91F313E9AD32E5E5EEE594CCD126A6CBC491AEE2B90E623D666DB1FCDB5B7CE65193F02653855E63B673F888EA7BDCA712081CA8AE390D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......}..o9r.<9r.<9r.<r..=3r.<r..=.r.<r..=7r.<?.U<8r.<?.=.r.<?.=+r.<?.=-r.<9r.<.r.<r..=4r.<9r.<$r.<..=.s.<V.=.r.<V.=8r.<V.=8r.<V.W<8r.<9r?<8r.<V.=8r.<Rich9r.<................PE..d......e.........." ...&.....f................................................$.......$...`..........................................i".t...Tk".......$.X.....#.D.....#..:... $.lS..0k!.8............................i!.@............................................text............................... ..`.rdata..............................@..@.data....v...."..0...f".............@....pdata..D.....#.......".............@..@_RDATA........$.......#.............@..@.rsrc...X.....$.......#.............@..@.reloc..lS... $..T....#.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\EPPBackup\rsEngine.config.backup

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (5824), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5824
                                                                                                                                                                                                                                        Entropy (8bit):5.99179572850437
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Rw99zAT1M+bHIEwrgiYlBk9x/rcohy9Q/GDFSf1Ru/M7j0C0wXfAXBT5A:RwLzAZxrIt0Bk7+QZz7jh0wI5K
                                                                                                                                                                                                                                        MD5:0195B6F2D3E0F5A4947F353E48E15D8C
                                                                                                                                                                                                                                        SHA1:F29FB502B68A486FFEE0C55ED343C15E5110E6F9
                                                                                                                                                                                                                                        SHA-256:52B9FF10C412162CE0AC5ECE6CD56B1164C209AF1AD8B3B8E334149ED6E4EA56
                                                                                                                                                                                                                                        SHA-512:65BA63D1645A1C507C2A8C4728DF0F1F660F3574333925386F1B5B07F11E4E894D8404767A478A384D6A5910915FF040698C6C761047A4CE53A9FABD2D788BEF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SeNHHAozzDzx8xafGs52O02M3LrbDRSLIJ5xixluCuxOz2RE7hbtSEc4h5uwlDrbNRkIuc4wJhx4cXXt/BOt9Z+36zGIYFX8XISHgLWcpFjCNyTrdgn2YOwLq7Y7bAKO5yDJj86mhhScMYzZBlyORgFRJ147EDfwm0fcGGR0sjv0p2Gn/ZV4AgD66Ocu+Msv8hkX9Iv4Ny94mQ/t8HdSZcpl3Vs1/Y2/w1eWrsjffIJRQPTst3kD+6PkJ6wESCkalyNysMY7Xym7/aS1fSZWmUxP0m0VZihGj6AV+J3d8we9Z3Jd/GK2Eyq8xg+d0D03kWzKYSSWH6IurX1f0MJ/RdIqVoXOToOeW8FXmrL/mVu1P0Sk9q5GCosFlPYAQdEkM+k9JNb0YPcOmlrbVVF+CU2PekpKhwWF/u6kFjbT3EZbXcfjB4XPqNremlWvMtCo2mOnMIs9Omm9ROlhD28LolaA9zpxsgDoqLGVSb56MA8Z2ho9DdUQHixQWphsJ7efUATXjTeoitUN7qTrigGJXAeGYCeHtHISIi8LkQB6uba4L8w6imPsL/ak8FtVyW2OYkpELVVcBdg5NTDT7hhkgBYjSRz4udHNJAwrHJtQkDcZRu81LGNQBmeEER99cN71j06CjH6xiw5y6Q/bgmQ8OvH0WTMXXcCc3fkVWDHgSDKvj6owxB9+Z3KGjnEbmpOzfxDkI8h4JF2ALQbKSxhTEaLUDm7zsJuljmB7VBsCEAw0yStGo/aTERF+U4Hlh6RrC6jTRnB6hMMY3NJf7nqG7jlAcyoi6/btEFUz0MmFZ6PF7rOuPsIuD3QHWgZdFQIH/TZskLj1YAEXDsU/HSQR/ukB/If5hjj5Lk4ZkZ621Upjc2OVvyFMrSEC8chhTVfauV72ZEIvueY5TFjx+AxdEvShXzTTJJjlss3nI8Qsy2+k/bUAuaJO9qlH6KuWoYT5keJ7IZxJQP0DE1Lfzb6ZWNMcwZLxYXCpR4lLNHDb

                                                                                                                                                                                                                                        C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\uihost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):560
                                                                                                                                                                                                                                        Entropy (8bit):5.225443241529467
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:ZRVWPERbbs8J1VxJRV1Rbbs8J1V3JRVvxRbbs8J1VxJRVUJW7Rbbs8J1V33:A8RoY1VtRoY1VbRoY1V6W7RoY1VH
                                                                                                                                                                                                                                        MD5:2212AC09C5D432C2B1E0D1DC2DFD8763
                                                                                                                                                                                                                                        SHA1:067F80F9C384A5D844CF6BBECB51F54C8CE7930F
                                                                                                                                                                                                                                        SHA-256:232DC6C522BB64DD4AE2D679546C7F117ADA5FDD81F8FA586FF550FB212D661C
                                                                                                                                                                                                                                        SHA-512:1B0A46E33400B9064CFD252AA9EF2D9521086DB8774D10F16302D5C2836A9FE00FF4F7D886DBFE0E7BAB2DA0C38A214B1C0811A6DA6B4D1A680BD9B33D94C31A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[ERR][20240602 00:52:50.491][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting CloudSDK.cache: GET /subscription/v3/details..[ERR][20240602 00:52:50.709][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting CloudSDK.cache: GET /subscription/v1/details..[ERR][20240602 00:52:50.976][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting CloudSDK.cache: GET /subscription/v3/details..[ERR][20240602 00:52:51.269][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting CloudSDK.cache: GET /subscription/v1/details..

                                                                                                                                                                                                                                        C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1581
                                                                                                                                                                                                                                        Entropy (8bit):4.9030003863240506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:sZpGZkZQZOR9Zn8Z3QZmZFZRZ16ZIYZOgZqZAU6Z4v:GaxXv
                                                                                                                                                                                                                                        MD5:D71D22FBA5B75872402A9C6E8442D3DB
                                                                                                                                                                                                                                        SHA1:FF34B8B270E528636EE4005C041C30FA10A3E4A0
                                                                                                                                                                                                                                        SHA-256:402B38BAE6A0035E6AE796D0192F92FD2F03D3ACEB8C00DB5916E7B76ABCFE10
                                                                                                                                                                                                                                        SHA-512:C7597210DEFC4758BA5A4980DE1E3EA525B1128066943A0E01D5173F17ACF3342E183AA754F499B7C2E2BA6DE55D9F0534E2A8086EDEBB5CF7E64ECD136D081C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[ERR][20240602 00:52:47.518][ProcessUtils.cpp@186]: Failed to open process with id 0. Error 87..[ERR][20240602 00:52:47.527][ProcessUtils.cpp@186]: Failed to open process with id 4. Error 5..[ERR][20240602 00:52:47.534][ProcessUtils.cpp@186]: Failed to open process with id 92. Error 5..[ERR][20240602 00:52:47.542][ProcessUtils.cpp@186]: Failed to open process with id 324. Error 5..[ERR][20240602 00:52:47.546][ProcessUtils.cpp@186]: Failed to open process with id 408. Error 5..[ERR][20240602 00:52:47.549][ProcessUtils.cpp@186]: Failed to open process with id 484. Error 5..[ERR][20240602 00:52:47.552][ProcessUtils.cpp@186]: Failed to open process with id 492. Error 5..[ERR][20240602 00:52:47.555][ProcessUtils.cpp@186]: Failed to open process with id 620. Error 5..[ERR][20240602 00:52:47.559][ProcessUtils.cpp@186]: Failed to open process with id 1476. Error 5..[ERR][20240602 00:52:47.562][ProcessUtils.cpp@186]: Failed to open process with id 3304. Error 5..[ERR][20240602 00:52:47.567][Pro

                                                                                                                                                                                                                                        C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100
                                                                                                                                                                                                                                        Entropy (8bit):4.8823338502171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Q+tRVZVXQPR2UiaxltNREIkFRekLQNd2mn:rtRVsp9BNRM7Gd22
                                                                                                                                                                                                                                        MD5:AF79B1CB4ADA74D6EF7DC3402DADDAF8
                                                                                                                                                                                                                                        SHA1:B041BB199FE2CDEAD55828E44DC4C825F86E55C8
                                                                                                                                                                                                                                        SHA-256:5F2320702B73E440EA7228C94E34E33EA5D60605171F9CB57796D19718CFE580
                                                                                                                                                                                                                                        SHA-512:13925584C41C6EDD1F83A59AF3078BCB54161D74390B61220E7629341122C21C514D0F9C63FFEF7DAFB3BB296A071E1E5D6FDE346409D9C8D23348E06E488615
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[ERR][20240602 00:52:49.818][install_extension_task.cpp@179]: Failed to install firefox extension...

                                                                                                                                                                                                                                        C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):211
                                                                                                                                                                                                                                        Entropy (8bit):5.037886268660035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:rtRVstKN6k2JM0RG0DKhSm0tRVsvRztlwZVjwOrADGq:ZRVYdk2JTDFnRVuztlwrjhroZ
                                                                                                                                                                                                                                        MD5:E67CF02C2B9E26BAEDE655BB226C1285
                                                                                                                                                                                                                                        SHA1:0C9B8F6C2585EA8D106AD749B411722E8AD2DA00
                                                                                                                                                                                                                                        SHA-256:7434F466D645C90B7DEF158B400DBE5BD51E2F2FCDA9E37F11A32C64097EBD3F
                                                                                                                                                                                                                                        SHA-512:6742384725E994A8CDE1225A980ECD4826157CB1990C2B6AA3D8345E26E574F26BEC0C5CBA9160ABE7EB133530EF91D0A9715DB33D14AF18B6C6BB3A6426DB97
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[ERR][20240602 00:52:06.371][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 476. Error 31..[ERR][20240602 00:52:21.054][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                                                                                        C:\ProgramData\McAfee\WebAdvisor\wa.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3043002, file counter 197, database pages 14, cookie 0x3, schema 4, UTF-16 little endian, version-valid-for 197
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):57344
                                                                                                                                                                                                                                        Entropy (8bit):4.335848478544959
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:FoOoMeDQFfGl/p6fy0es/WH1ceOIjaF6OEJYQk:sSheO9
                                                                                                                                                                                                                                        MD5:F37F6ACD0B405A5CBB68788F2EDCF3EE
                                                                                                                                                                                                                                        SHA1:DF40EF1795BC47D0A13459320754A01D84E4FAC2
                                                                                                                                                                                                                                        SHA-256:C2731D961BC43689EDDDC4E89B2961A9AE4A1E5636C2BFEA174F73C2B99D8C10
                                                                                                                                                                                                                                        SHA-512:8EBDA689C836792057BEF8EFD6B6F7CED37B5B01D6DEA38DFA46BD4F8E9EB1703FFB706FF8862799754286FBD556FD0EA7784EE0621F2904D59649F1432AADDF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................n......._..=.R._......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wechat-3.9.7-ins_dba8ecde917bbddce16788080d685a4b09996f7_10714536_1fb666df-efbd-49d9-8ace-6af295e3e5ef\Report.wer

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                        Entropy (8bit):1.3892510532441353
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:5T4py6eib071klXjqB23TfR15iXzuiF4Z24IO8A:9Ky6eio7OlXj/fRjszuiF4Y4IO8A
                                                                                                                                                                                                                                        MD5:1C29535908833D5A65D754CBB10B3DB6
                                                                                                                                                                                                                                        SHA1:C57DF5E484BD821A4CD1FFA7AFFA9CF7E6668559
                                                                                                                                                                                                                                        SHA-256:DBDCAD6EA9A687ACA79D1F533E91F395E4F8BED21BF47764DA9CFF70F02F773F
                                                                                                                                                                                                                                        SHA-512:0936228E33F997428B3E80515596DE19A391BF19A0C03889199ED5042EAAA85A532F9819304415CA1F04A02654CCD4264CD80C0DB8D19777B0C2030C94C67B9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.1.7.7.0.7.3.9.1.2.4.3.5.0.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.1.7.7.0.7.3.9.8.5.8.7.6.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.f.b.6.6.6.d.f.-.e.f.b.d.-.4.9.d.9.-.8.a.c.e.-.6.a.f.2.9.5.e.3.e.5.e.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.e.d.9.7.1.0.c.-.f.4.8.5.-.4.3.9.2.-.a.7.5.4.-.a.c.f.d.9.6.a.c.6.b.a.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.w.e.c.h.a.t.-.3...9...7.-.i.n.s.t.a.l.l.e.r._.a.e.-.G.F.z.1...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.3.8.-.0.0.0.1.-.0.0.1.4.-.e.4.4.f.-.c.b.b.a.9.8.b.4.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.2.7.e.7.1.1.c.2.5.c.1.d.b.3.5.4.7.c.4.a.0.

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BCE.tmp.csv

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):86764
                                                                                                                                                                                                                                        Entropy (8bit):3.0536790439670645
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:fQW6CDZcyC7+YNw6JcKOnXK8tf+x4WygoAbZuvlt:fQW6CDZcyC7+YNw6JcKOnXK8N+x4Wyga
                                                                                                                                                                                                                                        MD5:D6BA9D11CAE43A8F0276FA275A0F2F62
                                                                                                                                                                                                                                        SHA1:B56574C1F8381720F25D0230860F98BD994F564E
                                                                                                                                                                                                                                        SHA-256:5FBC02E5A4AF278D45CE19C20876A3DB27FB6BB1E493B4A970F5120FA3DB1DC2
                                                                                                                                                                                                                                        SHA-512:24CB8955926728009C3F4C77D50803655B7BD40612486320B657BD9634B998227D25DAA11052DEEC2589CD2F3CCEFC9099517E53DF0B1CE33EC9E59AF1D0EB83
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D94.tmp.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13340
                                                                                                                                                                                                                                        Entropy (8bit):2.694964668073427
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:TiZYWNpvkZleY/YeWBVHXYEZBptHiq3jlCwyyqoCvaTsuMP0ZICvn:2ZDkeIWRFKaTsuMP0GCvn
                                                                                                                                                                                                                                        MD5:D662111CA5E311FAA0095DC3BB787719
                                                                                                                                                                                                                                        SHA1:66AB10195BCB2CB96FC590473FD6BA6681639586
                                                                                                                                                                                                                                        SHA-256:2301DF7E87D082543615281006049C75DA0F7BF00272412243BBA4705B1224AF
                                                                                                                                                                                                                                        SHA-512:BC9D4B4CF2524611C8B594294A39E2CE2FF578590FD1022DB6A16104BF9EB381DF6FDA721C9A6AED9F8255A06ABCB209953F94AC317ED3F401C09C1C8B71D630
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE134.tmp.dmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Sun Jun 2 02:58:59 2024, 0x1205a4 type
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136036
                                                                                                                                                                                                                                        Entropy (8bit):2.175639479864252
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qrNZykZJu2YkePIX1ObtIR4eb6bek0KGGMKDaCMfNbYGu5Pstl2ByUpJsKsXk1:4OWePIlObta4eWe9DKDaCKuitNQmh4
                                                                                                                                                                                                                                        MD5:566C75A5BDDCB92B486346E63A0056F2
                                                                                                                                                                                                                                        SHA1:92DB0BAD576C44E1429B55FB9E7D622F8F6DF5B5
                                                                                                                                                                                                                                        SHA-256:E7324B5A77874BDF12E1B0ED05478CCE5ABD7C85A2ED01B5DDBD1403EFC386A7
                                                                                                                                                                                                                                        SHA-512:373EF62BA68C51369F553F0A9AF854063ED4A65D06E11D5CF7292ABFBE9D22F1D5060A4C24C69248AA9CF2DD30F6B675F952C887939D385D3EC6640FE451E5DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MDMP..a..... .........[f............D...........(-..X............6..........Xl..........`.......8...........T............j..............47.......... 9..............................................................................eJ.......9......GenuineIntel............T.......8.....[f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2DB.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8488
                                                                                                                                                                                                                                        Entropy (8bit):3.7025608180231107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJpC6cYcZs6Y/N6Imgmf5N7prw89bBMsfw4QLm:R6lXJc6cYgs6Y16Imgmf55BffwC
                                                                                                                                                                                                                                        MD5:CADE50B80B6C58CDCD5F5B6AE7BC3843
                                                                                                                                                                                                                                        SHA1:2CBE31896A0FC250A1C41FFFA8576F68DB699129
                                                                                                                                                                                                                                        SHA-256:AEAD55664C3EB22DE062ED436F26265506A4157C7821E0A24BFB9D140105807D
                                                                                                                                                                                                                                        SHA-512:E9F0BB30F40E180F96FF0827759D961E2FBFD3C367F685C33D51424342BD56A44546DE8DA80E0A58D1E5924FA4A6202767EF06CAE8CA299A66DC6C14F1A65B99
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.7.1.2.<./.P.i.

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2FB.tmp.xml

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4841
                                                                                                                                                                                                                                        Entropy (8bit):4.485420851602498
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsJsJg77aI9wLWpW8VYaYm8M4JT9AXDGzX/FH7en+q8CyXUpXF1/2Ndx7:uIjfJqI7e67VWJCXoXq2XsXD/2NuWyyd
                                                                                                                                                                                                                                        MD5:006B46C13F894A8274D13056ABDDB2DE
                                                                                                                                                                                                                                        SHA1:2B9645ED4BFBF2DA0060CCD688767AD1EEF46E53
                                                                                                                                                                                                                                        SHA-256:521CB76A5BB01F2F485C341404E62A604747C8E9200D6FB313320BA04FFFE57A
                                                                                                                                                                                                                                        SHA-512:ED52AE0F0A0499520199A759F58ECD528E8479CA28E62B3D53DBE5F80C25CE11700CEEF083122692CB857BE71B88EFB5C65657376279CBEEFA50A381837E2555
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="349561" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE309.tmp.csv

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):83764
                                                                                                                                                                                                                                        Entropy (8bit):3.056609828744417
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:gk0/LKsR+WK7KQoA7jRKdIjQlXmUZ9EAHasqjH0Jnu/AZM:R2Lr+WK7T7cOQ9mUDEA6sA44AZM
                                                                                                                                                                                                                                        MD5:47C00FAFD310775C19A3A30DCAC33704
                                                                                                                                                                                                                                        SHA1:667C750653366770111DD8B832A03FA0E4C874D0
                                                                                                                                                                                                                                        SHA-256:8E9FC87AEAF94E06F9132266108480E2C3FB1C58A3EEF367E57CE5B1BCB93FFB
                                                                                                                                                                                                                                        SHA-512:4FE27FA7C398D3FA33A7B4535EFD65F6CE3FBEC9D228782E79C412EBF6747FBD44DE95901C13D2D5D20173E4FFBB5F44CFF451C77ABE3F7C4CD6AFA6B41D06F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE368.tmp.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13340
                                                                                                                                                                                                                                        Entropy (8bit):2.6850176081553836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:TiZYWXIahkMEcYzYrWfH/YEZzFtHifIowTwBiFDy+aU0LMpc8IWl3:2ZDWcE7+IaU0LMpc7Wl3
                                                                                                                                                                                                                                        MD5:72ECB57B8F61515040CF9C0C3ADAD382
                                                                                                                                                                                                                                        SHA1:4F315D434EEBBD4A22369425A2525F66F9C36669
                                                                                                                                                                                                                                        SHA-256:E286156B6BB02700AD71EE6ED9D5C58F1C56C9042CA4774BD84600EBB6EE1BA1
                                                                                                                                                                                                                                        SHA-512:B6137ED2893A979A29A03891876DA83DEC1D722FC827998BA14DF97B019412E2B5DE1D02E7323837D3440BF32DAC436CCBEDE759FB84A5A32EA2682266E0B40E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\Errors.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (320), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1209
                                                                                                                                                                                                                                        Entropy (8bit):5.164374736411283
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CWBBNjtIK4aQxx2DOQVfRPN8kxGu8iIwHJZ7ydZxGu4qavGVxG3:CWBBPbvQxoOARPNrGurIKz+Gu4qUIG3
                                                                                                                                                                                                                                        MD5:29E6B7F69979A0C694C35CB3B90966CD
                                                                                                                                                                                                                                        SHA1:162E7E28173B4498E8BF66154EEEE0E75C8FAF60
                                                                                                                                                                                                                                        SHA-256:81151B3374229C66F006270EF09A2E3B006A131CE8E4E3E1E3C81484F974FEC4
                                                                                                                                                                                                                                        SHA-512:6382AFA3D98F96BF5ECAB74496A8328D56344D18B0D919D9C6F30760237CF39C32FAB09E6FCA012E4150171DE86BE5EB58C10AC98BEE4EC3E54E3939D7C9F9DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:Product Version: 5.30.4..Engine Version: 3.2.0.0..Engine Path: c:\program files\reasonlabs\epp..Client Version: 5.30.4..CLR Version: 4.0.30319.42000..OS Version: Microsoft Windows NT 10.0.19045.0..OS Service Pack: ..OS Bitness: 64..Public key: 09041ef0-208c-11ef-84c2-25e79462c963......{"product":"rav_antivirus","level":50,"msg":"Could not start driver service.","time":1717297186814,"component":"rsEngine.Scan.OnAccess","class":"OnAccess.KernelMode.Driver.Manager","method":"Manager","section":"Wrapper","file":"Manager.cs","line":115,"version":"5.30.4","ruserid":"09041ef0-208c-11ef-84c2-25e79462c963"}..{"product":"rav_antivirus","level":50,"msg":"Could not start driver service rsCamFilter020502","time":1717297187314,"component":"rsEngine.Protection.Camera","class":"Camera.Manager","method":"Manager","section":"Wrapper","file":"Manager.cs","line":548,"version":"5.30.4","ruserid":"09041ef0-208c-11ef-84c2-25e79462c963"}..{"product":"rav_antivirus","level":50,"msg":"Thread was being aborted."

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\Signatures.dat (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2022592
                                                                                                                                                                                                                                        Entropy (8bit):5.999974579136952
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:+dK+qRAhQZWnHFRGGbk0kLHYCFOEx3BMHAE4d/R0l7lRmRj5/Kz3PYez2OQJBmx0:eKYdRxknOEx352P57PFj1xVYNcXsn
                                                                                                                                                                                                                                        MD5:FB84325FD7362B5634C4DE62B3A2C001
                                                                                                                                                                                                                                        SHA1:EBB54EC78A071CE47A1C86F47903D56D77B34CF7
                                                                                                                                                                                                                                        SHA-256:23BDCCB16E5900857C621B67C779B2A49179ACA564EEAF1E74FD10C4EB1651EF
                                                                                                                                                                                                                                        SHA-512:D59933302521C9B3EEAD330A38577FAF1DF0378AA926690C6001186D495ABE4FC470BF578BC9DEABD82E26D7B1F8ED446957494122BD65047456C657DC9BADE2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:LtAADqVO7UZPm5M2i6U0Ut+519EhIs7fDC28Wl1pQ3a5caHSrw+Gx5gPpgKjm6512l6HKUBJcXQoHbNGYOCA49Q3BTXE41yS8brQXEozdrMJ/QdDxGcC56TGJwEI91lQyrkOtRfocRkRscRbJGGAiyLm3qgIwtTxwz1Jjb4Pecxp6sC2gikNX1FsfN9m6z1LyQNZnfcuQ/6nD0PPsgLRx3rKTfu8eICM9LWsz2LcMcH5EgncDPPlUBccIAOoNxcwirnig5V7fYkq5PCmIeJV/foKrhkvtj2sNYOZMBtbUvSWsEGn6a6TOU/Piv2Sl43XCYBaSV+MbZD2Fa7N4XNtgSjNH8CbppSZk5+xCm2MtTAwzdHIONHn1L8zBeGZwdAbocx7Qon0DNvHkJmVNpIMiH03GwfpOb7+a7jO6UjzphzFDZTTetf0odM6bxJE5mmTkX8tHVeJZDsSRtH/kxPrlWwaJ/GDcy18HIbQYhCSoTZ7U2D0D6O+3vJNh/gXcd1/hA9EWe8sZr9+92Z7fQPHW0W1X9gXdbysOmQ53nZiTGa2LVaen84GWnaQmiNuAr8KeAYqKQLpTCHHt8HnwIB+EKPHbi5fTgHNK+5QnHZnexdkrlNEG8iJhoHPW5yMNGtxKY2j6SHQVMPeRC7IyRSSfHZjarSYlrbAwmLjM9omyK9uScT2ZUWhDXLAB5t1g/C+YFWFKgCi/fZM9BZZd6gBosg+t/ajXVDxgq4JXCDTGuarqflQgnAhx9f4UizVRedmiupelpZ7OYPPKxRHxRUXxFaijSPvFqUNjwVHEiq1D2CWLAiq1EmGZBvW5DXozhpi/Ibsj9v1rVkmO365wPql2zKxSwA41CV/ezqtyB2v9YoEFEhD5ovN6/RgP/chRBlu617VTprMUa0OiPA6jkDPVwo+H1iSLxJVFAUW7SgkDPwAmu5aL88lIJz74HBh6gEKsS/qYtzEJHt34OdPBAf+FcrmWK4rQ9vzpdNjNDmX

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesPacks.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):204480
                                                                                                                                                                                                                                        Entropy (8bit):5.999708749955238
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:l1OWan+HuCmfq1qhUG4HaZC9I7JzROt4oNTZ:an1CYqrHa4a7ElVZ
                                                                                                                                                                                                                                        MD5:921C2064015351D735038ECB0CBABA28
                                                                                                                                                                                                                                        SHA1:7A80EDAFB7CE84A2E4850F67D9685D15B7A8F4B0
                                                                                                                                                                                                                                        SHA-256:F584D261EBCF039D4A7DC80461067D79BC9B6E087966C5C99AD36908062CE5AE
                                                                                                                                                                                                                                        SHA-512:3BBCFD1BE3AB58C969F823B53817A81D49B1859BAAA6BFD96E920D39DBDFCB30DDDE597E70EF040A501E2B9BA3154631B9CBB1902BF9C95E3B3A8D758EFFC36A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:QjezGtL5g7IANC78ipNUfwMCVkwFDkMojSdFLmQLuaUGMk0BY9AYdZfIuqJSKx12X7hdXGiW/Hyyb4YEM2h5QL8R0ViTB2Xk4FNVaqzjgVg9IN5318GixirM3bzM2LlF81Ij9B0GTu1JeMsyL0nSVMVF49u0ynyMoSJaSGITRmy6OQiNRyBl9YsK2K+bZNJR6bNWf3cxGXv1H9FuIqj2wRlnYeleUCMh8hA4//wrtgbcRZLin2Xqj2B6g9BYtfNdU1vCYvmDeu9/TvMx/FDt82c2XhggRLCUrz+ob5VHnXaE06PXI3m1QZtLkpJ6WbxWk4Y3r6SVxJsE5VD0UMu9cna4URlWdg398ENLBSNpyvKyEuXS+paIuuWn8VbqPXBrzsBaL7QVZklqciA7ZT0ZzIDrsbju9PewUnqj2Q44t7wtjvx5UeKToVIBgSZ91VbCbreG22imTQfPenSJR51wY+7ThCWyGZDUQ0i5ZT9ufeM4Pg87ISiJKoIgrAEoNwQgG/nh780Wl3XLsth6+ri0zMT951g9iidOeiCr/i1SIcufs4tqpSm5WRZuP1aC2p0Jm3D2UHNc/n/g2+2IxF25TkZvGI63p8vWzErTtkrO9O8sogSZ1X7QVAY/65CGvZQR5jgLP0JPwRmiGZ6ZlmlNb/jb/0Za3izOhxrOc9PBSmGq85T8mkgnuuIsfGwg2PlOP0GAs7n0etrrjtcXfkXoSGPkqcLzvNxm4MgDDKXgVs6cO0gNYSPE4Csk19h3FbwA2xzc3Bi8Nh26/F+EGFVC4Qg6SrGDpYDFpBe+yy7kNVzQneEUu039mwElHw8yhvqEbfwMD/z/yoQDmalspEQ5m/wfPvvUHGLI/C9L1i+dRTRdGiFbgAfdkJbyE1qeSASWQJvCwWyZdvgHDCoW8IrImDVNJwmwx6WT9Mdf/SRvl7V/7quOaRtKhzLL0x0vTYzIwjqSdEZNvuD5qnB+M6iKxTrJ8bYJa73BLDiLIC+M

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):188400
                                                                                                                                                                                                                                        Entropy (8bit):7.999066043639275
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:3072:/o96AawY/tTEJNQtEp6BjorUFVw5eTxweSjty1FSUFh+Wlv4fJ1CPN:/S6AawutwQqp6B/FVBOjgEUBkJ1wN
                                                                                                                                                                                                                                        MD5:6C954A0C7D0D28BEEA1CAC4C65632253
                                                                                                                                                                                                                                        SHA1:008957F6D1F4A65F21713EB84203825F1B82B789
                                                                                                                                                                                                                                        SHA-256:68CBB1D6EE0DC57072E6D5C29A6F30EF2D2373A8FB6A5F17A1E860886267AAD7
                                                                                                                                                                                                                                        SHA-512:527DDA878C68878E9570431D824C2A7BCB3BB56087576488E7A881012B6F5B1D5818779E5C5087AEA4E262E57932C5BD9AFEC198FC7CE9A077A66C659C17CDF3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:W0...(.3...j...../rP64j.f...p=7.?Y..i~.$=...z...8,......=aQMd.%..4.....V).h.=.A...3. ?.[.J.k.j..Z...H.....4....A.....2..W.{?E.)6...u5.Z..H.j<;.?...3...k:....*?...*.. ..0...[.E.A.....{...m....0.~O.3.g.....6cB#..b.,.JPR....m.$..|R.....O..._0J....q.x...i.d(...:U;.H..I.7..S.M.3.s...z.&G....4j...e.p./..r..<...a..Z.u.....D;..8.d.Q..;x...75.m-.....u9j.(.LT}."..3...16.i.q.JMj..w....A.:....#..J.gO........(+6..h%S..GS.0P)...7.\..l..w...........!..v.........u...i..n...'.8...g..@...U,DN.e.~WR4.".e..PS.{..(6...T...RV.b....L....o.h.../.X..V.B.!..z...._.U...MT..b.~.)' .s..<.#B.....s....^.=l...@.;O.."..y.^n.e.~.6...=.`.w|K.1#../`.T.#.ll....){.......>.d5..3.(4.._....V.o..Y... ....)Mv.u:&...9L=yOg.......G...eJld...r.'.3....w#.|..G..$o.k7N. .. z..Kqe.eCDw.o.`..e..-9.-u.2&..dyC.B.H.B.R..JyB..,.e.i..R.J(0..i...G........Mp.>8!..tu..T.....K.-Jp<....5..ZRJ3.|..8......05..e.-..X.r....qx....o)`..2r.r..'D..8..BE.Vo....c>#E....d.*.....o..(.KQ....33.......F=..v[X.

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5309124
                                                                                                                                                                                                                                        Entropy (8bit):1.428654416228669
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:lZMnqWncze/r6Rkxch+9sjsGsVKQE+zcLjwcJfO8fTUkpJfk2q:G52JRgmSLzqMoHk2q
                                                                                                                                                                                                                                        MD5:D13BDDAE18C3EE69E044CCF845E92116
                                                                                                                                                                                                                                        SHA1:31129F1E8074A4259F38641D4F74F02CA980EC60
                                                                                                                                                                                                                                        SHA-256:1FAC07374505F68520AA60852E3A3A656449FCEACB7476DF7414C73F394AD9E0
                                                                                                                                                                                                                                        SHA-512:70B2B752C2A61DCF52F0AADCD0AB0FDF4D06DC140AEE6520A8C9D428379DEB9FDCC101140C37029D2BAC65A6CFCF5ED4216DB45E4A162ACBC7C8C8B666CD15DD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_RevengeRAT, Description: Yara detected RevengeRAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_WebMonitor, Description: Yara detected WebMonitor RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Nemty, Description: Yara detected Nemty Ransomware, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_MiniRAT, Description: Yara detected Mini RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_DarkCometRat, Description: Yara detected DarkComet, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: JoeSecurity_IcedID_3, Description: Yara detected IcedID, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: unknown
                                                                                                                                                                                                                                        • Rule: Backdoor_Nitol_Jun17, Description: Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: Quasar_RAT_2, Description: Detects Quasar RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: RevengeRAT_Sep17, Description: Detects RevengeRAT malware, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: MAL_HawkEye_Keylogger_Gen_Dec18, Description: Detects HawkEye Keylogger Reborn, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: RAT_Bandook, Description: Detects Bandook RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_BlackShades, Description: Detects BlackShades RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Brian Wallace (@botnet_hunter)
                                                                                                                                                                                                                                        • Rule: RAT_BlueBanana, Description: Detects BlueBanana RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_Bozok, Description: Detects Bozok RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_CyberGate, Description: Detects CyberGate RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_DarkComet, Description: Detects DarkComet RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_Imminent, Description: Detects Imminent RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_PoisonIvy, Description: Detects PoisonIvy RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_ShadowTech, Description: Detects ShadowTech RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: RAT_xRAT, Description: Detects xRAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: BeyondExec_RemoteAccess_Tool, Description: Detects BeyondExec Remote Access Tool - file rexesvr.exe, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: xtremrat, Description: Xtrem RAT v3.5, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Jean-Philippe Teissier / @Jipe_
                                                                                                                                                                                                                                        • Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: us-cert code analysis team
                                                                                                                                                                                                                                        • Rule: doublepulsarxor_petya, Description: rule to hit on the xored doublepulsar shellcode, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: patrick jones
                                                                                                                                                                                                                                        • Rule: doublepulsardllinjection_petya, Description: rule to hit on the xored doublepulsar dll injection shellcode, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: patrick jones
                                                                                                                                                                                                                                        • Rule: APT9002Code, Description: 9002 code features, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Seth Hardy
                                                                                                                                                                                                                                        • Rule: APT9002Strings, Description: 9002 Identifying Strings, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Seth Hardy
                                                                                                                                                                                                                                        • Rule: xRAT, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: ShadowTech, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: Bandook, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: BlueBanana, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: Imminent, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: PoisonIvy_2, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: CyberGate, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: DarkComet_3, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: CSIT_14003_03, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: unknown
                                                                                                                                                                                                                                        • Rule: gh0st, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: https://github.com/jackcr/
                                                                                                                                                                                                                                        • Rule: Nanocore_RAT_Gen_1, Description: Detetcs the Nanocore RAT and similar malware, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Brian Wallace @botnet_hunter
                                                                                                                                                                                                                                        • Rule: Bozok, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                                                                                        • Rule: TeslaCrypt, Description: Regla para detectar Tesla con md5, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: CCN-CERT
                                                                                                                                                                                                                                        • Rule: Ransom_Satana, Description: Regla para detectar Ransom.Satana, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: CCN-CERT
                                                                                                                                                                                                                                        • Rule: Ransom_Satana_Dropper, Description: Regla para detectar el dropper de Ransom.Satana, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: CCN-CERT
                                                                                                                                                                                                                                        • Rule: Ransom_Satana_1, Description: Regla para detectar Ransom.Satana, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: CCN-CERT
                                                                                                                                                                                                                                        • Rule: Ransom_Satana_Dropper_2, Description: Regla para detectar el dropper de Ransom.Satana, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp, Author: CCN-CERT
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:YARA kN. ...........h9H.....0........8J......8I......@......).@H..............{..................MZ......d,q........DCH......GCH................PCH.......r5......j..1.......-.........`CH......cCH................lCH........N......j.H:.........-*........|CH.......CH.................CH........F......j..C.........-o.........CH.......CH.................CH........E......j..L.................................................MZ......d,........%..@......f..,.......................(_.......`h........q........z.............................P..........................MZ......d,F.......%..@......f..,w.........IH.......IH.......IH........IH........,.........................x.................-.........................x......................... ........X...................................8........p...................................P.................. ........).......03.......h<........E........N........X.......Ha...........-.......................x.................,....................

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):135152
                                                                                                                                                                                                                                        Entropy (8bit):7.99878246729235
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:3072:DmYVstru5R3dgCWXmqAAaqWVk+9fyftEjJ+7YpKPHrSvD/:DmQ5R6rfAAaq4k+Yij0yYHrS7/
                                                                                                                                                                                                                                        MD5:973A460FFFFAA07B9591CE64F3301328
                                                                                                                                                                                                                                        SHA1:E3427CCB5682AFDBE67FA22A77886B2204031AF6
                                                                                                                                                                                                                                        SHA-256:A2048698E2D32F61BF51B0B5C83D9BEDB4013E2ECCDA047C6C249E0A82E70150
                                                                                                                                                                                                                                        SHA-512:2EBB052FB0D18E06F422CD1E5E1D526AEA77FB0F95BB2C9724210DC4BA6C79F6F156B2B5E5CC7E4934C072A83B20EED838DE4324DE3771915E5E0E690672A5CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/3<s0.....u...u..'jH.}.-}..jj.....S.a.....?.G.v.....k......%..l0/vE.8.....*<.Q!...7...k..0e..S...&..8..V%......Ds......=.$...............v'..b..4..s.h.u..^|Km...L.l.Q...o.....`.=.m....pD...).l.. ..y.cC.N..#.+.....R.T.Zi^..dH....f.r..>Z.@.6V.p.....'.=I...y.~...v{E.f.|F.....p.`..jb.;..:Ee...1q.>.x,T.y<./.......BC8t.V...7bF....i..)...r.5..p.O.@W...q.+..f.\...^.....w].-..../cB..!.8.(.O.`..K.}.]..o.sJ.*...V:.|./.`.^...^J.x..A.g.......O.1u-n...t....."'......sX5..,\C..B.6.Z..M...-|4C..*.ryv+>.X5..L9[1.r.[Dx|6;...{!....=..~J....e.....J._(KCD.)z...%..CqC....p.(..`Q.......l....MDaL.."...%[.....C0..'K/.Au...G=.M.....yzm..X.K.{...0^;f0.....L.d..M.J{h...7...x.....R-W.E[...q...%.1.L....P.=.$"..)....v...|..L...h........K.h*.x....C.9.b{..@.;....nf.#...b.ErrJ...ta/y...4.x...j.i....H.... )g.+.#..t..@...3...<)B...?j]...&6.....K...N".xl..2V..2.`C..+Al}...$2.H.u.y.......>.....H.>.>....@....X....7(..7<.....^5....vz-....Y......'..G..oY#w.X.s#.`~.=.^?..n....+-....

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3021780
                                                                                                                                                                                                                                        Entropy (8bit):1.700753001336758
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:nlTFJ5Egi21tABTPhG5iiRCP0xeMNfhFFlu+Fg9:9h2WiiRCK/NXFwn
                                                                                                                                                                                                                                        MD5:10A8F2F82452E5AAF2484D7230EC5758
                                                                                                                                                                                                                                        SHA1:1BF814DDACE7C3915547C2085F14E361BBD91959
                                                                                                                                                                                                                                        SHA-256:97BFFB5FC024494F5B4AD1E50FDB8FAD37559C05E5D177107895DE0A1741B50B
                                                                                                                                                                                                                                        SHA-512:6DF8953699E8F5CCFF900074FD302D5EB7CAD9A55D257AC1EF2CB3B60BA1C54AFE74AEE62DC4B06B3F6EDF14617C2D236749357C5E80C5A13D4F9AFCB4EFA097
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_ReflectiveLoader, Description: Yara detected ReflectiveLoader, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_LaZagne, Description: Yara detected LaZagne password dumper, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CryptoMiner, Description: Yara detected Crypto Miner, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: unknown
                                                                                                                                                                                                                                        • Rule: cachedump, Description: Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: PwDump_B, Description: Detects a tool used by APT groups - file PwDump.exe, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: HKTL_NoPowerShell, Description: Detects NoPowerShell hack tool, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: MINER_monero_mining_detection, Description: Monero mining software, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Christiaan Beek | McAfee ATR Team
                                                                                                                                                                                                                                        • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: ProcessInjector_Gen, Description: Detects a process injection utility that can be used ofr good and bad purposes, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: HackTool_MSIL_SharPersist_2, Description: unknown, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp, Author: unknown
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:YARAh.+. ...........X.%.....0........T'......T&......@......)..%.................................MZ......d,}........<..........PE......d..,.........H........`..........,.........p...................,.........V.%......Y.%...............d.............`.......s..................MZ......d,0........<..........PE......d..,i...............................@........x...........`......... ....................................... ........X'........ ...................................{\rt....d,...................f.......d.-...................1.......d...-?..................\.......d...,..........................9........C.......8L.......pU........^........g.............................D..................MZ......d,:......................Pz.......-8.......%...>.....f,6..................................................................`..........................MZ......d,.......................h..................................-.......................H.....................

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28528
                                                                                                                                                                                                                                        Entropy (8bit):7.993496870586451
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:768:KkRDFQ3obPPZ62AUEEU62yvvJVR/GOawIXUz:2obPPZrbjU62yvvJVR/GOGi
                                                                                                                                                                                                                                        MD5:8DE77A5AC1A0CB41F096B46CE93F86AA
                                                                                                                                                                                                                                        SHA1:0F247215053BBE9799C18B5E2429D3E1F3F17C36
                                                                                                                                                                                                                                        SHA-256:B8A4EC881932F0387AEE3B5FDB50BCEF6C28C1952E99E06CA6136CB8BC978A72
                                                                                                                                                                                                                                        SHA-512:644BC1CE3AC4431DBC1EFB67DE09ED370D0DBA488181CA334077F422C9493B8F1DD5006BB6DCBD02D4712998F6777B15D41E62CA429D2E4FFC3B24376B106FC1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...o..[q....aZJZz.fw|EY...@..z.;.....M+2...3..!J)].J.D.....b..QLh..+FE..O.M...0N.D,C.....<jA.[5.....Ny)#/....J.y..P....FM.....TYAU.......nP............Gpe.J..".F.yQ...?.....j.m.i..;.7...e....}%...(..507M#H.vC...c.&..U?o..r.p"<...y0....D...O..@ ..........S......)..p./..x~.O8.U.u.......].w'A.7...[.p...d.*..w.E.~.....`5...q.b.7.-.........I...>....G..r.\.%.M!.?@.n.#=8.....N.S#..KAb....V...K.....H..xZ.0<?........?...T.9\%v...N.+[.Q ".6%..>........C.9(...".....;i.......h&%..I..............j.G2j..Y........D.2.W.... .I[n.i2YL9n..3.J.=(.o...h....^:5dD.....IC.a.3._..Di.w.B.N.+5..a.p.... (.?,=..3..Q....<.R.......L..v.fs?.'./.{k.).z..L.F....i.iI..hJ......e.T...m3..z.#..x...D..>...*.......[.?;..@...%S../X..;..*X...9.[."r...A..d.`.n...y..8.N...I....G.....u.k3H.>.=...V.../G."....}N.@r.y]sU..v.].%..e,.4.cLU.{+gO.HIy5.....-.....H......g......0.r.-*....9...Q`v4...l.<....5]y.j...T..Y..]9Q1w.v~8d.....Z.[.un..5...I4..;U"....1....fY...p.....v3;.V...L..9...o..o^

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):563932
                                                                                                                                                                                                                                        Entropy (8bit):1.7480941949848847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Mu3QONYrTs06DJA9WAOYIBaROSeZxHjC/fe/KJ6nWkvkGHG0Atq2diP:OmGltW
                                                                                                                                                                                                                                        MD5:AFB68BC4AE0B7040878A0B0C2A5177DE
                                                                                                                                                                                                                                        SHA1:ED4CAC2F19B504A8FE27AD05805DD03AA552654E
                                                                                                                                                                                                                                        SHA-256:76E6F11076CC48EB453ABBDBD616C1C46F280D2B4C521C906ADF12BB3129067B
                                                                                                                                                                                                                                        SHA-512:EBC4C1F2DA977D359791859495F9E37B05491E47D39E88A001CB6F2B7B1836B1470B6904C026142C2B1B4FE835560017641D6810A7E8A5C89766E55DD26E8C43
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:YARA.... ...................0.......`.......`...............)X........................%.........f,.......................@E.......xN....................................%.........f,........................`....... j.......Xs........|.....................................................%.........f,f......................p....................................,.......................P.................-........................................................@......./.......%.........f,%......................h.............................@........................................H.........".......,..........................+........4.......(>............................/..................@e......d,........%.........f..,%.........................P........Y........c.......@l...............................................SE......d,j.......%.........f..,........................~............... .....................@.......z................................

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):125328
                                                                                                                                                                                                                                        Entropy (8bit):7.998568009237046
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:3072:EB7vvayjfB/nwk7GpikedeEiAM1rZhCBfxy:EBTNtwk70zeMX13Cxk
                                                                                                                                                                                                                                        MD5:F1EBAAED07561200BADFF25C9EEA5010
                                                                                                                                                                                                                                        SHA1:ED1A95703B6DC80668307E1EFE3B93BF00DC55C6
                                                                                                                                                                                                                                        SHA-256:70CA8AEF3C32361A376E9687F2876CC166DBC5C429B70A1D01801C5A51E0BA78
                                                                                                                                                                                                                                        SHA-512:F8B71D8658AC74A6B1830F1CB74A07636B26055585D178DF35A4B76926BAFD16D2CBFC3CE96DA3F8FD6BFD93DAA053D867B9023C0FFEBE9955E980FF5D224318
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:W.Z~i*....L..]?./..,..q....7..h)p.qg......QA.x...k.}<Z6lc....|...D.Un...\..3......n......z....6...bV.,.-x..$.-..Q+.rJ..R.t..5..$C...4`...&.........6..}4..3.Eo.v) ??.......V;.k....k.n..w..Z.F>.0.Zd...A..p....X&..i.V..g.}.y..`.0.w.y...V.....g.gS...|..D..Z...._%..O....dl...=(.....M..r3b...#N.#.....v..Q..u..B.?..-["..K.GXbP...`:..v..5.BA.;$.$..0..9..C...gq]...v../........o(,.#....L.....ID...J..u.H.......mOx..<.ud..S...>.uC ....{......\gTh..{x.5.y9.........:$v.....!.Y.O5n....t...F.v.[.....Yv......&...\..F./...~.....)AY..:..iD..gR...r..;..T..o.....0. x2....&/.P.9..L4...+.^.L..5l...rQ.e.......'........9}...v.~._...\..Zf.....o#..E..T..|....l..%.../..\..D...L..+*.m..'b.W"...lZ.Z5\....c.R.,.....$..W_.../....bQC...q..dQl..}...%.......C.l.U...."B...oD..n?.{n...E.....^.r4.....M..QF....k.... ..n..l..,...=..WI..z.8....."..W...d..`.".[...LH...L.%....'=.4...r...................Q.Q..Z.M%..h.U"k.V.#xK..m`.........B"...(*]..._.\*.!....V.23..*....8.Hf..wY..q....

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2949860
                                                                                                                                                                                                                                        Entropy (8bit):1.6920705521765989
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:eN8vvSyFI45/S9JJAVtjFqnMjEbha7zgGpdNfEsDm5dymQv:C8FeAjBO1YnppdNj4dymc
                                                                                                                                                                                                                                        MD5:F371CF8DBADD17E03393AA21F3963401
                                                                                                                                                                                                                                        SHA1:8B7A906B5D6AB57A3BF7B32401A286E812327813
                                                                                                                                                                                                                                        SHA-256:287E1AED9F449999E9852477960F8B67B2B77869463E1BAABE63BEC75142130A
                                                                                                                                                                                                                                        SHA-512:D910F4D48F4F34C0D9A68A89FC846E9C776081975C8D0BB14478C7978D8BE43E4E2666F957DECA1EA411032D08B9B2BED19849FE284E4A2EF91806C730CC570A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PowershellDecodeAndExecute, Description: Yara detected Powershell decode and execute, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: CACTUSTORCH, Description: Detects CactusTorch Hacktool, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: PowerShell_ISESteroids_Obfuscation, Description: Detects PowerShell ISESteroids obfuscation, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: Empire_Invoke_EgressCheck, Description: Detects Empire component - file Invoke-EgressCheck.ps1, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, Author: Florian Roth
                                                                                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePassword, Description: Detects PowerShell content designed to retrieve passwords from host, Source: C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp, Author: ditekSHen
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:YARA..*. ....Z......X.$.....0.........&.......%......@......)..$.......Z..............%..P......f,.........................@m.......xv....................Z........@\..............%.........f,....................... ........X..................................8...........@\.........^......^.......%.........f,T.....................................^........._..............%.........f,..................................P...................................0........h.........%..........._.........a......<.........................8.......HA........J........S.........a........@c...............................(f.......`o........x................@c.........e.............................@........x...................e.........f............................. ........X..........f.........h..............%.........f,u........................................8........p............h........@j...............................................P.................,...................

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\WhiteList.dat (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):377176
                                                                                                                                                                                                                                        Entropy (8bit):5.999945871691186
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:1BDotCsX0mytklk/i2PziH5XiX2huoW9h7dp9Q5FG85I2YYCQLk6j:jWCsDytkxMzUhYhFH/i/eLkA6j
                                                                                                                                                                                                                                        MD5:F2C339446D80393CF12236A064FA5182
                                                                                                                                                                                                                                        SHA1:4274F6487AC9249FD4B49DD5D22EB7CF60A67046
                                                                                                                                                                                                                                        SHA-256:863A22F58523D47B94E1273ECF9E2F280D0715FFC20A46D704993A32F54829BE
                                                                                                                                                                                                                                        SHA-512:E65CF3BBD78AB8DE244E47AEA6BFFE1CCD3B22B32A2260C9BA761D2C1F00A03AED17E6144E271435DC44C1F139AD74743F4F52A6140253B77842DEEDEA4DCF00
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:ECc+ipJzcwkbZhHH6D1ciQjLEdRYh2hxwL6t/gI/aKzFhP0JZ+o5RIJUuC6/SkyIcfEFK5ngKBkQ1fvVMN//LTvf565Sl+AVaap/4k4EptyHPj7I4OILB+ncy7swuiZtl3+1Wp6PX+vCWTGe4GqB4ngQZT9u8DhbT1rCWvkw2WT3Y9DEfpISoufMWf3NoVOzqCIojN21hORpmAQGvoajCOuhLkVo1t05PggD8+Et608IkI7f5XwJOlxQc5UQRikZNMOmJvi1LncghPiSSeM+a5bjR3DuO1jhUPDTVnQODj2RvNHwNZwYBCr64Av8cQT2gKS+Hs5Lui/gpf5xf5fGZuVAm56ioEBqOO9DZGQ/SQahAU1yudisgt5XB0z9efK+b6/EAPVLrUgZ3wHKwOZZtpECfmVrXRxUm5k5pgLlyMRBN2b8I9Wmqf9X+rfv0OhkLYM/yw3xSIo3ge3BOI+h1vmtfYHahQZWoEKC3rTcFRu19M8ii/gCiD7NiTuu1F2z1l/oxXz4XLr2r4QBGSBM19jsFpaaqITyTIEqwRCde7v6PSekbGgg6ZkklM2dC0HKq35eHdDQZni4kMhyqGlFWYudbMpxARQFtI0yEyKCgiF2VALSsHpckoW+JBC77U81je2vYYd1HjbeFBHdjPxYuiL5tVGWfPXvyKbMMPCMhOJCvrQTLusJs8Wxkl4KLJ0whNNdHJrPCTYREEf0K1PhYTJhIoCJcgEcD9FiK4LLBVGwgtFwLNQbFAC1dVI8EaT7c4ajDWdBB6ZwdFyiOsgaVSJIiykb0icL5G8I2mt7KkzCZed+2VY4AS8X5IiERwRolxc946p7jXl5YLwQXCPFJBAqI+z2mC+DK8bMF1/d8mymt0zXXmFuvnusX9R+/VUB27QIHT6iAj66SwD++dVDnut2Dhf9LSuNQTOD6QXDUY+VqquajycJ0iodaqasTCKzYXubGVjq1mOfsPKubp5P5IPqmCQoU/idhouWq58V

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\rsEngineV3.db

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):258048
                                                                                                                                                                                                                                        Entropy (8bit):7.970657725552646
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:IpQvt/glgRgkgDgDgkgDgkgXgOgAgDgkgDgkgDgkgDgkgDgkgDgkgDgkgDgkgDgV:udstXZ
                                                                                                                                                                                                                                        MD5:54982F75E8D309FB94FB3C29EC5292A3
                                                                                                                                                                                                                                        SHA1:A470BC74219E9395B4C5A8C4575F0ED8395C79BA
                                                                                                                                                                                                                                        SHA-256:E1945DF47B3F8075F9F2463B447053C74D5CC3489506F3CF4F8A6FE425E9BAE2
                                                                                                                                                                                                                                        SHA-512:6709BDC04DC12A2A401A0F48C9909147699BEDD9DE1DDA19A4B9FF1FB588B0D5B287C1B351449FF13408DBC2A1CFC56C2CD0AFD459A11BB2676350D62BD256C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:3l.........X..F...iP.....dE..v.u:.GCz.hm...Z...\b..R.3.a...*m..s.U..L...x6.....C*>2..H..f<..dW.3...b-...wu_g...UC]W.....Ej..y..x.Q...g ...DE..u+#...e..K..%v.S.|EV..H.]m.....c.".r.x`....+..^.........M....<.C..<v....N.......<...G.G.....s......! ].1.?...............;iB8V.v.Gb.q.b....WH.v..c....Y.WG.=...}.w...&.....U(.......9}..;.F.2.1.S..s.s~.......7..m.A@.....}...8w....{.~....)..e.S.b...l[.S...V. ...X..}.Pni.<...gM>.2..p...D.~.D../eT...........<. ....,...+]c.{......2.U.3(#8....%z.L.%;..A.S.i!3...o<.Av)...9..I.X.x......!.5H.~.vy.hy...Px.....C...kYT.LDXFW0..s..i......A.5.B....'s.q.... r..f.M...L....C.=...U+..4..[uH.'w..J..@s.....y.%.+....cQ...<.0.h.e.._L.......>.,3..j.*!3.|..S.M..30<Zj.s.K..2..y.1"..._...N.m.\T.._...W....w.!.@.a.RC&\a.d..`...>..G_hL.X....y..k..sL.......kSe|.y...V....w+..fP........`.....S33...{|....l.d....._..^.,"....).IHm....^.-.;..dl.Q.....oT.D@.lK....zi...ye..o..j..^..r!a..../.F.`.f+....y.s;...D+..R33.>W...

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\rsEngineV3.db-journal

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.28109187076190567
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:7FEG2l/kiPlFll:7+/l/
                                                                                                                                                                                                                                        MD5:802C3D8759596FE20C0871AFE9F95899
                                                                                                                                                                                                                                        SHA1:C2E1FBBCF14379004BBBB127F8D0692DE941AD2E
                                                                                                                                                                                                                                        SHA-256:88965BBE4BF6B3F6EABD124048BBBE47C722C207FB05FBEB2173ABBD45AE66CE
                                                                                                                                                                                                                                        SHA-512:8B3BB5F10830FC3BB819A5F51BD1AEF09997AE7F00E1F74A8BD21F2A7ED25E21A747B5C320C237E40D6B36BE36DF528671FE8A45E1038BDB035DD722E6D345F9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\rsEngineV3.db-shm

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.1367149932715185
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:Vmrwlcl/8cl/c8l/ccl/c/k8LkWtk0EEvw4T6Evr6gD0gNVS+iGl2lQlUaiOyS2:Yg08cyUccy3pfw4BrZD00olQNiO52
                                                                                                                                                                                                                                        MD5:AEF4EC9D97BE3AB95ED90F7B7DF8D654
                                                                                                                                                                                                                                        SHA1:E0B3A2E806AD867C62EE8575C858ABBB98D17DE9
                                                                                                                                                                                                                                        SHA-256:99F1C1A93600E8FA849EAC7FC1B2C187C21C60913022D7B6EBA90D5CE1AB7E56
                                                                                                                                                                                                                                        SHA-512:68E14888434EDA0D1DA0F639D41437A98C28B2335C6B3FBB7B62141241FE23CEDBDAFC2F0FF6FE80147A1DF67498636760F761915A8866C57E9103103D1659E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..-.............q...?.....->..{<..4..\E.Aa...#...-.............q...?.....->..{<..4..\E.Aa...#.q.......q.......................q................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7.......(...8.......(...9.......'...(...:.......(...;.......(...<...........................................................=...........>...?...........................................................>...?...........>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\ReasonLabs\EPP\rsEngineV3.db-wal

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):465592
                                                                                                                                                                                                                                        Entropy (8bit):7.976229552967951
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:upQrg7gmgOgugegzgkgmgwgrgzgogugZgSgRgJgCgygTg9g3gWgOgvg0gKgXgBgh:4APXPiX0vXJhsDXXXXK3XjF+gd
                                                                                                                                                                                                                                        MD5:AEAAA891A2C8CE4E068D987D096E9D67
                                                                                                                                                                                                                                        SHA1:7F92FE28D2241314BF71159F37E06819F64F0835
                                                                                                                                                                                                                                        SHA-256:3C85B62A2A8107276FF4E9D69762532CD21197CB85DA4A4CFC071C8BEAF14F59
                                                                                                                                                                                                                                        SHA-512:546B403019F2DD81FC9C62FAC8FA8D4269E0914F8774D5219F3348DF9AE16EC285BD41E41316CCFABBE78BE1950BA4001D1EAA1081977A67FC77DD02CCE75031
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:7....-..........<..4..\E...O.8..........<..4..\E..E.Ze.43l.........X..F...iP.....dE..v.K:.GCz.hm...Z...\b..R.3.a...*m..s.U..L...x6.....C*>2..H..f<..dW.3...b-...wu_g...UC]W.....Ej..y..x.Q...g ...DE..u+#...e..K..%v.S.|EV..H.]m.....c.".r.x`....+..^.........M....<.C..<v....N.......<...G.G.....s......! ].1.?...............;iB8V.v.Gb.q.b....WH.v..c....Y.WG.=...}.w...&.....U(.......9}..;.F.2.1.S..s.s~.......7..m.A@.....}...8w....{.~....)..e.S.b...l[.S...V. ...X..}.Pni.<...gM>.2..p...D.~.D../eT...........<. ....,...+]c.{......2.U.3(#8....%z.L.%;..A.S.i!3...o<.Av)...9..I.X.x......!.5H.~.vy.hy...Px.....C...kYT.LDXFW0..s..i......A.5.B....'s.q.... r..f.M...L....C.=...U+..4..[uH.'w..J..@s.....y.%.+....cQ...<.0.h.e.._L.......>.,3..j.*!3.|..S.M..30<Zj.s.K..2..y.1"..._...N.m.\T.._...W....w.!.@.a.RC&\a.d..`...>..G_hL.X....y..k..sL.......kSe|.y...V....w+..fP........`.....S33...{|....l.d....._..^.,"....).IHm....^.-.;..dl.Q.....oT.D@.lK....zi...

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe
                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1398
                                                                                                                                                                                                                                        Entropy (8bit):7.676048742462893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ujsZPSIPSUcnA3/46giyfV4Hxk7P3Gus6acCQ4CXmW5mOgs:ujul2nQ4XfVkk7P3g6dB42mVs
                                                                                                                                                                                                                                        MD5:E94FB54871208C00DF70F708AC47085B
                                                                                                                                                                                                                                        SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                                                                                                                                                                                                                                        SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                                                                                                                                                                                                                                        SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):264
                                                                                                                                                                                                                                        Entropy (8bit):3.10545065785345
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKPITPWFkYGhipWhliK8al0GQcmqe3KQjMIXIXL/:HIzYkYGIWzyZ3qe3KQjxXIT
                                                                                                                                                                                                                                        MD5:079E6CA9D9E3FA4EEC5B9984F6DC21E6
                                                                                                                                                                                                                                        SHA1:2E4868040F12BBBF5F381F59463D71D32D587536
                                                                                                                                                                                                                                        SHA-256:6A56949CA0A21DC766E9F25E192EB6741CAA0CFC777216193A6A12F425221D05
                                                                                                                                                                                                                                        SHA-512:B7B00B443EE6D7FF65D2F668320E59EF0377032E8BC3D7180CAFB5EA18A9E6FF6BC4A17257EA0294E1FF009B2FB2AE489D74073F7F23D4A969488E7D05D02E10
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... ....v..........(....................................................... ...............(.............v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.4.8.4.5.-.5.7.6."...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RAVEndPointProtection-installer.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2777
                                                                                                                                                                                                                                        Entropy (8bit):5.360797665263905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6ouHlJH/lEHuFKHKSqtHTHhAHKKk9H6HNp51qHGIs0HKS8mHDp6q:iqbYqGSI6ou/fmOYqSqtzHeqKk9atp5G
                                                                                                                                                                                                                                        MD5:9AB025225AB007D87A072B6151338CBD
                                                                                                                                                                                                                                        SHA1:72D19468FA5450D99F29F8DCA047E63260751958
                                                                                                                                                                                                                                        SHA-256:3D7C3D5921DA186FDC9C912EC11CAC4A968B9C77418A330782A5A7419C9EBF66
                                                                                                                                                                                                                                        SHA-512:025826B31F5485C87C30A93CB3B25B7017D2E7EEAD73EB8411CF3492DF34AD335A2E8F17CBB5ADE2AFE9B0A3F0286F506FA332D89ED8E69C3E3CAE22F79E60D0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\95a5c1baa004b986366d34856f0a5a75\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\ef4e808cb158d79ab9a2b049f8fab733\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\component0.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):932
                                                                                                                                                                                                                                        Entropy (8bit):5.3513116750497405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KQPE4qXKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQPHiYHKGSI6oPtHTHhAHKKkb
                                                                                                                                                                                                                                        MD5:DC44AFCF2CEFB9DAFD63D3F66DC3E56F
                                                                                                                                                                                                                                        SHA1:2A9E4B596A1228EF80F9260470A69C8BAD1DCB33
                                                                                                                                                                                                                                        SHA-256:FF8AA6405466EFE14E46AF701D97610DC9164109C11367C4F9F68D9D7FFB9411
                                                                                                                                                                                                                                        SHA-512:0A49D361F885B86221D15FCA2E7490D4BBF5C3393A2E0FF5EE21DCD75C9E04B7E89E541C2FD4426957349B70CB37E499608ECAF3984934455389EDEA75DBD142
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..2,"System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsEDRSvc.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2185
                                                                                                                                                                                                                                        Entropy (8bit):5.367446816394887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6of8mHDp684IHTQ06tHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTH3:iqbYqGSI6oXCIzQ06tzHeqKk+qZ4vwmG
                                                                                                                                                                                                                                        MD5:D39E1E845848908DDFF9EC514D9C1705
                                                                                                                                                                                                                                        SHA1:D73E0EDDB963BD91476AF9E4BDEB79E673165C9F
                                                                                                                                                                                                                                        SHA-256:A3092F05EC84E12B2F6A6B785E7FB203BFD762B80391058ABD1D2462A92BB81B
                                                                                                                                                                                                                                        SHA-512:52F44638AAD827C94C2381008765BA1F9A941009DBE434126E86E40BB83A51E76EBCA714A5D039338DED64E6D64937EE54741689ABBD849E21A817FBB0A70A79
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsEngineSvc.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):2279
                                                                                                                                                                                                                                        Entropy (8bit):5.366129416202737
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6oPIHTQ0q8mHDp684tHTHhAHKKk+HKlT4NfHKi1qHGIs0HKaHKmL:iqbYqGSI6oPIzQ0mCtzHeqKk+qZ4xqiG
                                                                                                                                                                                                                                        MD5:BA346387C10C6503D9B2AD6BF30C7896
                                                                                                                                                                                                                                        SHA1:891C5C9F34095915B26BAFA1F548DF6DC4F97D56
                                                                                                                                                                                                                                        SHA-256:32867BB5EB48B3D3FA9094BB0AA41BEF5C826C90EFBE6863FF98B5E6B9924EAE
                                                                                                                                                                                                                                        SHA-512:65989EA869DA8B5A27F689C58FFFBEA79AF426DF4E5B66AD0F3C441E2C64548043F0BBE1ABBDBF0ABC051C7D06EA42901EDE744175FD893C7D5AF0CC253EEEF2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsWSC.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2185
                                                                                                                                                                                                                                        Entropy (8bit):5.367446816394887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6oPIHTQ0q8mHDp684tHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTH3:iqbYqGSI6oPIzQ0mCtzHeqKk+qZ4vwmG
                                                                                                                                                                                                                                        MD5:62B9D2ED372903CD33F45FECF9D8DFEA
                                                                                                                                                                                                                                        SHA1:7D555C411EB64F901CEC5C1A47698D5FA6A79BE3
                                                                                                                                                                                                                                        SHA-256:03043AF46FC1C99BECE2C49E9007654A162031F14DA7B405FBCDFBE3C492C914
                                                                                                                                                                                                                                        SHA-512:F7EF2AF36B1F7ABCCD46DED57D06C7ED472F95802C444E74907D020870E0009C764F382B321AC9CA32AEBBCDCC3F24FDB0E32036FCB1D555CBF7C2BCEC254178
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\runonce.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                                                        Entropy (8bit):2.0874970136382984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:vSS85/RyqlF6tv68eqPIGsKMp66F5wQLZYbv3m4W5tHEDbiepZv78tEpwqQVM9o:A
                                                                                                                                                                                                                                        MD5:667D1B44A38F7D8EE95FFA76FB82F0BA
                                                                                                                                                                                                                                        SHA1:BAB6E896C0852585DC5A4DBF8D103C3EC99D61C9
                                                                                                                                                                                                                                        SHA-256:0B6511F152C413638627A2D3D61A313A881E1CBFCE70B17CB46C2BF9A97A1C7D
                                                                                                                                                                                                                                        SHA-512:B937967DD2725A3908CC3277A9DDCE127A7B6B82CB7506BE20FC4B1411620DF8CD7D6AEE948217ED157E8816AEC42F7C32F0E00E3BFD99F589AB398D2AAFAF4F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:. .........................................................................................`............. ......eJ.......2....Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1........................................................... ..{.............[~...........E.x.p.l.o.r.e.r.S.t.a.r.t.u.p.L.o.g._.R.u.n.O.n.c.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.E.x.p.l.o.r.e.r.\.E.x.p.l.o.r.e.r.S.t.a.r.t.u.p.L.o.g._.R.u.n.O.n.c.e...e.t.l...........P.P.........Hf.`............................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\40kgqfax.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1952048
                                                                                                                                                                                                                                        Entropy (8bit):7.807172940827822
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:oTl+Ffl0KCV8rEKbhHJikCz/NqoNcugBhnem0Xm:oTl+xLRHAVLVNcpip2
                                                                                                                                                                                                                                        MD5:436F7DECB25CBA7886B44FA4D6305F91
                                                                                                                                                                                                                                        SHA1:C202CB4669E5290ED14761E48D7D03F81FFBA97A
                                                                                                                                                                                                                                        SHA-256:0AC12D76AB20D866D6C6E00284B30561A9E400CE955E6479E4779D57B0832515
                                                                                                                                                                                                                                        SHA-512:612D75F6220F372C8E58167C3AF38D5FF2EC53A4C9800D9B5651051F7F70C04088BD5D018894D4204FFF18F051FBA50A078747404707E356E6D9838D92CEF331
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................f...".......5............@.................................>.....@.............................................(............i..x_...........................................................................................text...ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata...p...............................rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\electron.7z

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65191698
                                                                                                                                                                                                                                        Entropy (8bit):7.999995303724521
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:1572864:1/WrzMfs5kLrol4Ca5aGYw7zGszhDrywTWXC8PEW3wv:1/SzMckL8loflDuwTSEW0
                                                                                                                                                                                                                                        MD5:F2024F4CD75F6C6880520286F2121A60
                                                                                                                                                                                                                                        SHA1:996E4D115ACC038B555E164985734B085B3591E6
                                                                                                                                                                                                                                        SHA-256:983A7586C3A54C9206FDDA9643E9E500CDF24242A815E07B42847122FA8C6550
                                                                                                                                                                                                                                        SHA-512:E06070294E50DE530364F1E8DEC7096EE9C9D90C6E67CBA9968E14E7126B7E7344A238C041415B858B0A7702F5F8FB2A7071501B8024B20DE4629EF3CF9F1046
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:7z..'.....V........%.........>......]...6...E.../.-u.......xO.8..1..-.8..5..u+m..Q7.u.iO!.t}.Ew....V......6.....(.B$o..G.O.)Q.Gk.....V.P.?....6.~....G<.P...}w..A.H^.?..9rS%|..s2...3.$..Pk......8..^.|.."O.....{2.`RBPE.y8F2...W!.....6......./..q....sa....0..J.o.q..B.J.V..Pi/.p.y,.....#..5Y..R.m#b\Wx[.....E..M...!]v.d.11......:.....b....tK..I`B....z....;.......D{..4S.b..(..o....j.L-,...s.&.....E.).v`.p.%..L...e...:.....lZ..Vd...b........X.F.2W......x..b........&f..p...3QXv.....7.r&q.I.,...........#..m.q..V.=.c_w.W.7;............R..Y5WD.r%..o....O6..#..?...Hw.-LE..[m...PT..L.F[.e..i.?.(S"..(..k.....-........C.~..(..n_.{..M..0..L..L`V'.(....."..jB.z...w'P.V`w..k...T...S..vP.W:....b.........X.q...b.2C|/.j.R....A....0p..v... .`m.B.......aQ...|.` .h.N.5 ...R.|.......'.Aw8.]..V..d.%.....di7.7....R~0...iC.3....j...Em&...)....F.k.^.f....[E..-wi...s:_.L..?.A.Ynl...9c.C%......$~.h..I.......X!.W...g[...&..y...zV.X#s......Scu'S.y.H..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\RAV_Cross.png (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58209
                                                                                                                                                                                                                                        Entropy (8bit):7.972991367414719
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6OUhw1+qeEfOq4pFzFAKrm9OHUuYNNoqcYpt8VCY7zlO:V7eEfM1B0uUtyCu0
                                                                                                                                                                                                                                        MD5:4167C79312B27C8002CBEEA023FE8CB5
                                                                                                                                                                                                                                        SHA1:FDA8A34C9EBA906993A336D01557801A68AC6681
                                                                                                                                                                                                                                        SHA-256:C3BF350627B842BED55E6A72AB53DA15719B4F33C267A6A132CB99FF6AFE3CD8
                                                                                                                                                                                                                                        SHA-512:4815746E5E30CBEF626228601F957D993752A3D45130FEEDA335690B7D21ED3D6D6A6DC0AD68A1D5BA584B05791053A4FC7E9AC7B64ABD47FEAA8D3B919353BB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx......U....g....,`F@RY..j0.........t..U.....u..z3Q\u.....>...]..zwzd...`&"..{..t....<$.l*<N.L..L.f.W...9u...z..g2s.Wuu...9.[.N......`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0...iK....`0..3.%K..T.#.N...-....(J...l>z.ha.]EL.F.5.....0#..].....Sv.....p.....%..B6..x.n.\.S....EO.].c......`0.....7...;.xG7.S......T/.0.....`0..Vv..E..).......k.4.....`.1.e...f.j+....S.Rz..><022.V...i.....`0.....z..(.S...T*...X....^..`0..3....YO....c.-Dm...8;....CI...j..?+..`,.:..7..0..I.+.$..q.]>.y....xx.*o...8h..`0..... .=".P..ZG...M.7.!....>..;V{.v.J...(xG..C....v....~h....S.Y'..x.U../.P|+E.P...a..a.H..."...]oV.S.%.V....fN.^...oW.[..6$.fy.Y....r..`0...C..l.6.s../.wlCp....(. .[...Z..v.W...+.*.<.J<{ gIs.N5.n.!......'.'..Q-\.....,....H..Km.7.....`0....L.jii.......{W1s.Y.......ni..G3..a..fUiF:j.+..._..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\WebAdvisor.png (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):48005
                                                                                                                                                                                                                                        Entropy (8bit):7.924596711570388
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:kLse/Ia4qCtiJ5BX17ZzMt1itbKT6GbnMHFFQCIN3HklYMsfa1pDLfkh:kLshpqCtiJ7179Mt/T6SMD/80lYMsULQ
                                                                                                                                                                                                                                        MD5:5FD73821F3F097D177009D88DFD33605
                                                                                                                                                                                                                                        SHA1:1BACBBFE59727FA26FFA261FB8002F4B70A7E653
                                                                                                                                                                                                                                        SHA-256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
                                                                                                                                                                                                                                        SHA-512:1769A6DFAA30AAC5997F8D37F1DF3ED4AAB5BBEE2ABBCB30BDE4230AFED02E1EA9E81720B60F093A4C7FB15E22EE15A3A71FF7B84F052F6759640734AF976E02
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....sRGB.........gAMA......a.....pHYs.................IDATx^....mWu.....%. ..+t....v..F.s*.N%@U...r....v.J%.|i..r......)W..../I.I.Hc.....]p.n.@.....-..........g.9.Z{..Os...o..\s.9.c6{.u...c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..4.Wc.1.C.._~.x<~.d2....+....f/x..{766n;u...w.}..[...ox..;.......y..MN~u.=.=r/.u.......g.|...4...mW?.g.;.....;.L.pOs....~v...-}:.T>v....nR..H....r....}2.`1.1~...O.gvb.9...............n=r....n...W\qn..^1.N.w..;...=w.u.[%...lxo.....L.....|.K..Y.Rx./.f............8....y..\...{.7..._..,{!>..oy...~...Y.........q./.......N...t...y..1..L...._5]....x|y..@.Zy.\y..W>.../....g<._t.....N..^w.'n..m...x<.!...{....Kf.;...../...W....f.K...^~.x4.xvZ......T...W.....k.?q..t.....Gc....~5.......z.f..wJ....1.U..P...}c2{]*....1.O..;.<~WY\~..k.=2..(..|........wp....O=9...5y..&....}...~...:..Y..|..\z.W.~.S.._..7..[[.qd2..9

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0 (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):45608
                                                                                                                                                                                                                                        Entropy (8bit):6.10314483451767
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:9x+kL+W392KwbG3S8gUtYcFA/Vc6KJcQqCPtspPxWEJ+Z+cQqCPtJGPxWEJNW:9x7SGwbGC8gI8VclTqUtoPxmAqUtJGPW
                                                                                                                                                                                                                                        MD5:9918A291E486157963C3B089BD65AEBD
                                                                                                                                                                                                                                        SHA1:4A23B1C6F8295628F22E153D7A5097A23B09AC8B
                                                                                                                                                                                                                                        SHA-256:B2C5BCD0F5AEB5F5BCE1C3D81AD63EADF05EF65894C65A6F70A4E70B5E94F430
                                                                                                                                                                                                                                        SHA-512:35F778DE16ACE60E29C09567A0EB5EFB1101414B1686A9187D605731E25F46CD04584207C7FD3C259EF196B688ED45B686FB016580E1703849B9C93129CF1968
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].$..........."...0..............3... ...@....@.. ..............................cX....`..................................2..O....@...............,..(....`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......*..............@..B.................2......H........$.. ............................................................0..N........r...p~....o.......o....,,.o....o.....1...o.....o....r...p.(....o....*..o....*...0..3........o....(.......o....,...o....*...o......o....o.....*..0..........r...ps.....r...ps.....r...ps.....(....(....rk..p(....(.....(....(....rk..p(....(......(....(....rk..p(....(.................-..f...s............8...............%..:..o..........o.........i.0.~....+.........ru..p(....-H..r}..p(....-M..r...p(

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):45608
                                                                                                                                                                                                                                        Entropy (8bit):6.10314483451767
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:9x+kL+W392KwbG3S8gUtYcFA/Vc6KJcQqCPtspPxWEJ+Z+cQqCPtJGPxWEJNW:9x7SGwbGC8gI8VclTqUtoPxmAqUtJGPW
                                                                                                                                                                                                                                        MD5:9918A291E486157963C3B089BD65AEBD
                                                                                                                                                                                                                                        SHA1:4A23B1C6F8295628F22E153D7A5097A23B09AC8B
                                                                                                                                                                                                                                        SHA-256:B2C5BCD0F5AEB5F5BCE1C3D81AD63EADF05EF65894C65A6F70A4E70B5E94F430
                                                                                                                                                                                                                                        SHA-512:35F778DE16ACE60E29C09567A0EB5EFB1101414B1686A9187D605731E25F46CD04584207C7FD3C259EF196B688ED45B686FB016580E1703849B9C93129CF1968
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].$..........."...0..............3... ...@....@.. ..............................cX....`..................................2..O....@...............,..(....`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......*..............@..B.................2......H........$.. ............................................................0..N........r...p~....o.......o....,,.o....o.....1...o.....o....r...p.(....o....*..o....*...0..3........o....(.......o....,...o....*...o......o....o.....*..0..........r...ps.....r...ps.....r...ps.....(....(....rk..p(....(.....(....(....rk..p(....(......(....(....rk..p(....(.................-..f...s............8...............%..:..o..........o.........i.0.~....+.........ru..p(....-H..r}..p(....-M..r...p(

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1 (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):527389
                                                                                                                                                                                                                                        Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                        MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                        SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                        SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                        SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1.zip (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):527389
                                                                                                                                                                                                                                        Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                        MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                        SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                        SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                        SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29321856
                                                                                                                                                                                                                                        Entropy (8bit):7.992684463143075
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:786432:35nsrY8OB/PN+rI9z1KiL7muN9Yv60+cwc7UGXuc:35nUY8UgI/KiL7lN060+9GND
                                                                                                                                                                                                                                        MD5:58B8915D4281DB10762AF30EAF315C9E
                                                                                                                                                                                                                                        SHA1:1E8B10818226FA29BFA5CDD8C2595BA080B72A71
                                                                                                                                                                                                                                        SHA-256:C19DF49F177F0FECF2D406EF7801A8D0E5641CB8A38B7B859CBF118CB5D0684E
                                                                                                                                                                                                                                        SHA-512:49247941A77F26AB599F948C66DF21B6439E86D08652CAA9B52FFBCEFD80A8C685D75C8088361C98DDE44936E44746C961F1828A5B9909FECD6CE9E7E6D2F794
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d....j)f.........."............................@....................................OQ....`.................................................8$..(...........p..p2...\.................p.......................(.......8...............p...H"..`....................text............................... ..`.rdata..............................@..@.data....1...0......................@....pdata..p2...p...4...4..............@..@_RDATA...............h..............@..@.rsrc..............j..............@..@.reloc...............P..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1184128
                                                                                                                                                                                                                                        Entropy (8bit):6.623147525519113
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
                                                                                                                                                                                                                                        MD5:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                                        SHA1:EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
                                                                                                                                                                                                                                        SHA-256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
                                                                                                                                                                                                                                        SHA-512:C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\is-7FAI5.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):45608
                                                                                                                                                                                                                                        Entropy (8bit):6.10314483451767
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:9x+kL+W392KwbG3S8gUtYcFA/Vc6KJcQqCPtspPxWEJ+Z+cQqCPtJGPxWEJNW:9x7SGwbGC8gI8VclTqUtoPxmAqUtJGPW
                                                                                                                                                                                                                                        MD5:9918A291E486157963C3B089BD65AEBD
                                                                                                                                                                                                                                        SHA1:4A23B1C6F8295628F22E153D7A5097A23B09AC8B
                                                                                                                                                                                                                                        SHA-256:B2C5BCD0F5AEB5F5BCE1C3D81AD63EADF05EF65894C65A6F70A4E70B5E94F430
                                                                                                                                                                                                                                        SHA-512:35F778DE16ACE60E29C09567A0EB5EFB1101414B1686A9187D605731E25F46CD04584207C7FD3C259EF196B688ED45B686FB016580E1703849B9C93129CF1968
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].$..........."...0..............3... ...@....@.. ..............................cX....`..................................2..O....@...............,..(....`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......*..............@..B.................2......H........$.. ............................................................0..N........r...p~....o.......o....,,.o....o.....1...o.....o....r...p.(....o....*..o....*...0..3........o....(.......o....,...o....*...o......o....o.....*..0..........r...ps.....r...ps.....r...ps.....(....(....rk..p(....(.....(....(....rk..p(....(......(....(....rk..p(....(.................-..f...s............8...............%..:..o..........o.........i.0.~....+.........ru..p(....-H..r}..p(....-M..r...p(

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\is-8B4S0.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3472
                                                                                                                                                                                                                                        Entropy (8bit):7.887509074097702
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:esI8Px/qzfMJ7z40E7o6tBSdqtcIkGcgz:e+PxmfgZx6/IqteI
                                                                                                                                                                                                                                        MD5:3389CCF9511B5BAB290075AC7C9D6F45
                                                                                                                                                                                                                                        SHA1:95DB39B91E3EA5DF39EA64BF02BCE3361E401528
                                                                                                                                                                                                                                        SHA-256:7C1AF7B61C52107EE247482B8D72BB2567813F37660A07824E34DDE35D182834
                                                                                                                                                                                                                                        SHA-512:A840A4C58E2760A742B8C2D7A9F8FD892FC93266AFD2BBCB9B273EFC867751B172F7AFC9D0D90E8437A76B9F33F00CB7893699D6C2C6EEC8D861DDAA7101423D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......JFIF.....................................................................&""&0-0>>T.............................%......%!(!.!(!;/))/;E:7:ESJJSici.........d.d....................................................................1Q.!Aa..2R."B..qt.......................................................1!AQ.."Rq....a$BS...............?..x..k.ax...q.sn),0....|.....?>...".t.'.^V....aHb.....pHy."..Ct.n...!.DM..".!.D.E....~3.2...(.....21R<.....dfV..:2.`.x...o..Lie.'....>.6.8....[.....H...Q&.:....2...!.D_3H..X..i...uY.sR"..t.n...!.j&...."IX?.r,.a..!.iR..O.O.k.....;Q.ld.....'h:k.s-....M.....rxu.....Jj.G..P.`...iq..k...b.[.....8tT..`...j.?.EH.."..=C.D.^?.......ygp......~....ZW.oF.Y..X>,j....+..i...(..$=.|<Z.!oX%.3.C..t.`...rx.......|D...Z...\.|..%V.q..1qr..*.y.`...rO....].a..*...~......J.+\.l.b.4.l."...fz.....g7.H....\...n...x....._.../...O.t./....C......YC,2...@.JR:..]..........RV.".(UQ....\U....3g....9PT...Y...<:../f...H.g..#.Yn...`}d....%hPRT.I.`.R..6$. .D.dY%....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\is-9O2UF.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):48005
                                                                                                                                                                                                                                        Entropy (8bit):7.924596711570388
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:kLse/Ia4qCtiJ5BX17ZzMt1itbKT6GbnMHFFQCIN3HklYMsfa1pDLfkh:kLshpqCtiJ7179Mt/T6SMD/80lYMsULQ
                                                                                                                                                                                                                                        MD5:5FD73821F3F097D177009D88DFD33605
                                                                                                                                                                                                                                        SHA1:1BACBBFE59727FA26FFA261FB8002F4B70A7E653
                                                                                                                                                                                                                                        SHA-256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
                                                                                                                                                                                                                                        SHA-512:1769A6DFAA30AAC5997F8D37F1DF3ED4AAB5BBEE2ABBCB30BDE4230AFED02E1EA9E81720B60F093A4C7FB15E22EE15A3A71FF7B84F052F6759640734AF976E02
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....sRGB.........gAMA......a.....pHYs.................IDATx^....mWu.....%. ..+t....v..F.s*.N%@U...r....v.J%.|i..r......)W..../I.I.Hc.....]p.n.@.....-..........g.9.Z{..Os...o..\s.9.c6{.u...c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..4.Wc.1.C.._~.x<~.d2....+....f/x..{766n;u...w.}..[...ox..;.......y..MN~u.=.=r/.u.......g.|...4...mW?.g.;.....;.L.pOs....~v...-}:.T>v....nR..H....r....}2.`1.1~...O.gvb.9...............n=r....n...W\qn..^1.N.w..;...=w.u.[%...lxo.....L.....|.K..Y.Rx./.f............8....y..\...{.7..._..,{!>..oy...~...Y.........q./.......N...t...y..1..L...._5]....x|y..@.Zy.\y..W>.../....g<._t.....N..^w.'n..m...x<.!...{....Kf.;...../...W....f.K...^~.x4.xvZ......T...W.....k.?q..t.....Gc....~5.......z.f..wJ....1.U..P...}c2{]*....1.O..;.<~WY\~..k.=2..(..|........wp....O=9...5y..&....}...~...:..Y..|..\z.W.~.S.._..7..[[.qd2..9

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\is-KTFU9.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58209
                                                                                                                                                                                                                                        Entropy (8bit):7.972991367414719
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6OUhw1+qeEfOq4pFzFAKrm9OHUuYNNoqcYpt8VCY7zlO:V7eEfM1B0uUtyCu0
                                                                                                                                                                                                                                        MD5:4167C79312B27C8002CBEEA023FE8CB5
                                                                                                                                                                                                                                        SHA1:FDA8A34C9EBA906993A336D01557801A68AC6681
                                                                                                                                                                                                                                        SHA-256:C3BF350627B842BED55E6A72AB53DA15719B4F33C267A6A132CB99FF6AFE3CD8
                                                                                                                                                                                                                                        SHA-512:4815746E5E30CBEF626228601F957D993752A3D45130FEEDA335690B7D21ED3D6D6A6DC0AD68A1D5BA584B05791053A4FC7E9AC7B64ABD47FEAA8D3B919353BB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx......U....g....,`F@RY..j0.........t..U.....u..z3Q\u.....>...]..zwzd...`&"..{..t....<$.l*<N.L..L.f.W...9u...z..g2s.Wuu...9.[.N......`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0.....`0...iK....`0..3.%K..T.#.N...-....(J...l>z.ha.]EL.F.5.....0#..].....Sv.....p.....%..B6..x.n.\.S....EO.].c......`0.....7...;.xG7.S......T/.0.....`0..Vv..E..).......k.4.....`.1.e...f.j+....S.Rz..><022.V...i.....`0.....z..(.S...T*...X....^..`0..3....YO....c.-Dm...8;....CI...j..?+..`,.:..7..0..I.+.$..q.]>.y....xx.*o...8h..`0..... .=".P..ZG...M.7.!....>..;V{.v.J...(xG..C....v....~h....S.Y'..x.U../.P|+E.P...a..a.H..."...]oV.S.%.V....fN.^...oW.[..6$.fy.Y....r..`0...C..l.6.s../.wlCp....(. .[...Z..v.W...+.*.<.J<{ gIs.N5.n.!......'.'..Q-\.....,....H..Km.7.....`0....L.jii.......{W1s.Y.......ni..G3..a..fUiF:j.+..._..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\is-M55F5.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):527389
                                                                                                                                                                                                                                        Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                        MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                        SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                        SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                        SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\mainlogo.png (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3472
                                                                                                                                                                                                                                        Entropy (8bit):7.887509074097702
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:esI8Px/qzfMJ7z40E7o6tBSdqtcIkGcgz:e+PxmfgZx6/IqteI
                                                                                                                                                                                                                                        MD5:3389CCF9511B5BAB290075AC7C9D6F45
                                                                                                                                                                                                                                        SHA1:95DB39B91E3EA5DF39EA64BF02BCE3361E401528
                                                                                                                                                                                                                                        SHA-256:7C1AF7B61C52107EE247482B8D72BB2567813F37660A07824E34DDE35D182834
                                                                                                                                                                                                                                        SHA-512:A840A4C58E2760A742B8C2D7A9F8FD892FC93266AFD2BBCB9B273EFC867751B172F7AFC9D0D90E8437A76B9F33F00CB7893699D6C2C6EEC8D861DDAA7101423D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......JFIF.....................................................................&""&0-0>>T.............................%......%!(!.!(!;/))/;E:7:ESJJSici.........d.d....................................................................1Q.!Aa..2R."B..qt.......................................................1!AQ.."Rq....a$BS...............?..x..k.ax...q.sn),0....|.....?>...".t.'.^V....aHb.....pHy."..Ct.n...!.DM..".!.D.E....~3.2...(.....21R<.....dfV..:2.`.x...o..Lie.'....>.6.8....[.....H...Q&.:....2...!.D_3H..X..i...uY.sR"..t.n...!.j&...."IX?.r,.a..!.iR..O.O.k.....;Q.ld.....'h:k.s-....M.....rxu.....Jj.G..P.`...iq..k...b.[.....8tT..`...j.?.EH.."..=C.D.^?.......ygp......~....ZW.oF.Y..X>,j....+..i...(..$=.|<Z.!oX%.3.C..t.`...rx.......|D...Z...\.|..%V.q..1qr..*.y.`...rO....].a..*...~......J.+\.l.b.4.l."...fz.....g7.H....\...n...x....._.../...O.t./....C......YC,2...@.JR:..]..........RV.".(UQ....\U....3g....9PT...Y...<:../f...H.g..#.Yn...`}d....%hPRT.I.`.R..6$. .D.dY%....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\v.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1198
                                                                                                                                                                                                                                        Entropy (8bit):7.74076087350446
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:1kGbOS8DQ56yg+FXWZ4BRUZpdlGpotv7YzyCp619G2svu2JBmC:1dR8Au0BBRUZkpopYz3Solvu2BZ
                                                                                                                                                                                                                                        MD5:901CCEF6859BF21318516EC882854058
                                                                                                                                                                                                                                        SHA1:E4ECA24D52DB414085A0F9F4B3C0DA8B2EB5983B
                                                                                                                                                                                                                                        SHA-256:00873784B2C875FEFB4FFC71163A3DE9991809C865F750D77990C279D4EBC579
                                                                                                                                                                                                                                        SHA-512:9785A93BC857CFBDDCC4A5D7F2B3593A3A612225A1EC5DEE5BEAB21006B23B7FD4359146FBDE8B978D710719C2807760A4D2FC6AE2F675D64E068FEC95F3A9D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs.........j.....CIDATx^.;h.A../.. ...J.Q.C..Gc!V6..........v...XH|..).JDD.,,,TTD.|!FETT........;6......\..?.......|..l_...J.Ul...*.\T.\.~.o..O..q[..u.3...bL....P.uQ'u{.%.x%,C..i.....9&......-...F...*.Nf.m.........T...........H..'..L..S.j.'.c.Sb..*..}....TDE......7...K..(.=.t.9?...x.Z..".....>.u.-m...............V...l.Vl....].mS6P...!A.b.....w&.-m^`ck..G.>.....[....2.....n..A..........J.W\...$t)l...:Zw.'..v.8!.....4..../,1./...L`s0...V._..y.,..-....J..."N...a.k.l7/..A.....u....P./..#N..>..\.`{.a(....8.n..u...v7a......N8*..ITU.NX...K.B.I`9j.q7..+_.5.g.Z.VX...N.(...^}_.V.(.E...)..U....N`X.m..).U...Y..-p.GIe.0......3.*Gz..+.k.5..i=.....K..0..?+.../D8....`.. oc..K...G>V.8.9>.LD.vA..Z..pS,...,..q.Y..".z].8B....$..^,:.R.HX.."p.]m..^........!..a.3....H.H.U.5.v................A.Cb....a...#..Y...!.!Z..]..xV...[......C!..8A...,....h...".ae........,NO.:....j.;S....}@..Q)...T.CRM...\S

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\x.png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1337
                                                                                                                                                                                                                                        Entropy (8bit):7.771259555887389
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:l0mebqnsCqmPt9umSWmZvfHpPNJbc7OVKByhlCZ6I8ZCcA/5tqt1NiBy:l8msCqm3untZnJ1gOYByhoCkgviBy
                                                                                                                                                                                                                                        MD5:0BD639D161C88F6B8C31EB55478841F9
                                                                                                                                                                                                                                        SHA1:C64063B9332AFE09932BCC5919C3E66890C6CE73
                                                                                                                                                                                                                                        SHA-256:CA825FAB9A9746DAC2AC63EF48722154A1A56A457DA6AB7D80D34FCACF0B010E
                                                                                                                                                                                                                                        SHA-512:BA003916668255353FD3D40E4A4433B6219969DB45D2918C6BAB4D4BF1B8ACBED134BCFA51950F7878BE813AB9EBF950D2E1ABF295738178AFF026A30D9D5DAC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs.........8.S$....IDATx^...G..g.J..D.B...=,.d......kX..!......#.TD. ...B.!...{ ...\..IO.Et.g.~...M........z......^.t;.j..L<.....T|,...Z./..'..qF.../&F8}L\...A .A].I..'......u..m.F.sY....M@[.9..-N...e.(.ml.....KXF..l....K.RX...l...0.!....6F....o.j..`+6G....VCm...;..4I.|.l....0....ZbE.*.D*...m.../.8.9. '...Z..-.....P..Bc....m.+q+w.*.Vx..e..rE\..c..G..B;..M.3!GZ..&,>.....*...*......$........~.V...d)..v.K.u39.OE'.&..E...|.f3.6.F..~..H~.*....D.BG.>o...u..._...?..|...hD!..=..s.y.#{..(...$..pQx..2....I[......-s.h.../...q.../[.|.|..........i....y.PU.....P...."G.ES..IPd}..K......F(.%........".^...;.3...;Q..p>.N4..w62...3..y.......E..xx:.{F.|B...*.....#.(..s.a.....j...d.4....Wq>...D..%Y.....^.8..N ...A...8XX......M.D'..V..$.P...=.......P :....V.I(..0.9..y."6H.....B.!.V(...8L..LM.p..0_.S....$.a....!..q.h{...d...U.J.....Y<.qB..g......*.e+%.B......*...g.:.x`b...-)..u..e...#Kd.-.l....*[.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3209792
                                                                                                                                                                                                                                        Entropy (8bit):6.332772710233832
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:SWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbQ333TYS:etLutqgwh4NYxtJpkxhGj333TB
                                                                                                                                                                                                                                        MD5:053B158842578C53DB20AD6835B8658B
                                                                                                                                                                                                                                        SHA1:4B3E035E7D86ACB1F2EEAB850E940E70FC63AC20
                                                                                                                                                                                                                                        SHA-256:FBB3B174E158168DB58855286AA1CF9537DE8084070EE5751DD3B252E9B7DACA
                                                                                                                                                                                                                                        SHA-512:CF96CEBFDF18C6C0069D8436A2147246F36B5DC808A6CA84104A47B20F9C8832BB72CEDD8530CE7E21C1E1C90306868854AA3A3DC59077EF5C32A8848EA68D81
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1.....$.1...@......@....................-.......-..9....................0.@(...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mwa168D.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):164864
                                                                                                                                                                                                                                        Entropy (8bit):6.201995701481623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:q3CSE9n0WjsAGX5Gn39yf19leo13plmJXTD:qM90WoAGJqe1neceJj
                                                                                                                                                                                                                                        MD5:662DE59677AECAC08C7F75F978C399DA
                                                                                                                                                                                                                                        SHA1:1F85D6BE1FA846E4BC90F7A29540466CF3422D24
                                                                                                                                                                                                                                        SHA-256:1F5A798DDE9E1B02979767E35F120D0C669064B9460C267FB5F007C290E3DCEB
                                                                                                                                                                                                                                        SHA-512:E1186C3B3862D897D9B368DA1B2964DBA24A3A8C41DE8BB5F86C503A0717DF75A1C89651C5157252C94E2AB47CE1841183F5DDE4C3A1E5F96CB471BF20B3FDD0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>..dm..dm..dm..gl..dm..alj.dm..`l..dm..`l..dm..gl..dm..al..dm..el..dm..em..dm+.ml..dm+.dl..dm+..m..dm+.fl..dmRich..dm........PE..d.....3f.........." .................S....................................................`..........................................^......._..x...............@....................;..p............................;..8............................................text............................... ..`.rdata..............................@..@.data........p.......T..............@....pdata..@............`..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nscD733.tmp\System.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):5.804946284177748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
                                                                                                                                                                                                                                        MD5:192639861E3DC2DC5C08BB8F8C7260D5
                                                                                                                                                                                                                                        SHA1:58D30E460609E22FA0098BC27D928B689EF9AF78
                                                                                                                                                                                                                                        SHA-256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
                                                                                                                                                                                                                                        SHA-512:6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1952048
                                                                                                                                                                                                                                        Entropy (8bit):7.807172940827822
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:oTl+Ffl0KCV8rEKbhHJikCz/NqoNcugBhnem0Xm:oTl+xLRHAVLVNcpip2
                                                                                                                                                                                                                                        MD5:436F7DECB25CBA7886B44FA4D6305F91
                                                                                                                                                                                                                                        SHA1:C202CB4669E5290ED14761E48D7D03F81FFBA97A
                                                                                                                                                                                                                                        SHA-256:0AC12D76AB20D866D6C6E00284B30561A9E400CE955E6479E4779D57B0832515
                                                                                                                                                                                                                                        SHA-512:612D75F6220F372C8E58167C3AF38D5FF2EC53A4C9800D9B5651051F7F70C04088BD5D018894D4204FFF18F051FBA50A078747404707E356E6D9838D92CEF331
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................f...".......5............@.................................>.....@.............................................(............i..x_...........................................................................................text...ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata...p...............................rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nssD8C9.tmp\System.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):5.804946284177748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
                                                                                                                                                                                                                                        MD5:192639861E3DC2DC5C08BB8F8C7260D5
                                                                                                                                                                                                                                        SHA1:58D30E460609E22FA0098BC27D928B689EF9AF78
                                                                                                                                                                                                                                        SHA-256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
                                                                                                                                                                                                                                        SHA-512:6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBCC5.tmp\System.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):5.804946284177748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
                                                                                                                                                                                                                                        MD5:192639861E3DC2DC5C08BB8F8C7260D5
                                                                                                                                                                                                                                        SHA1:58D30E460609E22FA0098BC27D928B689EF9AF78
                                                                                                                                                                                                                                        SHA-256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
                                                                                                                                                                                                                                        SHA-512:6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ArchiveUtilityx64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153872
                                                                                                                                                                                                                                        Entropy (8bit):6.328830993497698
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:RAZpz3eQkXBlJ6pM91zgrn4oul5ntwc0sOct7Bml+:RAvzD6l0+1grn4vtX
                                                                                                                                                                                                                                        MD5:EC2D7737E78D7ED7099530F726AC86F9
                                                                                                                                                                                                                                        SHA1:8F9230C9126DE8F06D1CDDAA2E73C4750F35B3D9
                                                                                                                                                                                                                                        SHA-256:DD034654CFFD78AABC09822A9A858ECF93645DCC121A4143672226B9171C1394
                                                                                                                                                                                                                                        SHA-512:E209784FC2338D33834101AC78E89CBA6C1DA144E74330FD0FF2A2372E70316C46C2189B38B34B18B157C9221A44760D20BCE8549573FBEDA248D4CEB03E8365
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.1.q._.q._.q._.:.\.t._.:.Z..._.:.[.{._.#.Z.n._.#.[..._.#.\.x._.:.^.r._.q.^.,._...[.a._...V.s._..._.p._.....p._...].p._.Richq._.........................PE..d...i.Ef.........." .....T..........0................................................I....`......................................... ...T...t...(............P.......$...5......P.......p...............................8............p..`............................text...`R.......T.................. ..`.rdata..p....p.......X..............@..@.data...P<..........................@....pdata.......P......................@..@_RDATA.......p......................@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):349024
                                                                                                                                                                                                                                        Entropy (8bit):6.20955325822065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:51sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfV:51sSmRIt/xhtsOju1DH5NXnIKAco
                                                                                                                                                                                                                                        MD5:192D235D98D88BAB41EED2A90A2E1942
                                                                                                                                                                                                                                        SHA1:2C92C1C607BA0CA5AD4B2636EA0DEB276DCC2266
                                                                                                                                                                                                                                        SHA-256:C9E3F36781204ED13C0ADAD839146878B190FEB07DF41F57693B99CA0A3924E3
                                                                                                                                                                                                                                        SHA-512:D469B0862AF8C92F16E8E96C6454398800F22AAC37951252F942F044E2EFBFD799A375F13278167B48F6F792D6A3034AFEACE4A94E0B522F45EA5D6FF286A270
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ....................................`.................................0-..O....@..................`;...`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):550984
                                                                                                                                                                                                                                        Entropy (8bit):6.672465900343423
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:nZLZVgIQtZM1A0+Nwhq3drt0ZAPKYZzrOZW4zlK:nZV661A0ue8lCZAPHZzrOZW4zl
                                                                                                                                                                                                                                        MD5:31CB221ABD09084BF10C8D6ACF976A21
                                                                                                                                                                                                                                        SHA1:1214AC59242841B65EAA5FD78C6BED0C2A909A9B
                                                                                                                                                                                                                                        SHA-256:1BBBA4DBA3EB631909BA4B222D903293F70F7D6E1F2C9F52AE0CFCA4E168BD0B
                                                                                                                                                                                                                                        SHA-512:502B3ACF5306A83CB6C6A917E194FFDCE8D3C8985C4488569E59BCE02F9562B71E454DA53FD4605946D35C344AA4E67667C500EBCD6D1A166F16EDBC482BA671
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'............"...0..l.............. ........@.. ..............................b.....`.....................................O.......H............&..HB...`..........8............................................ ............... ..H............text....j... ...l.................. ..`.rsrc...H............n..............@..@.reloc.......`.......$..............@..B........................H.......d<...a..........@................................................0................(....s....%r...po....s.........~....o....%{...........s....(....t....}....~....o....%{...........s....(....t....}....~....o....%{...........s....(....t5...}....~....o....%{ ..........s....(....t....} ...~....o....%{!..........s"...(....t....}!.......~....o#.....E............'...9...........o...........8....~....o$...s ....~....o$...s.....+h~....o$...s.....+V~....o$...s.....~....o%...~...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370744
                                                                                                                                                                                                                                        Entropy (8bit):6.110296146366327
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:eruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cm9:tNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeE
                                                                                                                                                                                                                                        MD5:110DE32AF906E9EED32332B785F90BD4
                                                                                                                                                                                                                                        SHA1:37CA7AF131A5DB1E06CB36DB2943C7A4E6F0D8E9
                                                                                                                                                                                                                                        SHA-256:598ADB6F4A7362FEDF047CE7282F39C0C7DA264CEA10C0C39870932EE1CEB647
                                                                                                                                                                                                                                        SHA-512:555A006B4B5236D6E6B76C6A8C79A8B0C3E350DE42A0A38C792BFE65B3E7F99A232261A1BF8B357618168FDE7E7C2E3281F38E05D20451FCBABCA15FE35A02C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ...............................;....`.....................................O.......$............l..8<...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):75800
                                                                                                                                                                                                                                        Entropy (8bit):6.0263750749193274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:r784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAA7yxpD:r7NV8v36tI0XCKAAQD
                                                                                                                                                                                                                                        MD5:7AF831F20C4A0C5A78A496AFB62F28BB
                                                                                                                                                                                                                                        SHA1:4380A7C2ABE739B49F568AF70D8DAB8371B10687
                                                                                                                                                                                                                                        SHA-256:01DCA2D3EFEDD9F4269427E949E8A3BE64686D8ED84EA863389EF2449B6DC8E3
                                                                                                                                                                                                                                        SHA-512:11713885D4A11B49088EA220963AE6FE6519EB6B0499D3CE85AAD1EB95ACEE4B5F357AD9EF07D8E20721596B510B8D43138BE9AA6C4DE24DD78D5FEFB88D0CAC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P................2...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\cs-CZ\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.880723781358086
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ZIY1pQ8vGO4xToxMi5eX2zUA8rYgLIgPrEyz23tMuuVWJkYUECd1Vl7Iru+M3YVe:Z3pQ8vQToxMi5emzUA8rYgLIOrnz8uuw
                                                                                                                                                                                                                                        MD5:3691CD9A157D027569A203DCDDFB3336
                                                                                                                                                                                                                                        SHA1:9D9D158B6683CD0CD570A235333303137C890A25
                                                                                                                                                                                                                                        SHA-256:917DD83D6CB87ADF9ECC3F0F17E5266C6C1E435CE966B45760E7C0244A0FD4A0
                                                                                                                                                                                                                                        SHA-512:8F41C6C052C4440CDC6C45A21E42F102B7677462E2D78A2F78261DAE80FA7DCFEC8BCF14A5BB9BFD101477B983411435E56A92DA304E7DA47FFF6A933FA3CA9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........>E... ...`....... ....................................@..................................D..O....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..P...........P ..J!..........................................F!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\da-DK\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.7480840345925746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:FIYRN3EsGGj3fvKEx8rUrb+M0lIVixNPqDGomU3WUeQoXjAUwMXrAfeMA7AWmBHP:FXN3EsVfvVx8rUrb+M0lIVixNqiomyJD
                                                                                                                                                                                                                                        MD5:98B6DF5F4E0F1D34A0BD3DD49F92D82B
                                                                                                                                                                                                                                        SHA1:B69000A0998055612EA5940D4B1D5F2CE07AE427
                                                                                                                                                                                                                                        SHA-256:3E7D3946C5EFEB9F7A27AE43DE75F1A1D0AF34CCBB69F857217BE97BD28C0761
                                                                                                                                                                                                                                        SHA-512:833B5E0FC14E247E788D59A7D21EDC7F6DB1FF0D9378A77FB13F25CCFBEA820623B2B5F9823AE409D7EAA3B5526AA61BB367BF83BEE2A33263457FD3049D3FB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..O....`............................................................................... ............... ..H............text...4%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........A..P...........P ..<!..........................................8!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\de-DE\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.758334824355771
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:45rayxOPAxMtzTxCmf6hC/s2TvOFk6AOPh3+yFdmyndw3s8i:NPAKtnHOdvPhO2dmyndw3s8i
                                                                                                                                                                                                                                        MD5:00B5369BCD510787679CFAAFB478217F
                                                                                                                                                                                                                                        SHA1:26A44A1B05FE4314D8CF1D810B759B6A5BC74385
                                                                                                                                                                                                                                        SHA-256:3B8B89C4241F5E8F0FD101BA84B13B37F40D37F3FF2739CB6C6332B56BEF88CE
                                                                                                                                                                                                                                        SHA-512:2F6E14A3B06ECB053C261E62058CA99F2E365A88182C02DB4F60231BEA2525A31260A6980187798D8B1685F87E9A307EB928F279F67A6CB139AD6481D421FFD0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........F... ...`....... ....................................@..................................F..W....`............................................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H.......4C..P...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\de\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.557060180794725
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:0MiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufP/1S5rxg0XWr:0D1Nvb5adVl8P2djJMZJSGu3A5rxg0Xq
                                                                                                                                                                                                                                        MD5:F83D720B236576C7D1F9F55D3BB988F9
                                                                                                                                                                                                                                        SHA1:105A4993E92646B5DBB50518187ABE07CA473276
                                                                                                                                                                                                                                        SHA-256:6909A1C134D0285FBA2422A40EA0E65C1F0CA3C3EF2B94A1166015AF2A87780F
                                                                                                                                                                                                                                        SHA-512:FD8A464F2BC9D5B6C2EFA80348C3A9362F7473D4D632B2ADDAD8C272E8874E7E67C15B99B67E6515906B86D01D57CD42F9F0F1E9251C0AF93A9391CCC30E3202
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................-E....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P .......................................z..).........*SE.1r.2K58\p.`1....SJ..G.f0d.W.oQY....&1+E..z..:@.n@........S.XEp=C... T.q.l....S.Kg....%..l..._...0..'.+................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\el-GR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                        Entropy (8bit):4.985483869790037
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:inpUcW/WJsxvxwKW9iu6Wxtp701zA27r+PMvozTi3s8o:QJs5xEGzfOPMvM+3s8o
                                                                                                                                                                                                                                        MD5:9B86D1ED1D99DDB84B5FB7CF176B3F8F
                                                                                                                                                                                                                                        SHA1:2E1C164816EE2DE6AC4E3BC6A61214D72516632A
                                                                                                                                                                                                                                        SHA-256:71093535EC2E97398B13385A7BA9E7AAC046F190FE06BD68E057C8EA0DA1AFDC
                                                                                                                                                                                                                                        SHA-512:134985A9A7AE78593A760D362C57F430AEB1920E6E7517684DA78573702796E381D99A8DF191A9DFA3BAC9AD1EB6CCD71E7DB40ED4DC9DE76ECFEBD075F98355
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....2...........P... ...`....... ....................................@..................................P..S....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......HM..P...........P ...,...........................................,.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\es-ES\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.714281072425133
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:+IYVmGe/VGuDqni6wxCjfp3DocEs5dMvGPcDonP33TewxlhiYwEHU4dIyrokBD7r:+uGe/V0ni6wxCjfpzocEs5dMvkcDqPDR
                                                                                                                                                                                                                                        MD5:86FF4304190B9ACDCBC4034A8EB910F6
                                                                                                                                                                                                                                        SHA1:B5D597F31963B35DDE1B024523B5AFDCA9AA454B
                                                                                                                                                                                                                                        SHA-256:6F5F0BA42A1C4EF8A7CD4B504E959173FA3AC8782200E48548681F7209C1927F
                                                                                                                                                                                                                                        SHA-512:AEE1A0F3A426A77BA0B9D4EDF8E9EAB2D1B6D9BC2B5379D716F9850021A1816B09F37DEBBEB5E3395B3214AE3F4CC93612AE289344548CEA00F3C8EFF6FE509B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......dA..P...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\es\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.425694157692337
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:r0WWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAP9115rxg0XWr:r01NvbGVxx6hUltfxgE00cLF5rxg0XWr
                                                                                                                                                                                                                                        MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
                                                                                                                                                                                                                                        SHA1:1456FFE09DF896271A746F9CB40A230F188AD397
                                                                                                                                                                                                                                        SHA-256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
                                                                                                                                                                                                                                        SHA-512:1230E5368D4DAB9776D57056993669327E95FE72E262EFA541ED5D43ABC1BCD3618DB13B6BD6B3A27DA053C103E3FB647EAE759CCAEB443F7D9FFD1ECAA1122B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................n:... ...@....... ..............................pi....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P .......................................2M.. ,.,]...).].....@.l..~.u.....Oz.B.{~*;.......6\..s..$_BZS.b..x.S....-..g.......Jr...{...E..F...s..sa.p.eS....X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fi-FI\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.723886741305548
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:kxIYXkNcDGwgTsxJoRxAM2+9Ul/laxRe+PE8v+GA3kr29zrJzfPWCiqxskBbHUiJ:kxRkNcDtxJMxAM2+9Ul/laxRe8ZGGWgI
                                                                                                                                                                                                                                        MD5:94BF9DE34C0870791640AB7067F0D24A
                                                                                                                                                                                                                                        SHA1:B21458166F08902EBFE2A4F68CAF3945ED5364A8
                                                                                                                                                                                                                                        SHA-256:37CBEC3559E5536DA35D87D72EF8EA37D98D70265C921A0ACADF75695A14331C
                                                                                                                                                                                                                                        SHA-512:A0E09D4E9F15589043AB2D071F5004AD00F8FE58E85491F32C0D76C8F5CB8EEF95B069A2D532638CB812C05A15BF50A442D8649884E78ABE826E32DCDBD27E7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fil-PH\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.402460029334098
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:60Zne9hwoGBjeCipxwU6LOl+DDUbqN4PPjjDr8d30LfmJyXOhZCa2m5sml+T9lmc:60Y9hwoEipxwU6LOl+DDUbqN4Xjz8V4F
                                                                                                                                                                                                                                        MD5:DA6B3FE38876D703F7D39B163DDD8BFC
                                                                                                                                                                                                                                        SHA1:F60B54DE800A5DBB535BABD2667C9FBD9C37766E
                                                                                                                                                                                                                                        SHA-256:93D2A195E47C1C1E11A2B6960B47C7B4B043CD5CE6A0723AF06CAC91E292F50E
                                                                                                                                                                                                                                        SHA-512:8A261C61D441E6EBA09BCCDEB8E2C94CD540AA9F07631B477431C717F3F111E4B10819EC8524531584561A6C9FA3C785ED082429D6BB97587EBB074BF357515C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!..... ...........>... ...@....... ....................................@..................................=..O....@.......................`....................................................... ............... ..H............text...$.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......x:..T...........P ..'...........................................#..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....Q.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..]....b..`............)...s..%'..JA*......>.$.\.&...'

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fr-FR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.838168365990566
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:gY0al1sBIxgyFzjXZfu14MpXrOUDlK8yXahGY7uXn3s8D:eBImyDM5DtyXwGY7uXn3s8D
                                                                                                                                                                                                                                        MD5:9EA4BCD8D3C7599A5A8BA78FF9B11C3C
                                                                                                                                                                                                                                        SHA1:2C859731430A4FA3D82C4CD5088167CF31536969
                                                                                                                                                                                                                                        SHA-256:C576EA42CEFE28228C341488140C7FCF24DD063FAB2B82D563794772F82B97BA
                                                                                                                                                                                                                                        SHA-512:61AD6B22DADFA30BA4FAD527BC564414981EBB6F5EB0C7D224ECF1BBA093D071DD3544E08ACB90C4D95505887457C65B44447B6ABB0E2F97E482477CC9E4DD51
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........G... ...`....... ....................................@.................................HG..S....`............................................................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........C..P...........P ...#...........................................#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\fr\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.588569516197988
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:YWWNv/jzSEYtPpmKJiDjgmlRFI0HYZDKz/VP81g5rxg0XWr:Y1NvbdKJiDjgmlRi0HYZDMp5rxg0XWr
                                                                                                                                                                                                                                        MD5:3B4621370ADDCF4306669C9E7E45C865
                                                                                                                                                                                                                                        SHA1:EA1AB3C499E946E152C1FC4A63FA99E1F9BE94B4
                                                                                                                                                                                                                                        SHA-256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
                                                                                                                                                                                                                                        SHA-512:586755F32D16AFD937BFC1FE3C52210AB815D5D4C904DE101150FA052A94BABFCBDC465669FF8C2537B782474658D7912037DDB76D8C9A8FD34715D1FE7B2857
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^;... ...@....... ..............................1.....@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P .......................................ME....P.<......I.J...Q'D........................X7..'<F..q..o.6G..M-.$.v..i.>...z..'....OV?....+.9..V........I"..9........;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\hi-IN\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17408
                                                                                                                                                                                                                                        Entropy (8bit):4.803116867134068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:RME5h/2kXJsxw5w2UW4ctvHU+Th60iu2F6mKVZnCyJT2ox8mn9THjI5gE2ac763E:1XJsO57hOt9AZnttxKq43s8Q
                                                                                                                                                                                                                                        MD5:DF8CF1F932DD7EAE2CC87719B76FB8BA
                                                                                                                                                                                                                                        SHA1:425089FE01D9C1643CA7A060C55123D20507677A
                                                                                                                                                                                                                                        SHA-256:5F099F8F37757B98C5C51FB4DF66914E5F155394A349ADAF00211382CF8CF739
                                                                                                                                                                                                                                        SHA-512:D07EA9CE1DC8B09EAD0B1ED3E48CC71083D750BE0119F1C8587B3E13DC3598E7B6B06F365AF4B809BEA41280190090409B44079BCEA472CDD3D864456E762C2F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....:...........X... ...`....... ....................................@.................................XX..S....`............................................................................... ............... ..H............text....8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................X......H........U..P...........P ...4...........................................4.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\hr-HR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.741373437056816
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:eIYVdDpBwGpkiVlZPxZlrPy2o92kGetEQyPIlUVKC3JDsS7qSmKV/4jNni67gXWu:e1DpBwSkoZPxZlrPY92kGetEQII2oANX
                                                                                                                                                                                                                                        MD5:5F2E0A3D771F9E03D216D81B522C5E2F
                                                                                                                                                                                                                                        SHA1:C49814ACF4A82130F17DF52074DF16DFFFC216F5
                                                                                                                                                                                                                                        SHA-256:8F102C7A9F03EDFDBE5D4DF6873418E510F44D8B72D5D47752083832445E1D81
                                                                                                                                                                                                                                        SHA-512:711D5AF717C65B35D758E9F25BD426CE5084C847DC24194030B08CE9C22A40DFE3E5FD8100061663EB9F39B3DF19A8DBC3F23794F79DEA96D81A8BE7397C7306
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................hD..S....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\hu-HU\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.799981772302711
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qdpTgTI4gNxtBqu+p5DXv00jiOKQosgcekILk0pltfN3s8Z:64gNrBnOVlgcekILfpltV3s8Z
                                                                                                                                                                                                                                        MD5:FFCDA4B7ADA1943FE544DC922FA8D827
                                                                                                                                                                                                                                        SHA1:3A332F235E0AFB51D40D3D8890F79803842944A4
                                                                                                                                                                                                                                        SHA-256:841F86E4911D4593E5EEC47DD28AA1787188D0100A3703ABF23735B2BBF53854
                                                                                                                                                                                                                                        SHA-512:E406100AC71F7A0414DFF5C3F4A13EDA4193F3801B6C4EE150B0D410DA9A1373C4E1F3B3741C625DAF80C3254DD1B162DF87C2B3286303DB5A584C4950954208
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........E... ...`....... ....................................@..................................E..K....`............................................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................E......H.......`B..P...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\id-ID\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.681398214710318
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:rqIYIZcKqG4ny8ZxSWuwCoBWidWjZdPAhDHPBg37eXCIKKXgXruQm8X0tF8HgGC7:rqOZcKqG8ZxSWuwCoBWidWjZ9AhLJ2Sx
                                                                                                                                                                                                                                        MD5:AD401434A4B7FB07085090031EE973D6
                                                                                                                                                                                                                                        SHA1:D32A3E0EEF3030392710A4BF5D1DF1614B41BE53
                                                                                                                                                                                                                                        SHA-256:BE8FFDC0C6EF5811888F8ECF282937DFBDE51996122B3A5CBE601713DFACE368
                                                                                                                                                                                                                                        SHA-512:DB44A2A0E0848BBCB9059F4A4E006EDA504717895F2E4CDB9519A3D3ED9D6CC91EC37B94F816BFA9EC888EE9D25251660E2256281B739EF1D7DA109B177AF55C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................xD..S....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......(A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\it-IT\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.7677799255744775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:nIYr9kupX/Gdq8SQxZdNYobyRXvujVf9UgPw/ev3nww3OajMRD1TLIjB5leULIp4:n3kupX/GSQxZdNYBRXvujVf9UOwGvwwX
                                                                                                                                                                                                                                        MD5:3601A9397A28672E9A038398590D50A5
                                                                                                                                                                                                                                        SHA1:13FD281302DF60AA4EC59CC82E13B6BA4423842C
                                                                                                                                                                                                                                        SHA-256:EB9F211091EFB9DF6167642FBAD48C6C4A0F9CE252283D63C6DE2378C8008C8A
                                                                                                                                                                                                                                        SHA-512:099868493D34AF70DD2BAAF8F44BB83DA18F9A2A95006CE1F8AE1F9A6A1B1C7DDFE091BB283273A6ABAFC00004A2005A720CDDDB57993BE49FCD2D17FC3F2F23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................E..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......4B..P...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\it\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.368637490829895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vOiWWNv/jzSE5tyT1TNgr1nJIhZAf/07mPD1q5rxg0XWr:v11NvbGTNgr1nJI3+07MM5rxg0XWr
                                                                                                                                                                                                                                        MD5:1C331DA4BCE2809E16913C02E385576E
                                                                                                                                                                                                                                        SHA1:CF8E71E030347749596A53D1B13B9E9583EC0527
                                                                                                                                                                                                                                        SHA-256:1D0493E38D8B3FCC7EFA4916FEA1EEA69EE6449BF435E1869C1BC3F54D4090C5
                                                                                                                                                                                                                                        SHA-512:2871119690F3DF0F244384A3F5F65FFE7CF17F1F00F6B530512AEDEB8397C9E357079E8FBA76D2A5BF6BE4E2B18E4AC1AC104EA2D29F8F40CEF6F30A905ECF83
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................GR....@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................M..+..u.3...i.7.[H\G.4D..dy.*p..L.m..4.....d..dZ...m..f../.@..GXQ.. ...$..."a......-....4..pS.5`@...;.`....Q..mHBx3..w3,!................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ja-JP\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.091016496791667
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bxwAHD6CkxQdCnvRl/oRHx8asale681v/z3s8V:qCkSdK0t81vb3s8V
                                                                                                                                                                                                                                        MD5:D95F7D238CD97260458ACB3D389246EA
                                                                                                                                                                                                                                        SHA1:864A3DD1E45B00CC571F2568B08E7566DDCCC475
                                                                                                                                                                                                                                        SHA-256:0C051B970ACF895BE6FDE7919A7AF780E3219AE19D1818C3E5B4FCDA476D00F5
                                                                                                                                                                                                                                        SHA-512:FC4A66FA2FE8B74C42852D5B41EC813221DD593FD2DE9EB5B6705D81841947264F53095A06DEB6E1B4DD914E90772EFE849FA9D6F584DD86C502F7123FD79A67
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....,...........J... ...`....... ....................................@..................................I..S....`............................................................................... ............... ..H............text....*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................I......H.......hF..P...........P ...&...........................................&.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ko-KR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):5.202077256063847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MFWuuyUdKvx4W9SxBmJsEMGFW/uuH2LlLTDUCl9w5JHJ8/uDO3s8r:vdKv+WqV2ZLToU9wXi/uq3s8r
                                                                                                                                                                                                                                        MD5:A482D56B4F3E8D89919B2BED266D1D0D
                                                                                                                                                                                                                                        SHA1:660491A4A6CDDACFE38749C18476C6759063FA61
                                                                                                                                                                                                                                        SHA-256:DFBB9EA022BFF44DDCF3848DE95405F4ABE51EA2D047AFF831FF30DADBD7EE8B
                                                                                                                                                                                                                                        SHA-512:AFCBC13E805B2E4EC015717D148DA83E09349CAF58AB89099163B8B1989C3B484B6610695F2DB15B3B27AD7207DA970E553B8C40F7CACE84E612695A2C3D2DB5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........G... ...`....... ....................................@..................................F..K....`............................................................................... ............... ..H............text...4'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........C..P...........P ..=#..........................................9#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\nb-NO\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.693986975113909
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:NIYfsK6eGOy+v3qxh7EFBYn1p4hVYTPMPhT9CEGF3aN3MfCExO4MV09J7wcLaaEN:NZsK6epv3qxh7EFBYn1p4hVYTqhTAEGE
                                                                                                                                                                                                                                        MD5:72DF7D8DAC9CD362BC2BF463369EF420
                                                                                                                                                                                                                                        SHA1:9D4F4C26617046001F7750D69E7075FA01C7CCE0
                                                                                                                                                                                                                                        SHA-256:7D5F7D76F7CB7AB750DD0D20219880D4AF7416181F74C3E4B10275885BD27899
                                                                                                                                                                                                                                        SHA-512:46D26CA9D850A0C66778EF3983EC346AC0BCD08E3CFE4549FDF99B23E501DC5ABF5227F9390743371BD72D5C5D077B673989DD9CDA8D9AD789C67347F605D5FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................PD..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\nl-NL\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.736378665228804
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:DtIYBN1XfOGCvouQTxklOVw/lzyOl/dEf80gPCdmP347U9DC47aqFD37E/avkeZe:hTN1X2HQTxklOVylzyOl/dEf80OCQPAj
                                                                                                                                                                                                                                        MD5:760790AC69DD2294D548C64A7E7123B0
                                                                                                                                                                                                                                        SHA1:7530BD2237B86FF04BC1D25E1C3D7AF7090C4626
                                                                                                                                                                                                                                        SHA-256:7573B73E12D9094BBA18EE9FAAF0BFFA52B9EFEF9F97484F0875C6EA8C9CA735
                                                                                                                                                                                                                                        SHA-512:58C8E2186F1582F11FC74F0448D3BF78DB5DA321EBBA661E41C4BA82B7996DA22B69EEC0377C8F9D9FBAF3DFA8891F2982B47B564053B62CBEA890D5DE5282EA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........^E... ...`....... ....................................@..................................E..O....`............................................................................... ............... ..H............text...d%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................@E......H........A..P...........P ..i!..........................................e!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pl-PL\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.801397650400403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JIYfp3DcrGr6SHAOzLxE6oMuN50rtbxn/XidPWd3SJC30Gh58xSoHR+hxWfbrVsd:JZp3Dcr2NAcLxE6oMy50rtbxn/Xi9WdR
                                                                                                                                                                                                                                        MD5:B9315BEFC451F0C68C18D4D9F3C7D4F2
                                                                                                                                                                                                                                        SHA1:D7FC5673F2B7CEDA352011206D6398C48B6DED99
                                                                                                                                                                                                                                        SHA-256:B0A689816159819881761B753B36A882642EF418D932A93432D422DF0B9CF70E
                                                                                                                                                                                                                                        SHA-512:1725A7887E850BAA0F570F9DE5B5E40C345960DC0C02980B1E5839C46EF242BB9280C38811B33418C2E71D1EF3BD8594DAC471475E4735A624CE74BC1325DBDB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................lD..O....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pl\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.594776627495051
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:haWWNv/jzSEYtq2dE1cxy8ON0Qsk96sPb1V5rxg0XWr:g1NvbaG1cxy8ONHskdD5rxg0XWr
                                                                                                                                                                                                                                        MD5:B60817A69E314B22F746917C826DA53E
                                                                                                                                                                                                                                        SHA1:7D2785A6D1A53A0717C986B959AF67DE6F9300E4
                                                                                                                                                                                                                                        SHA-256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
                                                                                                                                                                                                                                        SHA-512:9A8F029329CE105B3F72FEE623E3AB8C88E1AF45F86FAB61F81BE418B2D70F83E4C0466010D312240A01E1EF8F9B9926EBF43E25BDC3C364C2D28AB9B0E5F6FC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................;... ...@....... ............................../c....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................T`.K.%...N.f..u.........Z..1....#CTR.v....:aq.i#:Z.oAkQ:D...q.6...l....J.W.Pn.J......d........3.F..[.c....#....$.F..0...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt-BR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.7157450468905004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:9IY1nlNKGnxGxIDx+sQ0Y4EQujHOVhPgdfBF3UTVV/Lea/FVgYISK+uZqiF4Afkb:9rnlNK/xIDx+sQ0Y4EQujHOVZgdBtofR
                                                                                                                                                                                                                                        MD5:BBFC0973B9D3DAC1E716EBA99B37FA18
                                                                                                                                                                                                                                        SHA1:05811A4846E10E54ED6DA34150CDFD807EA4B95C
                                                                                                                                                                                                                                        SHA-256:DEAA84302C66EB0242A7C80AB97DA3C5CADDBB5B3D595DF310674C0CB7E88DFE
                                                                                                                                                                                                                                        SHA-512:980137220EAD6AE8EEA33EDC0FA8C85E5E23CC7D42DC7E4DDAFD181D7EF9CF4D29C25F7256F1957F73D282EC969C4D95E526F4D1B67C4A96D4FA68540DC43041
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..P...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt-PT\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.729428739919532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CIY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4L:CrnlNKNu7xKgUOVBQ6Bo19sPTLM80aoe
                                                                                                                                                                                                                                        MD5:66FC2EA3F0EA6B897B117482B43DDB4E
                                                                                                                                                                                                                                        SHA1:E7BD70FEEAE4858F808132C4332F25F13E962689
                                                                                                                                                                                                                                        SHA-256:3A77957D0F8AE5952BA465382D97DCABF2134B1DC815E26C32F7C612FC94FD5D
                                                                                                                                                                                                                                        SHA-512:98BD2D15AA0958D52C7F0AC40343A4AD542EAC569C5107196AE21A6A9386BB93AD9A8D570DCD0849E8BF0D7BDA0839B79C06180584E272DAA349A64CA9A5151D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text...4%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........A..P...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\pt\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.723728419745786
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:uIY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4s:urnlNKNu7xKgUOVBQ6Bo19sPTLM80aoZ
                                                                                                                                                                                                                                        MD5:3B1DC81511B84F2393C6BA37CBD32FE5
                                                                                                                                                                                                                                        SHA1:0F87A801905E8CCB99EA7EEAC590308F381C74BA
                                                                                                                                                                                                                                        SHA-256:02AEE48153086F86580854ECF7E375D7E0C81DFAC7C222AD32EFD850852D36FD
                                                                                                                                                                                                                                        SHA-512:0B0ACC2CFD2CF95E61BEB3A1E06BE01F0E3C43839650FBE136DE54DF581172BCBA9B11DA57A7B18A6C284BEA74561DF6B30CFE129CEAE9BFF45EB6FA6D2E478E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text...$%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........A..L...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ro-RO\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.786330752122619
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4xIY4puUhG9oHusJxWgAm/45t6lSertHPHrgCs324VfosqPXMdEqljSNPEinIOBU:aapuUhg7sJxWgAm/45t6lSertvHrDapn
                                                                                                                                                                                                                                        MD5:1FE5185420BF332AE4CA5492A6B2A6CC
                                                                                                                                                                                                                                        SHA1:0058458B2FCF52E7C478AC13202873DE7A722465
                                                                                                                                                                                                                                        SHA-256:9C09CDB4FBC5A8F6576B8914148F3660A2E950C2B3A056014EDE45C0F38ADF34
                                                                                                                                                                                                                                        SHA-512:955B615599F5571AAE8EB71A4E4272E02CB4D67D68B8971053FFFE4374258B8DF58A3C04482B8EAFF67DF6A403544147A406999C6132E9B3896206808E580D4B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........>E... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..P...........P ..O!..........................................K!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsAtom.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):160016
                                                                                                                                                                                                                                        Entropy (8bit):6.404692888748325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:d6lrh8aWSI9uVDeMWoWVy5zmndQ1dTZjxO3S/9FVkmiGUV+:d6lrhISL9e1oWE56ndQ19aY9Fjs
                                                                                                                                                                                                                                        MD5:16D9A46099809AC76EF74A007CF5E720
                                                                                                                                                                                                                                        SHA1:E4870BF8CEF67A09103385B03072F41145BAF458
                                                                                                                                                                                                                                        SHA-256:58FEC0C60D25F836D17E346B07D14038617AE55A5A13ADFCA13E2937065958F6
                                                                                                                                                                                                                                        SHA-512:10247771C77057FA82C1C2DC4D6DFB0F2AB7680CD006DBFA0F9FB93986D2BB37A7F981676CEA35ACA5068C183C16334F482555F22C9D5A5223D032D5C84B04F2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..2...........P... ...`....@.. ....................................`.................................pP..K....`..T............<...5..........0P............................................... ............... ..H............text....0... ...2.................. ..`.rsrc...T....`.......4..............@..@.reloc...............:..............@..B.................P......H........i..(...........0....U...O.......................................(....(....*....*.......*.......*.......*....0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........MU.z.....0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*Ad..........

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsDatabase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):170328
                                                                                                                                                                                                                                        Entropy (8bit):6.475304499658319
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:FR761d9cCg9+zhOzcx9R0KvvvvnPPH6Gi5tPArrYeiYiPKiF15fJ2K/Krrii555V:+1TcpihOk0KvvvvnPPH6Gi5tPArrYeiA
                                                                                                                                                                                                                                        MD5:C4447F00C8AE467DBA6D3CE3E7E5AE70
                                                                                                                                                                                                                                        SHA1:9F085025B00112C976B6525BAAE7C3233BA2C423
                                                                                                                                                                                                                                        SHA-256:71FEFBEB2B693BA44CB45250880B873A818007093E003455DC4358471C28B440
                                                                                                                                                                                                                                        SHA-512:8B551C90679F8C7D108D2C9715EBB9DF960DFCDDCBB19C52361BACC2D6A4259A57E004767EFCF603574A2E4F5E38E7E064CC4041609F5F7B696B621C18324D40
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsDatabase.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0..Z...........x... ........@.. ..............................<.....`..................................w..K.......\............d..X5...........w............................................... ............... ..H............text...$X... ...Z.................. ..`.rsrc...\............\..............@..@.reloc...............b..............@..B.................x......H.......|l..`...............4k...w.......................................(....(....*:+.(Nf%^.(....*..0.............*....*....0.............*.0.............*......-....;.....0.............*........VV.Q!....0.............*............!....0.............*AL......Z.......q...................j...........................................*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*A4..............*...Y...............s...........!....0..........

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsJSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):223016
                                                                                                                                                                                                                                        Entropy (8bit):6.788381525293459
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:CBuq5tonhw9PY+fAKul0ZJXY9ooyJtTsbbiRl7m76m/GS+KKeA4dtrSspDMK:nqDOhw9PY+4Zl0ZFY9ooyUbc3Kc4dt/p
                                                                                                                                                                                                                                        MD5:AFD0AA2D81DB53A742083B0295AE6C63
                                                                                                                                                                                                                                        SHA1:840809A937851E5199F28A6E2D433BCA08F18A4F
                                                                                                                                                                                                                                        SHA-256:1B55A9DD09B1CD51A6B1D971D1551233FA2D932BDEA793D0743616A4F3EDB257
                                                                                                                                                                                                                                        SHA-512:405E0CBCFFF6203EA1224A81FB40BBEFA65DB59A08BAA1B4F3F771240C33416C906A87566A996707AE32E75512ABE470AEC25820682F0BCF58CCC087A14699EC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.............!..0..&...........D... ...`....@.. ..............................=.....`..................................D..K....`..D............0..(7..........cD............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...D....`.......(..............@..@.reloc..............................@..B.................D......H........|...............W..O....C.......................................(....(....*:+.(..4g.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*....*....0.............*.................0.............*....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsLogger.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):181184
                                                                                                                                                                                                                                        Entropy (8bit):6.53416223904584
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:f0AqxqD7b0Qv6wIMCP1Yr+Xle9WQJTrz96JiBRqMadYMBpCA5LH3d3f:sRkD/0Q7IMCP3ePOUBRqKep5j1
                                                                                                                                                                                                                                        MD5:4ECE9FA3258B1227842C32F8B82299C0
                                                                                                                                                                                                                                        SHA1:4FDD1A397497E1BFF6306F68105C9CECB8041599
                                                                                                                                                                                                                                        SHA-256:61E85B501CF8C0F725C5B03C323320E6EE187E84F166D8F9DEAF93B2EA6CA0EF
                                                                                                                                                                                                                                        SHA-512:A923BCE293F8AF2F2A34E789D6A2F1419DC4B3D760B46DF49561948AA917BB244EDA6DA933290CD36B22121AAD126A23D70DE99BB663D4C4055280646EC6C9DD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsLogger.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ky.............!..0.................. ........@.. ..............................&w....`.................................P...K.......P................5........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H.......ds..............."...}...........................................(....(....*:+.(...W.(|...*.".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsStubLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254504
                                                                                                                                                                                                                                        Entropy (8bit):6.540092185448124
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:TeGOfaXMwabZNZr4FgTPFw4+5Jb74HthVqbvIsx6vewjLbqzm9iViRJ:qfacHZsFgT15qb5MmwnliwRJ
                                                                                                                                                                                                                                        MD5:98F73AE19C98B734BDBE9DBA30E31351
                                                                                                                                                                                                                                        SHA1:9C656EB736D9FD68D3AF64F6074F8BF41C7A727E
                                                                                                                                                                                                                                        SHA-256:944259D12065D301955931C79A8AE434C3EBCCDCBFAD5E545BAB71765EDC9239
                                                                                                                                                                                                                                        SHA-512:8AD15EF9897E2FFE83B6D0CAF2FAC09B4EB36D21768D5350B7E003C63CD19F623024CD73AC651D555E1C48019B94FA7746A6C252CC6B78FDFFDAB6CB11574A70
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.\..........." ..0.................. ........... ...............................|....`................................._...O.......p...............(8.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......d...............p...h.............................................{ ...*..{!...*V.(".....} .....}!...*...0..A........u........4.,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*.*. ..f. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*...0..b........r...p......%..{ ......%q.........-.&.+.......o)....%..{!......%q.........-.&.+.......o)....(*...*...0...........(....}4....("...........s+...o".....}......}......}.......}.......}.......}.......}.......}.......}......(B....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsSyncSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):814440
                                                                                                                                                                                                                                        Entropy (8bit):6.475715690608882
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:DkaJoYf9Z+uUMidkp22We0cRxoJy5DPbTtsqq5dlgM7qcNmP1bGq06ZIEUKth1Ok:BJll87GY2q61llaOZBjKt5qqxG
                                                                                                                                                                                                                                        MD5:3068531529196A5F3C9CB369B8A6A37F
                                                                                                                                                                                                                                        SHA1:2C2B725964CA47F4D627CF323613538CA1DA94D2
                                                                                                                                                                                                                                        SHA-256:688533610FACDD062F37FF95B0FD7D75235C76901C543C4F708CFAA1850D6FAC
                                                                                                                                                                                                                                        SHA-512:7F2D29A46832A9A9634A7F58E2263C9EC74C42CBA60EE12B5BB3654EA9CC5EC8CA28B930BA68F238891CB02CF44F3D7AD600BCA04B5F6389387233601F7276EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lC. ("rs("rs("rscZqr""rscZwr."rscZvr;"rszWvr8"rszWqr""rszWwrv"rscZtr)"rscZsr?"rs("ss."rs.W{r "rs.W.s)"rs(".s)"rs.Wpr)"rsRich("rs........................PE..d...x6.d.........."......\...........(.........@....................................0.....`.................................................T........`..p.......xW..."..hK...p..........p...............................8............p...............................text....Z.......\.................. ..`.rdata...'...p...(...`..............@..@.data....F.......*..................@....pdata..xW.......X..................@..@_RDATA.......P......................@..@.rsrc...p....`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsTime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):132112
                                                                                                                                                                                                                                        Entropy (8bit):6.108828543862255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:vWGCIhUiWgomR1xGU5EplJLT7yPxB7a40oTrM8PNEmriC8f6v9RMjuLjGG79lxz:vWGjyLgosGplJLT7AwoTFGmrY6sWGGt
                                                                                                                                                                                                                                        MD5:DB36BB6B699417232D15D10147C581C7
                                                                                                                                                                                                                                        SHA1:616422CE3ECCEAFA37170179E6924BF3D2CF6AB8
                                                                                                                                                                                                                                        SHA-256:B262F3F36246510BB09E517986945AA022589370BDFBC0B54EC917486C25EBAD
                                                                                                                                                                                                                                        SHA-512:1A4E0E0449D60A3515E00C97E37324957E487E8FCDA69B293EB696A9F6DE37BB819395DEBC5F9B43EA3770EEE428AB6435FAB723FE46C6FBAC45D32C47226C0B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\rsTime.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0.................. ........@.. .......................@............`.....................................K.......D................4... ......`................................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc....... ......................@..B........................H........Z...i...........................................................(@...(6...*.0............j*.0.................*...j*....0.................*.0.............*.0............j*.0.............*.0............j*B(@...(6...(....*...".......*...".......*......l*.......*.......*...".......*.......*....(@...(....*:+.(r.S1.(6...*..0.............*.0.............*.0..........(@...8].......E........G...R...8.... ....(....( ...o....(!........ .....9....&8....(R... ........8....*(....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ru-RU\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                        Entropy (8bit):4.95281393774295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pZ2vdzqaLxW8w5/EtHjl+dbA5eI00QF7jiE3s8E:zaL88/sd0QF7jiE3s8E
                                                                                                                                                                                                                                        MD5:91AEFE5B351FB44F6254F938F6AF001C
                                                                                                                                                                                                                                        SHA1:2A5F15233F612065C865F024FD40F0A64E2F088F
                                                                                                                                                                                                                                        SHA-256:316477F3FB4FC8831721369C0D85211DD732C95DE7D44A4727AE97CD7E5181A6
                                                                                                                                                                                                                                        SHA-512:CC1472F27C9487FCB3137A9FC004B0B3448B0C1D8AE785BF49BACFE26CD0BA2EC86F8A4255EEF63055F717D702B6337C171701DD19437BFC02B729B403216141
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.................M... ...`....... ....................................@..................................L..S....`............................................................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................L......H.......hI..P...........P ...)...........................................).............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\ru\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.846136752240531
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:phbWWNv/jzSEfthb7O9JKggIOrCPPzm394in3fwB/CZPlAg1O5rxg0XWr:pN1NvbH7O9JKgglrCPChnYVC5A5rxg06
                                                                                                                                                                                                                                        MD5:DADE13E423762BDAE745D57CA3DC86EF
                                                                                                                                                                                                                                        SHA1:7B4122CBEF771C5548A7CB5641B6DB6743C8C3F6
                                                                                                                                                                                                                                        SHA-256:1A1D5FDAC027144BCAA0E8110F4DE717E80944420C59708B3DD8E2BD31BC7ED4
                                                                                                                                                                                                                                        SHA-512:77F5050BA87E8ABEB92298D16897D6CEC087FFB7B4C38442C854A0993B398DE529C15B5674ADAACFB3E39CE05165F05A38337B2DBD41E8A7D806751542F6E8D3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................~=... ...@....... ..............................>"....@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P ......................................w..4.8b^b..W..i8s....oz...t..tlhp...$.8p..c....U(O'....N.w`...<".1.w....?.*.0=z`Lz5..^....O...Q.....v..z...........`;..a..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sk-SK\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.898855209074261
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:dIYK1uOKGEXJ7hxwUmX+41C/TUMZc/ZgPPInsYJNM3TPGdTzXpPbf+oBumIJMr2I:d41uOKl7hx9mX+41CLUMZc/ZOPVYJN6U
                                                                                                                                                                                                                                        MD5:2B2F55CC12B72CCE0F75717719DEFFE0
                                                                                                                                                                                                                                        SHA1:AB3C57C0341C641E803B5606A5C86B6BE43A53E3
                                                                                                                                                                                                                                        SHA-256:0B0962F6E1A523CA3BA2CC7C154C7D9D6B1793C899338DE5DFB2C9EC957BF33B
                                                                                                                                                                                                                                        SHA-512:FE75CD8D2CC87AF60170114002836346C8CAC4504A976B6B0D687E73455CA90842340564DF69A033C420551F82265FC87DC70C04F371FCEDE4801B7E6AA7449E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........^E... ...`....... ....................................@..................................E..S....`............................................................................... ............... ..H............text...d%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................@E......H........A..P...........P ..f!..........................................b!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sl-SI\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.769719426822892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:9IYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZE:9TAGeXyuMxUY+iZWBei3gW0dFOaEe3CV
                                                                                                                                                                                                                                        MD5:5C464BD59BEA811B7193A2C0D1B55F3D
                                                                                                                                                                                                                                        SHA1:F92C109B53CAFEFF4882E9B033EB0E524436AE4C
                                                                                                                                                                                                                                        SHA-256:AE4C8375EA5A9588557576C3E67B06EF729D3F0C4E149F7A1F4BF6CD03121C25
                                                                                                                                                                                                                                        SHA-512:3FFD6E78CF363E95B4E98E34C0B4E61988D9BE443EE8145E79D1C01BC2AE02EB0C7C7E3C1385EC47142D8AA7EC9893516B75546577BDBEAF99C0646C202B859F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..P...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sl\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.767283673011951
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:6IYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZZ:6TAGeXyuMxUY+iZWBei3gW0dFOaEe3Cg
                                                                                                                                                                                                                                        MD5:A1BC35FF541202B1B8302AF5EEDF0C59
                                                                                                                                                                                                                                        SHA1:5627F0ABDB65260EDFF636AEF2786748B1D8AF2F
                                                                                                                                                                                                                                        SHA-256:7325E25AAA94EEBE2CA0AEAA86876F7922AAC2850D25D6A96D38D08EF1454941
                                                                                                                                                                                                                                        SHA-512:FB77EDB9F39694A6BE20C24360380123524372022016BB28A18580ACD25D3D5CDD3734929D557825AF3CBEC43D3FA95B9EA6AD7B0F1B8D232BD07C88801DE638
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..L...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\sv-SE\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.728082841655538
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jhIYShuTiGMuLj/kyxI0Nc/yGUbwMgWf2iPMXBSSky3WDeFzMShGOBZ7T3GyRKvJ:jhUhuTiGj/HxI0Nc/yGUbwMgWf2YMXQH
                                                                                                                                                                                                                                        MD5:BAD6B491D9EBA19ECAAEDC0835AC0AD8
                                                                                                                                                                                                                                        SHA1:3EEBBF39A3D75CACDB2E6D50C6A51AE0437AB077
                                                                                                                                                                                                                                        SHA-256:F53F2BE16A7880C44E3481E4427C5870BA7605E3F89D8E5A3B1C9612FA862E54
                                                                                                                                                                                                                                        SHA-512:BBBF536EE8A4193F32FAE546C734CC65425077A5BBE09A21763E371978C8FE750CAB97B0F68288E6BAF6635907D7C432F7FB2FA4A4A0D1E57FBE33314C436284
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\th-TH\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16896
                                                                                                                                                                                                                                        Entropy (8bit):4.850184119772995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PWmNyydz3LxBD5uSw84x/d/dfwJGTV/cEJviNhsFx55n5z5OPMuQ5m5rPzzSvooF:L7LHDFGh0EJviNhsFx55n5z5OPMuQ5m4
                                                                                                                                                                                                                                        MD5:937D53AE05673F6F15903AEA0D92C34D
                                                                                                                                                                                                                                        SHA1:D4F72F7E1FC1399FF5972CF6D6C5C592091C445E
                                                                                                                                                                                                                                        SHA-256:46C980F619B5C604A33BA25968C419EACA4DDDD85682E442C41911D523355379
                                                                                                                                                                                                                                        SHA-512:486CDBC9B4A7E1C36582C27A3A8B9464FE2D90EA29DD3DD81A268E03442CA76365C9EF33A33CCB7E64FF8A33BF15CEB6B10B3DEF37D7A6041B4837A11408B5C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....8..........~W... ...`....... ....................................@.................................,W..O....`............................................................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................`W......H........S..P...........P ...3...........................................3.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\31KME9I4\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):144
                                                                                                                                                                                                                                        Entropy (8bit):3.1465636617234907
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:fI/RJXrJlrLffKl8HbloIlrJKleEkKRlLEljlgbzQIl/:fyfK0bdlrElbkKvEljObEu
                                                                                                                                                                                                                                        MD5:7E4D096961406FA4F61A4D9048EDD003
                                                                                                                                                                                                                                        SHA1:51C44AC2EAD43EF4E25996C006D29E3AB3B690A0
                                                                                                                                                                                                                                        SHA-256:8EAC8EEC32115F3DEBB898F99906BF7A4EE5B234D50C3A1CE3A315AF6BFA3A33
                                                                                                                                                                                                                                        SHA-512:CB90FDD83FA4943B04D3BA165DE1DAEFC56D36DBD8C4B2819F6EAFB0A109D126C6D3315C169CCA2350717138426FA8B546B253BCA0AC1E72FD2F4BF32B640866
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.L.o.g.g.e.r.,.4...0...2...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.L.o.g.g.e.r...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\31KME9I4\rsLogger.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182920
                                                                                                                                                                                                                                        Entropy (8bit):6.549984856278825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5Uy/CR6dEfViQ+7gLmiEw/zrQUTkkySNP0dbNIprWrL:Cy/CVQILmil/zrQV2YbNGy
                                                                                                                                                                                                                                        MD5:E3FA0916F33BEE8A14F28421D2DCDC9F
                                                                                                                                                                                                                                        SHA1:FD3DCA4DB55E81EBFFC7609C5D63A4FFBD6629B2
                                                                                                                                                                                                                                        SHA-256:29AAFF11E775C800575B1A5D4160DAEC749DDE528E68BC3B6E9B340279ED991D
                                                                                                                                                                                                                                        SHA-512:FE96EFD3CF162BBB766634C3D90F707D868378DD04E47AA9D55C03E03130F54827F781639383B053C9335D022CCD6B244B67E586197C2B40D193DD58A4EE8CB6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\31KME9I4\rsLogger.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...oe.............!..0.................. ........@.. ..............................Y.....`.................................P...K.......P................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H........s..d...........t".. ............................................(....(}...*".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*........00......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\I3CEK9OD\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136
                                                                                                                                                                                                                                        Entropy (8bit):3.2283432741329237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:2OmwlrLffKl8HbloIlrJKleEkKRlLEljlgb+sMB/:2ZqfK0bdlrElbkKvEljOb+sY
                                                                                                                                                                                                                                        MD5:211A20EDCFA8EDB6054082B0C02EBF36
                                                                                                                                                                                                                                        SHA1:82091C0B6FF618A04D6BAA50CCD258997DB28CE3
                                                                                                                                                                                                                                        SHA-256:03E750521429FC58D552936101FDF8E4B8A5094998057EE09B5388930992AB41
                                                                                                                                                                                                                                        SHA-512:9C50160456A35EAE2919405206FDC670D5C6E09C6D617A6E148CD870A9ABD284EB62F53D95709F48D4C213F6E5B64F77B8090B2BE4F61452A374D967375DDFEE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.A.t.o.m.,.2...1...1...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.A.t.o.m...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\I3CEK9OD\rsAtom.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162816
                                                                                                                                                                                                                                        Entropy (8bit):6.4347197585730385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OX5TgLoWlo6zvLblsvv5Emm16e68QNmTNh3l2AuZejZnjjWr:KOom9Av6RvfltqEZ+r
                                                                                                                                                                                                                                        MD5:044D60780B0C40D3F9B0B5A3FC040948
                                                                                                                                                                                                                                        SHA1:2E16C926F11ED5FAAE22D9AF5D935748C57EC1F8
                                                                                                                                                                                                                                        SHA-256:7493F645BB04092AEE30A47A681494251C79A38A941C9A3D2DEE4293A265F428
                                                                                                                                                                                                                                        SHA-512:7653A0A46E3EB9331E92A09937754302F939100ADBFB283242C25BF0F73F8508D6F7E9D5AA08DBBEFDD14BF682AD7D0D77F4999B3274D329D281E22934C445EA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\I3CEK9OD\rsAtom.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..4...........R... ...`....@.. ....................................`..................................Q..K....`..T............>...>...........Q............................................... ............... ..H............text...$2... ...4.................. ..`.rsrc...T....`.......6..............@..@.reloc...............<..............@..B.................R......H........g.................1X...Q.......................................(....(....*:+.([.%^.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.u.....0.............*B(....( ...(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\MR83QL3Y\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):176
                                                                                                                                                                                                                                        Entropy (8bit):3.3436366606365846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:edJkHlrnRVRlVTlrLffKl885RApl0dhOEQlpQlyEklxlXVlKKYmDmA2dJkHlRTn/:eLkFrRVfKtPElsUEQEdkxiKtDmA2LkFt
                                                                                                                                                                                                                                        MD5:DED9F1DA2C69F4D499E183A18C0D7BDD
                                                                                                                                                                                                                                        SHA1:F01DB34D3AAE978D1C74553850C722A762054223
                                                                                                                                                                                                                                        SHA-256:0CBE21004DF910781BB062D44B466C413F9A75B1A0B7EA599185E26D0D85FB5A
                                                                                                                                                                                                                                        SHA-512:7927D8616B169CF83949F23A7A618CC0AAFA5051E1B721A57311AE4585A03C584FB4BFE2B27E555160036B99BA31244085CD0D30027BFEFCDD9D6D36880F92C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.S.t.u.b.L.i.b.,.5...3...0...0.,.,...f.i.l.e.:./././.C.:./.U.s.e.r.s./.j.o.n.e.s./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.n.s.w.B.D.1.4...t.m.p./.r.s.S.t.u.b.L.i.b...d.l.l...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\MR83QL3Y\rsStubLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254504
                                                                                                                                                                                                                                        Entropy (8bit):6.540092185448124
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:TeGOfaXMwabZNZr4FgTPFw4+5Jb74HthVqbvIsx6vewjLbqzm9iViRJ:qfacHZsFgT15qb5MmwnliwRJ
                                                                                                                                                                                                                                        MD5:98F73AE19C98B734BDBE9DBA30E31351
                                                                                                                                                                                                                                        SHA1:9C656EB736D9FD68D3AF64F6074F8BF41C7A727E
                                                                                                                                                                                                                                        SHA-256:944259D12065D301955931C79A8AE434C3EBCCDCBFAD5E545BAB71765EDC9239
                                                                                                                                                                                                                                        SHA-512:8AD15EF9897E2FFE83B6D0CAF2FAC09B4EB36D21768D5350B7E003C63CD19F623024CD73AC651D555E1C48019B94FA7746A6C252CC6B78FDFFDAB6CB11574A70
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.\..........." ..0.................. ........... ...............................|....`................................._...O.......p...............(8.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......d...............p...h.............................................{ ...*..{!...*V.(".....} .....}!...*...0..A........u........4.,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*.*. ..f. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*...0..b........r...p......%..{ ......%q.........-.&.+.......o)....%..{!......%q.........-.&.+.......o)....(*...*...0...........(....}4....("...........s+...o".....}......}......}.......}.......}.......}.......}.......}.......}......(B....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\QWYTBVMQ\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136
                                                                                                                                                                                                                                        Entropy (8bit):3.2577550388388063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:yxlrizRlVRlVTlrLffKl8HbloIlrJKleEkKRlLEljlgb1DxlRT/:yvitfK0bdlrElbkKvEljObRVL
                                                                                                                                                                                                                                        MD5:8BB2C27211D87D945C7DEA2A6D0610F0
                                                                                                                                                                                                                                        SHA1:44556E695F6A9608CEF5F5B36F77A3F14B7BEAE7
                                                                                                                                                                                                                                        SHA-256:C5D44160BE7B249FC238A042FAC98AF41FA0F87672B2AC25391C7EB5F7DA509D
                                                                                                                                                                                                                                        SHA-512:A917ADB19778289CDE6791036EB31D8C816BEA728D3559B743AAD9BB467CF212A8F9032176A6F9EAAD01C0D3358C27A989926AB7AE0797FD242024027AC5519F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.J.S.O.N.,.3...0...0...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.J.S.O.N...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\QWYTBVMQ\rsJSON.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224400
                                                                                                                                                                                                                                        Entropy (8bit):6.7771936576354355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:R7IEMtFMZZi+Ng9999994f9oMlnhcNx3Bn:BZi/MlevB
                                                                                                                                                                                                                                        MD5:FA63504382F4F3F92FA86841D9E97F29
                                                                                                                                                                                                                                        SHA1:0BDE02C98741BB24EAF501BD8E2D9738742CD042
                                                                                                                                                                                                                                        SHA-256:5F0764E1998464F63C6583F870DD3784921B752B91D8E450FE2C90153CB5E58D
                                                                                                                                                                                                                                        SHA-512:C8483D9060A6800C8DEDB4D5FEA7CDA346F742CA1A149C3EB608823209AFF1F00BFCC5B0CAF9C482C7B01D75F6E198EDFAE3B0100CB0DCA6E5B5F18336ABDEE5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\QWYTBVMQ\rsJSON.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3..............!..0..(..........nG... ...`....@.. ...............................)....`................................. G..K....`..D............2...:...........F............................................... ............... ..H............text...t'... ...(.................. ..`.rsrc...D....`.......*..............@..@.reloc...............0..............@..B................PG......H....... ...P...........p\......_F.......................................(....(....*:+.(.N.R.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*....*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):188
                                                                                                                                                                                                                                        Entropy (8bit):3.2422749900735943
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:AJ/5KlRDgYlARnFrLffKl8HbloIlrJKleEkKRlLEljlgbsYJ/5KlRDgYlF/:eKlVtARNfK0bdlrElbkKvEljObsWKlV3
                                                                                                                                                                                                                                        MD5:E167544155124FCA596A436E8633A332
                                                                                                                                                                                                                                        SHA1:C4AD9B66219F3FBD2BF245F07A2EE054755A8657
                                                                                                                                                                                                                                        SHA-256:0D8AC1873366CEFD9EE8C3408E8F5F27A206DD352754B948D19E835295D2A362
                                                                                                                                                                                                                                        SHA-512:AB66455A437AAEF89BE94FC2000EBF724F710F263BC7518098980E01320B28054EAC6B965DC73BDCD450218244A7EC22E7B168FE03FB15549013020A52760425
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.S.e.r.v.i.c.e.C.o.n.t.r.o.l.l.e.r.,.1...2...4...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.S.e.r.v.i.c.e.C.o.n.t.r.o.l.l.e.r...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\rsServiceController.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):179072
                                                                                                                                                                                                                                        Entropy (8bit):6.562871128885791
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fT9nvidN3G9nZm4feQPMYGQh5AB9vaTiYuzdNd6iB6KA5U:fT9nvDB75Fq91dNd6iB6K
                                                                                                                                                                                                                                        MD5:8DCD92DE516608670F57193D74824A3B
                                                                                                                                                                                                                                        SHA1:C67C347DFA47C2DB1628FAB8BF9906C353F33DD9
                                                                                                                                                                                                                                        SHA-256:96DB49DB4DD12B9F86144FEDF83AC7DC12D855C5D7E3C863FD5B1696966AC345
                                                                                                                                                                                                                                        SHA-512:E5FDE81AE57E68DF69FC7695B9E16D8C7D188A30A4D68FFB682A3DCFEDF2C028874145815AAD2F957A02B0EAD6AD8F1442635DFA580339816110E7B1CDBC0C0E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\WTQQ1MDW\rsServiceController.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.C............!..0..t.............. ........@.. ..............................".....`.....................................K....................~...=..........A................................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H........q..<...........$................................................(....(....*.0.............*A...........(...;...:........0.............*.................0.............*.0.............*......,....5.....0.............*......L..6.:.....0.............*AL..................Y.......................^...............~................0.............*......T..".......0.............*.0.............*.0.............*A.......C...........c.......B(....(....(5...*.......*.......*.......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\tr-TR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.887092087123451
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4IY4kciiGg/kISxvnmkYsPV+tIqMvhBhPYTua1j3SfDpu6WbyLWFTXLgNzCii7oJ:4KkciiwISxvnmkYsPV+tIqMvhBZYquLo
                                                                                                                                                                                                                                        MD5:BFCB9E414F0E29B774E81AF9951BCD02
                                                                                                                                                                                                                                        SHA1:13F936A2D2329011A11141D2943AD624B80B841A
                                                                                                                                                                                                                                        SHA-256:C73DB39422806BB509B76DEC7240EAD22EDFCBB41363955B25AB3C3A615BE3D6
                                                                                                                                                                                                                                        SHA-512:DEACB0BDC82ED27676793C594B07AA3083B63CE74B1C1D8B38261817450B6C380888FB1E5697EC03AE521074D5D3523A9E85F68D180FC273909D6B746C88517D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@.................................PE..K....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........B..P...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\uninstall-epp.ico

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174592
                                                                                                                                                                                                                                        Entropy (8bit):3.1176056240139736
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:URqHi9xDnRbDPi6ag9rucqkerzUCgIMSfZHqdefc8+YZ9:SqmpD66h9lqkerzgIPfF+efc+
                                                                                                                                                                                                                                        MD5:AF1C23B1E641E56B3DE26F5F643EB7D9
                                                                                                                                                                                                                                        SHA1:6C23DEB9B7B0C930533FDBEEA0863173D99CF323
                                                                                                                                                                                                                                        SHA-256:0D3A05E1B06403F2130A6E827B1982D2AF0495CDD42DEB180CA0CE4F20DB5058
                                                                                                                                                                                                                                        SHA-512:0C503EC7E83A5BFD59EC8CCC80F6C54412263AFD24835B8B4272A79C440A0C106875B5C3B9A521A937F0615EB4F112D1D6826948AD5FB6FD173C5C51CB7168F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ ..1..Vx..(....... ..... .............................................RRR....n...........e???'..................................................................q...................................................................y....................pppQ...........WWWC........vvvF...........```8............................1116................YYYC...........}.........................................................................................................................................................888,................1116.........................|Z....b...........5551........NNN3...........sssM.....................................................................................0.................................6....................{{{Mzzz....2...W...................M...6.......................0..............X...&...........#~~

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\uninstall.ico (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174592
                                                                                                                                                                                                                                        Entropy (8bit):3.1176056240139736
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:URqHi9xDnRbDPi6ag9rucqkerzUCgIMSfZHqdefc8+YZ9:SqmpD66h9lqkerzgIPfF+efc+
                                                                                                                                                                                                                                        MD5:AF1C23B1E641E56B3DE26F5F643EB7D9
                                                                                                                                                                                                                                        SHA1:6C23DEB9B7B0C930533FDBEEA0863173D99CF323
                                                                                                                                                                                                                                        SHA-256:0D3A05E1B06403F2130A6E827B1982D2AF0495CDD42DEB180CA0CE4F20DB5058
                                                                                                                                                                                                                                        SHA-512:0C503EC7E83A5BFD59EC8CCC80F6C54412263AFD24835B8B4272A79C440A0C106875B5C3B9A521A937F0615EB4F112D1D6826948AD5FB6FD173C5C51CB7168F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ ..1..Vx..(....... ..... .............................................RRR....n...........e???'..................................................................q...................................................................y....................pppQ...........WWWC........vvvF...........```8............................1116................YYYC...........}.........................................................................................................................................................888,................1116.........................|Z....b...........5551........NNN3...........sssM.....................................................................................0.................................6....................{{{Mzzz....2...W...................M...6.......................0..............X...&...........#~~

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\vi-VN\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                        Entropy (8bit):5.075990223518278
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6p4EAT1bY2bx1CxHdO35YFInizzX83tNeRFYMvF2MV3s8V:XblbzC5jmtNeRN2s3s8V
                                                                                                                                                                                                                                        MD5:A974C4DA769FBFBC71993A5AD9A45672
                                                                                                                                                                                                                                        SHA1:8267CA96388DA057CF799765F0F292B3515141D0
                                                                                                                                                                                                                                        SHA-256:4F5549DBA22CC5B8A453F34A7CB398E058578850D1902CDE7CE6296A07BD9C8C
                                                                                                                                                                                                                                        SHA-512:E620970607DAA0D8A3D47CC2F34414763E06807EED930FD7CC561CE27D7C47300D5367777036A049F0E30DC818E535C7710264901972CEDED648BD5E6737716D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....*..........NI... ...`....... ....................................@..................................H..S....`............................................................................... ............... ..H............text...T)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................0I......H........E..P...........P ..U%..........................................Q%.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.701646036890297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:HWWNv/jzSEhtiBbSEmfO2mdqeCtzEc6yCPVDA1L5rxg0XWr:H1NvbcbSEm22mdqet+wh25rxg0XWr
                                                                                                                                                                                                                                        MD5:3CEFEC17BAAC089C54C8102A4CFD160C
                                                                                                                                                                                                                                        SHA1:A54CD9BD4181A591937A99BE88BEB006279837DE
                                                                                                                                                                                                                                        SHA-256:AAFBE48966DBC5372A308AB9501245CE261D2715F336AD1908C799D354C981A2
                                                                                                                                                                                                                                        SHA-512:2D45193662C7CE2854CE2D3EE53AE199E094D09BC76D8D8A8E36B24EA60400A5F064CA16CE0078FE6CBDF4117C22565C04E47B99CD99868254C915DB6D18700F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ...................................@..................................8..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................%h...P...y.7....ON(..U.~vT]h.e9dfp*1...oDL..1.M..6.Ku...^5....RE.')f.$......{...mcc......E...g.l.Z.q..M..@._D.{...,...S....................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-CN\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                        Entropy (8bit):5.079861170865273
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4IYXbXbaQGf0wwrCwYxzJSKqdy6eY5R6Q3Pyt7g0mY3IC1wx+bDqhbXpVuieenTh:4RbXbaQixwYxzJSKqdy6eY5Rt/A7c+hu
                                                                                                                                                                                                                                        MD5:63C01E27482A86F45C5FC0B71B947B9A
                                                                                                                                                                                                                                        SHA1:8E574221E887B696FCE2AD6EDEF5A626704C85D1
                                                                                                                                                                                                                                        SHA-256:58A32C192D409D82590E015DF80D2ACB0FE93BC171B71F5ECA608873E59A0EC4
                                                                                                                                                                                                                                        SHA-512:F44D7647D01BD7EDB5B3C85792A428E08AD9A7B374E4EEB0E04BE442315BA6966A747430AD7F2C529AA7FCC5367C92E17C375A551C0C22CB93EB27648CABF925
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....$...........B... ...`....... ....................................@.................................DB..W....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........>..P...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.728551774224484
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JWWNv/jzSEhtimYtEq40uI7Sr2fqmxkNeo7R7L7c7xM757odHK9nPol1f5rxg0Xq:J1NvbOtEq40uYSatEdHwWloA9Pk5rxgJ
                                                                                                                                                                                                                                        MD5:833F269BA6F0C34F49273DA7FBD7DCE7
                                                                                                                                                                                                                                        SHA1:D0253D322DCDF7F54E37C7E8911A8B77670D2967
                                                                                                                                                                                                                                        SHA-256:F8C769A357E6CD27452835E5288FE515FB50BFEEC83EF3969975171174B467E5
                                                                                                                                                                                                                                        SHA-512:4FA315E23D985AFFB46F6536CDF2DDC1B882F47098EE2D5A4B954DDEEB8904D1C83182B1598E4948A59728339945307B699A147ECD813C0F91986D95BDC57184
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ....................................@..................................8..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................gh....R.xns+....2..b]...c........W|..C.....\*.~w.?.....%...M.}..K?.`.Y.0%U..........I.:f...p.EB.....]O]..4Sy'.D4N..................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nswBD14.tmp\zh-TW\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                        Entropy (8bit):5.069203865429364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:YIY26Y9TGjEWVWxzJS9gSKiLHQhcScP/yggS2w3tWGPO4JRy0ty6WGbdIY9MAFXH:Yw6Y9TEVWxzJS9gSKiLwhcSSqgwmMGx/
                                                                                                                                                                                                                                        MD5:0F745522B433B128D871F64E5157370C
                                                                                                                                                                                                                                        SHA1:50C7EC58E9C7B9CB4A806A7DC282B59269D31C24
                                                                                                                                                                                                                                        SHA-256:3EEF10F7ED70B4CBE19EDC46555F8C9CEC54D7099AF12C1EA40F753F17BEC4B8
                                                                                                                                                                                                                                        SHA-512:3CD8D722B27096FCA0B914B49208FFAFA8F90044A6E5ADA915BC9F68E46F7B584F381568A23812B15B8B0AE5F1270A5C7FC4B8065EDF65AC3C32575B9247B1C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....$..........~B... ...`....... ....................................@.................................$B..W....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B................`B......H........>..P...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ArchiveUtilityx64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):153872
                                                                                                                                                                                                                                        Entropy (8bit):6.328830993497698
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:RAZpz3eQkXBlJ6pM91zgrn4oul5ntwc0sOct7Bml+:RAvzD6l0+1grn4vtX
                                                                                                                                                                                                                                        MD5:EC2D7737E78D7ED7099530F726AC86F9
                                                                                                                                                                                                                                        SHA1:8F9230C9126DE8F06D1CDDAA2E73C4750F35B3D9
                                                                                                                                                                                                                                        SHA-256:DD034654CFFD78AABC09822A9A858ECF93645DCC121A4143672226B9171C1394
                                                                                                                                                                                                                                        SHA-512:E209784FC2338D33834101AC78E89CBA6C1DA144E74330FD0FF2A2372E70316C46C2189B38B34B18B157C9221A44760D20BCE8549573FBEDA248D4CEB03E8365
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.1.q._.q._.q._.:.\.t._.:.Z..._.:.[.{._.#.Z.n._.#.[..._.#.\.x._.:.^.r._.q.^.,._...[.a._...V.s._..._.p._.....p._...].p._.Richq._.........................PE..d...i.Ef.........." .....T..........0................................................I....`......................................... ...T...t...(............P.......$...5......P.......p...............................8............p..`............................text...`R.......T.................. ..`.rdata..p....p.......X..............@..@.data...P<..........................@....pdata.......P......................@..@_RDATA.......p......................@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):349024
                                                                                                                                                                                                                                        Entropy (8bit):6.20955325822065
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:51sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfV:51sSmRIt/xhtsOju1DH5NXnIKAco
                                                                                                                                                                                                                                        MD5:192D235D98D88BAB41EED2A90A2E1942
                                                                                                                                                                                                                                        SHA1:2C92C1C607BA0CA5AD4B2636EA0DEB276DCC2266
                                                                                                                                                                                                                                        SHA-256:C9E3F36781204ED13C0ADAD839146878B190FEB07DF41F57693B99CA0A3924E3
                                                                                                                                                                                                                                        SHA-512:D469B0862AF8C92F16E8E96C6454398800F22AAC37951252F942F044E2EFBFD799A375F13278167B48F6F792D6A3034AFEACE4A94E0B522F45EA5D6FF286A270
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._O............" ..0..............-... ...@....... ....................................`.................................0-..O....@..................`;...`......(,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d-......H............V..........`...H....+........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):550984
                                                                                                                                                                                                                                        Entropy (8bit):6.672465900343423
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:nZLZVgIQtZM1A0+Nwhq3drt0ZAPKYZzrOZW4zlK:nZV661A0ue8lCZAPHZzrOZW4zl
                                                                                                                                                                                                                                        MD5:31CB221ABD09084BF10C8D6ACF976A21
                                                                                                                                                                                                                                        SHA1:1214AC59242841B65EAA5FD78C6BED0C2A909A9B
                                                                                                                                                                                                                                        SHA-256:1BBBA4DBA3EB631909BA4B222D903293F70F7D6E1F2C9F52AE0CFCA4E168BD0B
                                                                                                                                                                                                                                        SHA-512:502B3ACF5306A83CB6C6A917E194FFDCE8D3C8985C4488569E59BCE02F9562B71E454DA53FD4605946D35C344AA4E67667C500EBCD6D1A166F16EDBC482BA671
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'............"...0..l.............. ........@.. ..............................b.....`.....................................O.......H............&..HB...`..........8............................................ ............... ..H............text....j... ...l.................. ..`.rsrc...H............n..............@..@.reloc.......`.......$..............@..B........................H.......d<...a..........@................................................0................(....s....%r...po....s.........~....o....%{...........s....(....t....}....~....o....%{...........s....(....t....}....~....o....%{...........s....(....t5...}....~....o....%{ ..........s....(....t....} ...~....o....%{!..........s"...(....t....}!.......~....o#.....E............'...9...........o...........8....~....o$...s ....~....o$...s.....+h~....o$...s.....+V~....o$...s.....~....o%...~...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):370744
                                                                                                                                                                                                                                        Entropy (8bit):6.110296146366327
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:eruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cm9:tNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeE
                                                                                                                                                                                                                                        MD5:110DE32AF906E9EED32332B785F90BD4
                                                                                                                                                                                                                                        SHA1:37CA7AF131A5DB1E06CB36DB2943C7A4E6F0D8E9
                                                                                                                                                                                                                                        SHA-256:598ADB6F4A7362FEDF047CE7282F39C0C7DA264CEA10C0C39870932EE1CEB647
                                                                                                                                                                                                                                        SHA-512:555A006B4B5236D6E6B76C6A8C79A8B0C3E350DE42A0A38C792BFE65B3E7F99A232261A1BF8B357618168FDE7E7C2E3281F38E05D20451FCBABCA15FE35A02C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.].........." ..0..b..........j.... ........... ...............................;....`.....................................O.......$............l..8<...........~............................................... ............... ..H............text....a... ...b.................. ..`.rsrc...$............d..............@..@.reloc...............j..............@..B................L.......H...............................`~......................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(......~;...(<...,r.....s....}.......}............{............%......(=....%...:....%...!....%...%.........%....%.........s....(....*z.{....,......(=...o>...s?...z*..0..'........{....-..(......o........(A.....}.....*..................0..T........{....,K.{....o@....+...(A......(B.....,..o;.....(C...-...........oD.....{..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):75800
                                                                                                                                                                                                                                        Entropy (8bit):6.0263750749193274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:r784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAA7yxpD:r7NV8v36tI0XCKAAQD
                                                                                                                                                                                                                                        MD5:7AF831F20C4A0C5A78A496AFB62F28BB
                                                                                                                                                                                                                                        SHA1:4380A7C2ABE739B49F568AF70D8DAB8371B10687
                                                                                                                                                                                                                                        SHA-256:01DCA2D3EFEDD9F4269427E949E8A3BE64686D8ED84EA863389EF2449B6DC8E3
                                                                                                                                                                                                                                        SHA-512:11713885D4A11B49088EA220963AE6FE6519EB6B0499D3CE85AAD1EB95ACEE4B5F357AD9EF07D8E20721596B510B8D43138BE9AA6C4DE24DD78D5FEFB88D0CAC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P................2...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\cs-CZ\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.880723781358086
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ZIY1pQ8vGO4xToxMi5eX2zUA8rYgLIgPrEyz23tMuuVWJkYUECd1Vl7Iru+M3YVe:Z3pQ8vQToxMi5emzUA8rYgLIOrnz8uuw
                                                                                                                                                                                                                                        MD5:3691CD9A157D027569A203DCDDFB3336
                                                                                                                                                                                                                                        SHA1:9D9D158B6683CD0CD570A235333303137C890A25
                                                                                                                                                                                                                                        SHA-256:917DD83D6CB87ADF9ECC3F0F17E5266C6C1E435CE966B45760E7C0244A0FD4A0
                                                                                                                                                                                                                                        SHA-512:8F41C6C052C4440CDC6C45A21E42F102B7677462E2D78A2F78261DAE80FA7DCFEC8BCF14A5BB9BFD101477B983411435E56A92DA304E7DA47FFF6A933FA3CA9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........>E... ...`....... ....................................@..................................D..O....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..P...........P ..J!..........................................F!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\da-DK\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.7480840345925746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:FIYRN3EsGGj3fvKEx8rUrb+M0lIVixNPqDGomU3WUeQoXjAUwMXrAfeMA7AWmBHP:FXN3EsVfvVx8rUrb+M0lIVixNqiomyJD
                                                                                                                                                                                                                                        MD5:98B6DF5F4E0F1D34A0BD3DD49F92D82B
                                                                                                                                                                                                                                        SHA1:B69000A0998055612EA5940D4B1D5F2CE07AE427
                                                                                                                                                                                                                                        SHA-256:3E7D3946C5EFEB9F7A27AE43DE75F1A1D0AF34CCBB69F857217BE97BD28C0761
                                                                                                                                                                                                                                        SHA-512:833B5E0FC14E247E788D59A7D21EDC7F6DB1FF0D9378A77FB13F25CCFBEA820623B2B5F9823AE409D7EAA3B5526AA61BB367BF83BEE2A33263457FD3049D3FB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..O....`............................................................................... ............... ..H............text...4%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........A..P...........P ..<!..........................................8!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\de-DE\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.758334824355771
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:45rayxOPAxMtzTxCmf6hC/s2TvOFk6AOPh3+yFdmyndw3s8i:NPAKtnHOdvPhO2dmyndw3s8i
                                                                                                                                                                                                                                        MD5:00B5369BCD510787679CFAAFB478217F
                                                                                                                                                                                                                                        SHA1:26A44A1B05FE4314D8CF1D810B759B6A5BC74385
                                                                                                                                                                                                                                        SHA-256:3B8B89C4241F5E8F0FD101BA84B13B37F40D37F3FF2739CB6C6332B56BEF88CE
                                                                                                                                                                                                                                        SHA-512:2F6E14A3B06ECB053C261E62058CA99F2E365A88182C02DB4F60231BEA2525A31260A6980187798D8B1685F87E9A307EB928F279F67A6CB139AD6481D421FFD0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........F... ...`....... ....................................@..................................F..W....`............................................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................F......H.......4C..P...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\de\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.557060180794725
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:0MiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufP/1S5rxg0XWr:0D1Nvb5adVl8P2djJMZJSGu3A5rxg0Xq
                                                                                                                                                                                                                                        MD5:F83D720B236576C7D1F9F55D3BB988F9
                                                                                                                                                                                                                                        SHA1:105A4993E92646B5DBB50518187ABE07CA473276
                                                                                                                                                                                                                                        SHA-256:6909A1C134D0285FBA2422A40EA0E65C1F0CA3C3EF2B94A1166015AF2A87780F
                                                                                                                                                                                                                                        SHA-512:FD8A464F2BC9D5B6C2EFA80348C3A9362F7473D4D632B2ADDAD8C272E8874E7E67C15B99B67E6515906B86D01D57CD42F9F0F1E9251C0AF93A9391CCC30E3202
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................-E....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P .......................................z..).........*SE.1r.2K58\p.`1....SJ..G.f0d.W.oQY....&1+E..z..:@.n@........S.XEp=C... T.q.l....S.Kg....%..l..._...0..'.+................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\el-GR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                        Entropy (8bit):4.985483869790037
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:inpUcW/WJsxvxwKW9iu6Wxtp701zA27r+PMvozTi3s8o:QJs5xEGzfOPMvM+3s8o
                                                                                                                                                                                                                                        MD5:9B86D1ED1D99DDB84B5FB7CF176B3F8F
                                                                                                                                                                                                                                        SHA1:2E1C164816EE2DE6AC4E3BC6A61214D72516632A
                                                                                                                                                                                                                                        SHA-256:71093535EC2E97398B13385A7BA9E7AAC046F190FE06BD68E057C8EA0DA1AFDC
                                                                                                                                                                                                                                        SHA-512:134985A9A7AE78593A760D362C57F430AEB1920E6E7517684DA78573702796E381D99A8DF191A9DFA3BAC9AD1EB6CCD71E7DB40ED4DC9DE76ECFEBD075F98355
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....2...........P... ...`....... ....................................@..................................P..S....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......HM..P...........P ...,...........................................,.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\es-ES\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.714281072425133
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:+IYVmGe/VGuDqni6wxCjfp3DocEs5dMvGPcDonP33TewxlhiYwEHU4dIyrokBD7r:+uGe/V0ni6wxCjfpzocEs5dMvkcDqPDR
                                                                                                                                                                                                                                        MD5:86FF4304190B9ACDCBC4034A8EB910F6
                                                                                                                                                                                                                                        SHA1:B5D597F31963B35DDE1B024523B5AFDCA9AA454B
                                                                                                                                                                                                                                        SHA-256:6F5F0BA42A1C4EF8A7CD4B504E959173FA3AC8782200E48548681F7209C1927F
                                                                                                                                                                                                                                        SHA-512:AEE1A0F3A426A77BA0B9D4EDF8E9EAB2D1B6D9BC2B5379D716F9850021A1816B09F37DEBBEB5E3395B3214AE3F4CC93612AE289344548CEA00F3C8EFF6FE509B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......dA..P...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\es\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.425694157692337
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:r0WWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAP9115rxg0XWr:r01NvbGVxx6hUltfxgE00cLF5rxg0XWr
                                                                                                                                                                                                                                        MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
                                                                                                                                                                                                                                        SHA1:1456FFE09DF896271A746F9CB40A230F188AD397
                                                                                                                                                                                                                                        SHA-256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
                                                                                                                                                                                                                                        SHA-512:1230E5368D4DAB9776D57056993669327E95FE72E262EFA541ED5D43ABC1BCD3618DB13B6BD6B3A27DA053C103E3FB647EAE759CCAEB443F7D9FFD1ECAA1122B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................n:... ...@....... ..............................pi....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P .......................................2M.. ,.,]...).].....@.l..~.u.....Oz.B.{~*;.......6\..s..$_BZS.b..x.S....-..g.......Jr...{...E..F...s..sa.p.eS....X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\fi-FI\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.723886741305548
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:kxIYXkNcDGwgTsxJoRxAM2+9Ul/laxRe+PE8v+GA3kr29zrJzfPWCiqxskBbHUiJ:kxRkNcDtxJMxAM2+9Ul/laxRe8ZGGWgI
                                                                                                                                                                                                                                        MD5:94BF9DE34C0870791640AB7067F0D24A
                                                                                                                                                                                                                                        SHA1:B21458166F08902EBFE2A4F68CAF3945ED5364A8
                                                                                                                                                                                                                                        SHA-256:37CBEC3559E5536DA35D87D72EF8EA37D98D70265C921A0ACADF75695A14331C
                                                                                                                                                                                                                                        SHA-512:A0E09D4E9F15589043AB2D071F5004AD00F8FE58E85491F32C0D76C8F5CB8EEF95B069A2D532638CB812C05A15BF50A442D8649884E78ABE826E32DCDBD27E7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\fil-PH\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.402460029334098
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:60Zne9hwoGBjeCipxwU6LOl+DDUbqN4PPjjDr8d30LfmJyXOhZCa2m5sml+T9lmc:60Y9hwoEipxwU6LOl+DDUbqN4Xjz8V4F
                                                                                                                                                                                                                                        MD5:DA6B3FE38876D703F7D39B163DDD8BFC
                                                                                                                                                                                                                                        SHA1:F60B54DE800A5DBB535BABD2667C9FBD9C37766E
                                                                                                                                                                                                                                        SHA-256:93D2A195E47C1C1E11A2B6960B47C7B4B043CD5CE6A0723AF06CAC91E292F50E
                                                                                                                                                                                                                                        SHA-512:8A261C61D441E6EBA09BCCDEB8E2C94CD540AA9F07631B477431C717F3F111E4B10819EC8524531584561A6C9FA3C785ED082429D6BB97587EBB074BF357515C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!..... ...........>... ...@....... ....................................@..................................=..O....@.......................`....................................................... ............... ..H............text...$.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......x:..T...........P ..'...........................................#..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....Q.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..]....b..`............)...s..%'..JA*......>.$.\.&...'

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\fr-FR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.838168365990566
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:gY0al1sBIxgyFzjXZfu14MpXrOUDlK8yXahGY7uXn3s8D:eBImyDM5DtyXwGY7uXn3s8D
                                                                                                                                                                                                                                        MD5:9EA4BCD8D3C7599A5A8BA78FF9B11C3C
                                                                                                                                                                                                                                        SHA1:2C859731430A4FA3D82C4CD5088167CF31536969
                                                                                                                                                                                                                                        SHA-256:C576EA42CEFE28228C341488140C7FCF24DD063FAB2B82D563794772F82B97BA
                                                                                                                                                                                                                                        SHA-512:61AD6B22DADFA30BA4FAD527BC564414981EBB6F5EB0C7D224ECF1BBA093D071DD3544E08ACB90C4D95505887457C65B44447B6ABB0E2F97E482477CC9E4DD51
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........G... ...`....... ....................................@.................................HG..S....`............................................................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........C..P...........P ...#...........................................#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\fr\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.588569516197988
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:YWWNv/jzSEYtPpmKJiDjgmlRFI0HYZDKz/VP81g5rxg0XWr:Y1NvbdKJiDjgmlRi0HYZDMp5rxg0XWr
                                                                                                                                                                                                                                        MD5:3B4621370ADDCF4306669C9E7E45C865
                                                                                                                                                                                                                                        SHA1:EA1AB3C499E946E152C1FC4A63FA99E1F9BE94B4
                                                                                                                                                                                                                                        SHA-256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
                                                                                                                                                                                                                                        SHA-512:586755F32D16AFD937BFC1FE3C52210AB815D5D4C904DE101150FA052A94BABFCBDC465669FF8C2537B782474658D7912037DDB76D8C9A8FD34715D1FE7B2857
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^;... ...@....... ..............................1.....@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P .......................................ME....P.<......I.J...Q'D........................X7..'<F..q..o.6G..M-.$.v..i.>...z..'....OV?....+.9..V........I"..9........;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\hi-IN\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17408
                                                                                                                                                                                                                                        Entropy (8bit):4.803116867134068
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:RME5h/2kXJsxw5w2UW4ctvHU+Th60iu2F6mKVZnCyJT2ox8mn9THjI5gE2ac763E:1XJsO57hOt9AZnttxKq43s8Q
                                                                                                                                                                                                                                        MD5:DF8CF1F932DD7EAE2CC87719B76FB8BA
                                                                                                                                                                                                                                        SHA1:425089FE01D9C1643CA7A060C55123D20507677A
                                                                                                                                                                                                                                        SHA-256:5F099F8F37757B98C5C51FB4DF66914E5F155394A349ADAF00211382CF8CF739
                                                                                                                                                                                                                                        SHA-512:D07EA9CE1DC8B09EAD0B1ED3E48CC71083D750BE0119F1C8587B3E13DC3598E7B6B06F365AF4B809BEA41280190090409B44079BCEA472CDD3D864456E762C2F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....:...........X... ...`....... ....................................@.................................XX..S....`............................................................................... ............... ..H............text....8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................X......H........U..P...........P ...4...........................................4.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\hr-HR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.741373437056816
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:eIYVdDpBwGpkiVlZPxZlrPy2o92kGetEQyPIlUVKC3JDsS7qSmKV/4jNni67gXWu:e1DpBwSkoZPxZlrPY92kGetEQII2oANX
                                                                                                                                                                                                                                        MD5:5F2E0A3D771F9E03D216D81B522C5E2F
                                                                                                                                                                                                                                        SHA1:C49814ACF4A82130F17DF52074DF16DFFFC216F5
                                                                                                                                                                                                                                        SHA-256:8F102C7A9F03EDFDBE5D4DF6873418E510F44D8B72D5D47752083832445E1D81
                                                                                                                                                                                                                                        SHA-512:711D5AF717C65B35D758E9F25BD426CE5084C847DC24194030B08CE9C22A40DFE3E5FD8100061663EB9F39B3DF19A8DBC3F23794F79DEA96D81A8BE7397C7306
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................hD..S....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\hu-HU\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.799981772302711
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qdpTgTI4gNxtBqu+p5DXv00jiOKQosgcekILk0pltfN3s8Z:64gNrBnOVlgcekILfpltV3s8Z
                                                                                                                                                                                                                                        MD5:FFCDA4B7ADA1943FE544DC922FA8D827
                                                                                                                                                                                                                                        SHA1:3A332F235E0AFB51D40D3D8890F79803842944A4
                                                                                                                                                                                                                                        SHA-256:841F86E4911D4593E5EEC47DD28AA1787188D0100A3703ABF23735B2BBF53854
                                                                                                                                                                                                                                        SHA-512:E406100AC71F7A0414DFF5C3F4A13EDA4193F3801B6C4EE150B0D410DA9A1373C4E1F3B3741C625DAF80C3254DD1B162DF87C2B3286303DB5A584C4950954208
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........E... ...`....... ....................................@..................................E..K....`............................................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................E......H.......`B..P...........P ..."...........................................".............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\id-ID\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.681398214710318
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:rqIYIZcKqG4ny8ZxSWuwCoBWidWjZdPAhDHPBg37eXCIKKXgXruQm8X0tF8HgGC7:rqOZcKqG8ZxSWuwCoBWidWjZ9AhLJ2Sx
                                                                                                                                                                                                                                        MD5:AD401434A4B7FB07085090031EE973D6
                                                                                                                                                                                                                                        SHA1:D32A3E0EEF3030392710A4BF5D1DF1614B41BE53
                                                                                                                                                                                                                                        SHA-256:BE8FFDC0C6EF5811888F8ECF282937DFBDE51996122B3A5CBE601713DFACE368
                                                                                                                                                                                                                                        SHA-512:DB44A2A0E0848BBCB9059F4A4E006EDA504717895F2E4CDB9519A3D3ED9D6CC91EC37B94F816BFA9EC888EE9D25251660E2256281B739EF1D7DA109B177AF55C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................xD..S....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......(A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\it-IT\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.7677799255744775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:nIYr9kupX/Gdq8SQxZdNYobyRXvujVf9UgPw/ev3nww3OajMRD1TLIjB5leULIp4:n3kupX/GSQxZdNYBRXvujVf9UOwGvwwX
                                                                                                                                                                                                                                        MD5:3601A9397A28672E9A038398590D50A5
                                                                                                                                                                                                                                        SHA1:13FD281302DF60AA4EC59CC82E13B6BA4423842C
                                                                                                                                                                                                                                        SHA-256:EB9F211091EFB9DF6167642FBAD48C6C4A0F9CE252283D63C6DE2378C8008C8A
                                                                                                                                                                                                                                        SHA-512:099868493D34AF70DD2BAAF8F44BB83DA18F9A2A95006CE1F8AE1F9A6A1B1C7DDFE091BB283273A6ABAFC00004A2005A720CDDDB57993BE49FCD2D17FC3F2F23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................E..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......4B..P...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\it\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.368637490829895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vOiWWNv/jzSE5tyT1TNgr1nJIhZAf/07mPD1q5rxg0XWr:v11NvbGTNgr1nJI3+07MM5rxg0XWr
                                                                                                                                                                                                                                        MD5:1C331DA4BCE2809E16913C02E385576E
                                                                                                                                                                                                                                        SHA1:CF8E71E030347749596A53D1B13B9E9583EC0527
                                                                                                                                                                                                                                        SHA-256:1D0493E38D8B3FCC7EFA4916FEA1EEA69EE6449BF435E1869C1BC3F54D4090C5
                                                                                                                                                                                                                                        SHA-512:2871119690F3DF0F244384A3F5F65FFE7CF17F1F00F6B530512AEDEB8397C9E357079E8FBA76D2A5BF6BE4E2B18E4AC1AC104EA2D29F8F40CEF6F30A905ECF83
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................9... ...@....... ..............................GR....@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................M..+..u.3...i.7.[H\G.4D..dy.*p..L.m..4.....d..dZ...m..f../.@..GXQ.. ...$..."a......-....4..pS.5`@...;.`....Q..mHBx3..w3,!................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ja-JP\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.091016496791667
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bxwAHD6CkxQdCnvRl/oRHx8asale681v/z3s8V:qCkSdK0t81vb3s8V
                                                                                                                                                                                                                                        MD5:D95F7D238CD97260458ACB3D389246EA
                                                                                                                                                                                                                                        SHA1:864A3DD1E45B00CC571F2568B08E7566DDCCC475
                                                                                                                                                                                                                                        SHA-256:0C051B970ACF895BE6FDE7919A7AF780E3219AE19D1818C3E5B4FCDA476D00F5
                                                                                                                                                                                                                                        SHA-512:FC4A66FA2FE8B74C42852D5B41EC813221DD593FD2DE9EB5B6705D81841947264F53095A06DEB6E1B4DD914E90772EFE849FA9D6F584DD86C502F7123FD79A67
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....,...........J... ...`....... ....................................@..................................I..S....`............................................................................... ............... ..H............text....*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................I......H.......hF..P...........P ...&...........................................&.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ko-KR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):5.202077256063847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MFWuuyUdKvx4W9SxBmJsEMGFW/uuH2LlLTDUCl9w5JHJ8/uDO3s8r:vdKv+WqV2ZLToU9wXi/uq3s8r
                                                                                                                                                                                                                                        MD5:A482D56B4F3E8D89919B2BED266D1D0D
                                                                                                                                                                                                                                        SHA1:660491A4A6CDDACFE38749C18476C6759063FA61
                                                                                                                                                                                                                                        SHA-256:DFBB9EA022BFF44DDCF3848DE95405F4ABE51EA2D047AFF831FF30DADBD7EE8B
                                                                                                                                                                                                                                        SHA-512:AFCBC13E805B2E4EC015717D148DA83E09349CAF58AB89099163B8B1989C3B484B6610695F2DB15B3B27AD7207DA970E553B8C40F7CACE84E612695A2C3D2DB5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....(...........G... ...`....... ....................................@..................................F..K....`............................................................................... ............... ..H............text...4'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........C..P...........P ..=#..........................................9#.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\nb-NO\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.693986975113909
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:NIYfsK6eGOy+v3qxh7EFBYn1p4hVYTPMPhT9CEGF3aN3MfCExO4MV09J7wcLaaEN:NZsK6epv3qxh7EFBYn1p4hVYTqhTAEGE
                                                                                                                                                                                                                                        MD5:72DF7D8DAC9CD362BC2BF463369EF420
                                                                                                                                                                                                                                        SHA1:9D4F4C26617046001F7750D69E7075FA01C7CCE0
                                                                                                                                                                                                                                        SHA-256:7D5F7D76F7CB7AB750DD0D20219880D4AF7416181F74C3E4B10275885BD27899
                                                                                                                                                                                                                                        SHA-512:46D26CA9D850A0C66778EF3983EC346AC0BCD08E3CFE4549FDF99B23E501DC5ABF5227F9390743371BD72D5C5D077B673989DD9CDA8D9AD789C67347F605D5FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................PD..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\nl-NL\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.736378665228804
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:DtIYBN1XfOGCvouQTxklOVw/lzyOl/dEf80gPCdmP347U9DC47aqFD37E/avkeZe:hTN1X2HQTxklOVylzyOl/dEf80OCQPAj
                                                                                                                                                                                                                                        MD5:760790AC69DD2294D548C64A7E7123B0
                                                                                                                                                                                                                                        SHA1:7530BD2237B86FF04BC1D25E1C3D7AF7090C4626
                                                                                                                                                                                                                                        SHA-256:7573B73E12D9094BBA18EE9FAAF0BFFA52B9EFEF9F97484F0875C6EA8C9CA735
                                                                                                                                                                                                                                        SHA-512:58C8E2186F1582F11FC74F0448D3BF78DB5DA321EBBA661E41C4BA82B7996DA22B69EEC0377C8F9D9FBAF3DFA8891F2982B47B564053B62CBEA890D5DE5282EA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........^E... ...`....... ....................................@..................................E..O....`............................................................................... ............... ..H............text...d%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................@E......H........A..P...........P ..i!..........................................e!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pl-PL\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.801397650400403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JIYfp3DcrGr6SHAOzLxE6oMuN50rtbxn/XidPWd3SJC30Gh58xSoHR+hxWfbrVsd:JZp3Dcr2NAcLxE6oMy50rtbxn/Xi9WdR
                                                                                                                                                                                                                                        MD5:B9315BEFC451F0C68C18D4D9F3C7D4F2
                                                                                                                                                                                                                                        SHA1:D7FC5673F2B7CEDA352011206D6398C48B6DED99
                                                                                                                                                                                                                                        SHA-256:B0A689816159819881761B753B36A882642EF418D932A93432D422DF0B9CF70E
                                                                                                                                                                                                                                        SHA-512:1725A7887E850BAA0F570F9DE5B5E40C345960DC0C02980B1E5839C46EF242BB9280C38811B33418C2E71D1EF3BD8594DAC471475E4735A624CE74BC1325DBDB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@.................................lD..O....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H........A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pl\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.594776627495051
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:haWWNv/jzSEYtq2dE1cxy8ON0Qsk96sPb1V5rxg0XWr:g1NvbaG1cxy8ONHskdD5rxg0XWr
                                                                                                                                                                                                                                        MD5:B60817A69E314B22F746917C826DA53E
                                                                                                                                                                                                                                        SHA1:7D2785A6D1A53A0717C986B959AF67DE6F9300E4
                                                                                                                                                                                                                                        SHA-256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
                                                                                                                                                                                                                                        SHA-512:9A8F029329CE105B3F72FEE623E3AB8C88E1AF45F86FAB61F81BE418B2D70F83E4C0466010D312240A01E1EF8F9B9926EBF43E25BDC3C364C2D28AB9B0E5F6FC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................;... ...@....... ............................../c....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................T`.K.%...N.f..u.........Z..1....#CTR.v....:aq.i#:Z.oAkQ:D...q.6...l....J.W.Pn.J......d........3.F..[.c....#....$.F..0...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pt-BR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.7157450468905004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:9IY1nlNKGnxGxIDx+sQ0Y4EQujHOVhPgdfBF3UTVV/Lea/FVgYISK+uZqiF4Afkb:9rnlNK/xIDx+sQ0Y4EQujHOVZgdBtofR
                                                                                                                                                                                                                                        MD5:BBFC0973B9D3DAC1E716EBA99B37FA18
                                                                                                                                                                                                                                        SHA1:05811A4846E10E54ED6DA34150CDFD807EA4B95C
                                                                                                                                                                                                                                        SHA-256:DEAA84302C66EB0242A7C80AB97DA3C5CADDBB5B3D595DF310674C0CB7E88DFE
                                                                                                                                                                                                                                        SHA-512:980137220EAD6AE8EEA33EDC0FA8C85E5E23CC7D42DC7E4DDAFD181D7EF9CF4D29C25F7256F1957F73D282EC969C4D95E526F4D1B67C4A96D4FA68540DC43041
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..P...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pt-PT\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.729428739919532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CIY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4L:CrnlNKNu7xKgUOVBQ6Bo19sPTLM80aoe
                                                                                                                                                                                                                                        MD5:66FC2EA3F0EA6B897B117482B43DDB4E
                                                                                                                                                                                                                                        SHA1:E7BD70FEEAE4858F808132C4332F25F13E962689
                                                                                                                                                                                                                                        SHA-256:3A77957D0F8AE5952BA465382D97DCABF2134B1DC815E26C32F7C612FC94FD5D
                                                                                                                                                                                                                                        SHA-512:98BD2D15AA0958D52C7F0AC40343A4AD542EAC569C5107196AE21A6A9386BB93AD9A8D570DCD0849E8BF0D7BDA0839B79C06180584E272DAA349A64CA9A5151D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text...4%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........A..P...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\pt\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.723728419745786
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:uIY1nlNKGnxOu7xKgUOVBQ6Bo19sPzPLegs8+3vCqV/LMa/FVKYIS+9wOTKQiF4s:urnlNKNu7xKgUOVBQ6Bo19sPTLM80aoZ
                                                                                                                                                                                                                                        MD5:3B1DC81511B84F2393C6BA37CBD32FE5
                                                                                                                                                                                                                                        SHA1:0F87A801905E8CCB99EA7EEAC590308F381C74BA
                                                                                                                                                                                                                                        SHA-256:02AEE48153086F86580854ECF7E375D7E0C81DFAC7C222AD32EFD850852D36FD
                                                                                                                                                                                                                                        SHA-512:0B0ACC2CFD2CF95E61BEB3A1E06BE01F0E3C43839650FBE136DE54DF581172BCBA9B11DA57A7B18A6C284BEA74561DF6B30CFE129CEAE9BFF45EB6FA6D2E478E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text...$%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........A..L...........P ..2!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ro-RO\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.786330752122619
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4xIY4puUhG9oHusJxWgAm/45t6lSertHPHrgCs324VfosqPXMdEqljSNPEinIOBU:aapuUhg7sJxWgAm/45t6lSertvHrDapn
                                                                                                                                                                                                                                        MD5:1FE5185420BF332AE4CA5492A6B2A6CC
                                                                                                                                                                                                                                        SHA1:0058458B2FCF52E7C478AC13202873DE7A722465
                                                                                                                                                                                                                                        SHA-256:9C09CDB4FBC5A8F6576B8914148F3660A2E950C2B3A056014EDE45C0F38ADF34
                                                                                                                                                                                                                                        SHA-512:955B615599F5571AAE8EB71A4E4272E02CB4D67D68B8971053FFFE4374258B8DF58A3C04482B8EAFF67DF6A403544147A406999C6132E9B3896206808E580D4B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........>E... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................ E......H........A..P...........P ..O!..........................................K!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsAtom.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):160016
                                                                                                                                                                                                                                        Entropy (8bit):6.404692888748325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:d6lrh8aWSI9uVDeMWoWVy5zmndQ1dTZjxO3S/9FVkmiGUV+:d6lrhISL9e1oWE56ndQ19aY9Fjs
                                                                                                                                                                                                                                        MD5:16D9A46099809AC76EF74A007CF5E720
                                                                                                                                                                                                                                        SHA1:E4870BF8CEF67A09103385B03072F41145BAF458
                                                                                                                                                                                                                                        SHA-256:58FEC0C60D25F836D17E346B07D14038617AE55A5A13ADFCA13E2937065958F6
                                                                                                                                                                                                                                        SHA-512:10247771C77057FA82C1C2DC4D6DFB0F2AB7680CD006DBFA0F9FB93986D2BB37A7F981676CEA35ACA5068C183C16334F482555F22C9D5A5223D032D5C84B04F2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsAtom.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..0..2...........P... ...`....@.. ....................................`.................................pP..K....`..T............<...5..........0P............................................... ............... ..H............text....0... ...2.................. ..`.rsrc...T....`.......4..............@..@.reloc...............:..............@..B.................P......H........i..(...........0....U...O.......................................(....(....*....*.......*.......*.......*....0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........MU.z.....0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*Ad..........

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsDatabase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):170328
                                                                                                                                                                                                                                        Entropy (8bit):6.475304499658319
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:FR761d9cCg9+zhOzcx9R0KvvvvnPPH6Gi5tPArrYeiYiPKiF15fJ2K/Krrii555V:+1TcpihOk0KvvvvnPPH6Gi5tPArrYeiA
                                                                                                                                                                                                                                        MD5:C4447F00C8AE467DBA6D3CE3E7E5AE70
                                                                                                                                                                                                                                        SHA1:9F085025B00112C976B6525BAAE7C3233BA2C423
                                                                                                                                                                                                                                        SHA-256:71FEFBEB2B693BA44CB45250880B873A818007093E003455DC4358471C28B440
                                                                                                                                                                                                                                        SHA-512:8B551C90679F8C7D108D2C9715EBB9DF960DFCDDCBB19C52361BACC2D6A4259A57E004767EFCF603574A2E4F5E38E7E064CC4041609F5F7B696B621C18324D40
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsDatabase.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0..Z...........x... ........@.. ..............................<.....`..................................w..K.......\............d..X5...........w............................................... ............... ..H............text...$X... ...Z.................. ..`.rsrc...\............\..............@..@.reloc...............b..............@..B.................x......H.......|l..`...............4k...w.......................................(....(....*:+.(Nf%^.(....*..0.............*....*....0.............*.0.............*......-....;.....0.............*........VV.Q!....0.............*............!....0.............*AL......Z.......q...................j...........................................*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*A4..............*...Y...............s...........!....0..........

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsJSON.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):223016
                                                                                                                                                                                                                                        Entropy (8bit):6.788381525293459
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:CBuq5tonhw9PY+fAKul0ZJXY9ooyJtTsbbiRl7m76m/GS+KKeA4dtrSspDMK:nqDOhw9PY+4Zl0ZFY9ooyUbc3Kc4dt/p
                                                                                                                                                                                                                                        MD5:AFD0AA2D81DB53A742083B0295AE6C63
                                                                                                                                                                                                                                        SHA1:840809A937851E5199F28A6E2D433BCA08F18A4F
                                                                                                                                                                                                                                        SHA-256:1B55A9DD09B1CD51A6B1D971D1551233FA2D932BDEA793D0743616A4F3EDB257
                                                                                                                                                                                                                                        SHA-512:405E0CBCFFF6203EA1224A81FB40BBEFA65DB59A08BAA1B4F3F771240C33416C906A87566A996707AE32E75512ABE470AEC25820682F0BCF58CCC087A14699EC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsJSON.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.............!..0..&...........D... ...`....@.. ..............................=.....`..................................D..K....`..D............0..(7..........cD............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...D....`.......(..............@..@.reloc..............................@..B.................D......H........|...............W..O....C.......................................(....(....*:+.(..4g.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*....*....0.............*.................0.............*....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsLogger.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):181184
                                                                                                                                                                                                                                        Entropy (8bit):6.53416223904584
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:f0AqxqD7b0Qv6wIMCP1Yr+Xle9WQJTrz96JiBRqMadYMBpCA5LH3d3f:sRkD/0Q7IMCP3ePOUBRqKep5j1
                                                                                                                                                                                                                                        MD5:4ECE9FA3258B1227842C32F8B82299C0
                                                                                                                                                                                                                                        SHA1:4FDD1A397497E1BFF6306F68105C9CECB8041599
                                                                                                                                                                                                                                        SHA-256:61E85B501CF8C0F725C5B03C323320E6EE187E84F166D8F9DEAF93B2EA6CA0EF
                                                                                                                                                                                                                                        SHA-512:A923BCE293F8AF2F2A34E789D6A2F1419DC4B3D760B46DF49561948AA917BB244EDA6DA933290CD36B22121AAD126A23D70DE99BB663D4C4055280646EC6C9DD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsLogger.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ky.............!..0.................. ........@.. ..............................&w....`.................................P...K.......P................5........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H.......ds..............."...}...........................................(....(....*:+.(...W.(|...*.".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsStubLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254504
                                                                                                                                                                                                                                        Entropy (8bit):6.540092185448124
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:TeGOfaXMwabZNZr4FgTPFw4+5Jb74HthVqbvIsx6vewjLbqzm9iViRJ:qfacHZsFgT15qb5MmwnliwRJ
                                                                                                                                                                                                                                        MD5:98F73AE19C98B734BDBE9DBA30E31351
                                                                                                                                                                                                                                        SHA1:9C656EB736D9FD68D3AF64F6074F8BF41C7A727E
                                                                                                                                                                                                                                        SHA-256:944259D12065D301955931C79A8AE434C3EBCCDCBFAD5E545BAB71765EDC9239
                                                                                                                                                                                                                                        SHA-512:8AD15EF9897E2FFE83B6D0CAF2FAC09B4EB36D21768D5350B7E003C63CD19F623024CD73AC651D555E1C48019B94FA7746A6C252CC6B78FDFFDAB6CB11574A70
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.\..........." ..0.................. ........... ...............................|....`................................._...O.......p...............(8.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......d...............p...h.............................................{ ...*..{!...*V.(".....} .....}!...*...0..A........u........4.,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*.*. ..f. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*...0..b........r...p......%..{ ......%q.........-.&.+.......o)....%..{!......%q.........-.&.+.......o)....(*...*...0...........(....}4....("...........s+...o".....}......}......}.......}.......}.......}.......}.......}.......}......(B....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsSyncSvc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):814440
                                                                                                                                                                                                                                        Entropy (8bit):6.475715690608882
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:DkaJoYf9Z+uUMidkp22We0cRxoJy5DPbTtsqq5dlgM7qcNmP1bGq06ZIEUKth1Ok:BJll87GY2q61llaOZBjKt5qqxG
                                                                                                                                                                                                                                        MD5:3068531529196A5F3C9CB369B8A6A37F
                                                                                                                                                                                                                                        SHA1:2C2B725964CA47F4D627CF323613538CA1DA94D2
                                                                                                                                                                                                                                        SHA-256:688533610FACDD062F37FF95B0FD7D75235C76901C543C4F708CFAA1850D6FAC
                                                                                                                                                                                                                                        SHA-512:7F2D29A46832A9A9634A7F58E2263C9EC74C42CBA60EE12B5BB3654EA9CC5EC8CA28B930BA68F238891CB02CF44F3D7AD600BCA04B5F6389387233601F7276EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lC. ("rs("rs("rscZqr""rscZwr."rscZvr;"rszWvr8"rszWqr""rszWwrv"rscZtr)"rscZsr?"rs("ss."rs.W{r "rs.W.s)"rs(".s)"rs.Wpr)"rsRich("rs........................PE..d...x6.d.........."......\...........(.........@....................................0.....`.................................................T........`..p.......xW..."..hK...p..........p...............................8............p...............................text....Z.......\.................. ..`.rdata...'...p...(...`..............@..@.data....F.......*..................@....pdata..xW.......X..................@..@_RDATA.......P......................@..@.rsrc...p....`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsTime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):132112
                                                                                                                                                                                                                                        Entropy (8bit):6.108828543862255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:vWGCIhUiWgomR1xGU5EplJLT7yPxB7a40oTrM8PNEmriC8f6v9RMjuLjGG79lxz:vWGjyLgosGplJLT7AwoTFGmrY6sWGGt
                                                                                                                                                                                                                                        MD5:DB36BB6B699417232D15D10147C581C7
                                                                                                                                                                                                                                        SHA1:616422CE3ECCEAFA37170179E6924BF3D2CF6AB8
                                                                                                                                                                                                                                        SHA-256:B262F3F36246510BB09E517986945AA022589370BDFBC0B54EC917486C25EBAD
                                                                                                                                                                                                                                        SHA-512:1A4E0E0449D60A3515E00C97E37324957E487E8FCDA69B293EB696A9F6DE37BB819395DEBC5F9B43EA3770EEE428AB6435FAB723FE46C6FBAC45D32C47226C0B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\rsTime.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0.................. ........@.. .......................@............`.....................................K.......D................4... ......`................................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc....... ......................@..B........................H........Z...i...........................................................(@...(6...*.0............j*.0.................*...j*....0.................*.0.............*.0............j*.0.............*.0............j*B(@...(6...(....*...".......*...".......*......l*.......*.......*...".......*.......*....(@...(....*:+.(r.S1.(6...*..0.............*.0.............*.0..........(@...8].......E........G...R...8.... ....(....( ...o....(!........ .....9....&8....(R... ........8....*(....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ru-RU\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                        Entropy (8bit):4.95281393774295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pZ2vdzqaLxW8w5/EtHjl+dbA5eI00QF7jiE3s8E:zaL88/sd0QF7jiE3s8E
                                                                                                                                                                                                                                        MD5:91AEFE5B351FB44F6254F938F6AF001C
                                                                                                                                                                                                                                        SHA1:2A5F15233F612065C865F024FD40F0A64E2F088F
                                                                                                                                                                                                                                        SHA-256:316477F3FB4FC8831721369C0D85211DD732C95DE7D44A4727AE97CD7E5181A6
                                                                                                                                                                                                                                        SHA-512:CC1472F27C9487FCB3137A9FC004B0B3448B0C1D8AE785BF49BACFE26CD0BA2EC86F8A4255EEF63055F717D702B6337C171701DD19437BFC02B729B403216141
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.................M... ...`....... ....................................@..................................L..S....`............................................................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................L......H.......hI..P...........P ...)...........................................).............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\ru\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.846136752240531
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:phbWWNv/jzSEfthb7O9JKggIOrCPPzm394in3fwB/CZPlAg1O5rxg0XWr:pN1NvbH7O9JKgglrCPChnYVC5A5rxg06
                                                                                                                                                                                                                                        MD5:DADE13E423762BDAE745D57CA3DC86EF
                                                                                                                                                                                                                                        SHA1:7B4122CBEF771C5548A7CB5641B6DB6743C8C3F6
                                                                                                                                                                                                                                        SHA-256:1A1D5FDAC027144BCAA0E8110F4DE717E80944420C59708B3DD8E2BD31BC7ED4
                                                                                                                                                                                                                                        SHA-512:77F5050BA87E8ABEB92298D16897D6CEC087FFB7B4C38442C854A0993B398DE529C15B5674ADAACFB3E39CE05165F05A38337B2DBD41E8A7D806751542F6E8D3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................~=... ...@....... ..............................>"....@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P ......................................w..4.8b^b..W..i8s....oz...t..tlhp...$.8p..c....U(O'....N.w`...<".1.w....?.*.0=z`Lz5..^....O...Q.....v..z...........`;..a..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\sk-SK\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.898855209074261
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:dIYK1uOKGEXJ7hxwUmX+41C/TUMZc/ZgPPInsYJNM3TPGdTzXpPbf+oBumIJMr2I:d41uOKl7hx9mX+41CLUMZc/ZOPVYJN6U
                                                                                                                                                                                                                                        MD5:2B2F55CC12B72CCE0F75717719DEFFE0
                                                                                                                                                                                                                                        SHA1:AB3C57C0341C641E803B5606A5C86B6BE43A53E3
                                                                                                                                                                                                                                        SHA-256:0B0962F6E1A523CA3BA2CC7C154C7D9D6B1793C899338DE5DFB2C9EC957BF33B
                                                                                                                                                                                                                                        SHA-512:FE75CD8D2CC87AF60170114002836346C8CAC4504A976B6B0D687E73455CA90842340564DF69A033C420551F82265FC87DC70C04F371FCEDE4801B7E6AA7449E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&..........^E... ...`....... ....................................@..................................E..S....`............................................................................... ............... ..H............text...d%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................@E......H........A..P...........P ..f!..........................................b!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\sl-SI\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.769719426822892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:9IYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZE:9TAGeXyuMxUY+iZWBei3gW0dFOaEe3CV
                                                                                                                                                                                                                                        MD5:5C464BD59BEA811B7193A2C0D1B55F3D
                                                                                                                                                                                                                                        SHA1:F92C109B53CAFEFF4882E9B033EB0E524436AE4C
                                                                                                                                                                                                                                        SHA-256:AE4C8375EA5A9588557576C3E67B06EF729D3F0C4E149F7A1F4BF6CD03121C25
                                                                                                                                                                                                                                        SHA-512:3FFD6E78CF363E95B4E98E34C0B4E61988D9BE443EE8145E79D1C01BC2AE02EB0C7C7E3C1385EC47142D8AA7EC9893516B75546577BDBEAF99C0646C202B859F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..W....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..P...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\sl\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.767283673011951
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:6IYV7AGeXGfqyuMxUY+iZWBe2v3gW0dFgPaVCe1d3qTS3xH4q9OYtRwbHUWPsLZZ:6TAGeXyuMxUY+iZWBei3gW0dFOaEe3Cg
                                                                                                                                                                                                                                        MD5:A1BC35FF541202B1B8302AF5EEDF0C59
                                                                                                                                                                                                                                        SHA1:5627F0ABDB65260EDFF636AEF2786748B1D8AF2F
                                                                                                                                                                                                                                        SHA-256:7325E25AAA94EEBE2CA0AEAA86876F7922AAC2850D25D6A96D38D08EF1454941
                                                                                                                                                                                                                                        SHA-512:FB77EDB9F39694A6BE20C24360380123524372022016BB28A18580ACD25D3D5CDD3734929D557825AF3CBEC43D3FA95B9EA6AD7B0F1B8D232BD07C88801DE638
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......TA..L...........P ...!........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\sv-SE\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.728082841655538
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jhIYShuTiGMuLj/kyxI0Nc/yGUbwMgWf2iPMXBSSky3WDeFzMShGOBZ7T3GyRKvJ:jhUhuTiGj/HxI0Nc/yGUbwMgWf2YMXQH
                                                                                                                                                                                                                                        MD5:BAD6B491D9EBA19ECAAEDC0835AC0AD8
                                                                                                                                                                                                                                        SHA1:3EEBBF39A3D75CACDB2E6D50C6A51AE0437AB077
                                                                                                                                                                                                                                        SHA-256:F53F2BE16A7880C44E3481E4427C5870BA7605E3F89D8E5A3B1C9612FA862E54
                                                                                                                                                                                                                                        SHA-512:BBBF536EE8A4193F32FAE546C734CC65425077A5BBE09A21763E371978C8FE750CAB97B0F68288E6BAF6635907D7C432F7FB2FA4A4A0D1E57FBE33314C436284
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........D... ...`....... ....................................@..................................D..K....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......@A..P...........P ... ........................................... .............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\th-TH\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16896
                                                                                                                                                                                                                                        Entropy (8bit):4.850184119772995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PWmNyydz3LxBD5uSw84x/d/dfwJGTV/cEJviNhsFx55n5z5OPMuQ5m5rPzzSvooF:L7LHDFGh0EJviNhsFx55n5z5OPMuQ5m4
                                                                                                                                                                                                                                        MD5:937D53AE05673F6F15903AEA0D92C34D
                                                                                                                                                                                                                                        SHA1:D4F72F7E1FC1399FF5972CF6D6C5C592091C445E
                                                                                                                                                                                                                                        SHA-256:46C980F619B5C604A33BA25968C419EACA4DDDD85682E442C41911D523355379
                                                                                                                                                                                                                                        SHA-512:486CDBC9B4A7E1C36582C27A3A8B9464FE2D90EA29DD3DD81A268E03442CA76365C9EF33A33CCB7E64FF8A33BF15CEB6B10B3DEF37D7A6041B4837A11408B5C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....8..........~W... ...`....... ....................................@.................................,W..O....`............................................................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................`W......H........S..P...........P ...3...........................................3.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):144
                                                                                                                                                                                                                                        Entropy (8bit):3.1465636617234907
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:fI/RJXrJlrLffKl8HbloIlrJKleEkKRlLEljlgbzQIl/:fyfK0bdlrElbkKvEljObEu
                                                                                                                                                                                                                                        MD5:7E4D096961406FA4F61A4D9048EDD003
                                                                                                                                                                                                                                        SHA1:51C44AC2EAD43EF4E25996C006D29E3AB3B690A0
                                                                                                                                                                                                                                        SHA-256:8EAC8EEC32115F3DEBB898F99906BF7A4EE5B234D50C3A1CE3A315AF6BFA3A33
                                                                                                                                                                                                                                        SHA-512:CB90FDD83FA4943B04D3BA165DE1DAEFC56D36DBD8C4B2819F6EAFB0A109D126C6D3315C169CCA2350717138426FA8B546B253BCA0AC1E72FD2F4BF32B640866
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.L.o.g.g.e.r.,.4...0...2...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.L.o.g.g.e.r...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182920
                                                                                                                                                                                                                                        Entropy (8bit):6.549984856278825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5Uy/CR6dEfViQ+7gLmiEw/zrQUTkkySNP0dbNIprWrL:Cy/CVQILmil/zrQV2YbNGy
                                                                                                                                                                                                                                        MD5:E3FA0916F33BEE8A14F28421D2DCDC9F
                                                                                                                                                                                                                                        SHA1:FD3DCA4DB55E81EBFFC7609C5D63A4FFBD6629B2
                                                                                                                                                                                                                                        SHA-256:29AAFF11E775C800575B1A5D4160DAEC749DDE528E68BC3B6E9B340279ED991D
                                                                                                                                                                                                                                        SHA-512:FE96EFD3CF162BBB766634C3D90F707D868378DD04E47AA9D55C03E03130F54827F781639383B053C9335D022CCD6B244B67E586197C2B40D193DD58A4EE8CB6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLL, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\1Q2LHW4X\rsLogger.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...oe.............!..0.................. ........@.. ..............................Y.....`.................................P...K.......P................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H........s..d...........t".. ............................................(....(}...*".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*........00......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174
                                                                                                                                                                                                                                        Entropy (8bit):3.3992730572154497
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:yxlrizRlVRlVTlrLffKl8HbloIlrJKleEkKRlLEljlgwiyNPSlppcKw2DxlRT/:yvitfK0bdlrElbkKvEljOwiyN6FcKwyZ
                                                                                                                                                                                                                                        MD5:02AA487608B4D484061E7963AAABC5A6
                                                                                                                                                                                                                                        SHA1:5095676C7993AFDB9C812E6659B1F922B792F43E
                                                                                                                                                                                                                                        SHA-256:8373BC7FD34777B800F4296450CC36ABB00654ADDDA8CDD8EC4204996A305A16
                                                                                                                                                                                                                                        SHA-512:FCDFEDB0D4AC42FBAE83592EA9A9DFDD59B3843274658C3B72F11FACA388626BC4ABC27DDA5CB917AC419288F7C83C69BA2911AF545A22FF6A48D0AB255ECF17
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.J.S.O.N.,.3...0...0...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.1.3.3.6.1.7.7.0.8.0.5.6.5.7.6.6.9.5./.r.s.J.S.O.N...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\rsJSON.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224400
                                                                                                                                                                                                                                        Entropy (8bit):6.7771936576354355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:R7IEMtFMZZi+Ng9999994f9oMlnhcNx3Bn:BZi/MlevB
                                                                                                                                                                                                                                        MD5:FA63504382F4F3F92FA86841D9E97F29
                                                                                                                                                                                                                                        SHA1:0BDE02C98741BB24EAF501BD8E2D9738742CD042
                                                                                                                                                                                                                                        SHA-256:5F0764E1998464F63C6583F870DD3784921B752B91D8E450FE2C90153CB5E58D
                                                                                                                                                                                                                                        SHA-512:C8483D9060A6800C8DEDB4D5FEA7CDA346F742CA1A149C3EB608823209AFF1F00BFCC5B0CAF9C482C7B01D75F6E198EDFAE3B0100CB0DCA6E5B5F18336ABDEE5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\rsJSON.DLL, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\5WEF6TPI\rsJSON.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3..............!..0..(..........nG... ...`....@.. ...............................)....`................................. G..K....`..D............2...:...........F............................................... ............... ..H............text...t'... ...(.................. ..`.rsrc...D....`.......*..............@..@.reloc...............0..............@..B................PG......H....... ...P...........p\......_F.......................................(....(....*:+.(.N.R.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*....*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\7OPUBZPR\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):176
                                                                                                                                                                                                                                        Entropy (8bit):3.3436366606365846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:edJkHlrnRVRlVTlrLffKl885RApl0dhOEQlpQlyEklxlXVlKKFhlnZNSdA2dJkH/:eLkFrRVfKtPElsUEQEdkxiKFzZ4dA2Lc
                                                                                                                                                                                                                                        MD5:AA10B9BB7B16D330E18C1CFD512320F1
                                                                                                                                                                                                                                        SHA1:CC69A13337833978056B12AF8C297B024DE24FFA
                                                                                                                                                                                                                                        SHA-256:621204DDC4A569592E14DB4C20DCDADEABF004C273A1BF250EEA73C7F4D6C69E
                                                                                                                                                                                                                                        SHA-512:1792A6E03E07E5703B360313E2CC5A2F2F0672B089458DD4D2624903A7FDAF4AC774BD94753F1E26BE8BD5B5509160C16794351E21ED94B0A3CACEDC03D0A515
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.S.t.u.b.L.i.b.,.5...3...0...0.,.,...f.i.l.e.:./././.C.:./.U.s.e.r.s./.j.o.n.e.s./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.n.s.x.D.8.E.9...t.m.p./.r.s.S.t.u.b.L.i.b...d.l.l...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\7OPUBZPR\rsStubLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254504
                                                                                                                                                                                                                                        Entropy (8bit):6.540092185448124
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:TeGOfaXMwabZNZr4FgTPFw4+5Jb74HthVqbvIsx6vewjLbqzm9iViRJ:qfacHZsFgT15qb5MmwnliwRJ
                                                                                                                                                                                                                                        MD5:98F73AE19C98B734BDBE9DBA30E31351
                                                                                                                                                                                                                                        SHA1:9C656EB736D9FD68D3AF64F6074F8BF41C7A727E
                                                                                                                                                                                                                                        SHA-256:944259D12065D301955931C79A8AE434C3EBCCDCBFAD5E545BAB71765EDC9239
                                                                                                                                                                                                                                        SHA-512:8AD15EF9897E2FFE83B6D0CAF2FAC09B4EB36D21768D5350B7E003C63CD19F623024CD73AC651D555E1C48019B94FA7746A6C252CC6B78FDFFDAB6CB11574A70
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.\..........." ..0.................. ........... ...............................|....`................................._...O.......p...............(8.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......d...............p...h.............................................{ ...*..{!...*V.(".....} .....}!...*...0..A........u........4.,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*.*. ..f. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*...0..b........r...p......%..{ ......%q.........-.&.+.......o)....%..{!......%q.........-.&.+.......o)....(*...*...0...........(....}4....("...........s+...o".....}......}......}.......}.......}.......}.......}.......}.......}......(B....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):226
                                                                                                                                                                                                                                        Entropy (8bit):3.399125744162166
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:eKlVtARNfK0bdlrElbkKvEljOwiyN6FcKwvWKlVtN:eKlVtq9KgdpMPvEpOwizmK6WKlVtN
                                                                                                                                                                                                                                        MD5:C8FE505C36B07EA861BA049807C3C17B
                                                                                                                                                                                                                                        SHA1:BD69AC18E86C6E1D3A490BF7797808011362C16A
                                                                                                                                                                                                                                        SHA-256:C3549677561279AFE3AC26EB4A82F8803A95454F2E74C258564175111FE28307
                                                                                                                                                                                                                                        SHA-512:02043494645D47BB07788E19E3A56DC59F6BEC0E79149FB2227D901B34F94B376A8C74D0B45E06A6D9E9194353E00AA25716EC3A590423D6E315059052B15757
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.S.e.r.v.i.c.e.C.o.n.t.r.o.l.l.e.r.,.1...2...4...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.1.3.3.6.1.7.7.0.8.0.5.6.5.7.6.6.9.5./.r.s.S.e.r.v.i.c.e.C.o.n.t.r.o.l.l.e.r...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\rsServiceController.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):179072
                                                                                                                                                                                                                                        Entropy (8bit):6.562871128885791
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fT9nvidN3G9nZm4feQPMYGQh5AB9vaTiYuzdNd6iB6KA5U:fT9nvDB75Fq91dNd6iB6K
                                                                                                                                                                                                                                        MD5:8DCD92DE516608670F57193D74824A3B
                                                                                                                                                                                                                                        SHA1:C67C347DFA47C2DB1628FAB8BF9906C353F33DD9
                                                                                                                                                                                                                                        SHA-256:96DB49DB4DD12B9F86144FEDF83AC7DC12D855C5D7E3C863FD5B1696966AC345
                                                                                                                                                                                                                                        SHA-512:E5FDE81AE57E68DF69FC7695B9E16D8C7D188A30A4D68FFB682A3DCFEDF2C028874145815AAD2F957A02B0EAD6AD8F1442635DFA580339816110E7B1CDBC0C0E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\rsServiceController.DLL, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\8L3SO3UJ\rsServiceController.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.C............!..0..t.............. ........@.. ..............................".....`.....................................K....................~...=..........A................................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H........q..<...........$................................................(....(....*.0.............*A...........(...;...:........0.............*.................0.............*.0.............*......,....5.....0.............*......L..6.:.....0.............*AL..................Y.......................^...............~................0.............*......T..".......0.............*.0.............*.0.............*A.......C...........c.......B(....(....(5...*.......*.......*.......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\9ECZR43H\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136
                                                                                                                                                                                                                                        Entropy (8bit):3.2577550388388063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:yxlrizRlVRlVTlrLffKl8HbloIlrJKleEkKRlLEljlgb1DxlRT/:yvitfK0bdlrElbkKvEljObRVL
                                                                                                                                                                                                                                        MD5:8BB2C27211D87D945C7DEA2A6D0610F0
                                                                                                                                                                                                                                        SHA1:44556E695F6A9608CEF5F5B36F77A3F14B7BEAE7
                                                                                                                                                                                                                                        SHA-256:C5D44160BE7B249FC238A042FAC98AF41FA0F87672B2AC25391C7EB5F7DA509D
                                                                                                                                                                                                                                        SHA-512:A917ADB19778289CDE6791036EB31D8C816BEA728D3559B743AAD9BB467CF212A8F9032176A6F9EAAD01C0D3358C27A989926AB7AE0797FD242024027AC5519F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.J.S.O.N.,.3...0...0...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.J.S.O.N...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\9ECZR43H\rsJSON.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):224400
                                                                                                                                                                                                                                        Entropy (8bit):6.7771936576354355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:R7IEMtFMZZi+Ng9999994f9oMlnhcNx3Bn:BZi/MlevB
                                                                                                                                                                                                                                        MD5:FA63504382F4F3F92FA86841D9E97F29
                                                                                                                                                                                                                                        SHA1:0BDE02C98741BB24EAF501BD8E2D9738742CD042
                                                                                                                                                                                                                                        SHA-256:5F0764E1998464F63C6583F870DD3784921B752B91D8E450FE2C90153CB5E58D
                                                                                                                                                                                                                                        SHA-512:C8483D9060A6800C8DEDB4D5FEA7CDA346F742CA1A149C3EB608823209AFF1F00BFCC5B0CAF9C482C7B01D75F6E198EDFAE3B0100CB0DCA6E5B5F18336ABDEE5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3..............!..0..(..........nG... ...`....@.. ...............................)....`................................. G..K....`..D............2...:...........F............................................... ............... ..H............text...t'... ...(.................. ..`.rsrc...D....`.......*..............@..@.reloc...............0..............@..B................PG......H....... ...P...........p\......_F.......................................(....(....*:+.(.N.R.(....*..0.............*A...................:........0.............*B(....(....(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0.............*....*.......*....0.............*....*....0.............*.................0.............*....................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\F62C0C22\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):176
                                                                                                                                                                                                                                        Entropy (8bit):3.3436366606365846
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:edJkHlrnRVRlVTlrLffKl885RApl0dhOEQlpQlyEklxlXVlKKFhlnZNSdA2dJkH/:eLkFrRVfKtPElsUEQEdkxiKFzZ4dA2Lc
                                                                                                                                                                                                                                        MD5:AA10B9BB7B16D330E18C1CFD512320F1
                                                                                                                                                                                                                                        SHA1:CC69A13337833978056B12AF8C297B024DE24FFA
                                                                                                                                                                                                                                        SHA-256:621204DDC4A569592E14DB4C20DCDADEABF004C273A1BF250EEA73C7F4D6C69E
                                                                                                                                                                                                                                        SHA-512:1792A6E03E07E5703B360313E2CC5A2F2F0672B089458DD4D2624903A7FDAF4AC774BD94753F1E26BE8BD5B5509160C16794351E21ED94B0A3CACEDC03D0A515
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.S.t.u.b.L.i.b.,.5...3...0...0.,.,...f.i.l.e.:./././.C.:./.U.s.e.r.s./.j.o.n.e.s./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.n.s.x.D.8.E.9...t.m.p./.r.s.S.t.u.b.L.i.b...d.l.l...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\F62C0C22\rsStubLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254504
                                                                                                                                                                                                                                        Entropy (8bit):6.540092185448124
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:TeGOfaXMwabZNZr4FgTPFw4+5Jb74HthVqbvIsx6vewjLbqzm9iViRJ:qfacHZsFgT15qb5MmwnliwRJ
                                                                                                                                                                                                                                        MD5:98F73AE19C98B734BDBE9DBA30E31351
                                                                                                                                                                                                                                        SHA1:9C656EB736D9FD68D3AF64F6074F8BF41C7A727E
                                                                                                                                                                                                                                        SHA-256:944259D12065D301955931C79A8AE434C3EBCCDCBFAD5E545BAB71765EDC9239
                                                                                                                                                                                                                                        SHA-512:8AD15EF9897E2FFE83B6D0CAF2FAC09B4EB36D21768D5350B7E003C63CD19F623024CD73AC651D555E1C48019B94FA7746A6C252CC6B78FDFFDAB6CB11574A70
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.\..........." ..0.................. ........... ...............................|....`................................._...O.......p...............(8.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H.......d...............p...h.............................................{ ...*..{!...*V.(".....} .....}!...*...0..A........u........4.,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*.*. ..f. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*...0..b........r...p......%..{ ......%q.........-.&.+.......o)....%..{!......%q.........-.&.+.......o)....(*...*...0...........(....}4....("...........s+...o".....}......}......}.......}.......}.......}.......}.......}.......}......(B....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\FLAHXFQW\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):188
                                                                                                                                                                                                                                        Entropy (8bit):3.2422749900735943
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:AJ/5KlRDgYlARnFrLffKl8HbloIlrJKleEkKRlLEljlgbsYJ/5KlRDgYlF/:eKlVtARNfK0bdlrElbkKvEljObsWKlV3
                                                                                                                                                                                                                                        MD5:E167544155124FCA596A436E8633A332
                                                                                                                                                                                                                                        SHA1:C4AD9B66219F3FBD2BF245F07A2EE054755A8657
                                                                                                                                                                                                                                        SHA-256:0D8AC1873366CEFD9EE8C3408E8F5F27A206DD352754B948D19E835295D2A362
                                                                                                                                                                                                                                        SHA-512:AB66455A437AAEF89BE94FC2000EBF724F710F263BC7518098980E01320B28054EAC6B965DC73BDCD450218244A7EC22E7B168FE03FB15549013020A52760425
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.S.e.r.v.i.c.e.C.o.n.t.r.o.l.l.e.r.,.1...2...4...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.S.e.r.v.i.c.e.C.o.n.t.r.o.l.l.e.r...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\FLAHXFQW\rsServiceController.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):179072
                                                                                                                                                                                                                                        Entropy (8bit):6.562871128885791
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fT9nvidN3G9nZm4feQPMYGQh5AB9vaTiYuzdNd6iB6KA5U:fT9nvDB75Fq91dNd6iB6K
                                                                                                                                                                                                                                        MD5:8DCD92DE516608670F57193D74824A3B
                                                                                                                                                                                                                                        SHA1:C67C347DFA47C2DB1628FAB8BF9906C353F33DD9
                                                                                                                                                                                                                                        SHA-256:96DB49DB4DD12B9F86144FEDF83AC7DC12D855C5D7E3C863FD5B1696966AC345
                                                                                                                                                                                                                                        SHA-512:E5FDE81AE57E68DF69FC7695B9E16D8C7D188A30A4D68FFB682A3DCFEDF2C028874145815AAD2F957A02B0EAD6AD8F1442635DFA580339816110E7B1CDBC0C0E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.C............!..0..t.............. ........@.. ..............................".....`.....................................K....................~...=..........A................................................ ............... ..H............text....r... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H........q..<...........$................................................(....(....*.0.............*A...........(...;...:........0.............*.................0.............*.0.............*......,....5.....0.............*......L..6.:.....0.............*AL..................Y.......................^...............~................0.............*......T..".......0.............*.0.............*.0.............*A.......C...........c.......B(....(....(5...*.......*.......*.......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174
                                                                                                                                                                                                                                        Entropy (8bit):3.3811969248721927
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:2OmwlrLffKl8HbloIlrJKleEkKRlLEljlgwiyNPSlppcKw9sMB/:2ZqfK0bdlrElbkKvEljOwiyN6FcKw9sY
                                                                                                                                                                                                                                        MD5:0F9E83D1947FAE25A0FCDB532C256DD9
                                                                                                                                                                                                                                        SHA1:F40826FC3E52DFE2FB17B93DD3DE14DFE598AEC2
                                                                                                                                                                                                                                        SHA-256:95E8543BFD671B4E18383C086476A85F4A6C9DF5EA663C1FED692EEB9A89F3DC
                                                                                                                                                                                                                                        SHA-512:AE496428B92155E7F6A0C26A9394F5F079EBABF7EE469F0C05991F2846E02CB76805556C59B187DC99A83F452D96CEF200D1E9719ACC33080039882A86BCCB48
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.A.t.o.m.,.2...1...1...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.1.3.3.6.1.7.7.0.8.0.5.6.5.7.6.6.9.5./.r.s.A.t.o.m...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162816
                                                                                                                                                                                                                                        Entropy (8bit):6.4347197585730385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OX5TgLoWlo6zvLblsvv5Emm16e68QNmTNh3l2AuZejZnjjWr:KOom9Av6RvfltqEZ+r
                                                                                                                                                                                                                                        MD5:044D60780B0C40D3F9B0B5A3FC040948
                                                                                                                                                                                                                                        SHA1:2E16C926F11ED5FAAE22D9AF5D935748C57EC1F8
                                                                                                                                                                                                                                        SHA-256:7493F645BB04092AEE30A47A681494251C79A38A941C9A3D2DEE4293A265F428
                                                                                                                                                                                                                                        SHA-512:7653A0A46E3EB9331E92A09937754302F939100ADBFB283242C25BF0F73F8508D6F7E9D5AA08DBBEFDD14BF682AD7D0D77F4999B3274D329D281E22934C445EA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLL, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YJZNHYML\rsAtom.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..4...........R... ...`....@.. ....................................`..................................Q..K....`..T............>...>...........Q............................................... ............... ..H............text...$2... ...4.................. ..`.rsrc...T....`.......6..............@..@.reloc...............<..............@..B.................R......H........g.................1X...Q.......................................(....(....*:+.([.%^.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.u.....0.............*B(....( ...(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YTE41NR4\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182
                                                                                                                                                                                                                                        Entropy (8bit):3.332714728957278
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:fI/RJXrJlrLffKl8HbloIlrJKleEkKRlLEljlgwiyNPSlppcKwwQIl/:fyfK0bdlrElbkKvEljOwiyN6FcKwfu
                                                                                                                                                                                                                                        MD5:6D3531EB4334FCF77EB19674BAF5BED4
                                                                                                                                                                                                                                        SHA1:7D1B78F101FA1E16E1A9C7AFBF4A22ED3AD043BC
                                                                                                                                                                                                                                        SHA-256:DECCD3B109C93900E9465E79DC9FDB3DE37969971EF4021236DF7EE597323AB7
                                                                                                                                                                                                                                        SHA-512:E5FF2863ECCD844041831C8CD18B4715820C735B7D54D7794934D6B8D9354C2D4632F803B8999132782F601EC46740C6149C54BD969D4F1D5107518A8AD3650F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.L.o.g.g.e.r.,.4...0...2...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.1.3.3.6.1.7.7.0.8.0.5.6.5.7.6.6.9.5./.r.s.L.o.g.g.e.r...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\YTE41NR4\rsLogger.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182920
                                                                                                                                                                                                                                        Entropy (8bit):6.549984856278825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5Uy/CR6dEfViQ+7gLmiEw/zrQUTkkySNP0dbNIprWrL:Cy/CVQILmil/zrQV2YbNGy
                                                                                                                                                                                                                                        MD5:E3FA0916F33BEE8A14F28421D2DCDC9F
                                                                                                                                                                                                                                        SHA1:FD3DCA4DB55E81EBFFC7609C5D63A4FFBD6629B2
                                                                                                                                                                                                                                        SHA-256:29AAFF11E775C800575B1A5D4160DAEC749DDE528E68BC3B6E9B340279ED991D
                                                                                                                                                                                                                                        SHA-512:FE96EFD3CF162BBB766634C3D90F707D868378DD04E47AA9D55C03E03130F54827F781639383B053C9335D022CCD6B244B67E586197C2B40D193DD58A4EE8CB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...oe.............!..0.................. ........@.. ..............................Y.....`.................................P...K.......P................:........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H........s..d...........t".. ............................................(....(}...*".......*....0.............*.0.............*.0.............*....*.......*.......*.......*.......*....0.............*.0.............*....*....0.............*.................0.............*.................0.............*.................0.............*........00.......0.............*.................0.............*........00.......0.............*.................0.............*........00......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\ZFMGNPGZ\__AssemblyInfo__.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136
                                                                                                                                                                                                                                        Entropy (8bit):3.2283432741329237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:2OmwlrLffKl8HbloIlrJKleEkKRlLEljlgb+sMB/:2ZqfK0bdlrElbkKvEljOb+sY
                                                                                                                                                                                                                                        MD5:211A20EDCFA8EDB6054082B0C02EBF36
                                                                                                                                                                                                                                        SHA1:82091C0B6FF618A04D6BAA50CCD258997DB28CE3
                                                                                                                                                                                                                                        SHA-256:03E750521429FC58D552936101FDF8E4B8A5094998057EE09B5388930992AB41
                                                                                                                                                                                                                                        SHA-512:9C50160456A35EAE2919405206FDC670D5C6E09C6D617A6E148CD870A9ABD284EB62F53D95709F48D4C213F6E5B64F77B8090B2BE4F61452A374D967375DDFEE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:r.s.A.t.o.m.,.2...1...1...0.,.,...f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s./.R.e.a.s.o.n.L.a.b.s./.E.P.P./.r.s.A.t.o.m...D.L.L...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\tmp\ZFMGNPGZ\rsAtom.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):162816
                                                                                                                                                                                                                                        Entropy (8bit):6.4347197585730385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OX5TgLoWlo6zvLblsvv5Emm16e68QNmTNh3l2AuZejZnjjWr:KOom9Av6RvfltqEZ+r
                                                                                                                                                                                                                                        MD5:044D60780B0C40D3F9B0B5A3FC040948
                                                                                                                                                                                                                                        SHA1:2E16C926F11ED5FAAE22D9AF5D935748C57EC1F8
                                                                                                                                                                                                                                        SHA-256:7493F645BB04092AEE30A47A681494251C79A38A941C9A3D2DEE4293A265F428
                                                                                                                                                                                                                                        SHA-512:7653A0A46E3EB9331E92A09937754302F939100ADBFB283242C25BF0F73F8508D6F7E9D5AA08DBBEFDD14BF682AD7D0D77F4999B3274D329D281E22934C445EA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..0..4...........R... ...`....@.. ....................................`..................................Q..K....`..T............>...>...........Q............................................... ............... ..H............text...$2... ...4.................. ..`.rsrc...T....`.......6..............@..@.reloc...............<..............@..B.................R......H........g.................1X...Q.......................................(....(....*:+.([.%^.(....*.....*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*....*....0.............*........2K........`.2........0.............*........6F.......0.............*.0.............*........HP.u.....0.............*B(....( ...(....*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*.......*....0..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\tr-TR\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.887092087123451
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4IY4kciiGg/kISxvnmkYsPV+tIqMvhBhPYTua1j3SfDpu6WbyLWFTXLgNzCii7oJ:4KkciiwISxvnmkYsPV+tIqMvhBZYquLo
                                                                                                                                                                                                                                        MD5:BFCB9E414F0E29B774E81AF9951BCD02
                                                                                                                                                                                                                                        SHA1:13F936A2D2329011A11141D2943AD624B80B841A
                                                                                                                                                                                                                                        SHA-256:C73DB39422806BB509B76DEC7240EAD22EDFCBB41363955B25AB3C3A615BE3D6
                                                                                                                                                                                                                                        SHA-512:DEACB0BDC82ED27676793C594B07AA3083B63CE74B1C1D8B38261817450B6C380888FB1E5697EC03AE521074D5D3523A9E85F68D180FC273909D6B746C88517D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....&...........E... ...`....... ....................................@.................................PE..K....`............................................................................... ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........B..P...........P ...!...........................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\uninstall-epp.ico

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174592
                                                                                                                                                                                                                                        Entropy (8bit):3.1176056240139736
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:URqHi9xDnRbDPi6ag9rucqkerzUCgIMSfZHqdefc8+YZ9:SqmpD66h9lqkerzgIPfF+efc+
                                                                                                                                                                                                                                        MD5:AF1C23B1E641E56B3DE26F5F643EB7D9
                                                                                                                                                                                                                                        SHA1:6C23DEB9B7B0C930533FDBEEA0863173D99CF323
                                                                                                                                                                                                                                        SHA-256:0D3A05E1B06403F2130A6E827B1982D2AF0495CDD42DEB180CA0CE4F20DB5058
                                                                                                                                                                                                                                        SHA-512:0C503EC7E83A5BFD59EC8CCC80F6C54412263AFD24835B8B4272A79C440A0C106875B5C3B9A521A937F0615EB4F112D1D6826948AD5FB6FD173C5C51CB7168F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ ..1..Vx..(....... ..... .............................................RRR....n...........e???'..................................................................q...................................................................y....................pppQ...........WWWC........vvvF...........```8............................1116................YYYC...........}.........................................................................................................................................................888,................1116.........................|Z....b...........5551........NNN3...........sssM.....................................................................................0.................................6....................{{{Mzzz....2...W...................M...6.......................0..............X...&...........#~~

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\uninstall.ico (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174592
                                                                                                                                                                                                                                        Entropy (8bit):3.1176056240139736
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:URqHi9xDnRbDPi6ag9rucqkerzUCgIMSfZHqdefc8+YZ9:SqmpD66h9lqkerzgIPfF+efc+
                                                                                                                                                                                                                                        MD5:AF1C23B1E641E56B3DE26F5F643EB7D9
                                                                                                                                                                                                                                        SHA1:6C23DEB9B7B0C930533FDBEEA0863173D99CF323
                                                                                                                                                                                                                                        SHA-256:0D3A05E1B06403F2130A6E827B1982D2AF0495CDD42DEB180CA0CE4F20DB5058
                                                                                                                                                                                                                                        SHA-512:0C503EC7E83A5BFD59EC8CCC80F6C54412263AFD24835B8B4272A79C440A0C106875B5C3B9A521A937F0615EB4F112D1D6826948AD5FB6FD173C5C51CB7168F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ ..1..Vx..(....... ..... .............................................RRR....n...........e???'..................................................................q...................................................................y....................pppQ...........WWWC........vvvF...........```8............................1116................YYYC...........}.........................................................................................................................................................888,................1116.........................|Z....b...........5551........NNN3...........sssM.....................................................................................0.................................6....................{{{Mzzz....2...W...................M...6.......................0..............X...&...........#~~

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\vi-VN\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                        Entropy (8bit):5.075990223518278
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6p4EAT1bY2bx1CxHdO35YFInizzX83tNeRFYMvF2MV3s8V:XblbzC5jmtNeRN2s3s8V
                                                                                                                                                                                                                                        MD5:A974C4DA769FBFBC71993A5AD9A45672
                                                                                                                                                                                                                                        SHA1:8267CA96388DA057CF799765F0F292B3515141D0
                                                                                                                                                                                                                                        SHA-256:4F5549DBA22CC5B8A453F34A7CB398E058578850D1902CDE7CE6296A07BD9C8C
                                                                                                                                                                                                                                        SHA-512:E620970607DAA0D8A3D47CC2F34414763E06807EED930FD7CC561CE27D7C47300D5367777036A049F0E30DC818E535C7710264901972CEDED648BD5E6737716D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....*..........NI... ...`....... ....................................@..................................H..S....`............................................................................... ............... ..H............text...T)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................0I......H........E..P...........P ..U%..........................................Q%.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.701646036890297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:HWWNv/jzSEhtiBbSEmfO2mdqeCtzEc6yCPVDA1L5rxg0XWr:H1NvbcbSEm22mdqet+wh25rxg0XWr
                                                                                                                                                                                                                                        MD5:3CEFEC17BAAC089C54C8102A4CFD160C
                                                                                                                                                                                                                                        SHA1:A54CD9BD4181A591937A99BE88BEB006279837DE
                                                                                                                                                                                                                                        SHA-256:AAFBE48966DBC5372A308AB9501245CE261D2715F336AD1908C799D354C981A2
                                                                                                                                                                                                                                        SHA-512:2D45193662C7CE2854CE2D3EE53AE199E094D09BC76D8D8A8E36B24EA60400A5F064CA16CE0078FE6CBDF4117C22565C04E47B99CD99868254C915DB6D18700F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ...................................@..................................8..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................%h...P...y.7....ON(..U.~vT]h.e9dfp*1...oDL..1.M..6.Ku...^5....RE.')f.$......{...mcc......E...g.l.Z.q..M..@._D.{...,...S....................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\zh-CN\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                        Entropy (8bit):5.079861170865273
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4IYXbXbaQGf0wwrCwYxzJSKqdy6eY5R6Q3Pyt7g0mY3IC1wx+bDqhbXpVuieenTh:4RbXbaQixwYxzJSKqdy6eY5Rt/A7c+hu
                                                                                                                                                                                                                                        MD5:63C01E27482A86F45C5FC0B71B947B9A
                                                                                                                                                                                                                                        SHA1:8E574221E887B696FCE2AD6EDEF5A626704C85D1
                                                                                                                                                                                                                                        SHA-256:58A32C192D409D82590E015DF80D2ACB0FE93BC171B71F5ECA608873E59A0EC4
                                                                                                                                                                                                                                        SHA-512:F44D7647D01BD7EDB5B3C85792A428E08AD9A7B374E4EEB0E04BE442315BA6966A747430AD7F2C529AA7FCC5367C92E17C375A551C0C22CB93EB27648CABF925
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....$...........B... ...`....... ....................................@.................................DB..W....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........>..P...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.728551774224484
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JWWNv/jzSEhtimYtEq40uI7Sr2fqmxkNeo7R7L7c7xM757odHK9nPol1f5rxg0Xq:J1NvbOtEq40uYSatEdHwWloA9Pk5rxgJ
                                                                                                                                                                                                                                        MD5:833F269BA6F0C34F49273DA7FBD7DCE7
                                                                                                                                                                                                                                        SHA1:D0253D322DCDF7F54E37C7E8911A8B77670D2967
                                                                                                                                                                                                                                        SHA-256:F8C769A357E6CD27452835E5288FE515FB50BFEEC83EF3969975171174B467E5
                                                                                                                                                                                                                                        SHA-512:4FA315E23D985AFFB46F6536CDF2DDC1B882F47098EE2D5A4B954DDEEB8904D1C83182B1598E4948A59728339945307B699A147ECD813C0F91986D95BDC57184
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................8... ...@....... ....................................@..................................8..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ......................................gh....R.xns+....2..b]...c........W|..C.....\*.~w.?.....%...M.}..K?.`.Y.0%U..........I.:f...p.EB.....]O]..4Sy'.D4N..................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\zh-TW\RavStub.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                                        Entropy (8bit):5.069203865429364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:YIY26Y9TGjEWVWxzJS9gSKiLHQhcScP/yggS2w3tWGPO4JRy0ty6WGbdIY9MAFXH:Yw6Y9TEVWxzJS9gSKiLwhcSSqgwmMGx/
                                                                                                                                                                                                                                        MD5:0F745522B433B128D871F64E5157370C
                                                                                                                                                                                                                                        SHA1:50C7EC58E9C7B9CB4A806A7DC282B59269D31C24
                                                                                                                                                                                                                                        SHA-256:3EEF10F7ED70B4CBE19EDC46555F8C9CEC54D7099AF12C1EA40F753F17BEC4B8
                                                                                                                                                                                                                                        SHA-512:3CD8D722B27096FCA0B914B49208FFAFA8F90044A6E5ADA915BC9F68E46F7B584F381568A23812B15B8B0AE5F1270A5C7FC4B8065EDF65AC3C32575B9247B1C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ef...........!.....$..........~B... ...`....... ....................................@.................................$B..W....`............................................................................... ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B................`B......H........>..P...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....V.......PADPADP.%z............u.$+.l.....o*.G...4...*.!.L...0N....._).......85.[JF.13U.y.....(.w.N.....<..sxU./.h.L.......=:.lc...?Z....!.....V......rk.L...\.....T...=.i..)..].....D..b..`............)...s..%'..JA*......>.$.:.%

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsEngineSvc.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1719
                                                                                                                                                                                                                                        Entropy (8bit):5.1561071415334805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MaHK2YHK2IHD8mHbHKgmHKqAHK2tHgayHAHjHKmfHK7HKmTHtHKhBHKmJHLHKs:Zq2Yq2I77qTq1q2tggDqaq7qqNqLqgrv
                                                                                                                                                                                                                                        MD5:F6B890B901B6FAAA4E408CB27A9CA602
                                                                                                                                                                                                                                        SHA1:748EF2BAE0E87984A6ED61209A1CFD31AC4DAD11
                                                                                                                                                                                                                                        SHA-256:28B7A5758E633E7E4C1B532724AA2C324156F735D3744C886383DA9DBD2EBD75
                                                                                                                                                                                                                                        SHA-512:C8F79585A7514B3787BC4334035DF58671F2E66DF4A3C296DE29582EF82EDCC6F306F38C4071297996A7AF40699A4E63A3261FB2C4DD8F0FDD15CD7A398D5F3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Transactions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\ReasonLabs\EPP\rsWSC.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):408
                                                                                                                                                                                                                                        Entropy (8bit):5.15782383978774
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:Q3La/hrDLI4MWuC/KbbDLI4MWuC/K9rDLI4Mw8WDLI4M6:ML2E4K2KDE4K2KNE4D8mE4j
                                                                                                                                                                                                                                        MD5:94A1D3C29CF4253A22106E973A80C2F7
                                                                                                                                                                                                                                        SHA1:C09F26B71EB403A986CC9E6FA5CA72867607A22B
                                                                                                                                                                                                                                        SHA-256:F4183A2A060D97D08EEBF697C22F7B046B34EA15F63D206E1BFA0843A27ADC64
                                                                                                                                                                                                                                        SHA-512:3BB2F2968D8E95DDB1DAFE43101F6ABA9752B8C0A2FC4377FA2FB3568EC3D28087C6EAE36E297461B586B114712AA832CC19ABDC4ADEF87231BD1FCA26E50558
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                        C:\Windows\System32\drivers\rsCamFilter020502.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):48944
                                                                                                                                                                                                                                        Entropy (8bit):6.755780295147749
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:68vbBtr3uL645Mx5wm9sKN6DRtoQpH3e6n9yEM1didV1VaXLkj3XV13hwOOPO9z4:Hp3uORwOO3/c1dGP0+xnOiz4
                                                                                                                                                                                                                                        MD5:633861D85B60EB7DE2E820F4FAC586E0
                                                                                                                                                                                                                                        SHA1:E5666AECD7B9D97627C4A0FC06D52AEA59D7C37D
                                                                                                                                                                                                                                        SHA-256:8EEBBE6A69D030FF7944524E22126218B6AE8CDB349C97FEEDB83CD0686BBB38
                                                                                                                                                                                                                                        SHA-512:8F26D38ABEF1CA2B365A2B1CC6B2A49C55319C59D790C32EC8D5728596FDDCF9252230C200ABAE4609884CBA3449B3EA778785244330F98C8C21CADF8C921AE1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'F..tF..tF..tF..tG..t...uC..tF..t...t...uA..t...uN..t...u@..t..*tG..t...uG..tRichF..t................PE..d....<|d.........."....".L.....................@.....................................`....`A................................................t...<.......h....`..`....l..0S......$....D..8...........................`C..@............@..H............................text............0.................. ..h.rdata.......@.......4..............@..H.data...@....P.......B..............@....pdata..`....`.......D..............@..HPAGE....a....p.......H.............. ..`INIT.................V.............. ..b.rsrc...h............d..............@..B.reloc..$............j..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\System32\drivers\rsElam.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19944
                                                                                                                                                                                                                                        Entropy (8bit):6.115904530529
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:L22mPMNY+DHa3eLzeCvUkjWHhELVWQ4aWSWDqF9e+X01k9z3AzsJO4gdHfQhW:L4M1u3LCskJpWe99R9zusZwfQhW
                                                                                                                                                                                                                                        MD5:8129C96D6EBDAEBBE771EE034555BF8F
                                                                                                                                                                                                                                        SHA1:9B41FB541A273086D3EEF0BA4149F88022EFBAFF
                                                                                                                                                                                                                                        SHA-256:8BCC210669BC5931A3A69FC63ED288CB74013A92C84CA0ABA89E3F4E56E3AE51
                                                                                                                                                                                                                                        SHA-512:CCD92987DA4BDA7A0F6386308611AFB7951395158FC6D10A0596B0A0DB4A61DF202120460E2383D2D2F34CBB4D4E33E4F2E091A717D2FC1859ED7F58DB3B7A18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q...q...q...e...r...e...t...q...y...e...p...e...r......p......p......p...Richq...........................PE..d...n.Ub.........."............................@....................................4S.....A.................................................P..<....`..x....@.......(...%...p..$....$..T............................%............... ..P............................text............................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT....^....P...................... ..b.rsrc...x....`......................@..B.reloc..$....p.......&..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\System32\drivers\rsKernelEngine.sys

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49456
                                                                                                                                                                                                                                        Entropy (8bit):6.631066056716293
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768://Vqt92EbtYnekejiYF5blvhBVu8suwIppriCAVUValkjvJt3Hy5Z:EmeLT0CpprAqs6tXqZ
                                                                                                                                                                                                                                        MD5:F77B9B6CCCA206535EB9672266A462B1
                                                                                                                                                                                                                                        SHA1:479345A89FB7362CAE53A3040F4EFCEE55B92BF7
                                                                                                                                                                                                                                        SHA-256:BC4EBE3656BE0F502B65A2CA247FFA1B3065EC6FE2E76D3AF21511A0616F855C
                                                                                                                                                                                                                                        SHA-512:9C80E9C83A58C9E2C63F22C17E4FD4DF227F04960AA2212C66A1308512FE02E71CB7300455965109A7E3931ABD38EBD15162FE3CB46C3328F28D1AE175B4EFE3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2.P.Sg..Sg..Sg..Sf..Sg..5f..Sg..5c..Sg..5d..Sg.C:c..Sg.C:...Sg..S...Sg.C:e..Sg.Rich.Sg.................PE..d...".\`.........."......H...&................@....................................A......A................................................4...<....... ....P.......r..0O......D....5..8........................... 6...............0...............................text...D........................... ..h.rdata.......0......."..............@..H.data...$....@.......2..............@....pdata.......P.......4..............@..HPAGE....N....`.......8.............. ..`INIT....6............R.............. ..b.rsrc... ............b..............@..B.reloc..D............p..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                        Entropy (8bit):4.462948469486209
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:vIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:AXD94+WlLZMM6YFHg+n
                                                                                                                                                                                                                                        MD5:B16A0644CA837BD8681A7B3AA0FC833C
                                                                                                                                                                                                                                        SHA1:B6B23D626215D144A947E280DC4A3296204C0B21
                                                                                                                                                                                                                                        SHA-256:BAC949151EDFBA57AD2C7B070DBE17FE5F937FE6C7CF5161319AA6ABA94A8852
                                                                                                                                                                                                                                        SHA-512:7CD8B244BAE12E00D5DAB2EB28EC95E325B118FCF205EF0808DBD6E9AB556516F40FB769BBFEF6148AAF11057B277A6EEC8BFDFDD03D126A3C11DAD7852E4510
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...................................................................................................................................................................................................................................................................................................................................................8...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.462428190880134
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                                                        • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                                        • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                                        • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                        File name:wechat-3.9.7-installer_ae-GFz1.exe
                                                                                                                                                                                                                                        File size:1'771'256 bytes
                                                                                                                                                                                                                                        MD5:c9db32520878a90f367b284f5f765ab7
                                                                                                                                                                                                                                        SHA1:e59b03e0dfe13054a30eb68a04b0cd7cc0456e1a
                                                                                                                                                                                                                                        SHA256:5dc9eafb99e68c0ef77d151ea645736d19393fffc3e01d9dbb073584893b99a4
                                                                                                                                                                                                                                        SHA512:c63a3db5fd776eb0998f865de2cae7ad199b4b248746c58a228cb499632084eadd73f66ab501ff0f011b1a2c1b18634ddda856c2af3dddc2c0e11832991abcb3
                                                                                                                                                                                                                                        SSDEEP:24576:z7FUDowAyrTVE3U5F/X5bOyUQ60UXG9kqtSRQoRQZlEVeMXwdcVqOODxGk:zBuZrEU0PuU2eaZlINXNWck
                                                                                                                                                                                                                                        TLSH:7085CF3FF268A53EC46A1B3205B38210997BBA61B81A8C1F07FC754DCF765601E3B656
                                                                                                                                                                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:0c0c2d33ceec80aa

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x4b5eec
                                                                                                                                                                                                                                        Entrypoint Section:.itext
                                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                        Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                                        • 05/12/2023 00:00:00 04/12/2024 23:59:59
                                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                                        • CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES
                                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                                        Thumbprint MD5:645062A19EBA838A05F35F9E658A2634
                                                                                                                                                                                                                                        Thumbprint SHA-1:0826DC0AF20D41B35F929BFD15B8628FFC67BA53
                                                                                                                                                                                                                                        Thumbprint SHA-256:F01B15B21A7C4E3443E961A9743A2400F6F3BA2374040FA2C968A1382B820378
                                                                                                                                                                                                                                        Serial:0FB1B101957A7B7B6042138BD4CCF2A3

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                        add esp, FFFFFFA4h
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                                        mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                                        mov eax, 004B14B8h
                                                                                                                                                                                                                                        call 00007F88C53F0D05h
                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        push 004B65E2h
                                                                                                                                                                                                                                        push dword ptr fs:[eax]
                                                                                                                                                                                                                                        mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                        xor edx, edx
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        push 004B659Eh
                                                                                                                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                        mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                                        call 00007F88C54937F7h
                                                                                                                                                                                                                                        call 00007F88C549334Ah
                                                                                                                                                                                                                                        lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                        call 00007F88C54067A4h
                                                                                                                                                                                                                                        mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                        mov eax, 004C1D84h
                                                                                                                                                                                                                                        call 00007F88C53EB8F7h
                                                                                                                                                                                                                                        push 00000002h
                                                                                                                                                                                                                                        push 00000000h
                                                                                                                                                                                                                                        push 00000001h
                                                                                                                                                                                                                                        mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                                        mov dl, 01h
                                                                                                                                                                                                                                        mov eax, dword ptr [004238ECh]
                                                                                                                                                                                                                                        call 00007F88C5407927h
                                                                                                                                                                                                                                        mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                                        xor edx, edx
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        push 004B654Ah
                                                                                                                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                        call 00007F88C549387Fh
                                                                                                                                                                                                                                        mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                                        mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                        cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                                        jne 00007F88C5499A9Ah
                                                                                                                                                                                                                                        mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                        mov edx, 00000028h
                                                                                                                                                                                                                                        call 00007F88C540821Ch
                                                                                                                                                                                                                                        mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x11000.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x1adeb80x2840
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rsrc0xc70000x110000x11000366d8de3ab89ffba40b5dbfe3b31d799False0.18636546415441177data3.698855471720625IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_ICON0xc76780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                                                                                                                                                                                                        RT_ICON0xc80e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                                                                                                                                                                                                        RT_ICON0xc87480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                                                                                                                                                                                                        RT_ICON0xc8a300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                                                                                                                                                                                                        RT_ICON0xc8b580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                                                                                                                                                                                                        RT_ICON0xca1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                                                                                                                                                                                                        RT_ICON0xcb0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                                                                                                                                                                                                        RT_ICON0xcb8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                                                                                                                                                                                                        RT_ICON0xcbe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                                                                                                                                                                                                        RT_ICON0xcd1200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                                                                                                                                                                                                        RT_ICON0xd13480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                                                                                                                                                                                                        RT_ICON0xd38f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                                                                                                                                                                                                        RT_ICON0xd49980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                                                                                                                                                        RT_STRING0xd4e000x360data0.34375
                                                                                                                                                                                                                                        RT_STRING0xd51600x260data0.3256578947368421
                                                                                                                                                                                                                                        RT_STRING0xd53c00x45cdata0.4068100358422939
                                                                                                                                                                                                                                        RT_STRING0xd581c0x40cdata0.3754826254826255
                                                                                                                                                                                                                                        RT_STRING0xd5c280x2d4data0.39226519337016574
                                                                                                                                                                                                                                        RT_STRING0xd5efc0xb8data0.6467391304347826
                                                                                                                                                                                                                                        RT_STRING0xd5fb40x9cdata0.6410256410256411
                                                                                                                                                                                                                                        RT_STRING0xd60500x374data0.4230769230769231
                                                                                                                                                                                                                                        RT_STRING0xd63c40x398data0.3358695652173913
                                                                                                                                                                                                                                        RT_STRING0xd675c0x368data0.3795871559633027
                                                                                                                                                                                                                                        RT_STRING0xd6ac40x2a4data0.4275147928994083
                                                                                                                                                                                                                                        RT_RCDATA0xd6d680x10data1.5
                                                                                                                                                                                                                                        RT_RCDATA0xd6d780x2c4data0.6384180790960452
                                                                                                                                                                                                                                        RT_RCDATA0xd703c0x2cdata1.2045454545454546
                                                                                                                                                                                                                                        RT_GROUP_ICON0xd70680xbcdataEnglishUnited States0.6170212765957447
                                                                                                                                                                                                                                        RT_VERSION0xd71240x584dataEnglishUnited States0.2776203966005666
                                                                                                                                                                                                                                        RT_MANIFEST0xd76a80x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                                        comctl32.dllInitCommonControls
                                                                                                                                                                                                                                        version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                                        user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                                        oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                                        netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                                        advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                                        Exports

                                                                                                                                                                                                                                        NameOrdinalAddress
                                                                                                                                                                                                                                        TMethodImplementationIntercept30x4541a8
                                                                                                                                                                                                                                        __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                                        dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:22:58:21
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe"
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:1'771'256 bytes
                                                                                                                                                                                                                                        MD5 hash:C9DB32520878A90F367B284F5F765AB7
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:22:58:22
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-V29R7.tmp\wechat-3.9.7-installer_ae-GFz1.tmp" /SL5="$1043C,837551,832512,C:\Users\user\Desktop\wechat-3.9.7-installer_ae-GFz1.exe"
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:3'209'792 bytes
                                                                                                                                                                                                                                        MD5 hash:053B158842578C53DB20AD6835B8658B
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:22:58:46
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component0.exe" -ip:"dui=9e146be9-c76a-4720-bcdb-53011b87bd06&dit=20240601225827&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=&se=true" -i
                                                                                                                                                                                                                                        Imagebase:0x292be790000
                                                                                                                                                                                                                                        File size:45'608 bytes
                                                                                                                                                                                                                                        MD5 hash:9918A291E486157963C3B089BD65AEBD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:22:58:49
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                                                                                        Imagebase:0x620000
                                                                                                                                                                                                                                        File size:1'184'128 bytes
                                                                                                                                                                                                                                        MD5 hash:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                        Start time:22:58:49
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\40kgqfax.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silent
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:1'952'048 bytes
                                                                                                                                                                                                                                        MD5 hash:436F7DECB25CBA7886B44FA4D6305F91
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000003.1988613004.0000000002738000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000003.1992343012.000000000273A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000003.1990789604.0000000002730000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000003.1990251896.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000003.1989399605.0000000002F5F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                        Start time:22:58:53
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\nswBD14.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\40kgqfax.exe" /silent
                                                                                                                                                                                                                                        Imagebase:0x135a62c0000
                                                                                                                                                                                                                                        File size:550'984 bytes
                                                                                                                                                                                                                                        MD5 hash:31CB221ABD09084BF10C8D6ACF976A21
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.2835298854.00000135A830E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3098035990.00000135C0912000.00000002.00000001.01000000.0000003F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3091227950.00000135C07C2000.00000002.00000001.01000000.0000003E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.2835298854.00000135A81AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3090043199.00000135C06C2000.00000002.00000001.01000000.0000003D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.2835298854.00000135A8655000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.2854690041.00000135BD1C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                        Start time:22:58:55
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
                                                                                                                                                                                                                                        Imagebase:0x7ff7dc370000
                                                                                                                                                                                                                                        File size:814'440 bytes
                                                                                                                                                                                                                                        MD5 hash:3068531529196A5F3C9CB369B8A6A37F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                        Start time:22:58:55
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                        Start time:22:58:55
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
                                                                                                                                                                                                                                        Imagebase:0x7ff7dc370000
                                                                                                                                                                                                                                        File size:814'440 bytes
                                                                                                                                                                                                                                        MD5 hash:3068531529196A5F3C9CB369B8A6A37F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:22:58:56
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\Uninstall.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\Uninstall.exe" /auto-repair=RavStub
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:1'952'048 bytes
                                                                                                                                                                                                                                        MD5 hash:436F7DECB25CBA7886B44FA4D6305F91
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:22:58:56
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe" /auto-repair=RavStub
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:1'952'048 bytes
                                                                                                                                                                                                                                        MD5 hash:436F7DECB25CBA7886B44FA4D6305F91
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000003.2061100713.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000003.2060092357.0000000002758000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000003.2059111756.000000000275C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000003.2062756455.0000000002751000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000003.2058447523.0000000002752000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                        Start time:22:58:58
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                        Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                        Start time:22:58:58
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6712 -ip 6712
                                                                                                                                                                                                                                        Imagebase:0x350000
                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                        Start time:22:58:58
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 1320
                                                                                                                                                                                                                                        Imagebase:0x350000
                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                        Start time:22:59:02
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\nsxD8E9.tmp\RAVEndPointProtection-installer.exe" "C:\Users\user\AppData\Local\Temp\nsmD772.tmp\Uninstall.exe" /auto-repair=RavStub
                                                                                                                                                                                                                                        Imagebase:0x2443fb70000
                                                                                                                                                                                                                                        File size:550'984 bytes
                                                                                                                                                                                                                                        MD5 hash:31CB221ABD09084BF10C8D6ACF976A21
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                        Start time:22:59:09
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\installer.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                                                                                        Imagebase:0x7ff690720000
                                                                                                                                                                                                                                        File size:29'321'856 bytes
                                                                                                                                                                                                                                        MD5 hash:58B8915D4281DB10762AF30EAF315C9E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                        Start time:22:59:12
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\McAfee\Temp1361141607\installer.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\McAfee\Temp1361141607\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                                                                                        Imagebase:0x7ff7f5770000
                                                                                                                                                                                                                                        File size:2'990'000 bytes
                                                                                                                                                                                                                                        MD5 hash:B2B02A72E98408C9E0EBD5036BD7A092
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                        Start time:22:59:22
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                                                                                                                                                                                                                        Imagebase:0x7ff7b5cf0000
                                                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                                                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                        Start time:22:59:22
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline: /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                                                                                                                                                                                                                        Imagebase:0x7ff6ec4b0000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                        Start time:22:59:22
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
                                                                                                                                                                                                                                        Imagebase:0x7ff7b5cf0000
                                                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                                                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                        Start time:22:59:27
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7836d0000
                                                                                                                                                                                                                                        File size:879'456 bytes
                                                                                                                                                                                                                                        MD5 hash:AF384AA87E3D70F7A687C5C60DA2FB7F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                        Start time:22:59:27
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                                                                                                                                                                                                                        Imagebase:0x7ff7b5cf0000
                                                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                                                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                        Start time:22:59:27
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline: /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                                                                                                                                                                                                                        Imagebase:0x330000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                        Start time:22:59:28
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
                                                                                                                                                                                                                                        Imagebase:0x7ff7b5cf0000
                                                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                                                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                        Start time:22:59:28
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
                                                                                                                                                                                                                                        Imagebase:0x7ff608ff0000
                                                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                        Start time:22:59:28
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\runonce.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\runonce.exe" -r
                                                                                                                                                                                                                                        Imagebase:0x7ff7961c0000
                                                                                                                                                                                                                                        File size:61'952 bytes
                                                                                                                                                                                                                                        MD5 hash:9ADEF025B168447C1E8514D919CB5DC0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                        Start time:22:59:29
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\grpconv.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\grpconv.exe" -o
                                                                                                                                                                                                                                        Imagebase:0x7ff78f270000
                                                                                                                                                                                                                                        File size:52'736 bytes
                                                                                                                                                                                                                                        MD5 hash:8531882ACC33CB4BDC11B305A01581CE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wevtutil.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
                                                                                                                                                                                                                                        Imagebase:0x7ff68bb20000
                                                                                                                                                                                                                                        File size:278'016 bytes
                                                                                                                                                                                                                                        MD5 hash:1AAE26BD68B911D0420626A27070EB8D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\fltMC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"fltmc.exe" load rsKernelEngine
                                                                                                                                                                                                                                        Imagebase:0x7ff64b820000
                                                                                                                                                                                                                                        File size:31'232 bytes
                                                                                                                                                                                                                                        MD5 hash:6AB08CADCE7DF971A043DCD1257D7374
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\McAfee\WebAdvisor\uihost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff6a6000000
                                                                                                                                                                                                                                        File size:858'176 bytes
                                                                                                                                                                                                                                        MD5 hash:D1BEFCFE26C5C2132BDABBF332306004
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wevtutil.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
                                                                                                                                                                                                                                        Imagebase:0x7ff68bb20000
                                                                                                                                                                                                                                        File size:278'016 bytes
                                                                                                                                                                                                                                        MD5 hash:1AAE26BD68B911D0420626A27070EB8D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                        Start time:22:59:30
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\rsWSC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
                                                                                                                                                                                                                                        Imagebase:0x246c6c60000
                                                                                                                                                                                                                                        File size:208'416 bytes
                                                                                                                                                                                                                                        MD5 hash:D8021F3B7E9C952B7EC33B929183E8EF
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000026.00000000.2393001707.00000246C6C62000.00000002.00000001.01000000.0000002A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsWSC.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                        Start time:22:59:33
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\rsWSC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
                                                                                                                                                                                                                                        Imagebase:0x1c37e110000
                                                                                                                                                                                                                                        File size:208'416 bytes
                                                                                                                                                                                                                                        MD5 hash:D8021F3B7E9C952B7EC33B929183E8EF
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                        Start time:22:59:34
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
                                                                                                                                                                                                                                        Imagebase:0x7ff7d35a0000
                                                                                                                                                                                                                                        File size:673'280 bytes
                                                                                                                                                                                                                                        MD5 hash:9170244A34CB903FC5DFBE4159DB6F16
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                        Start time:22:59:34
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                        Start time:22:59:34
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7d35a0000
                                                                                                                                                                                                                                        File size:673'280 bytes
                                                                                                                                                                                                                                        MD5 hash:9170244A34CB903FC5DFBE4159DB6F16
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                        Start time:22:59:34
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
                                                                                                                                                                                                                                        Imagebase:0x29994ac0000
                                                                                                                                                                                                                                        File size:364'688 bytes
                                                                                                                                                                                                                                        MD5 hash:D8053B9FDBDBB3E32CF583AACB29D1EE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.2445610095.00000299967CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.2449940365.00000299AFD62000.00000002.00000001.01000000.00000032.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.2445133513.00000299966A2000.00000002.00000001.01000000.00000030.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.2445298252.00000299966D2000.00000002.00000001.01000000.00000031.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000000.2430008911.0000029994AC2000.00000002.00000001.01000000.0000002F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                        Start time:22:59:37
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
                                                                                                                                                                                                                                        Imagebase:0x18cac9d0000
                                                                                                                                                                                                                                        File size:364'688 bytes
                                                                                                                                                                                                                                        MD5 hash:D8053B9FDBDBB3E32CF583AACB29D1EE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002C.00000002.3596734872.0000018CAD462000.00000002.00000001.01000000.00000046.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000002C.00000002.3597757506.0000018CAD720000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Coinhive, Description: Yara detected Coinhive miner, Source: 0000002C.00000002.3597757506.0000018CAD720000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002C.00000002.3594911747.0000018CAD3D2000.00000002.00000001.01000000.00000044.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000002C.00000002.3597757506.0000018CADA56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000002C.00000002.3597757506.0000018CADA56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                        Start time:22:59:37
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
                                                                                                                                                                                                                                        Imagebase:0x1eb809f0000
                                                                                                                                                                                                                                        File size:163'328 bytes
                                                                                                                                                                                                                                        MD5 hash:6B03DAEF1CAA676A0BC6E13B4BC8F89B
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002D.00000002.2493242434.000001EB9B0B2000.00000002.00000001.01000000.00000034.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002D.00000002.2480472755.000001EB827A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002D.00000000.2462802097.000001EB809F2000.00000002.00000001.01000000.00000033.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:57
                                                                                                                                                                                                                                        Start time:22:59:41
                                                                                                                                                                                                                                        Start date:01/06/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FFD9BAA1012 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fb31828056ab09dd148c5529e8483f612d4533bdeac2afc6805d6aaeca5dc435
                                                                                                                                                                                                                                          • Instruction ID: 2916bd9542588efb6702040c7fca3ca0291e4c4a43c885f39238a2bf112457e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb31828056ab09dd148c5529e8483f612d4533bdeac2afc6805d6aaeca5dc435
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F1E53070D989AFE755EB688865AAD7BE1EF1A300F0540FDD44ECB1A3CA69EC46C741
                                                                                                                                                                                                                                          Function 00007FFD9BAA0818 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 886257c657b75f085b36a809378ede262e8a0c13c04fa60654d39d48b60a4df8
                                                                                                                                                                                                                                          • Instruction ID: 5eda8fcaf5ac67fa3042ee075faed0cf9573f92108c2a7a919fb237740012481
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 886257c657b75f085b36a809378ede262e8a0c13c04fa60654d39d48b60a4df8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A51F431B1990D4FDBA4EBA8D4A1AECB7B2FF59310B0101B6E00CDB1A7DE286D41C791
                                                                                                                                                                                                                                          Function 00007FFD9BAA0D18 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d83aec9f520d3a6fd09deaebfa48ae91415aef8d734c8cccc40557c2016579d3
                                                                                                                                                                                                                                          • Instruction ID: 683a13cfbdd49e9817d34775b372432560a46a92a06c42b34d0aaf8c364883da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d83aec9f520d3a6fd09deaebfa48ae91415aef8d734c8cccc40557c2016579d3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48314971B0CA495FE755AB7C586E6BC7BE2DFC921170840FAD489C7692EE2C5C034341
                                                                                                                                                                                                                                          Function 00007FFD9BAA1482 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b8286ccb77aed466fbcd9872c6f33be46d4cbeb62d5c90c96912d60cea68b0cb
                                                                                                                                                                                                                                          • Instruction ID: 14e3f65a98a037c48823b71bcf7b5040b27cc5a2364bd714066209750f20904b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8286ccb77aed466fbcd9872c6f33be46d4cbeb62d5c90c96912d60cea68b0cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F21D77290D60C4EEB58EB48EC429F873A4EB56335F00017FD14EC71A2EA636A57CB94
                                                                                                                                                                                                                                          Function 00007FFD9BAA1958 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 602f4f7a12efeb0589d57e39cefdb3aaa4de2463a88eef24c28b5d9af6c74a50
                                                                                                                                                                                                                                          • Instruction ID: 5b61f07f8b9acf71988801d06c1939791310d8a99fb2e1b2f440a783a66c5878
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 602f4f7a12efeb0589d57e39cefdb3aaa4de2463a88eef24c28b5d9af6c74a50
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC317F32E1991D4FDFA4EBACD8616ECB3F2FF58710B41017AE00DE72A6CE6469418790
                                                                                                                                                                                                                                          Function 00007FFD9BAA143D Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 79c27157a875113691c4d4ca5d7cf5e7e20812016aa598c7be633dfc13e6f1f3
                                                                                                                                                                                                                                          • Instruction ID: c98f44fa00e8b77fd8c129bfdef03714c8515eaf4dece220b52bca68819b42ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79c27157a875113691c4d4ca5d7cf5e7e20812016aa598c7be633dfc13e6f1f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E01E571E0D61C8FD728DB58D8627F8B3A1EF16220F0101BFC04E931A2CE722A45CA54
                                                                                                                                                                                                                                          Function 00007FFD9BAA135F Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 106461cb76d749adc4c93fbfa03b127aa168df52b57beab88736718c27ce1ca9
                                                                                                                                                                                                                                          • Instruction ID: e95b825b9cb885d42282afc07112cbb610e592d51fa58a84af385a6b5afa9c1f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 106461cb76d749adc4c93fbfa03b127aa168df52b57beab88736718c27ce1ca9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF0F970D0A70D4BD7689B5484216B476D6EF12300F0141FEC44E970B1DA741685CE91
                                                                                                                                                                                                                                          Function 00007FFD9BAA1472 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: acdccb2e771186f1a3f7fc4a3a64eb413cea1ed399c53f4f05408c38b55b97b2
                                                                                                                                                                                                                                          • Instruction ID: 89205196876977f7329090b1560810f0518d5ab784afd06dcbc7855daff44be9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acdccb2e771186f1a3f7fc4a3a64eb413cea1ed399c53f4f05408c38b55b97b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83E0C2B3A0E7484EF234824CB52B1F9B786EA8757470000BFD19A07D22AA07262B86D4
                                                                                                                                                                                                                                          Function 00007FFD9BAA0CF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3155408432.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9baa0000_component0.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e7ffdb4f3cc4004bd4af5063876dae993251f8b6e4d24911426b37df952900a2
                                                                                                                                                                                                                                          • Instruction ID: 0848ceb74a27e4d6c2796797cf4b0b2d40b12cb96c1a06129cd18cb0adaada52
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7ffdb4f3cc4004bd4af5063876dae993251f8b6e4d24911426b37df952900a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43D05E7264AA856FE755EB7C60AA5592FE1CF9971030901AA89C5CB5A2CA4C98038300

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:7.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:11.7%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:46
                                                                                                                                                                                                                                          execution_graph 83410 645204 RegOpenKeyExW 83411 645244 RegQueryValueExW 83410->83411 83412 6452e2 83410->83412 83414 6452ca RegCloseKey 83411->83414 83418 645275 83411->83418 83413 6ae960 _Yarn 14 API calls 83412->83413 83416 6452ea GetLastError 83413->83416 83414->83412 83415 64538b 83414->83415 83417 6453de OutputDebugStringW 83415->83417 83421 6453fd _Getvals 83415->83421 83416->83415 83460 644f50 83417->83460 83418->83414 83420 6452b4 SetLastError RegCloseKey 83418->83420 83420->83412 83427 646ae0 5 API calls 83421->83427 83433 6453f0 83421->83433 83422 64549c OutputDebugStringW 83476 644e60 83422->83476 83424 645703 83428 64570c LoadLibraryExW 83424->83428 83439 6456f7 83424->83439 83425 645584 83425->83424 83450 6455c4 83425->83450 83426 6454b6 83426->83425 83430 644e60 3 API calls 83426->83430 83427->83433 83429 64571d GetLastError 83428->83429 83428->83439 83434 6ae960 _Yarn 14 API calls 83429->83434 83431 6454c8 83430->83431 83435 6454e8 83431->83435 83436 645510 83431->83436 83440 6ae960 _Yarn 14 API calls 83431->83440 83433->83422 83433->83425 83434->83439 83438 6b594f _Yarn 15 API calls 83435->83438 83444 644e60 3 API calls 83436->83444 83436->83450 83437 6456e7 83437->83439 83443 6ae960 _Yarn 14 API calls 83437->83443 83438->83436 83510 6a8367 83439->83510 83440->83435 83443->83439 83446 645531 83444->83446 83445 64577e 83480 644cc0 83446->83480 83448 644dc0 3 API calls 83449 64566a 83448->83449 83500 6b594f 83449->83500 83492 644dc0 83450->83492 83452 645546 _Getvals 83452->83450 83485 646ae0 83452->83485 83454 644dc0 3 API calls 83455 6456ae 83454->83455 83457 644cc0 54 API calls 83455->83457 83458 6456cd OutputDebugStringW 83457->83458 83507 6ae960 83458->83507 83461 644f98 83460->83461 83468 645099 83460->83468 83462 644fae GetCurrentDirectoryW 83461->83462 83461->83468 83464 644fc5 83462->83464 83465 64500b GetLastError 83462->83465 83463 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83466 645109 83463->83466 83469 644fd6 GetCurrentDirectoryW 83464->83469 83467 644fec 83465->83467 83466->83433 83467->83468 83470 6b594f _Yarn 15 API calls 83467->83470 83468->83463 83469->83467 83471 644ff2 GetLastError 83469->83471 83472 645045 83470->83472 83471->83467 83472->83468 83473 644cc0 54 API calls 83472->83473 83474 645064 _Getvals 83473->83474 83474->83468 83475 646ae0 5 API calls 83474->83475 83475->83468 83477 644e73 83476->83477 83479 644e7c 83476->83479 83478 644dc0 3 API calls 83477->83478 83478->83479 83479->83426 83481 644d2d 83480->83481 83482 644cce swprintf 83480->83482 83481->83452 83482->83481 83517 6b1faa 83482->83517 83486 646bb2 83485->83486 83487 646afc 83485->83487 83488 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83486->83488 83490 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83487->83490 83489 646bc0 83488->83489 83489->83425 83491 646bac 83490->83491 83491->83425 83493 644dce 83492->83493 83494 644e49 83492->83494 83495 644dec GetModuleFileNameW 83493->83495 83494->83437 83494->83448 83496 644e02 GetLastError 83495->83496 83497 644e23 83495->83497 83496->83493 83496->83497 83498 644e2f GetLastError 83497->83498 83499 644e28 83497->83499 83498->83499 83499->83494 83505 6c2174 std::_Locinfo::_W_Getdays 83500->83505 83501 6c21b2 83502 6ad73d __Wcrtomb 14 API calls 83501->83502 83504 645697 83502->83504 83503 6c219d RtlAllocateHeap 83503->83504 83503->83505 83504->83437 83504->83454 83505->83501 83505->83503 83540 6bf60f EnterCriticalSection LeaveCriticalSection std::locale::_Locimp::_New_Locimp 83505->83540 83541 6c2098 83507->83541 83509 6ae978 83509->83437 83511 6a836f 83510->83511 83512 6a8370 IsProcessorFeaturePresent 83510->83512 83511->83445 83514 6a9055 83512->83514 83547 6a9018 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 83514->83547 83516 6a9138 83516->83445 83520 6af2ec 83517->83520 83521 6af32c 83520->83521 83522 6af314 83520->83522 83521->83522 83523 6af334 83521->83523 83533 6ad73d 83522->83533 83536 6ae6db 48 API calls 3 library calls 83523->83536 83526 6af319 __cftoe 83527 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83526->83527 83529 644cf9 83527->83529 83528 6af344 swprintf 83537 6b01c8 54 API calls 4 library calls 83528->83537 83529->83452 83532 6af3cb 83538 6afafc 14 API calls _free 83532->83538 83539 6c1e00 14 API calls 2 library calls 83533->83539 83535 6ad742 83535->83526 83536->83528 83537->83532 83538->83526 83539->83535 83540->83505 83542 6c20a3 RtlFreeHeap 83541->83542 83546 6c20cc _free 83541->83546 83543 6c20b8 83542->83543 83542->83546 83544 6ad73d __Wcrtomb 12 API calls 83543->83544 83545 6c20be GetLastError 83544->83545 83545->83546 83546->83509 83547->83516 83548 6429e0 83549 642a15 83548->83549 83550 642a00 83548->83550 83554 642a2b 83549->83554 83564 642a54 83549->83564 83551 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83550->83551 83553 642a0f 83551->83553 83552 642b4c 83556 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83552->83556 83555 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83554->83555 83557 642a4e 83555->83557 83558 642b60 83556->83558 83560 642ae0 83560->83552 83561 642af0 83560->83561 83562 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83561->83562 83565 642b01 83562->83565 83563 642b07 83566 642b1f 83563->83566 83572 6b569d 83563->83572 83564->83552 83564->83563 83567 642a86 83564->83567 83566->83552 83569 642b34 83566->83569 83567->83552 83580 6b4762 52 API calls 4 library calls 83567->83580 83570 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83569->83570 83571 642b46 83570->83571 83573 6b56ab 83572->83573 83579 6b56bd __cftoe 83572->83579 83574 6b56b8 83573->83574 83575 6b56cc 83573->83575 83573->83579 83576 6ad73d __Wcrtomb 14 API calls 83574->83576 83581 6b547e 83575->83581 83576->83579 83579->83566 83580->83560 83582 6b548a __FrameHandler3::FrameUnwindToState 83581->83582 83589 6b582c EnterCriticalSection 83582->83589 83584 6b5498 83590 6b54d9 83584->83590 83588 6b54b6 83588->83566 83589->83584 83598 6c2e58 83590->83598 83594 6b5508 83616 6c2f0b 68 API calls ___scrt_uninitialize_crt 83594->83616 83596 6b54a5 83597 6b54cd LeaveCriticalSection ___scrt_uninitialize_crt 83596->83597 83597->83588 83617 6c2e1c 83598->83617 83600 6c2e69 83622 6cec2a 83600->83622 83602 6b54ed 83607 6b551c 83602->83607 83603 6c2e6f 83603->83602 83629 6c2174 83603->83629 83606 6c2098 _free 14 API calls 83606->83602 83609 6b552e 83607->83609 83611 6b5541 __cftoe 83607->83611 83608 6b553c 83610 6ad73d __Wcrtomb 14 API calls 83608->83610 83609->83608 83609->83611 83615 6b5564 codecvt 83609->83615 83610->83611 83611->83594 83613 6c2e1c __FrameHandler3::FrameUnwindToState 14 API calls 83613->83615 83615->83611 83615->83613 83637 6b4e41 83615->83637 83643 6c5ee6 83615->83643 83616->83596 83618 6c2e3d 83617->83618 83619 6c2e28 83617->83619 83618->83600 83620 6ad73d __Wcrtomb 14 API calls 83619->83620 83621 6c2e2d __cftoe 83620->83621 83621->83600 83623 6cec44 83622->83623 83624 6cec37 83622->83624 83626 6cec50 83623->83626 83627 6ad73d __Wcrtomb 14 API calls 83623->83627 83625 6ad73d __Wcrtomb 14 API calls 83624->83625 83628 6cec3c __cftoe 83625->83628 83626->83603 83627->83628 83628->83603 83630 6c21b2 83629->83630 83634 6c2182 std::_Locinfo::_W_Getdays 83629->83634 83631 6ad73d __Wcrtomb 14 API calls 83630->83631 83633 6c21b0 83631->83633 83632 6c219d RtlAllocateHeap 83632->83633 83632->83634 83633->83606 83634->83630 83634->83632 83636 6bf60f EnterCriticalSection LeaveCriticalSection std::locale::_Locimp::_New_Locimp 83634->83636 83636->83634 83638 6b4e59 83637->83638 83639 6b4e7e 83637->83639 83638->83639 83640 6c2e1c __FrameHandler3::FrameUnwindToState 14 API calls 83638->83640 83639->83615 83641 6b4e77 83640->83641 83642 6c5ee6 __wsopen_s 68 API calls 83641->83642 83642->83639 83644 6c5ef2 __FrameHandler3::FrameUnwindToState 83643->83644 83645 6c5efa 83644->83645 83646 6c5f12 83644->83646 83709 6ad72a 14 API calls __dosmaperr 83645->83709 83648 6c5fad 83646->83648 83653 6c5f44 83646->83653 83712 6ad72a 14 API calls __dosmaperr 83648->83712 83649 6c5eff 83651 6ad73d __Wcrtomb 14 API calls 83649->83651 83656 6c5f07 __cftoe 83651->83656 83652 6c5fb2 83654 6ad73d __Wcrtomb 14 API calls 83652->83654 83666 6cace1 EnterCriticalSection 83653->83666 83654->83656 83656->83615 83657 6c5f4a 83658 6c5f7b 83657->83658 83659 6c5f66 83657->83659 83667 6c5fd8 83658->83667 83661 6ad73d __Wcrtomb 14 API calls 83659->83661 83662 6c5f6b 83661->83662 83710 6ad72a 14 API calls __dosmaperr 83662->83710 83665 6c5f76 83711 6c5fa5 LeaveCriticalSection __wsopen_s 83665->83711 83666->83657 83668 6c5ffa 83667->83668 83669 6c600b __cftoe 83667->83669 83670 6c5ffe 83668->83670 83672 6c604e 83668->83672 83669->83665 83730 6ad72a 14 API calls __dosmaperr 83670->83730 83675 6c6061 83672->83675 83713 6c698d 83672->83713 83673 6c6003 83674 6ad73d __Wcrtomb 14 API calls 83673->83674 83674->83669 83716 6c5b7f 83675->83716 83679 6c60b6 83681 6c610f WriteFile 83679->83681 83682 6c60ca 83679->83682 83680 6c6077 83683 6c607b 83680->83683 83684 6c60a0 83680->83684 83685 6c6133 GetLastError 83681->83685 83699 6c60ed 83681->83699 83687 6c60ff 83682->83687 83688 6c60d5 83682->83688 83691 6c6096 83683->83691 83731 6c5b17 6 API calls __wsopen_s 83683->83731 83732 6c576d 53 API calls 6 library calls 83684->83732 83685->83699 83723 6c5bf0 83687->83723 83692 6c60ef 83688->83692 83693 6c60da 83688->83693 83691->83669 83696 6c6159 83691->83696 83697 6c6183 83691->83697 83734 6c5db4 8 API calls 3 library calls 83692->83734 83693->83691 83694 6c60df 83693->83694 83733 6c5ccb 7 API calls 2 library calls 83694->83733 83700 6c6177 83696->83700 83701 6c6160 83696->83701 83697->83669 83703 6ad73d __Wcrtomb 14 API calls 83697->83703 83699->83691 83736 6ad707 14 API calls 3 library calls 83700->83736 83704 6ad73d __Wcrtomb 14 API calls 83701->83704 83705 6c619b 83703->83705 83706 6c6165 83704->83706 83737 6ad72a 14 API calls __dosmaperr 83705->83737 83735 6ad72a 14 API calls __dosmaperr 83706->83735 83709->83649 83710->83665 83711->83656 83712->83652 83738 6c68f6 83713->83738 83717 6cec2a __wsopen_s 14 API calls 83716->83717 83718 6c5b90 83717->83718 83722 6c5be6 83718->83722 83761 6c1ca9 48 API calls 3 library calls 83718->83761 83720 6c5bb3 83721 6c5bcd GetConsoleMode 83720->83721 83720->83722 83721->83722 83722->83679 83722->83680 83727 6c5bff __wsopen_s 83723->83727 83724 6c5cb0 83725 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83724->83725 83726 6c5cc9 83725->83726 83726->83691 83727->83724 83728 6c5c6f WriteFile 83727->83728 83728->83727 83729 6c5cb2 GetLastError 83728->83729 83729->83724 83730->83673 83731->83691 83732->83691 83733->83699 83734->83699 83735->83669 83736->83669 83737->83669 83747 6caf5d 83738->83747 83740 6c6908 83741 6c6910 83740->83741 83742 6c6921 SetFilePointerEx 83740->83742 83743 6ad73d __Wcrtomb 14 API calls 83741->83743 83744 6c6939 GetLastError 83742->83744 83745 6c6915 83742->83745 83743->83745 83758 6ad707 14 API calls 3 library calls 83744->83758 83745->83675 83748 6caf7f 83747->83748 83749 6caf6a 83747->83749 83754 6cafa4 83748->83754 83760 6ad72a 14 API calls __dosmaperr 83748->83760 83759 6ad72a 14 API calls __dosmaperr 83749->83759 83751 6caf6f 83753 6ad73d __Wcrtomb 14 API calls 83751->83753 83756 6caf77 __cftoe 83753->83756 83754->83740 83755 6cafaf 83757 6ad73d __Wcrtomb 14 API calls 83755->83757 83756->83740 83757->83756 83758->83745 83759->83751 83760->83755 83761->83720 83762 6c732a 83767 6c70bf 83762->83767 83764 6c7340 83765 6c7369 83764->83765 83777 6d0408 83764->83777 83770 6c70ed 83767->83770 83768 6ad73d __Wcrtomb 14 API calls 83769 6c7248 __cftoe 83768->83769 83769->83764 83775 6c723d 83770->83775 83780 6b2041 83770->83780 83772 6c72a5 83773 6b2041 49 API calls 83772->83773 83772->83775 83774 6c72c3 83773->83774 83774->83775 83776 6b2041 49 API calls 83774->83776 83775->83768 83775->83769 83776->83775 83789 6cfb11 83777->83789 83779 6d0423 83779->83765 83781 6b204f 83780->83781 83785 6b2072 83780->83785 83782 6b2055 83781->83782 83781->83785 83784 6ad73d __Wcrtomb 14 API calls 83782->83784 83787 6b205a __cftoe 83784->83787 83788 6b208d 49 API calls 2 library calls 83785->83788 83786 6b2088 83786->83772 83787->83772 83788->83786 83791 6cfb1d __FrameHandler3::FrameUnwindToState 83789->83791 83790 6cfb24 83792 6ad73d __Wcrtomb 14 API calls 83790->83792 83791->83790 83794 6cfb4f 83791->83794 83793 6cfb29 __cftoe 83792->83793 83793->83779 83798 6d00de 83794->83798 83799 6d00fb 83798->83799 83800 6d0129 83799->83800 83801 6d0110 83799->83801 83845 6cadb9 83800->83845 83859 6ad72a 14 API calls __dosmaperr 83801->83859 83805 6d014e 83858 6cfe25 CreateFileW 83805->83858 83806 6d0137 83860 6ad72a 14 API calls __dosmaperr 83806->83860 83807 6ad73d __Wcrtomb 14 API calls 83810 6cfb73 83807->83810 83844 6cfba6 LeaveCriticalSection __wsopen_s 83810->83844 83811 6d013c 83812 6ad73d __Wcrtomb 14 API calls 83811->83812 83816 6d0115 83812->83816 83813 6d0204 GetFileType 83814 6d020f GetLastError 83813->83814 83815 6d0256 83813->83815 83863 6ad707 14 API calls 3 library calls 83814->83863 83864 6cad04 15 API calls 3 library calls 83815->83864 83816->83807 83817 6d01d9 GetLastError 83862 6ad707 14 API calls 3 library calls 83817->83862 83818 6d0187 83818->83813 83818->83817 83861 6cfe25 CreateFileW 83818->83861 83822 6d021d CloseHandle 83822->83816 83825 6d0246 83822->83825 83824 6d01cc 83824->83813 83824->83817 83827 6ad73d __Wcrtomb 14 API calls 83825->83827 83826 6d0277 83828 6d02c3 83826->83828 83865 6d0034 70 API calls 3 library calls 83826->83865 83829 6d024b 83827->83829 83833 6d02ca 83828->83833 83881 6cfbd2 71 API calls 3 library calls 83828->83881 83829->83816 83832 6d02f8 83832->83833 83834 6d0306 83832->83834 83866 6c6b6c 83833->83866 83834->83810 83836 6d0382 CloseHandle 83834->83836 83882 6cfe25 CreateFileW 83836->83882 83838 6d03ad 83839 6d03e3 83838->83839 83840 6d03b7 GetLastError 83838->83840 83839->83810 83883 6ad707 14 API calls 3 library calls 83840->83883 83842 6d03c3 83884 6caecc 15 API calls 3 library calls 83842->83884 83844->83793 83846 6cadc5 __FrameHandler3::FrameUnwindToState 83845->83846 83885 6bcd41 EnterCriticalSection 83846->83885 83848 6cae13 83886 6caec3 83848->83886 83849 6cadcc 83849->83848 83850 6cadf1 83849->83850 83855 6cae60 EnterCriticalSection 83849->83855 83889 6cab93 15 API calls 3 library calls 83850->83889 83854 6cadf6 83854->83848 83890 6cace1 EnterCriticalSection 83854->83890 83855->83848 83856 6cae6d LeaveCriticalSection 83855->83856 83856->83849 83858->83818 83859->83816 83860->83811 83861->83824 83862->83816 83863->83822 83864->83826 83865->83828 83867 6caf5d __wsopen_s 14 API calls 83866->83867 83869 6c6b7c 83867->83869 83868 6c6b82 83892 6caecc 15 API calls 3 library calls 83868->83892 83869->83868 83870 6c6bb4 83869->83870 83873 6caf5d __wsopen_s 14 API calls 83869->83873 83870->83868 83874 6caf5d __wsopen_s 14 API calls 83870->83874 83872 6c6bda 83875 6c6bfc 83872->83875 83893 6ad707 14 API calls 3 library calls 83872->83893 83876 6c6bab 83873->83876 83877 6c6bc0 FindCloseChangeNotification 83874->83877 83875->83810 83879 6caf5d __wsopen_s 14 API calls 83876->83879 83877->83868 83880 6c6bcc GetLastError 83877->83880 83879->83870 83880->83868 83881->83832 83882->83838 83883->83842 83884->83839 83885->83849 83891 6bcd91 LeaveCriticalSection 83886->83891 83888 6cae33 83888->83805 83888->83806 83889->83854 83890->83848 83891->83888 83892->83872 83893->83875 83894 6a97ac 83895 6a97bc 83894->83895 83898 69293c 83895->83898 83924 69269d 83898->83924 83901 6929a9 83903 6928da DloadReleaseSectionWriteAccess 8 API calls 83901->83903 83902 6929cd 83905 692a45 LoadLibraryExA 83902->83905 83907 692aa6 83902->83907 83910 692b74 83902->83910 83915 692ab8 83902->83915 83904 6929b4 RaiseException 83903->83904 83919 692ba2 83904->83919 83906 692a58 GetLastError 83905->83906 83905->83907 83908 692a81 83906->83908 83916 692a6b 83906->83916 83911 692ab1 FreeLibrary 83907->83911 83907->83915 83912 6928da DloadReleaseSectionWriteAccess 8 API calls 83908->83912 83909 692b16 GetProcAddress 83909->83910 83913 692b26 GetLastError 83909->83913 83930 6928da 83910->83930 83911->83915 83917 692a8c RaiseException 83912->83917 83918 692b39 83913->83918 83915->83909 83915->83910 83916->83907 83916->83908 83917->83919 83918->83910 83920 6928da DloadReleaseSectionWriteAccess 8 API calls 83918->83920 83921 692b5a RaiseException 83920->83921 83922 69269d ___delayLoadHelper2@8 7 API calls 83921->83922 83923 692b71 83922->83923 83923->83910 83925 6926a9 83924->83925 83926 6926ca 83924->83926 83938 692743 83925->83938 83926->83901 83926->83902 83928 6926ae 83928->83926 83943 69286c 83928->83943 83931 6928ec 83930->83931 83932 69290e 83930->83932 83933 692743 DloadReleaseSectionWriteAccess 4 API calls 83931->83933 83932->83919 83935 6928f1 83933->83935 83934 692909 83950 692910 GetModuleHandleW GetProcAddress GetProcAddress ReleaseSRWLockExclusive DloadGetSRWLockFunctionPointers 83934->83950 83935->83934 83936 69286c DloadProtectSection 3 API calls 83935->83936 83936->83934 83948 6926d0 GetModuleHandleW GetProcAddress GetProcAddress 83938->83948 83940 692748 83941 692760 AcquireSRWLockExclusive 83940->83941 83942 692764 83940->83942 83941->83928 83942->83928 83945 692881 DloadObtainSection 83943->83945 83944 692887 83944->83926 83945->83944 83946 6928bc VirtualProtect 83945->83946 83949 692782 VirtualQuery GetSystemInfo 83945->83949 83946->83944 83948->83940 83949->83946 83950->83932 83951 6a8aa2 83952 6a8aae __FrameHandler3::FrameUnwindToState 83951->83952 83979 6a83f9 83952->83979 83954 6a8ab5 83955 6a8c08 83954->83955 83963 6a8adf ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 83954->83963 83998 6a93f2 4 API calls 2 library calls 83955->83998 83957 6a8c0f 83991 6be9fc 83957->83991 83961 6a8c1d 83962 6a8afe 83963->83962 83964 6a8b80 83963->83964 83967 6a8b78 83963->83967 83987 6a950d GetStartupInfoW _Getvals 83964->83987 83966 6a8b85 83988 6359aa 83966->83988 83994 6bc768 54 API calls 2 library calls 83967->83994 83969 6a8b7f 83969->83964 83973 6a8ba1 83973->83957 83974 6a8ba5 83973->83974 83975 6a8bae 83974->83975 83996 6be9b1 23 API calls __FrameHandler3::FrameUnwindToState 83974->83996 83997 6a856a 79 API calls ___scrt_uninitialize_crt 83975->83997 83978 6a8bb6 83978->83962 83980 6a8402 83979->83980 84000 6a9215 IsProcessorFeaturePresent 83980->84000 83982 6a840e 84001 6abd89 10 API calls 2 library calls 83982->84001 83984 6a8413 83985 6a8417 83984->83985 84002 6abda8 7 API calls 2 library calls 83984->84002 83985->83954 83987->83966 84003 634e1f 83988->84003 88617 6be89a 83991->88617 83994->83969 83995 6a9543 GetModuleHandleW 83995->83973 83996->83975 83997->83978 83998->83957 83999 6be9c0 23 API calls __FrameHandler3::FrameUnwindToState 83999->83961 84000->83982 84001->83984 84002->83985 84246 65d6d0 GetModuleHandleW 84003->84246 84005 634e6c 84006 634ec6 84005->84006 84500 639bb0 InitOnceBeginInitialize 84005->84500 84250 634d63 84006->84250 84011 634ee0 84014 639bb0 125 API calls 84011->84014 84012 634f39 CoInitializeEx 84016 634f48 84012->84016 84019 634ee5 84014->84019 84017 634f56 84016->84017 84270 635a4f 84016->84270 84307 6a8760 84017->84307 84022 639940 164 API calls 84019->84022 84025 634ef5 84022->84025 84027 631b84 79 API calls 84025->84027 84029 634f16 84027->84029 84032 631be0 76 API calls 84029->84032 84034 634f26 84032->84034 84033 634f91 84035 634ff1 84033->84035 84036 634f9b 84033->84036 84037 63136c 163 API calls 84034->84037 84038 6a8760 27 API calls 84035->84038 84039 639bb0 125 API calls 84036->84039 84040 634f31 84037->84040 84041 635004 84038->84041 84042 634fa0 84039->84042 84043 6358e3 CloseHandle 84040->84043 84044 6358ef 84040->84044 84314 635db6 84041->84314 84045 639940 164 API calls 84042->84045 84043->84044 84046 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84044->84046 84047 634fb0 84045->84047 84048 63590c 84046->84048 84050 631b84 79 API calls 84047->84050 84048->83995 84051 634fd1 84050->84051 84053 631be0 76 API calls 84051->84053 84052 635020 84054 63507b _Getvals 84052->84054 84055 63502e 84052->84055 84056 634fe1 84053->84056 84061 6a8760 27 API calls 84054->84061 84057 639bb0 125 API calls 84055->84057 84058 63136c 163 API calls 84056->84058 84059 635033 84057->84059 84067 634fec 84058->84067 84060 639940 164 API calls 84059->84060 84062 635043 84060->84062 84063 6350c0 84061->84063 84064 631b84 79 API calls 84062->84064 84065 6350d6 84063->84065 84536 646bd0 29 API calls 3 library calls 84063->84536 84066 63505b 84064->84066 84318 635e16 84065->84318 84071 631be0 76 API calls 84066->84071 84499 6359c2 ReleaseMutex 84067->84499 84074 63506b 84071->84074 84072 6358ce 84072->84040 84075 6358d4 CoUninitialize 84072->84075 84073 6350e7 84076 6350f2 84073->84076 84080 635143 84073->84080 84077 63136c 163 API calls 84074->84077 84075->84040 84078 639bb0 125 API calls 84076->84078 84077->84067 84079 6350f7 84078->84079 84081 639940 164 API calls 84079->84081 84324 663670 84080->84324 84083 635107 84081->84083 84085 631b84 79 API calls 84083->84085 84088 635123 84085->84088 84086 6351f7 CommandLineToArgvW 84097 635235 84086->84097 84098 635284 _Getvals 84086->84098 84087 6351ab 84089 639bb0 125 API calls 84087->84089 84090 631be0 76 API calls 84088->84090 84091 6351b0 84089->84091 84092 635133 84090->84092 84093 639940 164 API calls 84091->84093 84094 63136c 163 API calls 84092->84094 84096 6351c0 84093->84096 84103 63513e 84094->84103 84099 631b84 79 API calls 84096->84099 84100 639bb0 125 API calls 84097->84100 84102 635296 GetModuleFileNameW 84098->84102 84101 6351dc 84099->84101 84105 63523a 84100->84105 84106 631be0 76 API calls 84101->84106 84108 6352b2 84102->84108 84109 63531d 84102->84109 84557 635946 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84103->84557 84110 639940 164 API calls 84105->84110 84107 6351ec 84106->84107 84117 63136c 163 API calls 84107->84117 84112 639bb0 125 API calls 84108->84112 84358 63d730 84109->84358 84113 63524a 84110->84113 84115 6352b7 84112->84115 84116 631b84 79 API calls 84113->84116 84114 63532c _Getvals 84120 635344 GetLongPathNameW 84114->84120 84118 639940 164 API calls 84115->84118 84119 635266 84116->84119 84117->84103 84121 6352c7 84118->84121 84122 631be0 76 API calls 84119->84122 84123 63536d 84120->84123 84162 635416 84120->84162 84124 631b84 79 API calls 84121->84124 84125 635276 GetLastError 84122->84125 84126 639bb0 125 API calls 84123->84126 84127 6352e3 84124->84127 84383 63171d 84162->84383 84247 65d6fd 84246->84247 84248 65d6df GetProcAddress 84246->84248 84247->84005 84248->84247 84249 65d6ef 84248->84249 84249->84005 84558 634c8e GetCurrentProcessId 84250->84558 84253 634d7f CreateMutexW 84254 634d92 84253->84254 84255 634df4 WaitForSingleObject 84253->84255 84257 639bb0 125 API calls 84254->84257 84256 634e06 84255->84256 84258 634df0 84255->84258 84256->84258 84259 634e0b CloseHandle 84256->84259 84260 634d97 84257->84260 84258->84011 84258->84012 84259->84258 84261 639940 164 API calls 84260->84261 84262 634da5 84261->84262 84263 631b84 79 API calls 84262->84263 84264 634dc2 84263->84264 84265 631be0 76 API calls 84264->84265 84266 634dd0 GetLastError 84265->84266 84267 636140 75 API calls 84266->84267 84268 634de7 84267->84268 84269 63136c 163 API calls 84268->84269 84269->84258 84271 635a5e __EH_prolog3_GS 84270->84271 85055 635c1e 84271->85055 84274 635a78 84275 639bb0 125 API calls 84274->84275 84277 635a7d 84275->84277 84276 635b92 _com_issue_error 84278 639940 164 API calls 84277->84278 84279 635a8d 84278->84279 84281 631b84 79 API calls 84279->84281 84280 635acc 84280->84276 84282 635af5 84280->84282 84283 635b38 84280->84283 84284 635aa9 84281->84284 84285 639bb0 125 API calls 84282->84285 84287 639bb0 125 API calls 84283->84287 84286 631be0 76 API calls 84284->84286 84288 635afa 84285->84288 84304 635ab9 84286->84304 84289 635b3d 84287->84289 84290 639940 164 API calls 84288->84290 84292 639940 164 API calls 84289->84292 84293 635b0a 84290->84293 84295 635b4d 84292->84295 84296 631b84 79 API calls 84293->84296 84294 635ac7 84299 63136c 163 API calls 84294->84299 84297 631b84 79 API calls 84295->84297 84300 635b26 84296->84300 84298 635b69 84297->84298 84301 631be0 76 API calls 84298->84301 84302 635b84 84299->84302 84303 631be0 76 API calls 84300->84303 84301->84294 85063 6a8def 5 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 84302->85063 84303->84304 85062 636300 75 API calls 84304->85062 84308 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84307->84308 84309 634f78 84308->84309 84310 635d57 84309->84310 84311 635d63 __EH_prolog3 84310->84311 84312 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84311->84312 84313 635d7c codecvt numpunct 84312->84313 84313->84033 84315 635dc2 __EH_prolog3 84314->84315 84316 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84315->84316 84317 635ddb numpunct 84316->84317 84317->84052 84319 635e22 __EH_prolog3 84318->84319 84320 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84319->84320 84321 635e3b 84320->84321 85064 635eee 84321->85064 84323 635e6c numpunct 84323->84073 84326 6636ae 84324->84326 84325 663750 84328 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84325->84328 84356 663977 84325->84356 84326->84356 85069 646d24 84326->85069 84329 66375f 84328->84329 84333 663799 84329->84333 85236 668ba0 27 API calls std::locale::_Locimp::_New_Locimp 84329->85236 84330 6639df 84334 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84330->84334 85115 669400 GetModuleHandleW 84333->85115 84336 6351a7 84334->84336 84336->84086 84336->84087 84356->84330 85243 668650 84356->85243 84359 63d796 84358->84359 84360 63d76f 84358->84360 84361 63d7ab 84359->84361 84367 63d8bc 84359->84367 84360->84114 84362 63da86 84361->84362 84366 63d80b 84361->84366 84380 63d7de codecvt 84361->84380 86308 6334d0 21 API calls collate 84362->86308 84364 63da90 86309 6334d0 21 API calls collate 84364->86309 84365 63da8b Concurrency::cancel_current_task 84365->84364 84366->84365 84369 63d872 84366->84369 84370 63d84b 84366->84370 84367->84364 84367->84365 84376 63d953 84367->84376 84377 63d97a 84367->84377 84367->84380 84375 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84369->84375 84369->84380 84370->84365 84372 63d856 84370->84372 84371 63da69 codecvt 84371->84114 84373 6ad60f 11 API calls 84378 63da9a 84373->84378 84375->84380 84376->84365 84379 63d95e 84376->84379 84377->84380 84381 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84377->84381 84382 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84379->84382 84380->84371 84380->84373 84381->84380 84382->84380 84499->84072 84501 639c45 84500->84501 84502 639bef 84500->84502 88491 6b41c9 48 API calls __FrameHandler3::FrameUnwindToState 84501->88491 84504 639c27 84502->84504 88461 639c50 84502->88461 84505 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84504->84505 84509 634e7a 84505->84509 84510 639940 84509->84510 84511 639985 84510->84511 84512 639a1c 84510->84512 84511->84512 84515 63998e _Getvals 84511->84515 88570 63b420 163 API calls 3 library calls 84512->88570 84514 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84516 634e8a 84514->84516 88567 63b420 163 API calls 3 library calls 84515->88567 84525 631b84 84516->84525 84518 6399d5 88568 639820 76 API calls 84518->88568 84520 6399e9 88569 63b690 79 API calls codecvt 84520->88569 84522 6399f8 84523 63b8a0 163 API calls 84522->84523 84524 639a00 std::ios_base::_Ios_base_dtor 84523->84524 84524->84514 84526 631bb6 84525->84526 84527 631bbf 84525->84527 88571 6380b0 84526->88571 84529 631be0 84527->84529 84530 631c27 84529->84530 84531 631c1c 84529->84531 84533 63136c 84530->84533 88614 6320a0 76 API calls 4 library calls 84531->88614 84534 63b8a0 163 API calls 84533->84534 84535 63139a std::ios_base::_Ios_base_dtor 84534->84535 84535->84006 84536->84065 84557->84067 84559 634cb0 CreateToolhelp32Snapshot 84558->84559 84560 634cc5 Process32FirstW 84559->84560 84568 634cdd 84559->84568 84560->84568 84562 634ce3 Process32NextW 84562->84568 84563 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84565 634d58 84563->84565 84564 634cf9 FindCloseChangeNotification 84564->84568 84565->84253 84565->84258 84566 6b2041 49 API calls 84566->84568 84567 633899 5 API calls 84567->84568 84568->84559 84568->84562 84568->84564 84568->84566 84568->84567 84569 634d44 84568->84569 84570 644590 84568->84570 84569->84563 84581 644760 84570->84581 84573 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84574 64468c 84573->84574 84574->84568 84575 644693 84592 6ad60f 84575->84592 84576 644650 codecvt 84576->84573 84596 644200 OpenProcess 84581->84596 84583 6447a8 84586 6447b2 84583->84586 84668 63daa0 29 API calls 3 library calls 84583->84668 84585 6447e2 codecvt 84588 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84585->84588 84586->84585 84587 644935 84586->84587 84590 6ad60f 11 API calls 84587->84590 84589 644604 84588->84589 84589->84575 84589->84576 84591 64493a 84590->84591 84593 6ad61e 84592->84593 85045 6ad62c IsProcessorFeaturePresent 84593->85045 84595 6ad62b 84597 644267 84596->84597 84604 644310 84596->84604 84598 639bb0 125 API calls 84597->84598 84599 64426c 84598->84599 84601 639940 164 API calls 84599->84601 84603 64427c 84601->84603 84602 644351 QueryFullProcessImageNameW 84602->84604 84605 644375 GetLastError 84602->84605 84607 631b84 79 API calls 84603->84607 84606 64447f 84604->84606 84669 6446c0 84604->84669 84605->84604 84608 644387 84605->84608 84609 639bb0 125 API calls 84606->84609 84610 644298 84607->84610 84611 639bb0 125 API calls 84608->84611 84613 644484 84609->84613 84701 631cc0 76 API calls 84610->84701 84612 64438c 84611->84612 84615 639940 164 API calls 84612->84615 84616 639940 164 API calls 84613->84616 84618 64439c 84615->84618 84619 644494 84616->84619 84617 6442a3 84620 636140 75 API calls 84617->84620 84622 631b84 79 API calls 84618->84622 84623 631b84 79 API calls 84619->84623 84621 6442b1 84620->84621 84624 644940 76 API calls 84621->84624 84625 6443b8 84622->84625 84626 6444b0 84623->84626 84628 6442bc GetLastError 84624->84628 84675 6449d0 84625->84675 84627 631be0 76 API calls 84626->84627 84630 6444c0 84627->84630 84631 636140 75 API calls 84628->84631 84633 636140 75 API calls 84630->84633 84634 6442d3 84631->84634 84632 6443c3 84635 636140 75 API calls 84632->84635 84636 6444ce 84633->84636 84637 63b8a0 163 API calls 84634->84637 84638 6443d1 84635->84638 84702 644a60 76 API calls 84636->84702 84646 6442de std::ios_base::_Ios_base_dtor 84637->84646 84680 644940 84638->84680 84641 6444d9 84643 634190 5 API calls 84641->84643 84642 6443dc 84644 636140 75 API calls 84642->84644 84645 6444f5 84643->84645 84647 6443ea 84644->84647 84648 63b8a0 163 API calls 84645->84648 84650 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84646->84650 84685 63b8a0 84647->84685 84653 644462 std::ios_base::_Ios_base_dtor codecvt 84648->84653 84651 64457a 84650->84651 84651->84583 84652 6443f5 std::ios_base::_Ios_base_dtor 84652->84653 84655 644581 84652->84655 84653->84646 84654 64455a CloseHandle 84653->84654 84654->84646 84656 6ad60f 11 API calls 84655->84656 84657 644586 84656->84657 84658 644760 203 API calls 84657->84658 84659 644604 84658->84659 84662 644693 84659->84662 84663 644650 codecvt 84659->84663 84660 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84661 64468c 84660->84661 84661->84583 84664 6ad60f 11 API calls 84662->84664 84663->84660 84665 644698 84664->84665 84666 6446b3 84665->84666 84667 6446ac CloseHandle 84665->84667 84666->84583 84667->84666 84668->84586 84670 6446d3 84669->84670 84671 6446e9 84669->84671 84670->84602 84673 6446fa 84671->84673 84703 638eb0 28 API calls 3 library calls 84671->84703 84673->84602 84674 64474a 84674->84602 84676 644a0c 84675->84676 84677 644a3e 84675->84677 84704 6320a0 76 API calls 4 library calls 84676->84704 84677->84632 84679 644a1e 84679->84632 84681 64497c 84680->84681 84682 6449ae 84680->84682 84705 6320a0 76 API calls 4 library calls 84681->84705 84682->84642 84684 64498e 84684->84642 84686 63b8ff 84685->84686 84694 63b96c codecvt 84685->84694 84706 639ab0 84686->84706 84689 63b910 84711 63ba20 84689->84711 84690 63b9e0 84690->84652 84692 63b927 84725 640890 84692->84725 84795 6407c0 84692->84795 84869 6420f0 84692->84869 84693 63b93c 84693->84694 84695 63ba0d 84693->84695 84873 63cd20 84694->84873 84696 6ad60f 11 API calls 84695->84696 84697 63ba12 84696->84697 84701->84617 84702->84641 84703->84674 84704->84679 84705->84684 84707 639b1a 84706->84707 84708 639aec 84706->84708 84707->84689 84876 6320a0 76 API calls 4 library calls 84708->84876 84710 639afa 84710->84689 84715 63ba83 84711->84715 84712 63baca codecvt 84712->84692 84713 63bba2 84891 6334d0 21 API calls collate 84713->84891 84715->84712 84715->84713 84716 63bb9d Concurrency::cancel_current_task 84715->84716 84718 63bb43 84715->84718 84719 63bb64 84715->84719 84716->84713 84717 6ad60f 11 API calls 84720 63bbac 84717->84720 84718->84716 84721 63bb4a 84718->84721 84719->84712 84723 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84719->84723 84877 6a8713 84721->84877 84723->84712 84724 63bb50 84724->84712 84724->84717 84892 693bab 84725->84892 84728 641045 85002 693faf 84728->85002 84729 6408e8 84730 6408f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 84729->84730 84734 640a51 _Getvals 84729->84734 84735 640911 84730->84735 84746 640fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 84730->84746 84732 64104b 84733 6ad60f 11 API calls 84732->84733 84742 640f65 84733->84742 84925 643110 84734->84925 84895 63f520 84735->84895 84736 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84739 64103f 84736->84739 84739->84693 84740 640a84 84743 640fa9 84740->84743 84749 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84740->84749 84793 640c43 codecvt 84740->84793 84741 640991 84910 63e640 84741->84910 85017 6328d1 27 API calls 3 library calls 84742->85017 85001 642b90 73 API calls codecvt 84743->85001 84746->84736 84753 640ae1 _Getvals 84749->84753 84751 6409ec codecvt 84756 640a31 84751->84756 84757 640a1d 84751->84757 84963 693367 84753->84963 84756->84734 84760 640a42 LocalFree 84756->84760 84757->84746 84759 640a25 LocalFree 84757->84759 84759->84746 84760->84734 84940 6389b0 84793->84940 84796 6407cb codecvt 84795->84796 84797 6ad60f 11 API calls 84796->84797 84798 64083b __Mtx_destroy_in_situ codecvt 84796->84798 84799 640884 84797->84799 84798->84693 84800 693bab 13 API calls 84799->84800 84801 6408dd 84800->84801 84802 641045 84801->84802 84803 6408e8 84801->84803 84805 693faf 79 API calls 84802->84805 84804 6408f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 84803->84804 84808 640a51 _Getvals 84803->84808 84809 640911 84804->84809 84820 640fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 84804->84820 84806 64104b 84805->84806 84807 6ad60f 11 API calls 84806->84807 84819 640f65 84807->84819 84811 643110 102 API calls 84808->84811 84812 63f520 28 API calls 84809->84812 84810 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84813 64103f 84810->84813 84814 640a84 84811->84814 84815 640991 84812->84815 84813->84693 84816 640fa9 84814->84816 84823 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84814->84823 84867 640c43 codecvt 84814->84867 84818 63e640 87 API calls 84815->84818 85028 642b90 73 API calls codecvt 84816->85028 84821 6409a4 84818->84821 85029 6328d1 27 API calls 3 library calls 84819->85029 84820->84810 84821->84806 84825 6409ec codecvt 84821->84825 84827 640ae1 _Getvals 84823->84827 84824 6389b0 27 API calls 84828 640d38 84824->84828 84830 640a31 84825->84830 84831 640a1d 84825->84831 84826 641087 84829 6aa332 _com_raise_error RaiseException 84826->84829 84836 693367 std::_Lockit::_Lockit 7 API calls 84827->84836 84835 632c9c 5 API calls 84828->84835 84842 640d68 84828->84842 84832 641098 84829->84832 84830->84808 84834 640a42 LocalFree 84830->84834 84831->84820 84833 640a25 LocalFree 84831->84833 84833->84820 84834->84808 84835->84842 84838 640b0d 84836->84838 84837 632c9c 5 API calls 84840 640e1f 84837->84840 85021 693184 72 API calls 2 library calls 84838->85021 84848 640e6e 84840->84848 84868 642380 70 API calls 84840->84868 84841 640b55 85022 6933f6 48 API calls 2 library calls 84841->85022 84842->84816 84842->84819 84842->84837 84844 640b61 84848->84816 84851 643030 73 API calls 84848->84851 84867->84824 84868->84848 84870 6420f9 84869->84870 84872 642123 84869->84872 84870->84872 85030 6b4ef7 84870->85030 84872->84693 85038 63cc80 84873->85038 84875 63cd2f codecvt 84875->84690 84876->84710 84879 6a8718 84877->84879 84878 6b594f _Yarn 15 API calls 84878->84879 84879->84878 84880 6a8732 84879->84880 84881 6bf60f std::locale::_Locimp::_New_Locimp EnterCriticalSection LeaveCriticalSection 84879->84881 84883 633599 std::locale::_Locimp::_New_Locimp 84879->84883 84880->84724 84881->84879 84882 6a873e 84882->84882 84883->84882 84884 6aa332 _com_raise_error RaiseException 84883->84884 84885 6335c5 84883->84885 84884->84883 84886 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84885->84886 84888 6335cb 84886->84888 84887 6335d2 84887->84724 84888->84887 84889 6ad62c __Getctype 11 API calls 84888->84889 84890 6ad62b 84889->84890 84893 69394b 13 API calls 84892->84893 84894 6408dd 84893->84894 84894->84728 84894->84729 84896 63f571 84895->84896 84897 63f541 codecvt 84895->84897 84898 63f677 84896->84898 84900 63f672 Concurrency::cancel_current_task 84896->84900 84902 63f5d3 84896->84902 84903 63f5fa 84896->84903 84897->84741 84899 6334d0 collate 21 API calls 84898->84899 84908 63f5e4 codecvt 84899->84908 84900->84898 84901 6ad60f 11 API calls 84904 63f681 84901->84904 84902->84900 84905 63f5de 84902->84905 84907 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84903->84907 84903->84908 84906 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 84905->84906 84906->84908 84907->84908 84908->84901 84909 63f658 codecvt 84908->84909 84909->84741 84911 63e680 GetFileAttributesW 84910->84911 84912 63e67e 84910->84912 84916 63e690 84911->84916 84921 63e724 codecvt 84911->84921 84912->84911 84913 63e736 CreateDirectoryW 84914 63e742 GetLastError 84913->84914 84915 63e74f 84913->84915 84914->84915 84915->84732 84915->84751 84916->84916 84917 63f520 28 API calls 84916->84917 84916->84921 84918 63e6ec 84917->84918 84919 63d6d0 83 API calls 84918->84919 84920 63e6f8 84919->84920 84920->84921 84922 63e77d 84920->84922 84921->84913 84926 63be30 78 API calls 84925->84926 84927 6431ba 84926->84927 84928 63bbb0 57 API calls 84927->84928 84929 6431e3 84928->84929 84930 6940b7 73 API calls 84929->84930 84932 643388 84929->84932 84931 643281 84930->84931 84931->84932 84933 64328f 84931->84933 84934 6328d1 27 API calls 84932->84934 84939 643333 84932->84939 84936 643400 std::locale::_Locimp::_Makeushloc 75 API calls 84933->84936 84935 6433e3 84934->84935 84937 6aa332 _com_raise_error RaiseException 84935->84937 84936->84939 84938 6433f1 84937->84938 84939->84740 84941 6389ff 84940->84941 84942 632c9c IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84941->84942 84964 69337d 84963->84964 84965 693376 84963->84965 85001->84746 85003 693fba 85002->85003 85004 6b41c9 85003->85004 85005 693fcd 85003->85005 85006 6c4be4 __FrameHandler3::FrameUnwindToState EnterCriticalSection LeaveCriticalSection 85004->85006 85007 693fdc 78 API calls 85005->85007 85008 6b41ce 85006->85008 85007->85005 85009 6c4c32 __FrameHandler3::FrameUnwindToState 48 API calls 85008->85009 85012 6b41d9 85008->85012 85009->85012 85010 6b41e3 IsProcessorFeaturePresent 85013 6b41ef 85010->85013 85011 6b4202 85014 6be9c0 __FrameHandler3::FrameUnwindToState 23 API calls 85011->85014 85012->85010 85012->85011 85015 6ad453 __FrameHandler3::FrameUnwindToState 8 API calls 85013->85015 85016 6b420c 85014->85016 85015->85011 85021->84841 85022->84844 85028->84820 85029->84826 85031 6b4f09 85030->85031 85035 6b4f12 ___scrt_uninitialize_crt 85030->85035 85032 6b4d9c ___scrt_uninitialize_crt 72 API calls 85031->85032 85033 6b4f0f 85032->85033 85033->84872 85034 6b4f23 85034->84872 85035->85034 85036 6b4d3c 72 API calls 85035->85036 85037 6b4f4a 85036->85037 85037->84872 85039 63cc89 85038->85039 85040 63cccb codecvt 85038->85040 85039->85040 85041 6ad60f 11 API calls 85039->85041 85040->84875 85042 63cd1f 85041->85042 85043 63cc80 11 API calls 85042->85043 85044 63cd2f codecvt 85043->85044 85044->84875 85046 6ad638 85045->85046 85049 6ad453 85046->85049 85050 6ad46f __FrameHandler3::FrameUnwindToState _Getvals 85049->85050 85051 6ad49b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 85050->85051 85052 6ad56c __FrameHandler3::FrameUnwindToState 85051->85052 85053 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85052->85053 85054 6ad58a GetCurrentProcess TerminateProcess 85053->85054 85054->84595 85056 635c64 CoCreateInstance 85055->85056 85057 635c54 85055->85057 85058 635c86 OleRun 85056->85058 85061 635c95 85056->85061 85057->85056 85058->85061 85059 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85060 635a71 85059->85060 85060->84274 85060->84280 85061->85059 85062->84294 85065 635ef5 85064->85065 85067 635efc codecvt 85064->85067 85068 635f8a 5 API calls 2 library calls 85065->85068 85067->84323 85070 646d30 85069->85070 85077 646ec8 std::ios_base::_Ios_base_dtor __Mtx_unlock 85069->85077 85071 646d3e 85070->85071 85072 646dff 85070->85072 85074 6a8760 27 API calls 85071->85074 85073 6a8760 27 API calls 85072->85073 85075 646e09 85073->85075 85076 646d48 85074->85076 85081 646db6 85075->85081 85276 64ce00 85075->85276 85079 64ce00 210 API calls 85076->85079 85076->85081 85077->84325 85080 646d63 85079->85080 85404 693b8a 85080->85404 85083 646ed1 85081->85083 85084 646e52 85081->85084 85347 64e380 85083->85347 85086 639bb0 125 API calls 85084->85086 85087 646e57 85086->85087 85089 639940 164 API calls 85087->85089 85088 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 85088->85081 85091 646e67 85089->85091 85092 631b84 79 API calls 85091->85092 85094 646e83 85092->85094 85407 648e90 76 API calls 85094->85407 85116 669485 GetProcAddress 85115->85116 85119 6694c2 85115->85119 85117 669497 GetCurrentProcess 85116->85117 85116->85119 85118 6694b1 85117->85118 85118->85119 86178 63347e 85119->86178 85121 6694fc 85122 63347e 28 API calls 85121->85122 85123 66954c 85122->85123 86182 668c60 85123->86182 85236->84333 85244 668b75 85243->85244 85250 6686ab swprintf 85243->85250 86307 668400 91 API calls 3 library calls 85244->86307 85246 668b89 85263 6688f1 codecvt 85246->85263 85248 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85249 668b71 85248->85249 85249->84330 85251 6b1faa swprintf 54 API calls 85250->85251 85252 66870d _Getvals 85250->85252 85257 668895 85250->85257 86300 639050 28 API calls 85250->86300 85251->85250 86301 651820 85252->86301 85255 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 85256 668815 85255->85256 85258 668834 85256->85258 85259 693084 std::locale::_Init 57 API calls 85256->85259 86287 634880 85257->86287 85261 634300 5 API calls 85258->85261 85259->85258 85262 6689da 85261->85262 86305 636500 75 API calls 3 library calls 85262->86305 85263->85248 85277 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 85276->85277 85278 64ce81 85277->85278 85279 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 85278->85279 85280 64cf42 85279->85280 85281 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 85280->85281 85282 64cfa0 85281->85282 85283 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 85282->85283 85284 64d013 85283->85284 85348 693bab 13 API calls 85347->85348 85349 64e3b7 85348->85349 85350 64e3be 85349->85350 85351 64e3fa 85349->85351 85527 64de80 85350->85527 85352 693faf 79 API calls 85351->85352 85354 64e400 85352->85354 85356 64e446 85354->85356 85357 64e4bf 85354->85357 86171 6938db 85404->86171 85406 646d80 85406->85088 85528 64df26 85527->85528 85529 64deb1 85527->85529 85531 64e047 85528->85531 85547 64df4e 85528->85547 85530 639bb0 125 API calls 85529->85530 86172 6938e8 86171->86172 86173 6938a6 InitializeCriticalSectionEx 86172->86173 86174 6938c4 InitializeSRWLock 86172->86174 86173->85406 86174->85406 86179 6334b8 86178->86179 86181 63348d codecvt 86178->86181 86179->86181 86279 6333ed 28 API calls 2 library calls 86179->86279 86181->85121 86279->86181 86288 639bb0 125 API calls 86287->86288 86289 6348ad 86288->86289 86290 639940 164 API calls 86289->86290 86291 6348ba 86290->86291 86292 631b84 79 API calls 86291->86292 86293 6348d5 86292->86293 86294 634190 5 API calls 86293->86294 86295 6348e3 86294->86295 86296 63136c 163 API calls 86295->86296 86300->85250 86302 651858 86301->86302 86303 63be30 78 API calls 86302->86303 86304 6518c7 86303->86304 86304->85255 86307->85246 88492 63e310 ConvertStringSecurityDescriptorToSecurityDescriptorW 88461->88492 88464 6a8760 27 API calls 88467 639cc1 88464->88467 88465 63a048 codecvt 88466 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88465->88466 88468 639c11 InitOnceComplete 88466->88468 88470 65d900 27 API calls 88467->88470 88490 639e24 codecvt 88467->88490 88468->84501 88468->84504 88469 63a072 88471 6ad60f 11 API calls 88469->88471 88476 639cec 88470->88476 88472 63a077 88471->88472 88473 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88475 639eec codecvt 88473->88475 88474 65d900 27 API calls 88478 639f7e 88474->88478 88475->88469 88475->88474 88477 65d900 27 API calls 88476->88477 88479 639d4c 88477->88479 88478->88465 88478->88469 88480 693b8a __Mtx_init_in_situ 2 API calls 88479->88480 88481 639dd9 88480->88481 88513 641130 88481->88513 88483 639def 88484 63a06d Concurrency::cancel_current_task 88483->88484 88485 639e74 88483->88485 88486 639e9b 88483->88486 88483->88490 88484->88469 88485->88484 88487 639e7f 88485->88487 88488 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88486->88488 88486->88490 88489 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88487->88489 88488->88490 88489->88490 88490->88469 88490->88473 88493 63e37d 88492->88493 88500 63e376 codecvt 88492->88500 88494 63deb0 96 API calls 88493->88494 88495 63e3d9 88494->88495 88497 63e3e8 _Getvals 88495->88497 88501 63e3dd 88495->88501 88496 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88498 639ca2 88496->88498 88499 63e425 GetModuleFileNameW 88497->88499 88498->88464 88498->88478 88502 63e443 88499->88502 88510 63e54f codecvt 88499->88510 88500->88496 88501->88500 88503 63e62e 88501->88503 88534 63daa0 29 API calls 3 library calls 88502->88534 88505 6ad60f 11 API calls 88503->88505 88507 63e633 88505->88507 88506 63e454 88508 63dc20 96 API calls 88506->88508 88506->88510 88509 63e49d codecvt 88508->88509 88509->88510 88511 63e629 88509->88511 88510->88501 88510->88503 88512 6ad60f 11 API calls 88511->88512 88512->88503 88535 643d80 88513->88535 88517 641183 88518 64119d 88517->88518 88519 6413d8 88517->88519 88521 6340e8 28 API calls 88518->88521 88563 6334d0 21 API calls collate 88519->88563 88522 6411bc 88521->88522 88559 643640 28 API calls codecvt 88522->88559 88523 6ad60f 11 API calls 88525 6413e2 88523->88525 88526 6411cc 88560 643590 28 API calls codecvt 88526->88560 88528 6411df 88561 63f310 28 API calls 3 library calls 88528->88561 88530 6411f5 88562 643590 28 API calls codecvt 88530->88562 88532 641208 codecvt 88532->88523 88533 6413b9 codecvt 88532->88533 88533->88483 88534->88506 88564 6aa3a0 88535->88564 88537 643de7 WTSGetActiveConsoleSessionId 88538 643e15 88537->88538 88539 643e0b OutputDebugStringW 88537->88539 88538->88539 88543 643e3e 88538->88543 88557 643e57 codecvt 88539->88557 88541 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88542 641172 88541->88542 88558 643fd0 70 API calls 2 library calls 88542->88558 88544 643f81 OutputDebugStringW 88543->88544 88545 643e4a 88543->88545 88544->88557 88546 643fc0 88545->88546 88549 643e90 88545->88549 88545->88557 88566 6334d0 21 API calls collate 88546->88566 88548 643fc5 88551 6ad60f 11 API calls 88548->88551 88550 643fca Concurrency::cancel_current_task 88549->88550 88552 643ee7 88549->88552 88553 643f0e 88549->88553 88551->88550 88552->88550 88554 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88552->88554 88555 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88553->88555 88556 643ef8 codecvt 88553->88556 88554->88556 88555->88556 88556->88548 88556->88557 88557->88541 88558->88517 88559->88526 88560->88528 88561->88530 88562->88532 88565 6aa3b8 88564->88565 88565->88537 88565->88565 88567->84518 88568->84520 88569->84522 88570->84524 88572 6380f9 88571->88572 88586 638185 codecvt 88571->88586 88590 637f60 88572->88590 88575 634300 5 API calls 88576 638109 88575->88576 88602 6381d0 28 API calls 4 library calls 88576->88602 88578 638119 88579 6389b0 27 API calls 88578->88579 88580 638130 88579->88580 88581 634300 5 API calls 88580->88581 88582 63813e 88581->88582 88603 638730 75 API calls 2 library calls 88582->88603 88584 63814b 88585 634300 5 API calls 88584->88585 88587 638156 88585->88587 88586->84527 88587->88586 88588 6ad60f 11 API calls 88587->88588 88589 6381c5 88588->88589 88591 637faa 88590->88591 88601 638076 88590->88601 88604 693cd6 88591->88604 88593 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88594 63809e 88593->88594 88594->88575 88595 637faf std::_Stodx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 88595->88595 88607 639620 76 API calls 2 library calls 88595->88607 88597 638036 88608 638530 75 API calls 2 library calls 88597->88608 88599 63806b 88600 634300 5 API calls 88599->88600 88600->88601 88601->88593 88602->88578 88603->88584 88609 696d6a 88604->88609 88607->88597 88608->88599 88610 696d7b GetSystemTimePreciseAsFileTime 88609->88610 88611 696d87 GetSystemTimeAsFileTime 88609->88611 88612 693ce4 88610->88612 88611->88612 88612->88595 88614->84530 88618 6be8ba 88617->88618 88619 6be8a8 88617->88619 88629 6be741 88618->88629 88645 6a9543 GetModuleHandleW 88619->88645 88622 6be8ad 88622->88618 88646 6be940 GetModuleHandleExW 88622->88646 88624 6a8c15 88624->83999 88630 6be74d __FrameHandler3::FrameUnwindToState 88629->88630 88652 6bcd41 EnterCriticalSection 88630->88652 88632 6be757 88653 6be7ad 88632->88653 88634 6be764 88657 6be782 88634->88657 88637 6be8fe 88662 6c7cf2 GetPEB 88637->88662 88640 6be92d 88643 6be940 __FrameHandler3::FrameUnwindToState 3 API calls 88640->88643 88641 6be90d GetPEB 88641->88640 88642 6be91d GetCurrentProcess TerminateProcess 88641->88642 88642->88640 88644 6be935 ExitProcess 88643->88644 88645->88622 88647 6be95f GetProcAddress 88646->88647 88648 6be982 88646->88648 88649 6be974 88647->88649 88650 6be988 FreeLibrary 88648->88650 88651 6be8b9 88648->88651 88649->88648 88650->88651 88651->88618 88652->88632 88654 6be7b9 __FrameHandler3::FrameUnwindToState 88653->88654 88655 6be81a __FrameHandler3::FrameUnwindToState 88654->88655 88660 6bf40b 14 API calls __FrameHandler3::FrameUnwindToState 88654->88660 88655->88634 88661 6bcd91 LeaveCriticalSection 88657->88661 88659 6be770 88659->88624 88659->88637 88660->88655 88661->88659 88663 6c7d0c 88662->88663 88665 6be908 88662->88665 88666 6c42b4 5 API calls _unexpected 88663->88666 88665->88640 88665->88641 88666->88665 88667 64928d 88706 648fb0 CoCreateGuid 88667->88706 88669 649293 88670 649297 88669->88670 88673 6492e9 88669->88673 88671 639bb0 125 API calls 88670->88671 88672 64929c 88671->88672 88674 639940 164 API calls 88672->88674 88675 649307 88673->88675 88681 649366 88673->88681 88676 6492ac 88674->88676 88677 639bb0 125 API calls 88675->88677 88678 631b84 79 API calls 88676->88678 88679 64930c 88677->88679 88680 6492c8 88678->88680 88682 639940 164 API calls 88679->88682 88683 631be0 76 API calls 88680->88683 88684 639bb0 125 API calls 88681->88684 88692 6492e0 std::ios_base::_Ios_base_dtor codecvt 88681->88692 88685 64931c 88682->88685 88686 6492d8 88683->88686 88687 64937e 88684->88687 88688 631b84 79 API calls 88685->88688 88689 63b8a0 163 API calls 88686->88689 88690 639940 164 API calls 88687->88690 88691 649338 88688->88691 88689->88692 88693 64938e 88690->88693 88694 631be0 76 API calls 88691->88694 88695 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88692->88695 88696 631b84 79 API calls 88693->88696 88697 649348 88694->88697 88698 64944c 88695->88698 88699 6493aa 88696->88699 88700 634190 5 API calls 88697->88700 88701 639ab0 76 API calls 88699->88701 88702 649358 88700->88702 88703 6493ba 88701->88703 88704 63b8a0 163 API calls 88702->88704 88705 63b8a0 163 API calls 88703->88705 88704->88692 88705->88692 88707 649155 88706->88707 88708 648fd6 StringFromCLSID 88706->88708 88709 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88707->88709 88708->88707 88710 648fee 88708->88710 88711 649163 88709->88711 88710->88707 88712 648ffe 88710->88712 88711->88669 88713 649169 88712->88713 88719 649050 88712->88719 88729 649020 codecvt 88712->88729 88745 6334d0 21 API calls collate 88713->88745 88715 64916e 88717 6ad60f 11 API calls 88715->88717 88716 649134 CoTaskMemFree 88720 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88716->88720 88718 649173 Concurrency::cancel_current_task 88717->88718 88721 649180 88718->88721 88719->88718 88722 6490a6 88719->88722 88723 6490cd 88719->88723 88724 64914f 88720->88724 88726 65d900 27 API calls 88721->88726 88722->88718 88728 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88722->88728 88725 6490b7 codecvt 88723->88725 88727 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88723->88727 88724->88669 88725->88715 88725->88729 88730 6491cd _Getvals 88726->88730 88727->88725 88728->88725 88729->88716 88731 639bb0 125 API calls 88730->88731 88732 649213 88731->88732 88733 639940 164 API calls 88732->88733 88734 649223 88733->88734 88735 631b84 79 API calls 88734->88735 88736 64923f 88735->88736 88737 639ab0 76 API calls 88736->88737 88738 64924f 88737->88738 88739 634190 5 API calls 88738->88739 88740 64925f 88739->88740 88741 63b8a0 163 API calls 88740->88741 88742 649267 std::ios_base::_Ios_base_dtor 88741->88742 88743 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88742->88743 88744 64944c 88743->88744 88744->88669 88746 6914c6 88747 6914d0 88746->88747 88748 69293c ___delayLoadHelper2@8 16 API calls 88747->88748 88749 6914dd 88748->88749 88753 684cfa 88754 684c79 88753->88754 88754->88753 88755 69293c ___delayLoadHelper2@8 16 API calls 88754->88755 88755->88754 88756 647156 88757 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88756->88757 88758 64715c codecvt 88757->88758 88759 6471bf 88758->88759 88767 64722a 88758->88767 88760 639bb0 125 API calls 88759->88760 88761 6471c4 88760->88761 88762 639940 164 API calls 88761->88762 88763 6471d4 88762->88763 88766 631b84 79 API calls 88763->88766 88764 647df1 89008 6334d0 21 API calls collate 88764->89008 88769 6471f0 88766->88769 88767->88764 88770 6472b4 88767->88770 88771 6472db 88767->88771 88783 64725f codecvt 88767->88783 88773 639ab0 76 API calls 88769->88773 88774 647dfc Concurrency::cancel_current_task 88770->88774 88778 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88770->88778 88779 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88771->88779 88771->88783 88775 647200 88773->88775 88780 647e01 88774->88780 88776 631c50 76 API calls 88775->88776 88781 64720e 88776->88781 88777 647348 88782 639bb0 125 API calls 88777->88782 88778->88783 88779->88783 88784 6ad60f 11 API calls 88780->88784 89000 648f20 76 API calls 88781->89000 88786 64734d 88782->88786 88783->88777 88783->88780 88797 6473b3 88783->88797 88787 647e06 88784->88787 88789 639940 164 API calls 88786->88789 88792 639bb0 125 API calls 88787->88792 88788 647219 88790 63b8a0 163 API calls 88788->88790 88791 64735d 88789->88791 88815 647221 std::ios_base::_Ios_base_dtor __Mtx_unlock codecvt 88790->88815 88794 631b84 79 API calls 88791->88794 88793 647e5c 88792->88793 88795 639940 164 API calls 88793->88795 88796 647379 88794->88796 88798 647e6c 88795->88798 88799 631be0 76 API calls 88796->88799 88797->88764 88800 647443 88797->88800 88801 64746a 88797->88801 88814 6473ee codecvt 88797->88814 88802 631b84 79 API calls 88798->88802 88803 647389 88799->88803 88800->88774 88809 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88800->88809 88804 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88801->88804 88801->88814 88805 647e88 88802->88805 88806 631c50 76 API calls 88803->88806 88804->88814 88810 631be0 76 API calls 88805->88810 88811 647397 88806->88811 88807 6474d7 88813 639bb0 125 API calls 88807->88813 88808 647542 88808->88764 88812 6476d8 88808->88812 88834 6475d6 88808->88834 88835 6475ff 88808->88835 88854 64757f codecvt 88808->88854 88809->88814 88816 647e98 88810->88816 89001 648f20 76 API calls 88811->89001 88812->88764 88837 64786e 88812->88837 88840 647795 88812->88840 88841 64776c 88812->88841 88865 647715 codecvt 88812->88865 88818 6474dc 88813->88818 88814->88780 88814->88807 88814->88808 88819 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88815->88819 88820 63b8a0 163 API calls 88816->88820 88822 639940 164 API calls 88818->88822 88823 647dea 88819->88823 88828 647ea3 std::ios_base::_Ios_base_dtor 88820->88828 88821 6473a2 88824 63b8a0 163 API calls 88821->88824 88825 6474ec 88822->88825 88824->88815 88826 631b84 79 API calls 88825->88826 88829 647508 88826->88829 88827 647d49 88943 654b40 88827->88943 88838 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88828->88838 88831 631be0 76 API calls 88829->88831 88836 647518 88831->88836 88832 647d63 88942 64e380 224 API calls 88832->88942 88833 647b9d 88833->88764 88833->88827 88839 647c00 88833->88839 88889 647bde codecvt 88833->88889 88834->88774 88845 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88834->88845 88846 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88835->88846 88835->88854 88842 631c50 76 API calls 88836->88842 88837->88764 88844 647a07 88837->88844 88849 647905 88837->88849 88850 64792e 88837->88850 88877 6478ae codecvt 88837->88877 88843 6485c6 88838->88843 88863 647c35 88839->88863 88864 647c5c 88839->88864 88858 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88840->88858 88840->88865 88841->88774 88855 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88841->88855 88847 647526 88842->88847 88844->88764 88844->88833 88852 647ac2 88844->88852 88853 647a9b 88844->88853 88880 647a44 codecvt 88844->88880 88845->88854 88846->88854 89002 648f20 76 API calls 88847->89002 88848 64766d 88857 639bb0 125 API calls 88848->88857 88849->88774 88868 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88849->88868 88861 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88850->88861 88850->88877 88851 647803 88860 639bb0 125 API calls 88851->88860 88872 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88852->88872 88852->88880 88853->88774 88870 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88853->88870 88854->88780 88854->88812 88854->88848 88855->88865 88867 647672 88857->88867 88858->88865 88859 647d74 88859->88780 88859->88815 88869 647808 88860->88869 88861->88877 88862 64799c 88871 639bb0 125 API calls 88862->88871 88863->88774 88873 647c40 88863->88873 88884 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88864->88884 88864->88889 88865->88780 88865->88837 88865->88851 88866 647531 88875 63b8a0 163 API calls 88866->88875 88876 639940 164 API calls 88867->88876 88868->88877 88879 639940 164 API calls 88869->88879 88870->88880 88881 6479a1 88871->88881 88872->88880 88882 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88873->88882 88874 647b32 88883 639bb0 125 API calls 88874->88883 88875->88815 88885 647682 88876->88885 88877->88780 88877->88844 88877->88862 88878 647ccc 88886 639bb0 125 API calls 88878->88886 88887 647818 88879->88887 88880->88780 88880->88833 88880->88874 88888 639940 164 API calls 88881->88888 88882->88889 88890 647b37 88883->88890 88884->88889 88891 631b84 79 API calls 88885->88891 88892 647cd1 88886->88892 88893 631b84 79 API calls 88887->88893 88894 6479b1 88888->88894 88889->88780 88889->88827 88889->88878 88895 639940 164 API calls 88890->88895 88896 64769e 88891->88896 88897 639940 164 API calls 88892->88897 88898 647834 88893->88898 88899 631b84 79 API calls 88894->88899 88900 647b47 88895->88900 88901 631be0 76 API calls 88896->88901 88902 647ce1 88897->88902 88903 631be0 76 API calls 88898->88903 88904 6479cd 88899->88904 88905 631b84 79 API calls 88900->88905 88906 6476ae 88901->88906 88907 631b84 79 API calls 88902->88907 88908 647844 88903->88908 88909 631be0 76 API calls 88904->88909 88910 647b63 88905->88910 88911 631c50 76 API calls 88906->88911 88913 647cfd 88907->88913 88914 631c50 76 API calls 88908->88914 88915 6479dd 88909->88915 88916 631be0 76 API calls 88910->88916 88912 6476bc 88911->88912 89003 648f20 76 API calls 88912->89003 88918 631be0 76 API calls 88913->88918 88919 647852 88914->88919 88920 631c50 76 API calls 88915->88920 88921 647b73 88916->88921 88924 647d0d 88918->88924 89004 648f20 76 API calls 88919->89004 88926 6479eb 88920->88926 88922 631c50 76 API calls 88921->88922 88927 647b81 88922->88927 88923 6476c7 88928 63b8a0 163 API calls 88923->88928 88929 631c50 76 API calls 88924->88929 89005 648f20 76 API calls 88926->89005 89006 648f20 76 API calls 88927->89006 88928->88815 88933 647d1b 88929->88933 88930 64785d 88934 63b8a0 163 API calls 88930->88934 89007 648f20 76 API calls 88933->89007 88934->88815 88935 6479f6 88938 63b8a0 163 API calls 88935->88938 88936 647b8c 88939 63b8a0 163 API calls 88936->88939 88938->88815 88939->88815 88940 647d26 88941 63b8a0 163 API calls 88940->88941 88941->88815 88942->88859 89009 6552d0 88943->89009 88945 654b83 88946 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88945->88946 88947 654c08 88946->88947 89085 656340 88947->89085 88949 654eba 88950 651b40 29 API calls 88949->88950 88961 654ec9 codecvt 88950->88961 88952 656360 27 API calls 88965 654d1a 88952->88965 88953 654f98 88957 654fc2 88953->88957 89091 652f20 29 API calls 3 library calls 88953->89091 88956 654c8a 88956->88965 89088 656c80 29 API calls std::locale::_Locimp::_New_Locimp 88956->89088 88959 65517d 88957->88959 88960 65502e 88957->88960 88973 65500e codecvt 88957->88973 88958 655187 88963 6ad60f 11 API calls 88958->88963 89092 6334d0 21 API calls collate 88959->89092 88968 655062 88960->88968 88969 65508b 88960->88969 88961->88953 88961->88958 89090 6377a9 5 API calls collate 88961->89090 88967 65518c 88963->88967 88965->88949 88965->88952 88970 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88965->88970 88974 6b594f _Yarn 15 API calls 88965->88974 89089 656640 27 API calls 3 library calls 88965->89089 88966 655182 Concurrency::cancel_current_task 88966->88958 88975 639bb0 125 API calls 88967->88975 88968->88966 88972 65506d 88968->88972 88969->88973 88977 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88969->88977 88970->88965 88971 6ae960 _Yarn 14 API calls 88985 6550d8 codecvt 88971->88985 88976 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 88972->88976 88973->88971 88974->88965 88978 6551cb 88975->88978 88979 655073 88976->88979 88977->88973 88980 639940 164 API calls 88978->88980 88979->88958 88979->88973 88981 6551db 88980->88981 88983 631b84 79 API calls 88981->88983 88982 6ae960 _Yarn 14 API calls 88984 65513b codecvt 88982->88984 88986 6551f7 88983->88986 88991 6ae960 _Yarn 14 API calls 88984->88991 88987 6ae960 _Yarn 14 API calls 88985->88987 88989 65510c codecvt 88985->88989 88988 631be0 76 API calls 88986->88988 88987->88985 88990 655207 88988->88990 88989->88982 88992 63b8a0 163 API calls 88990->88992 88993 65514d codecvt 88991->88993 88997 65520f std::ios_base::_Ios_base_dtor codecvt 88992->88997 88994 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88993->88994 88995 655177 88994->88995 88995->88832 88996 6552a8 codecvt 88996->88832 88997->88996 88998 6ad60f 11 API calls 88997->88998 88999 6552cb 88998->88999 89000->88788 89001->88821 89002->88866 89003->88923 89004->88930 89005->88935 89006->88936 89007->88940 89010 65571d 89009->89010 89093 656440 89010->89093 89012 65575a GetModuleHandleW 89014 655816 89012->89014 89015 656440 27 API calls 89014->89015 89016 655885 89015->89016 89103 6565c0 89016->89103 89018 65588c 89019 656440 27 API calls 89018->89019 89020 65595c 89019->89020 89021 656440 27 API calls 89020->89021 89022 655ae8 89021->89022 89043 655b83 std::ios_base::_Ios_base_dtor codecvt 89022->89043 89108 6311f3 29 API calls 2 library calls 89022->89108 89024 655bdb 89026 655be6 89024->89026 89031 655cfc codecvt 89024->89031 89025 656440 27 API calls 89030 655cc5 89025->89030 89027 639bb0 125 API calls 89026->89027 89029 655beb 89027->89029 89028 656440 27 API calls 89032 655d62 89028->89032 89033 639940 164 API calls 89029->89033 89035 655de7 89030->89035 89036 655e30 89030->89036 89048 655cd3 codecvt 89030->89048 89031->89028 89032->89043 89109 64aad0 28 API calls 3 library calls 89032->89109 89034 655bfb 89033->89034 89038 631b84 79 API calls 89034->89038 89039 656085 Concurrency::cancel_current_task 89035->89039 89040 655df2 89035->89040 89041 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89036->89041 89036->89048 89042 655c17 89038->89042 89044 65608a 89039->89044 89045 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89040->89045 89041->89048 89046 631be0 76 API calls 89042->89046 89043->89025 89047 6ad60f 11 API calls 89044->89047 89045->89048 89049 655c27 89046->89049 89050 65608f 89047->89050 89048->89044 89053 655ebc codecvt 89048->89053 89051 63b8a0 163 API calls 89049->89051 89052 6ad60f 11 API calls 89050->89052 89051->89043 89063 656094 codecvt 89052->89063 89055 656440 27 API calls 89053->89055 89066 655f73 codecvt 89053->89066 89054 655f82 GetModuleHandleW 89056 655f95 GetProcAddress 89054->89056 89057 655fc1 89054->89057 89058 655f2f 89055->89058 89056->89057 89061 655fa7 GetCurrentProcess 89056->89061 89064 656440 27 API calls 89057->89064 89059 655f45 89058->89059 89110 64aad0 28 API calls 3 library calls 89058->89110 89059->89050 89059->89054 89059->89066 89061->89057 89077 656166 codecvt 89063->89077 89115 6567b0 12 API calls codecvt 89063->89115 89067 656022 89064->89067 89065 6560f4 89072 65610e SysFreeString 89065->89072 89076 65611b codecvt 89065->89076 89066->89054 89111 6336db 27 API calls collate 89067->89111 89068 6ad60f 11 API calls 89070 6561d9 89068->89070 89071 65602a 89112 63372a 5 API calls collate 89071->89112 89072->89076 89073 6561b4 codecvt 89073->88945 89074 656159 SysFreeString 89074->89077 89076->89074 89076->89077 89077->89068 89077->89073 89078 656032 89113 63372a 5 API calls collate 89078->89113 89080 65603a 89114 63372a 5 API calls collate 89080->89114 89082 656042 89083 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 89082->89083 89084 656059 89083->89084 89084->88945 89086 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 89085->89086 89087 656355 89086->89087 89087->88956 89088->88956 89089->88965 89090->88961 89091->88957 89094 656496 89093->89094 89095 6564fd 89094->89095 89096 6565af 89094->89096 89102 6564e8 89094->89102 89097 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89095->89097 89117 639b40 27 API calls 2 library calls 89096->89117 89099 656515 89097->89099 89116 656bb0 11 API calls codecvt 89099->89116 89100 6565b4 89102->89012 89104 6565cc 89103->89104 89105 6565ef codecvt 89103->89105 89104->89105 89106 6ad60f 11 API calls 89104->89106 89105->89018 89107 656639 89106->89107 89108->89024 89109->89043 89110->89059 89111->89071 89112->89078 89113->89080 89114->89082 89115->89065 89116->89102 89117->89100 89118 6b22d9 89119 6b22e9 89118->89119 89120 6b22fc 89118->89120 89121 6ad73d __Wcrtomb 14 API calls 89119->89121 89122 6b230e 89120->89122 89128 6b2321 89120->89128 89144 6b22ee __cftoe __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 89121->89144 89123 6ad73d __Wcrtomb 14 API calls 89122->89123 89123->89144 89124 6b2341 89126 6ad73d __Wcrtomb 14 API calls 89124->89126 89125 6b2352 89145 6c3ead 89125->89145 89126->89144 89128->89124 89128->89125 89131 6b2369 89132 6b255d 89131->89132 89152 6c349f 14 API calls 2 library calls 89131->89152 89133 6ad62c __Getctype 11 API calls 89132->89133 89135 6b2567 89133->89135 89136 6b237b 89136->89132 89153 6c34cb 89136->89153 89138 6b238d 89138->89132 89139 6b2396 89138->89139 89140 6b241b 89139->89140 89141 6b23b7 89139->89141 89140->89144 89159 6c3f0a 25 API calls 2 library calls 89140->89159 89141->89144 89158 6c3f0a 25 API calls 2 library calls 89141->89158 89147 6c3eb9 __FrameHandler3::FrameUnwindToState 89145->89147 89146 6b2357 89151 6c3473 14 API calls 2 library calls 89146->89151 89147->89146 89160 6bcd41 EnterCriticalSection 89147->89160 89149 6c3eca 89161 6c3f01 LeaveCriticalSection std::_Lockit::~_Lockit 89149->89161 89151->89131 89152->89136 89154 6c34ec 89153->89154 89155 6c34d7 89153->89155 89154->89138 89156 6ad73d __Wcrtomb 14 API calls 89155->89156 89157 6c34dc __cftoe 89156->89157 89157->89138 89158->89144 89159->89144 89160->89149 89161->89146 89168 65ecd0 89169 65ece7 lstrlenW 89168->89169 89170 65ecde 89168->89170 89173 65ed10 89169->89173 89171 65ed07 89174 65ed39 89173->89174 89175 65ed1a 89173->89175 89174->89171 89175->89174 89176 65ed22 RegSetValueExW 89175->89176 89176->89171 89177 65e590 89178 65e5a5 89177->89178 89179 65e59a 89177->89179 89182 65e8c0 RegQueryValueExW 89178->89182 89180 65e5bf 89182->89180 89183 65ea50 89185 65ed10 RegSetValueExW 89183->89185 89184 65ea63 89185->89184 89186 65df10 RegCreateKeyExW 89187 65df52 89186->89187 89188 6c61fa 89189 6c6206 __FrameHandler3::FrameUnwindToState 89188->89189 89190 6c620c 89189->89190 89191 6c6223 89189->89191 89192 6ad73d __Wcrtomb 14 API calls 89190->89192 89199 6b582c EnterCriticalSection 89191->89199 89198 6c6211 __cftoe 89192->89198 89194 6c6233 89200 6c627a 89194->89200 89196 6c623f 89219 6c6270 LeaveCriticalSection ___scrt_uninitialize_crt 89196->89219 89199->89194 89201 6c629f 89200->89201 89202 6c6288 89200->89202 89204 6c2e1c __FrameHandler3::FrameUnwindToState 14 API calls 89201->89204 89203 6ad73d __Wcrtomb 14 API calls 89202->89203 89206 6c628d __cftoe 89203->89206 89205 6c62a9 89204->89205 89220 6c6972 89205->89220 89206->89196 89209 6c638c 89211 6c639a 89209->89211 89214 6c6365 89209->89214 89210 6c6337 89212 6c6351 89210->89212 89210->89214 89213 6ad73d __Wcrtomb 14 API calls 89211->89213 89223 6c65bd 24 API calls 4 library calls 89212->89223 89218 6c62ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 89213->89218 89214->89218 89224 6c63fe 18 API calls 2 library calls 89214->89224 89216 6c635d 89216->89218 89218->89196 89219->89198 89225 6c67ea 89220->89225 89222 6c62c4 89222->89209 89222->89210 89222->89218 89223->89216 89224->89218 89226 6c67f6 __FrameHandler3::FrameUnwindToState 89225->89226 89227 6c67fe 89226->89227 89228 6c6816 89226->89228 89249 6ad72a 14 API calls __dosmaperr 89227->89249 89230 6c68c7 89228->89230 89234 6c684b 89228->89234 89252 6ad72a 14 API calls __dosmaperr 89230->89252 89231 6c6803 89233 6ad73d __Wcrtomb 14 API calls 89231->89233 89239 6c680b __cftoe 89233->89239 89248 6cace1 EnterCriticalSection 89234->89248 89235 6c68cc 89237 6ad73d __Wcrtomb 14 API calls 89235->89237 89237->89239 89238 6c6851 89240 6c688a 89238->89240 89241 6c6875 89238->89241 89239->89222 89243 6c68f6 __wsopen_s 16 API calls 89240->89243 89242 6ad73d __Wcrtomb 14 API calls 89241->89242 89244 6c687a 89242->89244 89246 6c6885 89243->89246 89250 6ad72a 14 API calls __dosmaperr 89244->89250 89251 6c68bf LeaveCriticalSection __wsopen_s 89246->89251 89248->89238 89249->89231 89250->89246 89251->89239 89252->89235 89253 684d93 89254 684d14 89253->89254 89255 69293c ___delayLoadHelper2@8 16 API calls 89254->89255 89255->89254 89256 655318 89257 6a88fa 6 API calls 89256->89257 89258 655322 89257->89258 89259 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89258->89259 89356 65571a 89258->89356 89261 65535e 89259->89261 89260 656440 27 API calls 89262 65575a GetModuleHandleW 89260->89262 89373 654a40 89261->89373 89267 655816 89262->89267 89264 6553a7 89266 654a40 33 API calls 89264->89266 89268 6553ba 89266->89268 89270 656440 27 API calls 89267->89270 89269 654a40 33 API calls 89268->89269 89271 6553cb 89269->89271 89272 655885 89270->89272 89380 6561f0 29 API calls 3 library calls 89271->89380 89274 6565c0 11 API calls 89272->89274 89275 65588c 89274->89275 89278 656440 27 API calls 89275->89278 89276 6553e9 89277 654a40 33 API calls 89276->89277 89279 655486 89277->89279 89286 65595c 89278->89286 89280 654a40 33 API calls 89279->89280 89281 655499 89280->89281 89282 654a40 33 API calls 89281->89282 89283 6554aa 89282->89283 89381 6561f0 29 API calls 3 library calls 89283->89381 89285 6554c8 89287 654a40 33 API calls 89285->89287 89288 656440 27 API calls 89286->89288 89289 655565 89287->89289 89296 655ae8 89288->89296 89290 654a40 33 API calls 89289->89290 89291 655578 89290->89291 89292 654a40 33 API calls 89291->89292 89293 655589 89292->89293 89382 6561f0 29 API calls 3 library calls 89293->89382 89295 6555a7 89301 654a40 33 API calls 89295->89301 89297 655b83 std::ios_base::_Ios_base_dtor codecvt 89296->89297 89386 6311f3 29 API calls 2 library calls 89296->89386 89300 656440 27 API calls 89297->89300 89299 655bdb 89302 655be6 89299->89302 89311 655cfc codecvt 89299->89311 89309 655cc5 89300->89309 89304 65564e 89301->89304 89305 639bb0 125 API calls 89302->89305 89303 655cd3 codecvt 89325 65608a 89303->89325 89329 655ebc codecvt 89303->89329 89306 654a40 33 API calls 89304->89306 89308 655beb 89305->89308 89310 655661 89306->89310 89307 656440 27 API calls 89312 655d62 89307->89312 89313 639940 164 API calls 89308->89313 89309->89303 89315 655de7 89309->89315 89316 655e30 89309->89316 89317 654a40 33 API calls 89310->89317 89311->89307 89312->89297 89387 64aad0 28 API calls 3 library calls 89312->89387 89314 655bfb 89313->89314 89319 631b84 79 API calls 89314->89319 89320 656085 Concurrency::cancel_current_task 89315->89320 89321 655df2 89315->89321 89316->89303 89323 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89316->89323 89322 655672 89317->89322 89324 655c17 89319->89324 89320->89325 89326 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89321->89326 89383 6561f0 29 API calls 3 library calls 89322->89383 89323->89303 89328 631be0 76 API calls 89324->89328 89330 6ad60f 11 API calls 89325->89330 89326->89303 89332 655c27 89328->89332 89337 656440 27 API calls 89329->89337 89353 655f73 codecvt 89329->89353 89333 65608f 89330->89333 89331 655690 89338 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89331->89338 89334 63b8a0 163 API calls 89332->89334 89335 6ad60f 11 API calls 89333->89335 89334->89297 89348 656094 codecvt 89335->89348 89336 655f82 GetModuleHandleW 89340 655f95 GetProcAddress 89336->89340 89341 655fc1 89336->89341 89342 655f2f 89337->89342 89339 6556d2 89338->89339 89384 6a85bf 17 API calls 89339->89384 89340->89341 89346 655fa7 GetCurrentProcess 89340->89346 89350 656440 27 API calls 89341->89350 89343 655f45 89342->89343 89388 64aad0 28 API calls 3 library calls 89342->89388 89343->89333 89343->89336 89343->89353 89346->89341 89365 656166 codecvt 89348->89365 89393 6567b0 12 API calls codecvt 89348->89393 89349 655710 89385 6a88b0 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 89349->89385 89354 656022 89350->89354 89351 6560f4 89360 65610e SysFreeString 89351->89360 89364 65611b codecvt 89351->89364 89353->89336 89389 6336db 27 API calls collate 89354->89389 89355 6ad60f 11 API calls 89358 6561d9 89355->89358 89356->89260 89359 65602a 89390 63372a 5 API calls collate 89359->89390 89360->89364 89361 6561b4 codecvt 89362 656159 SysFreeString 89362->89365 89364->89362 89364->89365 89365->89355 89365->89361 89366 656032 89391 63372a 5 API calls collate 89366->89391 89368 65603a 89392 63372a 5 API calls collate 89368->89392 89370 656042 89371 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 89370->89371 89372 656059 89371->89372 89374 6a8713 std::locale::_Locimp::_New_Locimp 27 API calls 89373->89374 89375 654a6e 89374->89375 89377 654aa5 _com_issue_error 89375->89377 89394 6a9900 89375->89394 89378 654afc SysFreeString 89377->89378 89379 654ab8 codecvt 89377->89379 89378->89379 89379->89264 89380->89276 89381->89285 89382->89295 89383->89331 89384->89349 89385->89356 89386->89299 89387->89297 89388->89343 89389->89359 89390->89366 89391->89368 89392->89370 89393->89351 89395 6a993d 89394->89395 89396 6a9960 89394->89396 89397 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 89395->89397 89399 6a997f MultiByteToWideChar 89396->89399 89400 6a9a33 _com_issue_error 89396->89400 89398 6a995a 89397->89398 89398->89377 89401 6a999c 89399->89401 89402 6a9a47 GetLastError 89399->89402 89400->89402 89403 6b594f _Yarn 15 API calls 89401->89403 89404 6a99ae __Strxfrm 89401->89404 89406 6a9a51 _com_issue_error 89402->89406 89403->89404 89404->89400 89407 6a99fa MultiByteToWideChar 89404->89407 89405 6a9a70 GetLastError 89413 6a9a7a _com_issue_error 89405->89413 89406->89405 89408 6ae960 _Yarn 14 API calls 89406->89408 89407->89406 89409 6a9a0e SysAllocString 89407->89409 89410 6a9a6d 89408->89410 89411 6a9a25 89409->89411 89412 6a9a1f 89409->89412 89410->89405 89411->89395 89411->89400 89414 6ae960 _Yarn 14 API calls 89412->89414 89413->89377 89414->89411 89418 6c5192 89419 6c2e1c __FrameHandler3::FrameUnwindToState 14 API calls 89418->89419 89420 6c51a0 89419->89420 89421 6c51ce 89420->89421 89422 6c51af 89420->89422 89424 6c51dc 89421->89424 89425 6c51e9 89421->89425 89423 6ad73d __Wcrtomb 14 API calls 89422->89423 89431 6c51b4 89423->89431 89426 6ad73d __Wcrtomb 14 API calls 89424->89426 89430 6c51fc 89425->89430 89451 6c555a 16 API calls __wsopen_s 89425->89451 89426->89431 89428 6c527b 89440 6c53c0 89428->89440 89430->89428 89430->89431 89432 6cec2a __wsopen_s 14 API calls 89430->89432 89433 6c526e 89430->89433 89432->89433 89433->89428 89435 6c55f5 89433->89435 89436 6c2174 std::_Locinfo::_W_Getdays 15 API calls 89435->89436 89437 6c5610 89436->89437 89438 6c2098 _free 14 API calls 89437->89438 89439 6c561a 89438->89439 89439->89428 89441 6c2e1c __FrameHandler3::FrameUnwindToState 14 API calls 89440->89441 89442 6c53cf 89441->89442 89443 6c5472 89442->89443 89444 6c53e2 89442->89444 89445 6c5ee6 __wsopen_s 68 API calls 89443->89445 89446 6c53ff 89444->89446 89449 6c5423 89444->89449 89448 6c540c 89445->89448 89447 6c5ee6 __wsopen_s 68 API calls 89446->89447 89447->89448 89448->89431 89449->89448 89450 6c6972 18 API calls 89449->89450 89450->89448 89451->89430

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00663AC0 Relevance: 75.4, APIs: 3, Strings: 39, Instructions: 1934COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 00663CE8
                                                                                                                                                                                                                                            • Part of subcall function 00693084: __EH_prolog3.LIBCMT ref: 0069308B
                                                                                                                                                                                                                                            • Part of subcall function 00693084: std::_Lockit::_Lockit.LIBCPMT ref: 00693096
                                                                                                                                                                                                                                            • Part of subcall function 00693084: std::locale::_Setgloballocale.LIBCPMT ref: 006930B1
                                                                                                                                                                                                                                            • Part of subcall function 00693084: std::_Lockit::~_Lockit.LIBCPMT ref: 00693107
                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 00664934
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00664CD5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
                                                                                                                                                                                                                                          • String ID: $+o$$+o$2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown$*o$*o$+o
                                                                                                                                                                                                                                          • API String ID: 3544396713-3089233433
                                                                                                                                                                                                                                          • Opcode ID: d143cf1383bffb5eafc32ad801197a3cf660fd78cd93304a5d4e5f5ea922e861
                                                                                                                                                                                                                                          • Instruction ID: 780ff21517b617cd7b0fb8be61a5b2ef9985e4dfa5c368e4cbeec718a527c8d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d143cf1383bffb5eafc32ad801197a3cf660fd78cd93304a5d4e5f5ea922e861
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D139A71D012299FDB20DF64CC99BEDBBB6AF05304F1442D9E509AB291DB74AE84CF90
                                                                                                                                                                                                                                          Function 0064F110 Relevance: 75.3, APIs: 21, Strings: 21, Instructions: 1782COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F268
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F307
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F37E
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F8B0
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064FBBD
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064FDB6
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006500BA
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065015F
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 006505D7
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00650614
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 0065086A
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006508A7
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 00650A90
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00650ACD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                          • String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key: $`auo$`p$`p$`p$`p
                                                                                                                                                                                                                                          • API String ID: 1658547907-241427123
                                                                                                                                                                                                                                          • Opcode ID: c2c36b2a0d5d3b6577503cfe82fdd57dcab04c9d5125491e024f8fcf86113a36
                                                                                                                                                                                                                                          • Instruction ID: b9215c5ac1639d0ec331865adb4204e8ad9279318883a9d79a4c5272dc6ea09d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2c36b2a0d5d3b6577503cfe82fdd57dcab04c9d5125491e024f8fcf86113a36
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21F2AE709002699BEF24DB24CC99BDDB7B6AF45305F0082E8E44DA7292DB759EC8CF54
                                                                                                                                                                                                                                          Function 00655318 Relevance: 72.7, APIs: 12, Strings: 29, Instructions: 928COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1169 655318-65532c call 6a88fa 1172 655332-6553a2 call 6a8713 call 654a40 1169->1172 1173 65571d-655b7a call 656440 GetModuleHandleW call 656440 call 6565c0 call 656440 * 2 call 649180 1169->1173 1180 6553a7-65571a call 654a40 * 2 call 6561f0 call 6a85d4 call 654a40 * 3 call 6561f0 call 6a85d4 call 654a40 * 3 call 6561f0 call 6a85d4 call 654a40 * 3 call 6561f0 call 6a85d4 call 6a8713 call 6a85bf call 6a88b0 1172->1180 1231 655b7f-655b81 1173->1231 1232 655b7a call 649180 1173->1232 1180->1173 1234 655bc4-655be0 call 6311f3 1231->1234 1235 655b83-655b8d 1231->1235 1232->1231 1249 655be6-655c59 call 639bb0 call 639940 call 631b84 call 631be0 call 63b8a0 call 692bfd 1234->1249 1250 655cfc-655d06 1234->1250 1237 655b93-655ba5 1235->1237 1238 655c8d-655ccd call 656440 1235->1238 1241 655c83-655c8a call 6a8375 1237->1241 1242 655bab-655bbf 1237->1242 1251 655db3-655dc0 1238->1251 1252 655cd3-655cd8 1238->1252 1241->1238 1242->1241 1249->1238 1347 655c5b-655c6d 1249->1347 1254 655d08-655d1a 1250->1254 1255 655d3a-655d67 call 656440 1250->1255 1260 655dc2-655dc7 1251->1260 1261 655dc9-655dce 1251->1261 1258 655cdc-655cf7 call 6aa3a0 1252->1258 1259 655cda 1252->1259 1263 655d30-655d37 call 6a8375 1254->1263 1264 655d1c-655d2a 1254->1264 1279 655d69-655d73 call 64aad0 1255->1279 1280 655d78-655d82 1255->1280 1284 655e8e-655e98 1258->1284 1259->1258 1268 655dd1-655de5 1260->1268 1261->1268 1263->1255 1264->1263 1275 655de7-655dec 1268->1275 1276 655e30-655e32 1268->1276 1285 656085 Concurrency::cancel_current_task 1275->1285 1286 655df2-655dfd call 6a8713 1275->1286 1288 655e64-655e86 1276->1288 1289 655e34-655e62 call 6a8713 1276->1289 1279->1280 1280->1238 1283 655d88-655d94 1280->1283 1283->1241 1292 655d9a-655dae 1283->1292 1294 655ec6-655ee7 call 649980 1284->1294 1295 655e9a-655ea6 1284->1295 1296 65608a call 6ad60f 1285->1296 1286->1296 1312 655e03-655e2e 1286->1312 1293 655e8c 1288->1293 1289->1293 1292->1241 1293->1284 1311 655eec-655eee 1294->1311 1302 655ebc-655ec3 call 6a8375 1295->1302 1303 655ea8-655eb6 1295->1303 1310 65608f-6560aa call 6ad60f 1296->1310 1302->1294 1303->1296 1303->1302 1329 6560ac-6560b6 1310->1329 1330 6560d8-6560fc call 6567b0 1310->1330 1317 655ef4-655f34 call 656440 1311->1317 1318 655f7f 1311->1318 1312->1293 1332 655f45-655f4f 1317->1332 1333 655f36-655f40 call 64aad0 1317->1333 1321 655f82-655f93 GetModuleHandleW 1318->1321 1327 655f95-655fa5 GetProcAddress 1321->1327 1328 655fd1 1321->1328 1327->1328 1338 655fa7-655fc5 GetCurrentProcess 1327->1338 1335 655fd3-65605c call 656440 call 6336db call 63372a * 3 call 6a8367 1328->1335 1339 6560ce-6560d5 call 6a8375 1329->1339 1340 6560b8-6560c6 1329->1340 1355 656144-656149 1330->1355 1356 6560fe-656106 1330->1356 1332->1321 1344 655f51-655f5d 1332->1344 1333->1332 1338->1328 1377 655fc7-655fcb 1338->1377 1339->1330 1348 6561d4-6561d9 call 6ad60f 1340->1348 1349 6560cc 1340->1349 1352 655f73-655f7d call 6a8375 1344->1352 1353 655f5f-655f6d 1344->1353 1347->1241 1358 655c6f-655c7d 1347->1358 1349->1339 1352->1321 1353->1310 1353->1352 1360 65618f-656197 1355->1360 1361 65614b-656151 1355->1361 1365 65613d 1356->1365 1366 656108-65610c 1356->1366 1358->1241 1374 6561c0-6561d3 1360->1374 1375 656199-6561a2 1360->1375 1368 656153-656157 1361->1368 1369 656188 1361->1369 1365->1355 1372 65610e-656115 SysFreeString 1366->1372 1373 65611b-656120 1366->1373 1378 656166-65616b 1368->1378 1379 656159-656160 SysFreeString 1368->1379 1369->1360 1372->1373 1381 656132-65613a call 6a8375 1373->1381 1382 656122-65612b call 6a874c 1373->1382 1383 6561a4-6561b2 1375->1383 1384 6561b6-6561bd call 6a8375 1375->1384 1377->1328 1386 655fcd-655fcf 1377->1386 1388 65617d-656185 call 6a8375 1378->1388 1389 65616d-656176 call 6a874c 1378->1389 1379->1378 1381->1365 1382->1381 1383->1348 1385 6561b4 1383->1385 1384->1374 1385->1384 1386->1335 1388->1369 1389->1388
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006A88FA: EnterCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,D7A06B67,?,00641171,?), ref: 006A8905
                                                                                                                                                                                                                                            • Part of subcall function 006A88FA: LeaveCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,D7A06B67,?,00641171,?), ref: 006A8942
                                                                                                                                                                                                                                            • Part of subcall function 00654A40: _com_issue_error.COMSUPP ref: 00654AD2
                                                                                                                                                                                                                                            • Part of subcall function 00654A40: SysFreeString.OLEAUT32(-00000001), ref: 00654AFD
                                                                                                                                                                                                                                            • Part of subcall function 006561F0: Concurrency::cancel_current_task.LIBCPMT ref: 006562BF
                                                                                                                                                                                                                                            • Part of subcall function 006A88B0: EnterCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88BA
                                                                                                                                                                                                                                            • Part of subcall function 006A88B0: LeaveCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88ED
                                                                                                                                                                                                                                            • Part of subcall function 006A88B0: RtlWakeAllConditionVariable.NTDLL ref: 006A8964
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,D7A06B67,?,?), ref: 006557B4
                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 006557C5
                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 006557D1
                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 006557DC
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00656067
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00656085
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 0065610F
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0065615A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
                                                                                                                                                                                                                                          • String ID: (error)$)$0.0.0.0$0p$4.1.1.865$4p$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
                                                                                                                                                                                                                                          • API String ID: 2830066208-1780718439
                                                                                                                                                                                                                                          • Opcode ID: f4e0097a140cbf7c6ef7a29f20911dac3effcbd28d6ccca003026d9a54191ecd
                                                                                                                                                                                                                                          • Instruction ID: 9daf242f4f2b22cc1639fc62cb864c19aedba464c50d5f77a840ae997ab796ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4e0097a140cbf7c6ef7a29f20911dac3effcbd28d6ccca003026d9a54191ecd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C824A70900344DFEB64DFA4DC5879DBBB2AF05304F10865CE845AB3D2DB799A88CB69
                                                                                                                                                                                                                                          Function 00645870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780encryptionfilethreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1938 645870-6458d0 GetCurrentProcessId GetCurrentThreadId call 6b594f 1941 6458d6-645943 CreateFileW 1938->1941 1942 646170-646185 call 63c900 1938->1942 1943 645945-645965 CreateFileW 1941->1943 1944 64596f-645973 1941->1944 1950 6461a5-6461ab 1942->1950 1951 646187-646189 1942->1951 1943->1944 1946 645967-64596d 1943->1946 1948 645975 1944->1948 1949 64597a-64599c CreateFileW 1944->1949 1946->1948 1948->1949 1952 645a05-645a49 call 6aa920 UuidCreate 1949->1952 1953 64599e-6459c0 CreateFileW 1949->1953 1957 6461ad-6461ba 1950->1957 1958 6461be-6461c4 1950->1958 1951->1950 1954 64618b-64618e 1951->1954 1967 645a4f-645a5f UuidCreate 1952->1967 1968 64620b-64621b call 63c900 1952->1968 1953->1952 1955 6459c2-6459e4 CreateFileW 1953->1955 1954->1950 1961 646190-646194 1954->1961 1955->1952 1962 6459e6-645a03 CreateFileW 1955->1962 1957->1958 1959 6461c6-6461d3 1958->1959 1960 6461d7-6461dd 1958->1960 1959->1960 1964 6461f0-646206 call 6a8367 1960->1964 1965 6461df-6461ec 1960->1965 1961->1950 1966 646196-64619a 1961->1966 1962->1952 1965->1964 1966->1950 1972 64619c-6461a3 call 6469a0 1966->1972 1967->1968 1974 645a65-645a87 call 645790 1967->1974 1968->1954 1972->1950 1982 645a89 1974->1982 1983 645aea-645af2 1974->1983 1985 645a90-645a96 1982->1985 1983->1968 1984 645af8-645b30 1983->1984 2002 645b36-645b3e 1984->2002 2003 646207 1984->2003 1986 645a9f-645aa5 1985->1986 1987 645a98-645a9d 1985->1987 1990 645aa7-645aac 1986->1990 1991 645aae-645ab4 1986->1991 1989 645ad9-645ae1 call 645790 1987->1989 1998 645ae6-645ae8 1989->1998 1990->1989 1992 645ab6-645abb 1991->1992 1993 645abd-645ac3 1991->1993 1992->1989 1996 645ac5-645aca 1993->1996 1997 645acc-645ad2 1993->1997 1996->1989 1997->1983 1999 645ad4 1997->1999 1998->1983 1998->1985 1999->1989 2002->2003 2004 645b44-645b5c 2002->2004 2003->1968 2004->2003 2007 645b62-645b66 2004->2007 2007->2003 2008 645b6c-645c01 call 644cc0 2007->2008 2008->2003 2021 645c07-645c4a 2008->2021 2026 645c50-645c54 2021->2026 2027 64616c 2021->2027 2026->2027 2028 645c5a-645c74 2026->2028 2027->1942 2028->2027 2031 645c7a-645c7e 2028->2031 2031->2027 2032 645c84-645cd4 call 644cc0 2031->2032 2039 645cd7-645ce0 2032->2039 2039->2039 2040 645ce2-645d16 CryptAcquireContextW 2039->2040 2041 645d65-645d6b 2040->2041 2042 645d18-645d32 CryptCreateHash 2040->2042 2044 645d74-645d7a 2041->2044 2045 645d6d-645d6e CryptDestroyHash 2041->2045 2042->2041 2043 645d34-645d4b CryptHashData 2042->2043 2043->2041 2046 645d4d-645d5f CryptGetHashParam 2043->2046 2047 645d85-645ef5 2044->2047 2048 645d7c-645d7f CryptReleaseContext 2044->2048 2045->2044 2046->2041 2047->2027 2077 645efb-645f4e call 644cc0 2047->2077 2048->2047 2084 645f50-645f59 2077->2084 2084->2084 2085 645f5b-645f8f CryptAcquireContextW 2084->2085 2086 645f91-645fab CryptCreateHash 2085->2086 2087 645fde-645fe4 2085->2087 2086->2087 2088 645fad-645fc4 CryptHashData 2086->2088 2089 645fe6-645fe7 CryptDestroyHash 2087->2089 2090 645fed-645ff3 2087->2090 2088->2087 2091 645fc6-645fd8 CryptGetHashParam 2088->2091 2089->2090 2092 645ff5-645ff8 CryptReleaseContext 2090->2092 2093 645ffe-646166 2090->2093 2091->2087 2092->2093 2093->2027
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 006458AA
                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006458B4
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0064593A
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0064595C
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 00645991
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 006459B5
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 006459D9
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 006459FD
                                                                                                                                                                                                                                          • UuidCreate.RPCRT4(00000000), ref: 00645A41
                                                                                                                                                                                                                                          • UuidCreate.RPCRT4(00000000), ref: 00645A57
                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?), ref: 00645D0E
                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 00645D2A
                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00645D43
                                                                                                                                                                                                                                          • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00645D5F
                                                                                                                                                                                                                                          • CryptDestroyHash.ADVAPI32(?), ref: 00645D6E
                                                                                                                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00645D7F
                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?), ref: 00645F87
                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 00645FA3
                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00645FBC
                                                                                                                                                                                                                                          • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00645FD8
                                                                                                                                                                                                                                          • CryptDestroyHash.ADVAPI32(?), ref: 00645FE7
                                                                                                                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00645FF8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
                                                                                                                                                                                                                                          • String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
                                                                                                                                                                                                                                          • API String ID: 4128897270-3926088020
                                                                                                                                                                                                                                          • Opcode ID: 2ab73ebd5df34ea3a02ea4832da2381ac5cc37a7dfb2d43f7c8ad217066ff8d3
                                                                                                                                                                                                                                          • Instruction ID: 0fd494507676838e0cc21d765a05fa4023642cd6bd0580b0855264f323e0eab7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ab73ebd5df34ea3a02ea4832da2381ac5cc37a7dfb2d43f7c8ad217066ff8d3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB5256756043009FDB109F24C898B6EBBE6BF88710F150959FA56AB391CBB5ED018F86
                                                                                                                                                                                                                                          Function 00681840 Relevance: 60.3, APIs: 5, Strings: 29, Instructions: 754registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 00681932
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 00681DAD
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 00681DD3
                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 006820C4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close$CreateInitstd::locale::_
                                                                                                                                                                                                                                          • String ID: to $$+o$(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range$*o
                                                                                                                                                                                                                                          • API String ID: 3662814871-2511458928
                                                                                                                                                                                                                                          • Opcode ID: a4d072550dd35e4e117013c93289d223880fe467bf245179dc9d4f400d5d3256
                                                                                                                                                                                                                                          • Instruction ID: 94139ea1c006872da588f3e33dd32992f81d0fb2d53347fe176087e31c497850
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4d072550dd35e4e117013c93289d223880fe467bf245179dc9d4f400d5d3256
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5552E3B0A003099FDB20EF94CC55BEEB7BAAF05704F140299E9096B381D775AE45CFA5
                                                                                                                                                                                                                                          Function 006917A0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 353encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 3020 6917a0-6917e9 3021 6917eb-69181d CryptQueryObject 3020->3021 3022 69184f 3020->3022 3023 69186d-6918ae call 6914f0 3021->3023 3024 69181f-691824 3021->3024 3025 691851-69186c call 6a8367 3022->3025 3035 6918b0-6918bd call 67e680 3023->3035 3036 6918e4-6918ea 3023->3036 3026 69182d-691832 3024->3026 3027 691826-691827 CryptMsgClose 3024->3027 3030 691842-691848 3026->3030 3031 691834-69183f CertCloseStore 3026->3031 3027->3026 3030->3022 3034 69184a-69184b 3030->3034 3031->3030 3034->3022 3042 6918bf-6918c0 CryptMsgClose 3035->3042 3043 6918c6-6918cb 3035->3043 3037 6918f0-6918f6 3036->3037 3040 6918fc-691944 3037->3040 3041 691b40-691b4d call 67e680 3037->3041 3045 69198e-6919d5 CryptQueryObject 3040->3045 3046 691946-691951 3040->3046 3058 691b4f-691b50 CryptMsgClose 3041->3058 3059 691b52-691b57 3041->3059 3042->3043 3047 6918db-6918df 3043->3047 3048 6918cd-6918d8 CertCloseStore 3043->3048 3052 691a39-691a5c call 6914f0 3045->3052 3053 6919d7-6919dc 3045->3053 3050 691969-69198b call 6a8375 3046->3050 3051 691953-691961 3046->3051 3057 691ab8-691aba 3047->3057 3048->3047 3050->3045 3060 691b7c-691b81 call 6ad60f 3051->3060 3061 691967 3051->3061 3072 691ac8-691aca 3052->3072 3073 691a5e-691a60 3052->3073 3054 6919de-6919df CryptMsgClose 3053->3054 3055 6919e1-6919ec 3053->3055 3054->3055 3063 6919f8-6919fe 3055->3063 3064 6919ee-6919f5 CertCloseStore 3055->3064 3066 691abc-691abd 3057->3066 3067 691ac1-691ac3 3057->3067 3058->3059 3068 691b59-691b64 CertCloseStore 3059->3068 3069 691b67 3059->3069 3061->3050 3074 691a00-691a01 3063->3074 3075 691a05-691a1a call 67e630 call 67e680 3063->3075 3064->3063 3066->3067 3067->3025 3068->3069 3069->3060 3080 691acc-691acd CryptMsgClose 3072->3080 3081 691acf-691ad4 3072->3081 3077 691a62-691a63 CryptMsgClose 3073->3077 3078 691a65-691a70 3073->3078 3074->3075 3097 691a1c-691a1d CryptMsgClose 3075->3097 3098 691a1f-691a24 3075->3098 3077->3078 3082 691a7c-691a82 3078->3082 3083 691a72-691a79 CertCloseStore 3078->3083 3080->3081 3085 691ae4-691aea 3081->3085 3086 691ad6-691ae1 CertCloseStore 3081->3086 3087 691a89-691a9e call 67e630 call 67e680 3082->3087 3088 691a84-691a85 3082->3088 3083->3082 3090 691aec-691aed 3085->3090 3091 691af1-691af7 3085->3091 3086->3085 3107 691aa0-691aa1 CryptMsgClose 3087->3107 3108 691aa3-691aa8 3087->3108 3088->3087 3090->3091 3091->3037 3094 691afd-691b08 3091->3094 3095 691b0a-691b18 3094->3095 3096 691b1c-691b3b call 6a8375 3094->3096 3095->3060 3100 691b1a 3095->3100 3096->3037 3097->3098 3102 691a30 3098->3102 3103 691a26-691a2d CertCloseStore 3098->3103 3100->3096 3102->3052 3103->3102 3107->3108 3109 691aaa-691ab1 CertCloseStore 3108->3109 3110 691ab4 3108->3110 3109->3110 3110->3057
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001, %i,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00691815
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00691827
                                                                                                                                                                                                                                            • Part of subcall function 006914F0: CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00691581
                                                                                                                                                                                                                                            • Part of subcall function 006914F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006915B2
                                                                                                                                                                                                                                            • Part of subcall function 006914F0: CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006915DD
                                                                                                                                                                                                                                            • Part of subcall function 006914F0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00691625
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00691837
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 006918C0
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 006918D0
                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006919CD
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 006919DF
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 006919F1
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00691A1D
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00691A29
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00691A63
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00691A75
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00691AA1
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00691AAD
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00691ACD
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00691AD9
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 00691B50
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 00691B5C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                                                          • String ID: %i
                                                                                                                                                                                                                                          • API String ID: 2648890560-462526185
                                                                                                                                                                                                                                          • Opcode ID: ca2483a0d8de98b5c4699f334ecabeb1eddeb1eff48f006b07d559119a9ec2df
                                                                                                                                                                                                                                          • Instruction ID: 7730da718d88bb5924e1f1094619febc8d9dd61e6ca4c36546af6bef810e52c7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca2483a0d8de98b5c4699f334ecabeb1eddeb1eff48f006b07d559119a9ec2df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80C12B71E0020AAAEF10DFA5CD85BEEBBF9AF09704F248159E504FB280DB749904CB64
                                                                                                                                                                                                                                          Function 0067FFE0 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 368COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 3111 67ffe0-68002d 3112 68002f-68004c call 668650 3111->3112 3113 680051-680055 3111->3113 3122 680557-680571 call 6a8367 3112->3122 3115 6800ae-68010d 3113->3115 3116 680057-68005d 3113->3116 3120 68010f-68011b 3115->3120 3121 680122-680135 3115->3121 3118 68005f 3116->3118 3119 680061-68006a 3116->3119 3118->3119 3123 68006c-680073 call 6921d0 3119->3123 3124 680077-68007c call 67eb20 3119->3124 3120->3121 3125 68013b-680145 3121->3125 3126 680574-680579 call 6334d0 3121->3126 3137 680075 3123->3137 3140 68007f-680081 3124->3140 3130 68014f-680187 3125->3130 3131 680147-680149 3125->3131 3135 680189-680194 3130->3135 3136 6801d3-680283 call 6aa3a0 call 63e9c0 3130->3136 3131->3130 3138 68019d-6801a4 3135->3138 3139 680196-68019b 3135->3139 3153 680285 3136->3153 3154 680287-680318 call 63e9c0 call 6338d0 * 2 call 6aa920 3136->3154 3137->3140 3142 6801a7-6801cd call 6333c3 3138->3142 3139->3142 3140->3115 3143 680083-680087 3140->3143 3142->3136 3146 680089 3143->3146 3147 68008b-6800a9 call 668650 3143->3147 3146->3147 3147->3122 3153->3154 3163 680320-680328 3154->3163 3164 68032a-680331 3163->3164 3165 68033e-680355 3163->3165 3164->3165 3166 680333-68033c 3164->3166 3167 680359-680383 CreateProcessW 3165->3167 3168 680357 3165->3168 3166->3163 3166->3165 3169 6803ba-6803ca WaitForSingleObject 3167->3169 3170 680385-6803b5 GetLastError call 668650 3167->3170 3168->3167 3172 6803cc-6803d0 3169->3172 3173 6803de-6803fd GetExitCodeProcess 3169->3173 3182 680526-68053f call 6338d0 3170->3182 3177 6803d2 3172->3177 3178 6803d4-6803dc 3172->3178 3174 6803ff-68040b GetLastError 3173->3174 3175 680430-680434 3173->3175 3179 680410-68042b call 668650 3174->3179 3180 68046e-680477 3175->3180 3181 680436-68043a 3175->3181 3177->3178 3178->3179 3179->3182 3187 680480-68049e 3180->3187 3184 68043c 3181->3184 3185 68043e-680447 DeleteFileW 3181->3185 3195 680541-680542 CloseHandle 3182->3195 3196 680544-68054c 3182->3196 3184->3185 3185->3180 3189 680449-68046b GetLastError call 668650 3185->3189 3187->3187 3191 6804a0-6804c4 3187->3191 3189->3180 3192 6804c6-6804d2 call 63347e 3191->3192 3193 6804d7-68051f call 6314a1 call 66a350 call 6338d0 * 2 3191->3193 3192->3193 3193->3182 3195->3196 3198 68054e-68054f CloseHandle 3196->3198 3199 680551 3196->3199 3198->3199 3199->3122
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: D$Failed to delete executable (%d)$Failed to get process exit code (%d)$NWebAdvisor::NXmlUpdater::CExecuteLocalCommand::ExecuteLocalCommand$Signature check failed for command %s$Unable to run %s, error (%d)$Wait for process failed for command %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExecuteLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                                                          • API String ID: 0-284121414
                                                                                                                                                                                                                                          • Opcode ID: 2ce50b96592080cc11c2f9bd4e83ca1565950dcfc824bf28b0a1f3ba5a0a1855
                                                                                                                                                                                                                                          • Instruction ID: cba19a16e5d1321f418be82e1d83f2c1b89faa3926ce66d40fe32e350c09e18f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ce50b96592080cc11c2f9bd4e83ca1565950dcfc824bf28b0a1f3ba5a0a1855
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAE1BB70A013599FEB64EF24CD49BEDB7B6AF15304F0046DEE409A7291DB709A88CF61
                                                                                                                                                                                                                                          Function 00645204 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 345registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 3384 645204-64523e RegOpenKeyExW 3385 645244-645273 RegQueryValueExW 3384->3385 3386 6452e2-645311 call 6ae960 GetLastError 3384->3386 3388 645275-64527d 3385->3388 3389 6452ca-6452dc RegCloseKey 3385->3389 3390 64538b-6453dc 3386->3390 3388->3389 3392 64527f-645292 call 644c10 3388->3392 3389->3386 3389->3390 3393 6453fd-645401 3390->3393 3394 6453de-6453eb OutputDebugStringW call 644f50 3390->3394 3401 6452b4-6452c8 SetLastError RegCloseKey 3392->3401 3402 645294-64529c 3392->3402 3398 645403-645449 call 6aa920 * 2 call 646ae0 3393->3398 3399 64547e-645481 3393->3399 3405 6453f0-6453f8 3394->3405 3398->3399 3438 64544b-645471 3398->3438 3403 645483-645489 3399->3403 3404 64548f-645496 3399->3404 3401->3386 3402->3389 3407 64529e-6452b2 call 644c10 3402->3407 3403->3404 3408 6455d1-6455d7 3403->3408 3404->3408 3409 64549c-6454b8 OutputDebugStringW call 644e60 3404->3409 3405->3399 3407->3389 3407->3401 3412 6455f3 3408->3412 3413 6455d9 3408->3413 3426 6454be-6454d8 call 644e60 3409->3426 3427 6455cb 3409->3427 3420 6455f5 3412->3420 3417 645703-64570a 3413->3417 3418 6455df-6455e5 3413->3418 3423 64570c-64571b LoadLibraryExW 3417->3423 3424 645739 3417->3424 3418->3417 3425 6455eb-6455f1 3418->3425 3420->3417 3421 6455fb-645606 3420->3421 3429 645610-64561c call 644dc0 3421->3429 3430 645608-64560a 3421->3430 3428 64573e-645743 3423->3428 3432 64571d-645737 GetLastError call 6ae960 3423->3432 3424->3428 3425->3420 3440 6454f2-645516 call 6b594f 3426->3440 3441 6454da-6454e0 3426->3441 3427->3408 3435 645745-64574b call 6a874c 3428->3435 3436 64574e-645753 3428->3436 3450 645622-64562a 3429->3450 3451 6456ea-6456ef 3429->3451 3430->3429 3432->3428 3435->3436 3444 645755-64575b call 6a874c 3436->3444 3445 64575e-645784 call 6a8367 3436->3445 3438->3399 3448 645518-64551f 3440->3448 3447 6454e2-6454eb call 6ae960 3441->3447 3441->3448 3444->3445 3447->3440 3448->3421 3460 645525-64554b call 644e60 call 644cc0 3448->3460 3450->3451 3456 645630 3450->3456 3451->3428 3457 6456f1-645701 call 6ae960 3451->3457 3463 645635-645639 3456->3463 3457->3428 3476 6455c4-6455c9 3460->3476 3477 64554d-64557f call 6aa920 * 2 call 646ae0 3460->3477 3467 645643-64565a 3463->3467 3468 64563b-645641 3463->3468 3467->3451 3471 645660-6456a2 call 644dc0 call 6b594f 3467->3471 3468->3463 3468->3467 3471->3451 3483 6456a4-6456e2 call 644dc0 call 644cc0 OutputDebugStringW call 6ae960 3471->3483 3476->3421 3489 645584-64558d 3477->3489 3493 6456e7 3483->3493 3489->3408 3491 64558f-6455c2 3489->3491 3491->3408 3493->3451
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 00645225
                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 00645265
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(0000006F,?,?,0070A17C), ref: 006452B6
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 006452C2
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 006452D0
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006452F6
                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 006453E3
                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in EXE directory), ref: 006454A1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 006453DE
                                                                                                                                                                                                                                          • NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 006456B7
                                                                                                                                                                                                                                          • %ls\%ls, xrefs: 00645533
                                                                                                                                                                                                                                          • NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 0064549C
                                                                                                                                                                                                                                          • szInstallDir32, xrefs: 0064525F
                                                                                                                                                                                                                                          • Software\McAfee\SystemCore, xrefs: 0064521B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseDebugErrorLastOutputString$OpenQueryValue
                                                                                                                                                                                                                                          • String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
                                                                                                                                                                                                                                          • API String ID: 901107078-3767168787
                                                                                                                                                                                                                                          • Opcode ID: c8f319747077344d7a4a861e7d5f7da0d95239487b21617adeb5d59d52e47adb
                                                                                                                                                                                                                                          • Instruction ID: 4aac233dfd38185221feeb510cba0941a17675434d8a2aaaffefaccd61d72848
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8f319747077344d7a4a861e7d5f7da0d95239487b21617adeb5d59d52e47adb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6D183B1E007199FDF64DF64CC45BEEB7B6AF04300F0441A9E50AAA282DB759E54CF91
                                                                                                                                                                                                                                          Function 006470D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00654B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00647DFC
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647EBB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Failed to add reserved 1 dimension (, xrefs: 0064769E
                                                                                                                                                                                                                                          • Failed to add event label (, xrefs: 00647508
                                                                                                                                                                                                                                          • u, xrefs: 00647B57
                                                                                                                                                                                                                                          • z, xrefs: 00647CF1
                                                                                                                                                                                                                                          • Failed to add reserved 4 dimension (, xrefs: 00647B63
                                                                                                                                                                                                                                          • Failed to add reserved 2 dimension (, xrefs: 00647834
                                                                                                                                                                                                                                          • Failed to add reserved 3 dimension (, xrefs: 006479CD
                                                                                                                                                                                                                                          • Failed to add event action (, xrefs: 00647379
                                                                                                                                                                                                                                          • Failed to add reserved 5 dimension (, xrefs: 00647CFD
                                                                                                                                                                                                                                          • Failed to add event category (, xrefs: 006471F0
                                                                                                                                                                                                                                          • Service has not been initialized, xrefs: 00647E88
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                                          • String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
                                                                                                                                                                                                                                          • API String ID: 342047005-3525645681
                                                                                                                                                                                                                                          • Opcode ID: 59b4acd9b13032b972ff5cca7f3a8c4a55d5835e9f591891b5a7dbc1b10f1d89
                                                                                                                                                                                                                                          • Instruction ID: 721761648ff0aae95be7770cb9768271018adec1d36099bae50610f4f9a4fbd4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59b4acd9b13032b972ff5cca7f3a8c4a55d5835e9f591891b5a7dbc1b10f1d89
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA82D270614244CFDF18EF24C895BEE7BA6AF45304F5042ADE8168B382DB75DA48CFA5
                                                                                                                                                                                                                                          Function 00648FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoCreateGuid.OLE32(?), ref: 00648FC8
                                                                                                                                                                                                                                          • StringFromCLSID.OLE32(?,?), ref: 00648FE0
                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00649138
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00649173
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006493D1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Could not create registry key , xrefs: 0064923F
                                                                                                                                                                                                                                          • SOFTWARE\McAfee\WebAdvisor, xrefs: 006491FB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
                                                                                                                                                                                                                                          • String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                                                          • API String ID: 3741506170-3627174789
                                                                                                                                                                                                                                          • Opcode ID: 2a06144acdaf6b7b949198add6e6428e0588406cda7d8ba6d9b006decf941f11
                                                                                                                                                                                                                                          • Instruction ID: 1a9c656c4e1be2bb7def6945d60a79e3b1a8c2ccbc72bb88fb5c95d9286a33a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a06144acdaf6b7b949198add6e6428e0588406cda7d8ba6d9b006decf941f11
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B812571A403059FDB14EF64DC89BAFB3AAEF45710F10462DF916872C1EB34A908CBA5
                                                                                                                                                                                                                                          Function 006914F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 215encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00691581
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006915B2
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006915DD
                                                                                                                                                                                                                                          • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00691625
                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(?), ref: 0069175E
                                                                                                                                                                                                                                            • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(?), ref: 00691738
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CertCryptParam$ContextFree$CertificateFromStoreSubject_free
                                                                                                                                                                                                                                          • String ID: %i
                                                                                                                                                                                                                                          • API String ID: 4059466977-462526185
                                                                                                                                                                                                                                          • Opcode ID: 744bcf95d5788fc3687876600caacec4945e65118cc827d000adad932dd03a54
                                                                                                                                                                                                                                          • Instruction ID: c674608edeb527d42dc05b0bbef1e6d89d80a8f077986bad01de40365238ee1e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 744bcf95d5788fc3687876600caacec4945e65118cc827d000adad932dd03a54
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59816B75D0020AEFDF20DFA4D840BEEBBB9BF0A344F244119E815AB352D7319A05CBA5
                                                                                                                                                                                                                                          Function 00634C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00634CA6
                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00634CB8
                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00634CD3
                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,0000022C), ref: 00634CE9
                                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 00634CFA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process32$ChangeCloseCreateCurrentFindFirstNextNotificationProcessSnapshotToolhelp32
                                                                                                                                                                                                                                          • String ID: saBSI.exe
                                                                                                                                                                                                                                          • API String ID: 1594840063-3955546181
                                                                                                                                                                                                                                          • Opcode ID: df24b41ced1712b7227e849788d0215d4c1f8ab510b7191203b67b5533c6d4bd
                                                                                                                                                                                                                                          • Instruction ID: 99a4badab1b04d89dd87e8a0750dff9fe271bbdee8d331edbe1725fff76ed8b6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df24b41ced1712b7227e849788d0215d4c1f8ab510b7191203b67b5533c6d4bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F92108711053009FC310AB24AC89AAFB7D7EF85320F141228F915C72D0EB35A9458AD6
                                                                                                                                                                                                                                          Function 006673B0 Relevance: 10.4, Strings: 8, Instructions: 433COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                          • String ID: &$&$CObfuscatedIniReader cannot load file: %s$Key was not found: %s$NWebAdvisor::CSubInfoDatReader::ReadString$No section found for %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubInfoDataReader.cpp$d6o
                                                                                                                                                                                                                                          • API String ID: 54951025-40434935
                                                                                                                                                                                                                                          • Opcode ID: 31d06d74319678435bb07ea920c9470fd3c4bdd0fc035491294177ef9ced26cf
                                                                                                                                                                                                                                          • Instruction ID: 4f6123d806492fff4bed4d1826ccad5bda4283b8532eabad710fb7de973214a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31d06d74319678435bb07ea920c9470fd3c4bdd0fc035491294177ef9ced26cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F1D270A04219DFDB50DF68CC45BAAB7B6AF15318F14829CE909AB391EB709E44CF94
                                                                                                                                                                                                                                          Function 00644F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000,D7A06B67), ref: 00644FB5
                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00644FDF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00644FF2
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0064500B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                                                                          • String ID: %ls\%ls
                                                                                                                                                                                                                                          • API String ID: 152501406-2125769799
                                                                                                                                                                                                                                          • Opcode ID: cbdda8953a2e4cd99976abdc6b5af821daceec97b4a4cffcf30809655c12a063
                                                                                                                                                                                                                                          • Instruction ID: 7d4f4ca77b2bd6d199c6efbbb63635402f363ac6348d2bade13a1500a1ccebb3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbdda8953a2e4cd99976abdc6b5af821daceec97b4a4cffcf30809655c12a063
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB4195B1E006159BDB64DFA5CC467AFBABAAB44B00F24413EE406DB281EB35C9048F95
                                                                                                                                                                                                                                          Function 0067D540 Relevance: 7.2, Strings: 5, Instructions: 925COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied, xrefs: 0067DB65, 0067E175
                                                                                                                                                                                                                                          • invalid substitutor, xrefs: 0067DB5E
                                                                                                                                                                                                                                          • NEQ, xrefs: 0067D892
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp, xrefs: 0067DB6A, 0067E17A
                                                                                                                                                                                                                                          • Unable to substitute the arguments, xrefs: 0067E16E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: NEQ$NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp$invalid substitutor
                                                                                                                                                                                                                                          • API String ID: 0-4090108046
                                                                                                                                                                                                                                          • Opcode ID: b705f7e0ff805d7aaaad0bed4134368c222a20f4f5d09efe8134e37ce8d39a0f
                                                                                                                                                                                                                                          • Instruction ID: 8d30982bda4fee90a543bb309b7987fc20e95ef509a22daba48db25e01463680
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b705f7e0ff805d7aaaad0bed4134368c222a20f4f5d09efe8134e37ce8d39a0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7082BE70D002588BDF14DFA8C845BEDBBB2BF45308F14869DE419AB391EB75AA85CF50
                                                                                                                                                                                                                                          Function 006BE8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,006BE8FD,00000002,00000002,?,00000002), ref: 006BE920
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,006BE8FD,00000002,00000002,?,00000002), ref: 006BE927
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 006BE939
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                          • Opcode ID: 255b275d646c289e369f76bcf088bbdeff522de6d399bb7a7aae4fbbe19fbaec
                                                                                                                                                                                                                                          • Instruction ID: 922616c24c035f46276e9ade31055df227c0011a6ccd1863a9e371cfcbb61961
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 255b275d646c289e369f76bcf088bbdeff522de6d399bb7a7aae4fbbe19fbaec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFE04671000248AFCF913F64DD88AD83B2BEB40741B044418F9098A231CB37EE96CB51
                                                                                                                                                                                                                                          Function 00635C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(006FD808,00000000,00000017,0070B024,00000000,D7A06B67,?,?,?,00000000,00000000,00000000,006D8687,000000FF), ref: 00635C7A
                                                                                                                                                                                                                                          • OleRun.OLE32(00000000), ref: 00635C89
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 542301482-0
                                                                                                                                                                                                                                          • Opcode ID: ca7d9752988ff9e574ad28df36cb4ef56839c0c60579d2a9e6687cc2c698611f
                                                                                                                                                                                                                                          • Instruction ID: 9dd936b6c659b4620894f19b80926e8088d8400820670e7757635bd601b42b71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca7d9752988ff9e574ad28df36cb4ef56839c0c60579d2a9e6687cc2c698611f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18216D75A00718AFCB04CB58CC85F6EB7BAEF88B24F15412DF516E73A0DB75AD008A90
                                                                                                                                                                                                                                          Function 00634E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1406 634e1f-634e73 call 65d6d0 1409 634ec6-634ede call 634d63 1406->1409 1410 634e75-634ec1 call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1406->1410 1415 634ee0-634f34 call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1409->1415 1416 634f39-634f46 CoInitializeEx 1409->1416 1410->1409 1451 6358da-6358e1 1415->1451 1420 634f48-634f4b 1416->1420 1421 634f4d-634f51 call 635a4f 1416->1421 1420->1421 1422 634f56-634f7c call 6a8760 1420->1422 1421->1422 1432 634f86 1422->1432 1433 634f7e-634f84 1422->1433 1436 634f88-634f99 call 635d57 1432->1436 1433->1436 1443 634ff1-635008 call 6a8760 1436->1443 1444 634f9b-634fec call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1436->1444 1454 635012 1443->1454 1455 63500a-635010 1443->1455 1478 6358ba-6358bf 1444->1478 1452 6358e3-6358e9 CloseHandle 1451->1452 1453 6358ef-635913 call 6a8367 1451->1453 1452->1453 1458 635014-63502c call 635db6 1454->1458 1455->1458 1466 63507b-6350cc call 6aa920 call 6a8760 1458->1466 1467 63502e-635076 call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1458->1467 1483 6350d8 1466->1483 1484 6350ce-6350d6 call 646bd0 1466->1484 1507 6358ab-6358b3 1467->1507 1481 6358c1 call 637d21 1478->1481 1482 6358c6-6358d2 call 6359c2 1478->1482 1481->1482 1482->1451 1496 6358d4 CoUninitialize 1482->1496 1485 6350da-6350f0 call 635e16 1483->1485 1484->1485 1497 635143-635154 1485->1497 1498 6350f2-63513e call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1485->1498 1496->1451 1500 635156 1497->1500 1501 63515a-635176 1497->1501 1533 635897-63589c 1498->1533 1500->1501 1504 635178 1501->1504 1505 63517c-635194 1501->1505 1504->1505 1508 635196 1505->1508 1509 63519a-6351a9 call 663670 1505->1509 1507->1478 1510 6358b5 call 637d21 1507->1510 1508->1509 1517 6351f7-635233 CommandLineToArgvW 1509->1517 1518 6351ab-6351f2 call 639bb0 call 639940 call 631b84 call 631be0 1509->1518 1510->1478 1530 635235-635282 call 639bb0 call 639940 call 631b84 call 631be0 GetLastError 1517->1530 1531 635284-6352b0 call 6aa920 GetModuleFileNameW 1517->1531 1548 635310-635318 call 63136c 1518->1548 1570 6352ff-63530a call 636140 1530->1570 1545 6352b2-6352fc call 639bb0 call 639940 call 631b84 call 631be0 GetLastError 1531->1545 1546 63531d-635367 call 63d730 call 6aa920 GetLongPathNameW 1531->1546 1535 6358a3-6358a6 call 635946 1533->1535 1536 63589e call 637d21 1533->1536 1535->1507 1536->1535 1545->1570 1563 635419-635520 call 63171d * 2 call 665b70 call 633899 * 2 call 6349d2 call 63171d * 2 call 665b70 call 633899 * 2 call 6349d2 1546->1563 1564 63536d-635416 call 639bb0 call 639940 call 631b84 call 631be0 GetLastError call 636140 call 6361b0 call 634190 call 63136c call 6aea46 1546->1564 1548->1533 1615 635522-635591 call 634a04 call 63171d call 665b70 call 633899 * 2 1563->1615 1616 635596-6355a8 call 6349d2 1563->1616 1564->1563 1570->1548 1615->1616 1622 635611-63564f call 634a4a 1616->1622 1623 6355aa-63560c call 63171d * 2 call 665b70 call 633899 * 2 1616->1623 1640 635651-635693 call 639bb0 call 639940 call 631b84 call 636220 call 63136c 1622->1640 1641 635698-6356a9 call 634b92 1622->1641 1623->1622 1640->1641 1650 63571b-635729 call 633a88 1641->1650 1651 6356ab-635716 call 639bb0 call 639940 call 631b84 call 631be0 1641->1651 1655 63572e-635733 1650->1655 1691 635887-63588c call 63136c 1651->1691 1658 635739-63573b 1655->1658 1659 6357ed-635802 call 637d7c 1655->1659 1663 635746-63575b call 637d7c 1658->1663 1664 63573d-635740 1658->1664 1672 635806-635881 call 63372a call 639bb0 call 639940 call 631b84 call 631be0 call 636290 1659->1672 1673 635804 1659->1673 1674 63575f-6357e8 call 63372a call 639bb0 call 639940 call 631b84 call 631be0 call 636290 call 63136c 1663->1674 1675 63575d 1663->1675 1664->1659 1664->1663 1672->1691 1673->1672 1700 63588f-635892 call 633899 1674->1700 1675->1674 1691->1700 1700->1533
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 0065D6D0: GetModuleHandleW.KERNEL32(kernel32.dll,00634E6C,D7A06B67), ref: 0065D6D5
                                                                                                                                                                                                                                            • Part of subcall function 0065D6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0065D6E5
                                                                                                                                                                                                                                          • CoInitializeEx.OLE32(00000000,00000000,D7A06B67), ref: 00634F3E
                                                                                                                                                                                                                                          • CommandLineToArgvW.SHELL32(?,?), ref: 00635226
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 00635276
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 006352A8
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 006352F3
                                                                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 0063535F
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002), ref: 006353AE
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000001), ref: 006358E9
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                            • Part of subcall function 0063136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006313A5
                                                                                                                                                                                                                                          • CoUninitialize.OLE32(?,00000001), ref: 006358D4
                                                                                                                                                                                                                                            • Part of subcall function 00646BD0: __Mtx_init_in_situ.LIBCPMT ref: 00646CC0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
                                                                                                                                                                                                                                          • String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
                                                                                                                                                                                                                                          • API String ID: 126520999-360321973
                                                                                                                                                                                                                                          • Opcode ID: 8516ae2c2771c81bb6abadd41cdb051e5c294a94fcdba1e1f56d3efeaa900ae6
                                                                                                                                                                                                                                          • Instruction ID: 77e264d3651464a20722ef810ab33839722dc81aef77d89b08acd2e8bab90320
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8516ae2c2771c81bb6abadd41cdb051e5c294a94fcdba1e1f56d3efeaa900ae6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C627FB0900349EFDF54EFA4C895BEDBBB6AF05304F50815DF80AA7281DB749A44CBA5
                                                                                                                                                                                                                                          Function 0066EFC0 Relevance: 65.5, APIs: 13, Strings: 24, Instructions: 743COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1717 66efc0-66f053 call 6841f0 call 684430 1722 66f055-66f06b call 668650 1717->1722 1723 66f07f-66f13b call 66ea50 call 6aa920 * 2 1717->1723 1726 66f070-66f07a 1722->1726 1738 66f13d-66f163 GetLastError call 66e9b0 1723->1738 1739 66f168-66f170 1723->1739 1729 66fa58-66fa83 call 684210 call 6a8367 1726->1729 1745 66f3cb-66f3e6 call 668650 1738->1745 1741 66f172-66f186 1739->1741 1742 66f18d-66f1ab call 684280 1739->1742 1741->1742 1748 66f1ad-66f1d3 GetLastError call 66e9b0 1742->1748 1749 66f1d8-66f209 call 684480 1742->1749 1745->1729 1748->1745 1755 66f236-66f255 call 684250 1749->1755 1756 66f20b-66f231 GetLastError call 66e9b0 1749->1756 1761 66f257-66f286 call 668650 1755->1761 1762 66f289-66f29a call 684640 1755->1762 1756->1745 1761->1762 1766 66f2f3-66f300 call 684620 1762->1766 1767 66f29c-66f2ee GetLastError call 66e9b0 call 668650 1762->1767 1775 66f302-66f324 GetLastError call 66e9b0 1766->1775 1776 66f329-66f33f call 684560 1766->1776 1767->1729 1775->1745 1782 66f341-66f384 GetLastError call 66e9b0 call 668650 1776->1782 1783 66f389-66f3a7 call 6844c0 1776->1783 1782->1729 1789 66f3eb-66f41a call 6b594f 1783->1789 1790 66f3a9-66f3c6 GetLastError call 66e9b0 1783->1790 1796 66f41c-66f455 call 66e9b0 call 668650 1789->1796 1797 66f45a-66f461 1789->1797 1790->1745 1811 66fa4f-66fa50 call 6ae960 1796->1811 1799 66f4c2-66f4db call 6708c0 1797->1799 1800 66f463-66f48f 1797->1800 1809 66f4e0-66f501 call 6344b2 1799->1809 1802 66f495-66f49e 1800->1802 1802->1802 1805 66f4a0-66f4c0 call 63347e 1802->1805 1805->1809 1816 66f503-66f517 call 6338d0 1809->1816 1817 66f51d-66f523 1809->1817 1815 66fa55 1811->1815 1815->1729 1816->1817 1819 66f525-66f52b call 6338d0 1817->1819 1820 66f530-66f537 1817->1820 1819->1820 1823 66f5a0-66f5de call 670230 1820->1823 1824 66f539-66f53f 1820->1824 1831 66f657-66f669 call 6338d0 1823->1831 1832 66f5e0-66f5e6 1823->1832 1826 66f561-66f582 call 668650 1824->1826 1827 66f541-66f55f call 668650 1824->1827 1835 66f585-66f59b call 66e9b0 1826->1835 1827->1835 1843 66f66d-66f676 PathFileExistsW 1831->1843 1844 66f66b 1831->1844 1836 66f625-66f654 1832->1836 1837 66f5e8-66f5f7 1832->1837 1852 66fa44-66fa4a call 6338d0 1835->1852 1836->1831 1841 66f60f-66f61f call 6a8375 1837->1841 1842 66f5f9-66f607 1837->1842 1841->1836 1846 66fadf-66fb00 call 6ad60f 1842->1846 1847 66f60d 1842->1847 1850 66f67c-66f68b 1843->1850 1851 66f83d-66f844 1843->1851 1844->1843 1860 66fb02-66fb0a call 6a8375 1846->1860 1861 66fb0d-66fb11 1846->1861 1847->1841 1857 66f691-66f6a4 1850->1857 1858 66f8b8-66f8bc 1850->1858 1855 66f846 1851->1855 1856 66f848-66f86a CreateFileW 1851->1856 1852->1811 1855->1856 1862 66f870-66f8b3 call 66e9b0 call 668650 1856->1862 1863 66f8fa-66f942 call 6835a0 call 6845f0 1856->1863 1864 66fada call 6334d0 1857->1864 1865 66f6aa-66f6ae 1857->1865 1866 66f8c0-66f8f5 call 668650 call 66e9b0 1858->1866 1867 66f8be 1858->1867 1860->1861 1862->1852 1893 66f9d6-66fa1a CloseHandle call 6835f0 call 63149c 1863->1893 1894 66f948 1863->1894 1864->1846 1870 66f6b0-66f6b2 1865->1870 1871 66f6b8-66f6f2 1865->1871 1866->1852 1867->1866 1870->1871 1878 66f6f4-66f6ff 1871->1878 1879 66f739-66f7ba call 6aa3a0 DeleteFileW 1871->1879 1883 66f701-66f706 1878->1883 1884 66f708-66f70f 1878->1884 1891 66f7be-66f7ca call 6b65f0 1879->1891 1892 66f7bc 1879->1892 1890 66f712-66f733 call 6333c3 1883->1890 1884->1890 1890->1879 1905 66f82e-66f838 call 6338d0 1891->1905 1906 66f7cc-66f7ee call 6ad73d call 66e9b0 1891->1906 1892->1891 1915 66fa24-66fa33 call 66e9b0 1893->1915 1916 66fa1c-66fa1f 1893->1916 1899 66f950-66f958 1894->1899 1899->1893 1904 66f95a-66f973 WriteFile 1899->1904 1908 66fa86-66fad5 call 66e9b0 call 668650 CloseHandle 1904->1908 1909 66f979-66f9c9 call 66e990 call 684140 call 6845f0 1904->1909 1905->1851 1928 66f7f2-66f829 call 668650 call 6338d0 1906->1928 1929 66f7f0 1906->1929 1930 66fa3a 1908->1930 1932 66f9ce-66f9d0 1909->1932 1915->1930 1916->1915 1928->1852 1929->1928 1930->1852 1932->1893 1932->1899
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0066F13D
                                                                                                                                                                                                                                            • Part of subcall function 00668650: std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 0066FAC8
                                                                                                                                                                                                                                            • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleInitLast_freestd::locale::_
                                                                                                                                                                                                                                          • String ID: <$<Zo$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
                                                                                                                                                                                                                                          • API String ID: 2292809486-3984314390
                                                                                                                                                                                                                                          • Opcode ID: a10711e86e96db276304757c1071869eed7c42a984f1661392a325b2d2c2e080
                                                                                                                                                                                                                                          • Instruction ID: f235427d0d2d584c8364c8705312285d984cb9843ecba921768440ead97915fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a10711e86e96db276304757c1071869eed7c42a984f1661392a325b2d2c2e080
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD629FB0A40619ABDB64DF14CC45FA9BBB6BF44304F0001E9F61967292DB71AE84CF99
                                                                                                                                                                                                                                          Function 006765F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2370 6765f0-676642 2371 676646-67664a 2370->2371 2372 676644 2370->2372 2373 6768c4-6768de 2371->2373 2374 676650-676662 call 631b0c 2371->2374 2372->2371 2375 6768e4-676900 call 661ac0 2373->2375 2376 676a8f-676aa3 call 6a88fa 2373->2376 2374->2373 2383 676668-676690 2374->2383 2385 676902-676912 2375->2385 2386 67695a-676960 2375->2386 2376->2375 2384 676aa9-676cc3 call 6760c0 * 3 call 63347e call 6760c0 * 2 call 63347e * 4 call 676400 call 6a85d4 call 6a85bf call 6a88b0 2376->2384 2387 676696-6766be 2383->2387 2388 676712 2383->2388 2384->2375 2389 676916-676923 2385->2389 2390 676914 2385->2390 2394 676964-6769a1 call 668650 2386->2394 2395 676962 2386->2395 2391 6766c4-6766cd 2387->2391 2393 676719-676727 2388->2393 2397 676925-676927 2389->2397 2398 67692d-67694e call 631b0c 2389->2398 2390->2389 2391->2391 2396 6766cf-676710 call 63347e call 6693a0 2391->2396 2400 676734-67673b 2393->2400 2401 676729-67672f call 6338d0 2393->2401 2415 6769a4-6769ad 2394->2415 2395->2394 2396->2388 2396->2393 2397->2398 2417 676954 2398->2417 2418 6769db-6769e4 2398->2418 2407 67673d-67677c call 668650 2400->2407 2408 6767a8-6767df call 6aa920 2400->2408 2401->2400 2428 676780-676789 2407->2428 2425 6767e1-6767f5 2408->2425 2426 67681d 2408->2426 2415->2415 2422 6769af-6769b7 call 63347e 2415->2422 2417->2386 2423 6769ea-6769f6 2417->2423 2418->2386 2418->2423 2435 6769bc-6769d8 call 6a8367 2422->2435 2423->2386 2430 6769fc-676a1c SHGetKnownFolderPath 2423->2430 2425->2426 2431 6767f7-6767fd 2425->2431 2432 67681f-676843 GetEnvironmentVariableW 2426->2432 2428->2428 2434 67678b-6767a3 call 63347e call 6338d0 2428->2434 2438 676a54-676a8a call 6314a1 CoTaskMemFree call 6344b2 call 6338d0 2430->2438 2439 676a1e-676a22 2430->2439 2440 676800 2431->2440 2441 676845-67684a 2432->2441 2442 67686e-6768b1 GetLastError call 668650 2432->2442 2434->2435 2438->2435 2446 676a26-676a4f call 668650 call 6314a1 2439->2446 2447 676a24 2439->2447 2440->2426 2449 676802-676805 2440->2449 2441->2442 2451 67684c-676865 call 6314a1 call 6338d0 2441->2451 2464 6768b4-6768bd 2442->2464 2446->2435 2447->2446 2458 676807-67681b 2449->2458 2459 67686a-67686c 2449->2459 2451->2435 2458->2426 2458->2440 2459->2432 2464->2464 2470 6768bf 2464->2470 2470->2373
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 0067683B
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0067686E
                                                                                                                                                                                                                                          • SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 00676A15
                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 00676A6B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
                                                                                                                                                                                                                                          • String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
                                                                                                                                                                                                                                          • API String ID: 3946049928-1874136459
                                                                                                                                                                                                                                          • Opcode ID: da24d1f8ae2db17683751bbfe99adbb3521bb2b1980cf8110eb934af9ae0a12c
                                                                                                                                                                                                                                          • Instruction ID: 812430a3b579b5584af84d7222da27f44ceaf2cb92db9ab2102b16051276bb90
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da24d1f8ae2db17683751bbfe99adbb3521bb2b1980cf8110eb934af9ae0a12c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0602EF70A00758DADB60DF64CC49BEDB7B2EF04708F10819DE50DA7291EBB56A88CF55
                                                                                                                                                                                                                                          Function 0066EAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2492 66eaa0-66eb46 call 6841f0 call 684430 2497 66eb4c-66ebf6 call 6aa920 * 2 2492->2497 2498 66ec1b-66ec28 2492->2498 2509 66ec2d-66ec35 2497->2509 2510 66ebf8-66ec18 GetLastError call 668650 2497->2510 2499 66ef5b-66ef83 call 684210 call 6a8367 2498->2499 2512 66ec37-66ec4b 2509->2512 2513 66ec52-66ec6d call 684280 2509->2513 2510->2498 2512->2513 2517 66eca4-66ecd5 call 684480 2513->2517 2518 66ec6f-66ec9f GetLastError call 668650 2513->2518 2523 66ecd7-66ed07 GetLastError call 668650 2517->2523 2524 66ed0c-66ed2b call 684250 2517->2524 2518->2499 2523->2499 2529 66ed4c-66ed5d call 684640 2524->2529 2530 66ed2d-66ed49 GetLastError call 668650 2524->2530 2535 66eda5-66edb2 call 684620 2529->2535 2536 66ed5f-66eda0 GetLastError call 668650 2529->2536 2530->2529 2541 66edb4-66ede0 GetLastError call 668650 2535->2541 2542 66ede5-66edfb call 684560 2535->2542 2536->2499 2541->2499 2547 66ee34-66ee52 call 6844c0 2542->2547 2548 66edfd-66ee2f GetLastError call 668650 2542->2548 2553 66ee54-66ee83 GetLastError call 668650 2547->2553 2554 66ee88-66eea4 call 6b594f 2547->2554 2548->2499 2553->2499 2559 66eea6-66eed5 call 668650 call 6ae960 2554->2559 2560 66eeda-66ef01 call 6845f0 2554->2560 2559->2499 2564 66ef06-66ef08 2560->2564 2566 66ef46-66ef58 call 6ae960 2564->2566 2567 66ef0a 2564->2567 2566->2499 2570 66ef10-66ef18 2567->2570 2570->2566 2572 66ef1a-66ef22 2570->2572 2573 66ef86-66efb9 call 668650 call 6ae960 2572->2573 2574 66ef24-66ef44 call 6845f0 2572->2574 2573->2499 2574->2566 2574->2570
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(D7A06B67), ref: 0066EBF9
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(D7A06B67,?,00000000,?), ref: 0066EC70
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(D7A06B67,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0066ECD8
                                                                                                                                                                                                                                            • Part of subcall function 00668650: std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(D7A06B67,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0066ED2E
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(D7A06B67,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0066ED75
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$Initstd::locale::_
                                                                                                                                                                                                                                          • String ID: @]f$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
                                                                                                                                                                                                                                          • API String ID: 1579124236-1460918578
                                                                                                                                                                                                                                          • Opcode ID: f856612570a5e84b761ef832b9b15fea424a1f495a01bb27f93e2abe677df75b
                                                                                                                                                                                                                                          • Instruction ID: 4da255003e15d30d7e4687277eb444bb76cc5266acb35ae68b574d470ac01e04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f856612570a5e84b761ef832b9b15fea424a1f495a01bb27f93e2abe677df75b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EC184B0A4071DAAEB209F10CC56BE9B766AF14704F404199F709772C2EBB25E948F6D
                                                                                                                                                                                                                                          Function 00669400 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 871libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2581 669400-669483 GetModuleHandleW 2582 669485-669495 GetProcAddress 2581->2582 2583 6694c2 2581->2583 2582->2583 2585 669497-6694b3 GetCurrentProcess 2582->2585 2584 6694c4-6694dc 2583->2584 2586 6694e0-6694e9 2584->2586 2585->2583 2589 6694b5-6694bc 2585->2589 2586->2586 2588 6694eb-66952f call 63347e 2586->2588 2593 669530-669539 2588->2593 2589->2583 2591 6694be-6694c0 2589->2591 2591->2584 2593->2593 2594 66953b-669567 call 63347e call 668c60 2593->2594 2599 669585-669592 2594->2599 2600 669569-669580 call 63347e 2594->2600 2602 669594-6695a9 2599->2602 2603 6695c9-6695f6 2599->2603 2600->2599 2604 6695bf-6695c6 call 6a8375 2602->2604 2605 6695ab-6695b9 2602->2605 2606 66962d-669674 call 6691a0 2603->2606 2607 6695f8-66960d 2603->2607 2604->2603 2605->2604 2608 66a108-66a121 call 6ad60f 2605->2608 2617 669677-669680 2606->2617 2610 669623-66962a call 6a8375 2607->2610 2611 66960f-66961d 2607->2611 2610->2606 2611->2608 2611->2610 2617->2617 2620 669682-6696a8 call 63347e call 668c60 2617->2620 2625 6696be-6696cb 2620->2625 2626 6696aa-6696b1 2620->2626 2629 669702-66972f 2625->2629 2630 6696cd-6696e2 2625->2630 2627 6696b5-6696b9 call 63347e 2626->2627 2628 6696b3 2626->2628 2627->2625 2628->2627 2631 669766-6697c9 call 6aa920 GetModuleFileNameW 2629->2631 2632 669731-669746 2629->2632 2634 6696e4-6696f2 2630->2634 2635 6696f8-6696ff call 6a8375 2630->2635 2644 669816-669884 call 670750 call 633f22 call 6338d0 call 6aa920 GetLongPathNameW 2631->2644 2645 6697cb-6697fb GetLastError call 668650 2631->2645 2636 66975c-669763 call 6a8375 2632->2636 2637 669748-669756 2632->2637 2634->2635 2635->2629 2636->2631 2637->2636 2663 669886-6698e8 GetLastError call 668650 call 6aea46 2644->2663 2664 6698eb-6698f1 2644->2664 2651 669800-669809 2645->2651 2651->2651 2653 66980b-669811 2651->2653 2655 66990b-669948 call 63347e 2653->2655 2660 669950-669959 2655->2660 2660->2660 2662 66995b-669987 call 63347e call 668c60 2660->2662 2675 6699a5-6699b2 2662->2675 2676 669989-6699a0 call 63347e 2662->2676 2663->2664 2667 6698f4-6698fd 2664->2667 2667->2667 2670 6698ff-66990a 2667->2670 2670->2655 2678 6699b4-6699c9 2675->2678 2679 6699e9-669a16 2675->2679 2676->2675 2682 6699df-6699e6 call 6a8375 2678->2682 2683 6699cb-6699d9 2678->2683 2680 669a4d-669abf call 63347e 2679->2680 2681 669a18-669a2d 2679->2681 2692 669ac0-669ac9 2680->2692 2684 669a43-669a4a call 6a8375 2681->2684 2685 669a2f-669a3d 2681->2685 2682->2679 2683->2682 2684->2680 2685->2684 2692->2692 2693 669acb-669af7 call 63347e call 668c60 2692->2693 2698 669b15-669b22 2693->2698 2699 669af9-669b10 call 63347e 2693->2699 2701 669b24-669b39 2698->2701 2702 669b59-669b86 2698->2702 2699->2698 2703 669b4f-669b56 call 6a8375 2701->2703 2704 669b3b-669b49 2701->2704 2705 669bbd-669c2f call 63347e 2702->2705 2706 669b88-669b9d 2702->2706 2703->2702 2704->2703 2714 669c30-669c39 2705->2714 2708 669bb3-669bba call 6a8375 2706->2708 2709 669b9f-669bad 2706->2709 2708->2705 2709->2708 2714->2714 2716 669c3b-669c67 call 63347e call 668c60 2714->2716 2721 669c85-669c92 2716->2721 2722 669c69-669c80 call 63347e 2716->2722 2724 669c94-669ca9 2721->2724 2725 669cc9-669cf6 2721->2725 2722->2721 2726 669cbf-669cc6 call 6a8375 2724->2726 2727 669cab-669cb9 2724->2727 2728 669d2d-669d69 call 668f20 call 66a130 2725->2728 2729 669cf8-669d0d 2725->2729 2726->2725 2727->2726 2740 669d72-669dae call 668f60 call 66a130 2728->2740 2741 669d6b-669d6d 2728->2741 2730 669d23-669d2a call 6a8375 2729->2730 2731 669d0f-669d1d 2729->2731 2730->2728 2731->2730 2746 669db7-669df3 call 668ee0 call 66a130 2740->2746 2747 669db0-669db2 2740->2747 2741->2740 2752 669df5-669df7 2746->2752 2753 669dfc-669e38 call 669120 call 66a130 2746->2753 2747->2746 2752->2753 2758 669e41-669e7d call 669120 call 66a130 2753->2758 2759 669e3a-669e3c 2753->2759 2764 669e86-669ec2 call 6690e0 call 66a130 2758->2764 2765 669e7f-669e81 2758->2765 2759->2758 2770 669ec4-669ec6 2764->2770 2771 669ecb-669f07 call 669160 call 66a130 2764->2771 2765->2764 2770->2771 2776 669f10-669f4c call 669060 call 66a130 2771->2776 2777 669f09-669f0b 2771->2777 2782 669f55-669f91 call 669060 call 66a130 2776->2782 2783 669f4e-669f50 2776->2783 2777->2776 2788 669f93-669f95 2782->2788 2789 669f9a-669fd6 call 669020 call 66a130 2782->2789 2783->2782 2788->2789 2794 669fdf-66a01b call 6690a0 call 66a130 2789->2794 2795 669fd8-669fda 2789->2795 2800 66a024-66a060 call 668fa0 call 66a130 2794->2800 2801 66a01d-66a01f 2794->2801 2795->2794 2806 66a062-66a064 2800->2806 2807 66a069-66a0a5 call 668fe0 call 66a130 2800->2807 2801->2800 2806->2807 2812 66a0a7-66a0a9 2807->2812 2813 66a0ae-66a0d6 call 668ea0 call 66a130 2807->2813 2812->2813 2817 66a0db-66a0e3 2813->2817 2818 66a0e5-66a0e7 2817->2818 2819 66a0ec-66a107 call 6a8367 2817->2819 2818->2819
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,D7A06B67,?), ref: 0066947B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0066948B
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?), ref: 006694A8
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,0070A52C,0070A52A), ref: 006697C1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0070A52C,0070A52A), ref: 006697CB
                                                                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 0066987C
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0066989A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
                                                                                                                                                                                                                                          • String ID: $wo$0po$0wo$1.1$<wo$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32$>o$ro$vo
                                                                                                                                                                                                                                          • API String ID: 891933594-1575059847
                                                                                                                                                                                                                                          • Opcode ID: 8a63a7744b4a740a28140c085c07e4d957c437e0ff43e958e1161539b016e2f0
                                                                                                                                                                                                                                          • Instruction ID: 19203c6195c728184e0f1da0dc4572ff1ff856fed9d2c34eefe6c790eb69126d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a63a7744b4a740a28140c085c07e4d957c437e0ff43e958e1161539b016e2f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C729DB0A002189FDB24DF64CC95B9DB7B6AF49304F1041DCE609AB391DB75AE84CF69
                                                                                                                                                                                                                                          Function 0066BC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2822 66bc60-66bd0a call 63347e 2825 66bd0e-66bd14 2822->2825 2826 66bd0c 2822->2826 2827 66bd16 2825->2827 2828 66bd18-66bd39 call 66fbe0 2825->2828 2826->2825 2827->2828 2831 66bd6e-66bd94 PathFindExtensionW call 6b2041 2828->2831 2832 66bd3b-66bd3f 2828->2832 2838 66bd96-66bda8 call 6b2041 2831->2838 2839 66bdaa-66bdbe 2831->2839 2833 66bd43-66bd63 call 668650 2832->2833 2834 66bd41 2832->2834 2844 66be5d-66be5f 2833->2844 2845 66bd69 2833->2845 2834->2833 2838->2839 2850 66bdea-66bdfa call 66bbf0 2838->2850 2842 66bdc0-66bdc5 call 6921d0 2839->2842 2843 66bdc9-66bdce call 67eb20 2839->2843 2851 66bdc7 2842->2851 2857 66bdd1-66bdd3 2843->2857 2848 66be63-66be69 2844->2848 2849 66be4b-66be57 DeleteFileW 2845->2849 2853 66be6b-66be7d 2848->2853 2854 66be99-66beb3 2848->2854 2849->2844 2869 66be61 2850->2869 2870 66bdfc-66be0e 2850->2870 2851->2857 2859 66be8f-66be96 call 6a8375 2853->2859 2860 66be7f-66be8d 2853->2860 2855 66beb5-66bec7 2854->2855 2856 66bee3-66bf00 call 6a8367 2854->2856 2862 66bed9-66bee0 call 6a8375 2855->2862 2863 66bec9-66bed7 2855->2863 2857->2850 2865 66bdd5-66bde8 2857->2865 2859->2854 2860->2859 2867 66bf03-66bf63 call 6ad60f 2860->2867 2862->2856 2863->2862 2863->2867 2873 66be37-66be48 call 668650 2865->2873 2882 66bf74-66c0e0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 2867->2882 2883 66bf65-66bf6f 2867->2883 2869->2848 2875 66be12-66be1f call 6b2041 2870->2875 2876 66be10 2870->2876 2873->2849 2875->2869 2888 66be21-66be32 2875->2888 2876->2875 2927 66c0e6-66c0ee 2882->2927 2928 66c37d-66c382 2882->2928 2886 66c387-66c39d call 668650 2883->2886 2893 66c39f-66c3a4 2886->2893 2888->2873 2895 66c3a6-66c3b0 2893->2895 2896 66c3c7-66c3e4 call 6a8367 2893->2896 2895->2896 2899 66c3b2-66c3be 2895->2899 2899->2896 2904 66c3c0-66c3c2 2899->2904 2904->2896 2927->2928 2929 66c0f4-66c0fc 2927->2929 2928->2886 2930 66c115-66c121 call 6314c1 2929->2930 2931 66c0fe-66c113 call 6314a1 2929->2931 2936 66c126-66c13c call 6344b2 2930->2936 2931->2936 2939 66c13e-66c147 call 6338d0 2936->2939 2940 66c14c-66c153 2936->2940 2939->2940 2942 66c166-66c171 2940->2942 2943 66c155-66c161 call 6338d0 2940->2943 2945 66c173-66c186 call 6314a1 2942->2945 2946 66c188-66c197 call 6314c1 2942->2946 2943->2942 2951 66c19a-66c1b0 call 6344b2 2945->2951 2946->2951 2954 66c1b2-66c1be call 6338d0 2951->2954 2955 66c1c3-66c1ca 2951->2955 2954->2955 2957 66c1cc-66c1d8 call 6338d0 2955->2957 2958 66c1dd-66c1e5 2955->2958 2957->2958 2960 66c1e7-66c1fa call 6314a1 2958->2960 2961 66c1fc-66c20b call 6314c1 2958->2961 2966 66c20e-66c221 call 6344b2 2960->2966 2961->2966 2969 66c223-66c22c call 6338d0 2966->2969 2970 66c231-66c238 2966->2970 2969->2970 2972 66c245-66c25e call 66a380 2970->2972 2973 66c23a-66c240 call 6338d0 2970->2973 2977 66c346-66c34b 2972->2977 2978 66c264-66c271 call 66a380 2972->2978 2973->2972 2980 66c34d-66c35e call 668650 2977->2980 2978->2977 2984 66c277-66c284 call 66a380 2978->2984 2985 66c361 2980->2985 2984->2977 2990 66c28a-66c297 2984->2990 2987 66c363-66c37b call 6338d0 * 3 2985->2987 2987->2893 2992 66c29b-66c2aa call 6d4db0 2990->2992 2993 66c299 2990->2993 2999 66c2cf-66c301 call 6314a1 call 6667e0 call 6338d0 2992->2999 3000 66c2ac-66c2ca call 668650 2992->3000 2993->2992 3010 66c323-66c33d call 66bc60 2999->3010 3011 66c303-66c310 call 66a380 2999->3011 3000->2985 3015 66c342-66c344 3010->3015 3016 66c312-66c319 3011->3016 3017 66c31b-66c31f 3011->3017 3015->2987 3016->2980 3017->3010 3018 66c321 3017->3018 3018->3010
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,0070BFD0,00000000,D7A06B67), ref: 0066BD7A
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000), ref: 0066BE57
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteExtensionFileFindPath
                                                                                                                                                                                                                                          • String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create destination directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
                                                                                                                                                                                                                                          • API String ID: 3618814920-733304951
                                                                                                                                                                                                                                          • Opcode ID: 2fc99ce5e7714edddee5f3ecb30a271b3b1ea1a5cc36a10cba2d82c41f1d905f
                                                                                                                                                                                                                                          • Instruction ID: b2341a9f836c3928a2950bed00c2c611f7d0a1b8346df681757770b42a909e43
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fc99ce5e7714edddee5f3ecb30a271b3b1ea1a5cc36a10cba2d82c41f1d905f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15227C71E00218DBDB20DFA4CC95BEEB7B6EF14314F10415DE915AB282DB75AA48CFA4
                                                                                                                                                                                                                                          Function 00640890 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 560COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 3210 640890-6408e2 call 693bab 3213 641045-641046 call 693faf 3210->3213 3214 6408e8-6408ee 3210->3214 3221 64104b call 6ad60f 3213->3221 3215 6408f4-64090b ConvertStringSecurityDescriptorToSecurityDescriptorW 3214->3215 3216 640a53-640a70 call 6aa920 3214->3216 3219 640911-640939 3215->3219 3220 64101f-641042 call 693bbc call 6a8367 3215->3220 3227 640a75-640ab6 call 643110 3216->3227 3228 640a72 3216->3228 3223 64093d-640942 3219->3223 3224 64093b 3219->3224 3231 641050-641053 3221->3231 3229 640945-64094e 3223->3229 3224->3223 3243 640abc-640ac0 3227->3243 3244 640fa9-64101c call 642b90 call 692bfd 3227->3244 3228->3227 3229->3229 3232 640950-64099f call 63f520 call 63e640 3229->3232 3234 641055-64105a 3231->3234 3235 64105c-641069 3231->3235 3253 6409a4-6409bf 3232->3253 3239 64106c-641098 call 632a82 call 6328d1 call 6aa332 3234->3239 3235->3239 3248 640ac6-640bba call 6a8713 call 6aa920 call 693367 call 693184 call 6933f6 call 633128 call 693084 call 6931e9 3243->3248 3249 640d19-640d26 3243->3249 3244->3220 3332 640bbc-640bcc call 693367 3248->3332 3333 640bef-640c12 call 695688 3248->3333 3250 640d28 3249->3250 3251 640d2a-640d53 call 6389b0 3249->3251 3250->3251 3270 640e00-640e0a 3251->3270 3271 640d59-640d70 call 632c9c 3251->3271 3258 6409c1-6409d6 3253->3258 3259 6409fc-640a1b 3253->3259 3264 6409ec-6409f9 call 6a8375 3258->3264 3265 6409d8-6409e6 3258->3265 3267 640a31-640a40 3259->3267 3268 640a1d-640a1f 3259->3268 3264->3259 3265->3221 3265->3264 3276 640a51 3267->3276 3277 640a42-640a4f LocalFree 3267->3277 3268->3220 3274 640a25-640a2c LocalFree 3268->3274 3270->3244 3280 640e10-640e3a call 632c9c 3270->3280 3286 640d72-640d8a 3271->3286 3287 640db8-640dc3 call 6938a1 3271->3287 3274->3220 3276->3216 3277->3216 3290 640e3c-640e6c call 642380 3280->3290 3291 640e89-640eb2 call 6938a1 3280->3291 3286->3287 3313 640d8c-640db2 3286->3313 3297 640dc5-640dc8 call 632510 3287->3297 3298 640dcd-640de5 3287->3298 3309 640e6e-640e79 call 6938a1 3290->3309 3306 640eb4-640eb7 call 632510 3291->3306 3307 640ebc 3291->3307 3297->3298 3303 640de7-640df4 3298->3303 3304 640dfc 3298->3304 3303->3304 3304->3270 3306->3307 3312 640ec0-640ed4 3307->3312 3323 640e83-640e87 3309->3323 3324 640e7b-640e7e call 632510 3309->3324 3317 640ed6-640ee3 3312->3317 3318 640eeb-640f0d 3312->3318 3313->3231 3313->3287 3317->3318 3318->3244 3320 640f13 3318->3320 3325 640f15-640f18 3320->3325 3326 640f1e-640f2b call 643030 3320->3326 3323->3312 3324->3323 3325->3244 3325->3326 3335 640f2d-640f63 3326->3335 3336 640f78-640f82 3326->3336 3346 640bde-640bec call 6933bf 3332->3346 3347 640bce-640bd9 3332->3347 3343 640c14-640c16 3333->3343 3344 640c5f-640c7e call 642c50 3333->3344 3335->3336 3339 640f65-640f68 3335->3339 3340 640f84 3336->3340 3341 640f86-640fa4 call 63e790 call 641740 3336->3341 3339->3235 3345 640f6e-640f73 3339->3345 3340->3341 3341->3244 3350 640c21-640c2d 3343->3350 3351 640c18-640c1e call 6ae960 3343->3351 3359 640c80-640c9a 3344->3359 3360 640caf-640cb4 3344->3360 3345->3239 3346->3333 3347->3346 3358 640c30-640c34 3350->3358 3351->3350 3358->3358 3362 640c36-640c4e call 6b594f 3358->3362 3359->3360 3375 640c9c-640caa 3359->3375 3364 640cb6-640ccd 3360->3364 3365 640ce2-640ceb 3360->3365 3362->3344 3369 640c50-640c5c call 6aa3a0 3362->3369 3364->3365 3377 640ccf-640cdd 3364->3377 3365->3249 3367 640ced-640d04 3365->3367 3367->3249 3380 640d06-640d14 3367->3380 3369->3344 3375->3360 3377->3365 3380->3249
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00640903
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?), ref: 00640A26
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?), ref: 00640A43
                                                                                                                                                                                                                                            • Part of subcall function 00632510: __EH_prolog3_catch.LIBCMT ref: 00632517
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00640B08
                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00640B50
                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00640B86
                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 00640B97
                                                                                                                                                                                                                                          • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00640BA4
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00640BC0
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00640BE1
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00640BF2
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00641017
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00641020
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockitstd::locale::_$DescriptorFreeLocalLocimp::_Lockit::_Security$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimpLocimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockNew_Stringstd::ios_base::_
                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                          • API String ID: 4127577005-3388121372
                                                                                                                                                                                                                                          • Opcode ID: 4c438e42da8b526d717a839d73772e706b1a9960d17429c4d0e836ccfd826a64
                                                                                                                                                                                                                                          • Instruction ID: acb027fa7fd733ff8aab6d959ca2f8ba34a6f46664294e3fc4decbddb84e3577
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c438e42da8b526d717a839d73772e706b1a9960d17429c4d0e836ccfd826a64
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73327D70D00268CFDB14DFA8C995BDDBBB6AF08304F1441A9E905AB391DB75AE84CF91
                                                                                                                                                                                                                                          Function 006559AA Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 407COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 3495 6559aa-655b7a call 656440 call 649180 3508 655b7f-655b81 3495->3508 3509 655b7a call 649180 3495->3509 3510 655bc4-655be0 call 6311f3 3508->3510 3511 655b83-655b8d 3508->3511 3509->3508 3522 655be6-655c59 call 639bb0 call 639940 call 631b84 call 631be0 call 63b8a0 call 692bfd 3510->3522 3523 655cfc-655d06 3510->3523 3512 655b93-655ba5 3511->3512 3513 655c8d-655ccd call 656440 3511->3513 3515 655c83-655c8a call 6a8375 3512->3515 3516 655bab-655bbf 3512->3516 3524 655db3-655dc0 3513->3524 3525 655cd3-655cd8 3513->3525 3515->3513 3516->3515 3522->3513 3607 655c5b-655c6d 3522->3607 3526 655d08-655d1a 3523->3526 3527 655d3a-655d67 call 656440 3523->3527 3532 655dc2-655dc7 3524->3532 3533 655dc9-655dce 3524->3533 3530 655cdc-655cf7 call 6aa3a0 3525->3530 3531 655cda 3525->3531 3534 655d30-655d37 call 6a8375 3526->3534 3535 655d1c-655d2a 3526->3535 3548 655d69-655d73 call 64aad0 3527->3548 3549 655d78-655d82 3527->3549 3553 655e8e-655e98 3530->3553 3531->3530 3539 655dd1-655de5 3532->3539 3533->3539 3534->3527 3535->3534 3545 655de7-655dec 3539->3545 3546 655e30-655e32 3539->3546 3554 656085 Concurrency::cancel_current_task 3545->3554 3555 655df2-655dfd call 6a8713 3545->3555 3556 655e64-655e86 3546->3556 3557 655e34-655e62 call 6a8713 3546->3557 3548->3549 3549->3513 3552 655d88-655d94 3549->3552 3552->3515 3560 655d9a-655dae 3552->3560 3562 655ec6-655eee call 649980 3553->3562 3563 655e9a-655ea6 3553->3563 3564 65608a call 6ad60f 3554->3564 3555->3564 3578 655e03-655e2e 3555->3578 3561 655e8c 3556->3561 3557->3561 3560->3515 3561->3553 3582 655ef4-655f34 call 656440 3562->3582 3583 655f7f 3562->3583 3569 655ebc-655ec3 call 6a8375 3563->3569 3570 655ea8-655eb6 3563->3570 3576 65608f-6560aa call 6ad60f 3564->3576 3569->3562 3570->3564 3570->3569 3591 6560ac-6560b6 3576->3591 3592 6560d8-6560fc call 6567b0 3576->3592 3578->3561 3594 655f45-655f4f 3582->3594 3595 655f36-655f40 call 64aad0 3582->3595 3585 655f82-655f93 GetModuleHandleW 3583->3585 3589 655f95-655fa5 GetProcAddress 3585->3589 3590 655fd1 3585->3590 3589->3590 3599 655fa7-655fc5 GetCurrentProcess 3589->3599 3596 655fd3-65605c call 656440 call 6336db call 63372a * 3 call 6a8367 3590->3596 3600 6560ce-6560d5 call 6a8375 3591->3600 3601 6560b8-6560c6 3591->3601 3614 656144-656149 3592->3614 3615 6560fe-656106 3592->3615 3594->3585 3604 655f51-655f5d 3594->3604 3595->3594 3599->3590 3635 655fc7-655fcb 3599->3635 3600->3592 3608 6561d4-6561d9 call 6ad60f 3601->3608 3609 6560cc 3601->3609 3611 655f73-655f7d call 6a8375 3604->3611 3612 655f5f-655f6d 3604->3612 3607->3515 3617 655c6f-655c7d 3607->3617 3609->3600 3611->3585 3612->3576 3612->3611 3619 65618f-656197 3614->3619 3620 65614b-656151 3614->3620 3623 65613d 3615->3623 3624 656108-65610c 3615->3624 3617->3515 3632 6561c0-6561d3 3619->3632 3633 656199-6561a2 3619->3633 3626 656153-656157 3620->3626 3627 656188 3620->3627 3623->3614 3630 65610e-656115 SysFreeString 3624->3630 3631 65611b-656120 3624->3631 3636 656166-65616b 3626->3636 3637 656159-656160 SysFreeString 3626->3637 3627->3619 3630->3631 3639 656132-65613a call 6a8375 3631->3639 3640 656122-65612b call 6a874c 3631->3640 3641 6561a4-6561b2 3633->3641 3642 6561b6-6561bd call 6a8375 3633->3642 3635->3590 3644 655fcd-655fcf 3635->3644 3646 65617d-656185 call 6a8375 3636->3646 3647 65616d-656176 call 6a874c 3636->3647 3637->3636 3639->3623 3640->3639 3641->3608 3643 6561b4 3641->3643 3642->3632 3643->3642 3644->3596 3646->3627 3647->3646
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00656067
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00656085
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 0065610F
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0065615A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskFreeString
                                                                                                                                                                                                                                          • String ID: )$0p$4p$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                                          • API String ID: 3597043392-4136711636
                                                                                                                                                                                                                                          • Opcode ID: 2d3e9baa5ba0e3a27e353c0c8a4673f63743a18c236389329629862d5034c281
                                                                                                                                                                                                                                          • Instruction ID: 987372f4a9e1253e2eb3597baaab52c6bb9426fa00f24082068ba657b0e275bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d3e9baa5ba0e3a27e353c0c8a4673f63743a18c236389329629862d5034c281
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7E1F3709007449FEB28DFB8C9587ADBBB3AF41311F24465CE805AB3D2DB749A88CB55
                                                                                                                                                                                                                                          Function 00666560 Relevance: 25.7, APIs: 14, Strings: 3, Instructions: 211memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4028 666560-66658d 4029 66658f-666592 GlobalFree 4028->4029 4030 666599-66659e 4028->4030 4029->4030 4031 6665a0-6665a3 GlobalFree 4030->4031 4032 6665aa-6665af 4030->4032 4031->4032 4033 6665b1-6665b4 GlobalFree 4032->4033 4034 6665bb-6665c8 4032->4034 4033->4034 4036 6665ce-6665d3 4034->4036 4037 66668c 4034->4037 4038 6666cd-6666d1 4036->4038 4039 6665d9-6665de 4036->4039 4040 66668e-666693 4037->4040 4043 6666d3-6666d7 4038->4043 4044 6666dd-6666ef 4038->4044 4045 6665e0-6665e3 GlobalFree 4039->4045 4046 6665ea-6665ec 4039->4046 4041 666695-666698 GlobalFree 4040->4041 4042 66669f-6666a4 4040->4042 4041->4042 4047 6666a6-6666a9 GlobalFree 4042->4047 4048 6666b0-6666b6 4042->4048 4043->4044 4049 6667d0-6667d2 4043->4049 4050 6666f1-6666fb 4044->4050 4051 6666fd-666704 4044->4051 4045->4046 4052 6665ee-6665f0 4046->4052 4053 66662b-666633 4046->4053 4047->4048 4055 6666bb-6666cc call 6a8367 4048->4055 4056 6666b8-6666b9 GlobalFree 4048->4056 4049->4040 4059 66670b-66672a 4050->4059 4051->4059 4054 6665f3-6665fc 4052->4054 4057 666635-666638 GlobalFree 4053->4057 4058 66663f-666641 4053->4058 4054->4054 4060 6665fe-666618 GlobalAlloc 4054->4060 4056->4055 4057->4058 4058->4049 4062 666647-66664c 4058->4062 4059->4037 4067 666730-666751 4059->4067 4060->4037 4063 66661a-666629 call 6ad660 4060->4063 4065 666650-666659 4062->4065 4063->4037 4063->4053 4065->4065 4069 66665b-666675 GlobalAlloc 4065->4069 4072 66675e-66676b 4067->4072 4069->4037 4071 666677-666686 call 6ad660 4069->4071 4071->4037 4071->4049 4076 666794-666798 4072->4076 4077 66676d-666779 4072->4077 4080 6667ae-6667ba 4076->4080 4081 66679a-6667a9 call 666a70 call 666af0 4076->4081 4078 666781-666786 4077->4078 4079 66677b-66677e GlobalFree 4077->4079 4078->4037 4082 66678c-66678f GlobalFree 4078->4082 4079->4078 4084 6667c6-6667cb 4080->4084 4085 6667bc-6667bf GlobalFree 4080->4085 4081->4080 4082->4037 4084->4049 4086 6667cd-6667ce GlobalFree 4084->4086 4085->4084 4086->4049
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00666590
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 006665A1
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000101), ref: 006665B2
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 006665E1
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000000,?), ref: 0066660D
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000101), ref: 00666636
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000000,?), ref: 0066666A
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00666696
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 006666A7
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 006666B9
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0066677C
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0066678D
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 006667BD
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 006667CE
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                                                          • String ID: Temp$\$o$`auo
                                                                                                                                                                                                                                          • API String ID: 1780285237-3444368726
                                                                                                                                                                                                                                          • Opcode ID: 12ac8c4f40b3b47f07ef642761e41972a52af825ddb5d98f1ee453572c0f2817
                                                                                                                                                                                                                                          • Instruction ID: dc0571e2305d602db945abb9c34feaea94b0dc459efd499347fb25e226f22971
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ac8c4f40b3b47f07ef642761e41972a52af825ddb5d98f1ee453572c0f2817
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 937139B0A00219ABDF109FA5EC84BEEBBBAAF44704F098159FC05EB351D775D945CEA0
                                                                                                                                                                                                                                          Function 0064CE00 Relevance: 25.0, APIs: 2, Strings: 12, Instructions: 545COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4089 64ce00-64d2f7 call 6a8713 * 6 call 693b8a call 6aa920 * 2 call 651770 call 63bbb0 call 63bed0 4114 64d32e-64d3ac call 634300 * 5 call 63ba20 4089->4114 4115 64d2f9-64d30e 4089->4115 4141 64d414-64d41d 4114->4141 4142 64d3ae-64d3b4 4114->4142 4116 64d324-64d32b call 6a8375 4115->4116 4117 64d310-64d31e 4115->4117 4116->4114 4117->4116 4119 64d707-64d71d call 6ad60f call 649c10 4117->4119 4131 64d72d-64d730 4119->4131 4132 64d71f-64d72a call 6a8375 4119->4132 4132->4131 4145 64d454-64d46c call 6aa920 call 64ccb0 4141->4145 4146 64d41f-64d434 4141->4146 4143 64d3b6-64d3c5 4142->4143 4144 64d3ed-64d412 4142->4144 4148 64d3c7-64d3d5 4143->4148 4149 64d3dd-64d3ea call 6a8375 4143->4149 4144->4145 4162 64d471-64d481 4145->4162 4150 64d436-64d444 4146->4150 4151 64d44a-64d451 call 6a8375 4146->4151 4153 64d6f8 call 6ad60f 4148->4153 4154 64d3db 4148->4154 4149->4144 4150->4151 4150->4153 4151->4145 4161 64d6fd call 6334d0 4153->4161 4154->4149 4166 64d702 call 6334d0 4161->4166 4164 64d483-64d494 4162->4164 4165 64d4d8-64d4e9 4162->4165 4164->4161 4167 64d49a-64d4a0 4164->4167 4165->4166 4168 64d4ef-64d4f5 4165->4168 4166->4119 4170 64d4a4-64d4a8 4167->4170 4171 64d4a2 4167->4171 4172 64d4f7 4168->4172 4173 64d4f9-64d4fd 4168->4173 4176 64d4ac-64d4d6 call 6340e8 4170->4176 4177 64d4aa 4170->4177 4171->4170 4172->4173 4174 64d501-64d522 call 6340e8 4173->4174 4175 64d4ff 4173->4175 4182 64d527-64d52f 4174->4182 4175->4174 4176->4182 4177->4176 4183 64d597-64d59f 4182->4183 4184 64d531-64d537 4182->4184 4187 64d5f0-64d5f9 4183->4187 4188 64d5a1-64d5b3 4183->4188 4185 64d539-64d548 4184->4185 4186 64d56a-64d594 4184->4186 4191 64d560-64d567 call 6a8375 4185->4191 4192 64d54a-64d558 4185->4192 4186->4183 4189 64d63b-64d689 call 639bb0 call 639940 call 631b84 call 634200 4187->4189 4190 64d5fb-64d604 4187->4190 4188->4187 4193 64d5b5-64d5ca 4188->4193 4214 64d68d-64d6f7 call 634190 call 63b8a0 call 692bfd call 64d740 call 6a8367 4189->4214 4215 64d68b 4189->4215 4190->4189 4196 64d606-64d61b 4190->4196 4191->4186 4192->4119 4197 64d55e 4192->4197 4194 64d5e0-64d5ed call 6a8375 4193->4194 4195 64d5cc-64d5da 4193->4195 4194->4187 4195->4119 4195->4194 4201 64d631-64d638 call 6a8375 4196->4201 4202 64d61d-64d62b 4196->4202 4197->4191 4201->4189 4202->4119 4202->4201 4215->4214
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Mtx_init_in_situ.LIBCPMT ref: 0064D1E6
                                                                                                                                                                                                                                            • Part of subcall function 0063BBB0: std::locale::_Init.LIBCPMT ref: 0063BBFC
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064D6C4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
                                                                                                                                                                                                                                          • String ID: $+o$$p$.servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$<p$@p$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$`p$https://$u$*o
                                                                                                                                                                                                                                          • API String ID: 655687434-223290961
                                                                                                                                                                                                                                          • Opcode ID: 553c412eb57a002f1a5ffe2fae9cebb5990dcc2743422e237b413d84ba9bf7e5
                                                                                                                                                                                                                                          • Instruction ID: 2687b41669a8f3dd8e6fea9ee80f2b6c9101feff5cdd4cb90b07f35379d5e078
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 553c412eb57a002f1a5ffe2fae9cebb5990dcc2743422e237b413d84ba9bf7e5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C642AD70900745CFEB24DF28DD45BA9B7B1BF45308F0086ADE548AB692EB74AAC4CF54
                                                                                                                                                                                                                                          Function 0064E380 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 271COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E4A1
                                                                                                                                                                                                                                            • Part of subcall function 0064DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064DF0C
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 0064E3DE
                                                                                                                                                                                                                                            • Part of subcall function 0064E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E161
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 0064E4FB
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E665
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E6F8
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                          • String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]$`p$`p]
                                                                                                                                                                                                                                          • API String ID: 1670716954-3557102455
                                                                                                                                                                                                                                          • Opcode ID: 004f217827beb802070c99b59fc24b8f10d28c53d280996f0fb16f2e6175ad76
                                                                                                                                                                                                                                          • Instruction ID: aa141a0a26288fc1f2639114d07ed0a72a23c9d49d1b56ff895103f169ec8a59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 004f217827beb802070c99b59fc24b8f10d28c53d280996f0fb16f2e6175ad76
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2991D071900218DBDB54EF64DC42BEEB3BAEF15310F0041ADE909A7381EB756A48CEA5
                                                                                                                                                                                                                                          Function 00655A23 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 265COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00656085
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 0065610F
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0065615A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeString$Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID: )$0p$4p$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                                          • API String ID: 2663709405-4136711636
                                                                                                                                                                                                                                          • Opcode ID: 81162a3330f00a5408c02623de5275d49fa9e33633a81056547b6178fdaf7d1c
                                                                                                                                                                                                                                          • Instruction ID: 6f2ef37135592e06d728b567d51ecd3f6594aa4757e30399b310fb14eda1a463
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81162a3330f00a5408c02623de5275d49fa9e33633a81056547b6178fdaf7d1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1B1E170900348DBEF14DFA8C95879DBBB3AF41305F20865CE805AB3D2DB789A88CB55
                                                                                                                                                                                                                                          Function 00644200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000400,00000000,?,D7A06B67,?,?), ref: 00644257
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001,?,?), ref: 006442BC
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006442F2
                                                                                                                                                                                                                                          • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 00644367
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?), ref: 00644375
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064440A
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?), ref: 0064455B
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Filename for process with id , xrefs: 006444B0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
                                                                                                                                                                                                                                          • String ID: Filename for process with id
                                                                                                                                                                                                                                          • API String ID: 563014942-4200337779
                                                                                                                                                                                                                                          • Opcode ID: f813069334204a49b6ca993493e4f46bba0d8650625a94703c1511f421761418
                                                                                                                                                                                                                                          • Instruction ID: 54beea08321992dc9333eac8a6c5384458a8d61a654af5fb66eed0e966039184
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f813069334204a49b6ca993493e4f46bba0d8650625a94703c1511f421761418
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4D18C70D10259DBCB20EFA4D886BEEB7B6FF44304F10466DE409A7281EB746A48CF94
                                                                                                                                                                                                                                          Function 006D00DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006CFE25: CreateFileW.KERNEL32(00000000,00000000,?,006D0187,?,?,00000000,?,006D0187,00000000,0000000C), ref: 006CFE42
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006D01F2
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006D01F9
                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 006D0205
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006D020F
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006D0218
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 006D0238
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 006D0385
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006D03B7
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006D03BE
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                          • String ID: isl
                                                                                                                                                                                                                                          • API String ID: 4237864984-4166070011
                                                                                                                                                                                                                                          • Opcode ID: 12469575a2af8e9ecdf57134cd792aa8735b279841729c5071fcf4ee82a06ccf
                                                                                                                                                                                                                                          • Instruction ID: aa7f8609640641ed8301ac0903d2f12fcf646b0cde642e25506173c7e02d83a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12469575a2af8e9ecdf57134cd792aa8735b279841729c5071fcf4ee82a06ccf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DA12432E042459FDF1DEF68DC96BAE3BA2AB06324F14015EE811EB391C7358D52CB55
                                                                                                                                                                                                                                          Function 00643D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 00643E00
                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 00643F9C
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00643FCA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • UNKNOWN, xrefs: 00643DD2
                                                                                                                                                                                                                                          • Error retrieving session id for generating log name., xrefs: 00643E0B
                                                                                                                                                                                                                                          • WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 00643F97
                                                                                                                                                                                                                                          • WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 00643F81
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
                                                                                                                                                                                                                                          • String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
                                                                                                                                                                                                                                          • API String ID: 1186403813-1860316991
                                                                                                                                                                                                                                          • Opcode ID: 97c39e6f113a9b88963e45c90fb3f162b7e832cba7b612a1aa41cd53ad27a70b
                                                                                                                                                                                                                                          • Instruction ID: 55eef6cd85600c3a72bdadf896d3bee6edb0ed3ee157cc48311c113260d39d5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97c39e6f113a9b88963e45c90fb3f162b7e832cba7b612a1aa41cd53ad27a70b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0251C171E00225DFCB589FB4C885AAEBBB6FF04310F20022AE526D7790D7749A44CBA4
                                                                                                                                                                                                                                          Function 006A9900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00654AA5,00654AA7,00000000,00000000,D7A06B67,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9989
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00654AA5,?,00000000,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5), ref: 006A9A04
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 006A9A0F
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A38
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A42
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(80070057,D7A06B67,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A47
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A5A
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A70
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A83
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1353541977-0
                                                                                                                                                                                                                                          • Opcode ID: 22e8342ec75298cad6397944c60921bdf8b79bc520a47c412257d1ec8fe0d685
                                                                                                                                                                                                                                          • Instruction ID: ba9e54566b3cfc8d3f2b7c63c5a049f840d3648dbfced9a0541d7b2dfc70fe67
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22e8342ec75298cad6397944c60921bdf8b79bc520a47c412257d1ec8fe0d685
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A741C471A00245AFDB10AF68DC45BEFBBAAAB46750F24462EF505E7281DB359C00CFA4
                                                                                                                                                                                                                                          Function 0064EEC0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 0064CCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064CDBB
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0064F0FC
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F268
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F307
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$`p
                                                                                                                                                                                                                                          • API String ID: 1722207485-1554087230
                                                                                                                                                                                                                                          • Opcode ID: 4f4899136aeff122684304aad82425283cb1c56ab5d4538152a2b463fc7bfb0f
                                                                                                                                                                                                                                          • Instruction ID: 6f71594aa0ce0f26d26261acd3554e41d0739f51432399af842718d6accc8d65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f4899136aeff122684304aad82425283cb1c56ab5d4538152a2b463fc7bfb0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C1CEB0D002189BDB54EFA4CC55BEEB7B6AF45300F1042ADE416A73C2EB745E45CBA5
                                                                                                                                                                                                                                          Function 00639C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 0063E310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0063E36C
                                                                                                                                                                                                                                          • __Mtx_init_in_situ.LIBCPMT ref: 00639DD4
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0063A06D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
                                                                                                                                                                                                                                          • String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
                                                                                                                                                                                                                                          • API String ID: 239504998-2017128786
                                                                                                                                                                                                                                          • Opcode ID: 4fdf16d6fd33abfc5fce9f6c66e531d02a07280a8ac3eab4bcfd6fad345589b8
                                                                                                                                                                                                                                          • Instruction ID: df8f613ff2792d78d12ac0b32b80ec4040d31ebef9b92d6da77ecd01aa4a6e7b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fdf16d6fd33abfc5fce9f6c66e531d02a07280a8ac3eab4bcfd6fad345589b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41C18A71D00249DFDB04DFA4C945BEEBBF2AF48304F20821DE415A7391EB79AA48CB95
                                                                                                                                                                                                                                          Function 0064E0D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 171COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E161
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 0064E278
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E351
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Event Sender already initialized for AWS, xrefs: 0064E137
                                                                                                                                                                                                                                          • Unable to open HTTP session for AWS, xrefs: 0064E327
                                                                                                                                                                                                                                          • `p, xrefs: 0064E30E
                                                                                                                                                                                                                                          • WinHttpCrackUrl failed for AWS: , xrefs: 0064E268
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                          • String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS: $`p
                                                                                                                                                                                                                                          • API String ID: 2211357200-4178717899
                                                                                                                                                                                                                                          • Opcode ID: 6db15feaba2d083ddcc7823abcf45bc5826d95cbc46dc524d87184fa61cc44db
                                                                                                                                                                                                                                          • Instruction ID: d927a4f1a740cfcd8a78712946e4063742a7ee8158c5cee3284dfb828694c8ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6db15feaba2d083ddcc7823abcf45bc5826d95cbc46dc524d87184fa61cc44db
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1161A0709007099BDB60DF60DC55BEAB7FAFB44305F00096DE51AA7380EBB56A48CFA5
                                                                                                                                                                                                                                          Function 00646D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Mtx_init_in_situ.LIBCPMT ref: 00646D7B
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00646F75
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00646F88
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
                                                                                                                                                                                                                                          • String ID: event sender$=$Failed to initialize $async
                                                                                                                                                                                                                                          • API String ID: 3676452600-816272291
                                                                                                                                                                                                                                          • Opcode ID: f4ee811cbfe300f81df6e9a425d7690a72560a9e318152a47a16a54d8b0251aa
                                                                                                                                                                                                                                          • Instruction ID: 23ee29d40166582e309a4f71f69eeb9da3781e4b76e5737a8f6d4540646751ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4ee811cbfe300f81df6e9a425d7690a72560a9e318152a47a16a54d8b0251aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5618C70904305CFDB45DF60C895BAEBBF6AF45300F5441ADE805AB382DBB59A48CFA6
                                                                                                                                                                                                                                          Function 0064DE80 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064DF0C
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 0064DFD7
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E0A2
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • WinHttpCrackUrl failed for Azure: , xrefs: 0064DFC7
                                                                                                                                                                                                                                          • Unable to open HTTP session for Azure, xrefs: 0064E078
                                                                                                                                                                                                                                          • `p, xrefs: 0064E05F
                                                                                                                                                                                                                                          • Event Sender already initialized for Azure, xrefs: 0064DEE2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                          • String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure: $`p
                                                                                                                                                                                                                                          • API String ID: 2211357200-386503394
                                                                                                                                                                                                                                          • Opcode ID: 1508be2e2bfebcec598755fe8e9fd40ced51bfa5d0437eb872b403cb6cb1e248
                                                                                                                                                                                                                                          • Instruction ID: ab325c0f87d01f3acf41197de4f3795958b3a7fa9adc6b9fb92b8cb783f33aac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1508be2e2bfebcec598755fe8e9fd40ced51bfa5d0437eb872b403cb6cb1e248
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A517E709003499BDB64DF50C855BEEB7FAFB04304F0049ADE506A7380EBB46A48CFA5
                                                                                                                                                                                                                                          Function 0064928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00648FB0: CoCreateGuid.OLE32(?), ref: 00648FC8
                                                                                                                                                                                                                                            • Part of subcall function 00648FB0: StringFromCLSID.OLE32(?,?), ref: 00648FE0
                                                                                                                                                                                                                                            • Part of subcall function 00648FB0: CoTaskMemFree.OLE32(?), ref: 00649138
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006493D1
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
                                                                                                                                                                                                                                          • String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
                                                                                                                                                                                                                                          • API String ID: 598746661-2174109026
                                                                                                                                                                                                                                          • Opcode ID: 8f2b063c9a8b7fbc503cb174f58bd0a325d848d6db7a0583415b07461c1fd00c
                                                                                                                                                                                                                                          • Instruction ID: d26aa0bba44da5a97aef556e033c7f893f28f46d1c9b354e9180658c539cbc59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f2b063c9a8b7fbc503cb174f58bd0a325d848d6db7a0583415b07461c1fd00c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C518F70900209DADF54EF60D851BEEB7A6EF51304F50815DE90A572C1EBB4AA48CFB5
                                                                                                                                                                                                                                          Function 00645790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 00645808
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00645828
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00645830
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00645839
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeLibrary$AddressErrorLastProc
                                                                                                                                                                                                                                          • String ID: NotComDllGetInterface$mfeaaca.dll
                                                                                                                                                                                                                                          • API String ID: 1092183831-2777911605
                                                                                                                                                                                                                                          • Opcode ID: d303bb3ad918c9b431a96093a0f9c140fd56339198e3b613efdfc65a2fd674fb
                                                                                                                                                                                                                                          • Instruction ID: 6581c8d3d52afd74fe8bdf109c3097d29b12374674f68fbaaeb1b561a5229c59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d303bb3ad918c9b431a96093a0f9c140fd56339198e3b613efdfc65a2fd674fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC21C832D007299BDB119FA8D8896BEBBB9FF55350F440269EC02EB341EB718D048BD1
                                                                                                                                                                                                                                          Function 00634D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00634C8E: GetCurrentProcessId.KERNEL32 ref: 00634CA6
                                                                                                                                                                                                                                            • Part of subcall function 00634C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00634CB8
                                                                                                                                                                                                                                            • Part of subcall function 00634C8E: Process32FirstW.KERNEL32(00000000,?), ref: 00634CD3
                                                                                                                                                                                                                                            • Part of subcall function 00634C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 00634CE9
                                                                                                                                                                                                                                            • Part of subcall function 00634C8E: FindCloseChangeNotification.KERNEL32(00000000), ref: 00634CFA
                                                                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 00634D88
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00634DD0
                                                                                                                                                                                                                                            • Part of subcall function 0063136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006313A5
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00634DFC
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 00634E0D
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • CreateMutex failed: , xrefs: 00634DC2
                                                                                                                                                                                                                                          • SaBsi.cpp, xrefs: 00634DA9
                                                                                                                                                                                                                                          • Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 00634D7F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateInitIos_base_dtorOnceProcess32std::ios_base::_$BeginChangeCompleteCurrentErrorFindFirstHandleInitializeLastMutexNextNotificationObjectProcessSingleSnapshotToolhelp32Wait
                                                                                                                                                                                                                                          • String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
                                                                                                                                                                                                                                          • API String ID: 2189495138-1117126455
                                                                                                                                                                                                                                          • Opcode ID: 6d7d534be6b33070559a7d6c7f1c972b249ba9f28a3277549b1024fd781df30e
                                                                                                                                                                                                                                          • Instruction ID: 18245cccc0ea4669b4e4a0a88829c3830d0e7b1d31e70c426ef53ecc689ef3eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d7d534be6b33070559a7d6c7f1c972b249ba9f28a3277549b1024fd781df30e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D11C630258342ABD720EF20D845BAAB7E6BF51700F004D1CB4954B2D1EFB5A448CBE7
                                                                                                                                                                                                                                          Function 0066E580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • NWebAdvisor::XMLParser::ParseBuffer, xrefs: 0066E5AA, 0066E6C3
                                                                                                                                                                                                                                          • af, xrefs: 0066E6A0
                                                                                                                                                                                                                                          • invalid input, xrefs: 0066E5A3
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 0066E5AF, 0066E6C8
                                                                                                                                                                                                                                          • Unable to convert XML buffer into wide characters, xrefs: 0066E6BC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __cftoe
                                                                                                                                                                                                                                          • String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input$af
                                                                                                                                                                                                                                          • API String ID: 4189289331-4059711921
                                                                                                                                                                                                                                          • Opcode ID: 8813639969233f252b28e2d8a9132031d0e939e445ac1c8748592f24385b0b73
                                                                                                                                                                                                                                          • Instruction ID: 76fd59161255db1f6b50e0606be5f23d750a80423c7befed8a366e2811cc58ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8813639969233f252b28e2d8a9132031d0e939e445ac1c8748592f24385b0b73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B41F2B5A00304AFCB24EF64D842BAFF7E6BF14700F01452DE90A97681DFB5A9148B94
                                                                                                                                                                                                                                          Function 0064CCB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064CDBB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                                          • String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor$`p
                                                                                                                                                                                                                                          • API String ID: 539357862-2887285511
                                                                                                                                                                                                                                          • Opcode ID: c4a691c9231d299aca10b6057ed0fd2d457fc5c0b1f8001ae743df37285d51f2
                                                                                                                                                                                                                                          • Instruction ID: 91f80d046188f09368cdb39cf2974d99acb8da263e37fce8cf28331ad42031da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4a691c9231d299aca10b6057ed0fd2d457fc5c0b1f8001ae743df37285d51f2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C314971D1420D9ADB54EBA4C852BEEB7BAFF08300F50456DE506B32C1EB745A48CBA5
                                                                                                                                                                                                                                          Function 00635A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00635A59
                                                                                                                                                                                                                                            • Part of subcall function 00635C1E: CoCreateInstance.OLE32(006FD808,00000000,00000017,0070B024,00000000,D7A06B67,?,?,?,00000000,00000000,00000000,006D8687,000000FF), ref: 00635C7A
                                                                                                                                                                                                                                            • Part of subcall function 00635C1E: OleRun.OLE32(00000000), ref: 00635C89
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00635B97
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Failed to set new option. Error , xrefs: 00635B26
                                                                                                                                                                                                                                          • Failed to create Global Options object. Error , xrefs: 00635AA9
                                                                                                                                                                                                                                          • Activation option is set successfuly, xrefs: 00635B69
                                                                                                                                                                                                                                          • i, xrefs: 00635B5D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
                                                                                                                                                                                                                                          • String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
                                                                                                                                                                                                                                          • API String ID: 1362393928-3233122435
                                                                                                                                                                                                                                          • Opcode ID: f1800a1b2f007f3bd68b7ba8692ad0958b97fbe53c94c291a34ef66f49df9a1c
                                                                                                                                                                                                                                          • Instruction ID: 133673e045e314937fe8fb7a6e26d7df0c016da0e4a363c676a2652efb298428
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1800a1b2f007f3bd68b7ba8692ad0958b97fbe53c94c291a34ef66f49df9a1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED312970A10219DADF44EBA4CC66BEDB376BF14300F40459CE502AB2C1EB745A45CFE6
                                                                                                                                                                                                                                          Function 00654B40 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 562COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00655182
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                          • String ID: 8p$Invalid arguements passed to AddDimension$N
                                                                                                                                                                                                                                          • API String ID: 4106036149-1663999721
                                                                                                                                                                                                                                          • Opcode ID: 4935618b567da058c1f6adfe873c6a761956f48e8d27503d5116911a0acc3d07
                                                                                                                                                                                                                                          • Instruction ID: c29b8cd3bcacb2c4dcf1436ddb44e772a41cac0e95355a8994cdfe1d3e8108b6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4935618b567da058c1f6adfe873c6a761956f48e8d27503d5116911a0acc3d07
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F32BD709002589FDB24DF64C849B9EBBF2BF45304F14829DE859AB391DB75A988CF81
                                                                                                                                                                                                                                          Function 006B22D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 006B2461
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B247D
                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 006B2494
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B24B2
                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 006B24C9
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B24E7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                                          • Opcode ID: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                                                                          • Instruction ID: 4be7ec6804d4828513a2d4c20d433ed9014009cc6e1602a037b4c3b2928733fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A281E5F2A007039BE724AF28CC91BEAB3E7AF45720F14852EE515D7781E774DA818B54
                                                                                                                                                                                                                                          Function 00668650 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 337COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 00668AF6
                                                                                                                                                                                                                                          • *o, xrefs: 006689A7
                                                                                                                                                                                                                                          • $+o, xrefs: 006687F3
                                                                                                                                                                                                                                          • Failed to create log message string. Error 0x, xrefs: 006689CF
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initstd::locale::_
                                                                                                                                                                                                                                          • String ID: $+o$Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp$*o
                                                                                                                                                                                                                                          • API String ID: 1620887387-3475664545
                                                                                                                                                                                                                                          • Opcode ID: 843c5d520e321804f32ba361e3c1c52f24f4e22089a761456a40a737b651300d
                                                                                                                                                                                                                                          • Instruction ID: 25ce9a6827292b0831ea9ee03af9390c0f45ed8aa642a71f72319bdee7ed3cd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 843c5d520e321804f32ba361e3c1c52f24f4e22089a761456a40a737b651300d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DE13B70A00259DFDB24CF68C855BEDB7B6BF49304F10829AE909A7380DB759E84CF90
                                                                                                                                                                                                                                          Function 006407C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Mtx_destroy_in_situ.LIBCPMT ref: 0064085F
                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00640903
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?), ref: 00640A26
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00641020
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 006408FE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                          • API String ID: 4147401711-3078421892
                                                                                                                                                                                                                                          • Opcode ID: ec08515d579bc23456acf9ab44ab5e2980f9d2a03f1efbe9e032db9f6ee51482
                                                                                                                                                                                                                                          • Instruction ID: 5ced52aee5b8520cbd48c1e59d3d8ca2a0b6bdc147a65392873cffda18277f83
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec08515d579bc23456acf9ab44ab5e2980f9d2a03f1efbe9e032db9f6ee51482
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C6114719002549FEB18DF68CC85BDEBBB6EF45304F0041ADE5099B791DB74AA84CF94
                                                                                                                                                                                                                                          Function 00637F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Xtime_get_ticks.LIBCPMT ref: 00637FAA
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00637FBC
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00637FD0
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00637FE2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
                                                                                                                                                                                                                                          • String ID: [%Y%m%d %H:%M:%S.
                                                                                                                                                                                                                                          • API String ID: 3638035285-2843400524
                                                                                                                                                                                                                                          • Opcode ID: a9b748faec7b7c4561fd81788949dce96e6c505f181ae7217b7aa1bcdc722f4c
                                                                                                                                                                                                                                          • Instruction ID: c1dada199f52da081e0dc6a9ba95523a0ee1d2363940099bb0c243ac926aafc9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9b748faec7b7c4561fd81788949dce96e6c505f181ae7217b7aa1bcdc722f4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA318071E00314AFDB50DBA4CC46FAEB7FAEB44B10F10412EF504AB381EB746A048B99
                                                                                                                                                                                                                                          Function 006D4DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: %s%s$%s\%s$\\?\
                                                                                                                                                                                                                                          • API String ID: 0-2843747179
                                                                                                                                                                                                                                          • Opcode ID: cb2f9132e96e296e43ec976c948e8fe5ef141b7ee2ab1998e23af64459f30890
                                                                                                                                                                                                                                          • Instruction ID: 890141bf527f6a834477c5087e157184db9190ea79c97659d185abf0576d3068
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb2f9132e96e296e43ec976c948e8fe5ef141b7ee2ab1998e23af64459f30890
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83D18F71D00218DFDF10DFE4CC85AEEB7BAAF49310F54052AE816A7791E734AA45CBA1
                                                                                                                                                                                                                                          Function 006739A0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 270registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,D7A06B67,00000000,00000001), ref: 006739FC
                                                                                                                                                                                                                                            • Part of subcall function 00672820: RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,D7A06B67,?,?,?), ref: 006728AC
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00673D36
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseInfoOpenQuery
                                                                                                                                                                                                                                          • String ID: SOFTWARE\WATesting$path
                                                                                                                                                                                                                                          • API String ID: 2142960691-1550987622
                                                                                                                                                                                                                                          • Opcode ID: 1b758960ba3047b6d91113fa0821228eb7f619b31c30937775d7f3dbbb2d90cb
                                                                                                                                                                                                                                          • Instruction ID: 4badab2eb598bcc17b91231f294d622330f4a7d340d1fedb7d7e9402b9967f69
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b758960ba3047b6d91113fa0821228eb7f619b31c30937775d7f3dbbb2d90cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12B1A071A00258DFCB24DB64CD49BEEBBB6AF45304F1041D9E409AB391DB74AB88CF51
                                                                                                                                                                                                                                          Function 0066FBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0070BFD0,00000000,0070BFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,0070BFD0,00000000,D7A06B67), ref: 0066FC1D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 0066FC9E
                                                                                                                                                                                                                                          • Destination directory does not exist, xrefs: 0066FC8F
                                                                                                                                                                                                                                          • NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 0066FC99
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                          • String ID: Destination directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
                                                                                                                                                                                                                                          • API String ID: 3188754299-3555079292
                                                                                                                                                                                                                                          • Opcode ID: 645d37c5c4ed78a25d856c88c2745cd46464645062ec6180aeeaf970ec3c27cb
                                                                                                                                                                                                                                          • Instruction ID: 6f2830aab670f184058367e0ac296f9c923ba19c53a595ba2ca4dc5fc7f54288
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 645d37c5c4ed78a25d856c88c2745cd46464645062ec6180aeeaf970ec3c27cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA212175E0021CAFCF00DFA8D842AEEB7F6AB48714F11426AFC15B7281DB749A45CB94
                                                                                                                                                                                                                                          Function 0065CC20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 0065CCBB
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065CCEC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                          • String ID: Pp$Unable to set proxy option, error:
                                                                                                                                                                                                                                          • API String ID: 879576418-3035955081
                                                                                                                                                                                                                                          • Opcode ID: 36df9744e01d8721832885c22d82fa0c17ffa2a47d4b084147482c00fe66be6f
                                                                                                                                                                                                                                          • Instruction ID: b03f30a627a0950ebea69013c9d991715e26af5e6bace1193a57af504eb2d903
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36df9744e01d8721832885c22d82fa0c17ffa2a47d4b084147482c00fe66be6f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62319171A00319DFEB64DF54CC05BEEB7BAFB04710F00866DE805A7290EB745A08CBA5
                                                                                                                                                                                                                                          Function 0063DC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0063E367
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                          • API String ID: 0-3078421892
                                                                                                                                                                                                                                          • Opcode ID: 68b624916b75acb5dbbbf7f385405b4d6e8863676720da299c75cb72c0a22de4
                                                                                                                                                                                                                                          • Instruction ID: 34931706be184eeedb8c9106734ef4d422fee6d614f1d82d27dd0baa09482b86
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68b624916b75acb5dbbbf7f385405b4d6e8863676720da299c75cb72c0a22de4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A22E3719002089BCB14DF68DC89BDEB7B6FF45304F10869DE409A7791DB75AA84CBA4
                                                                                                                                                                                                                                          Function 0063E310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0063E36C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0063E367
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                                          • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                          • API String ID: 3907675253-3078421892
                                                                                                                                                                                                                                          • Opcode ID: 8d2b198a74eb3a250416965341d8b37abaf375afa2ee4776e87a4ab081def768
                                                                                                                                                                                                                                          • Instruction ID: 7fac489ff8c15c29b8bda473c027edd4f961bd4a0cd0908fa40274ca2870cf87
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d2b198a74eb3a250416965341d8b37abaf375afa2ee4776e87a4ab081def768
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D481A4709012599BDB24DF24DD89BDDB7B2EF85304F1046D9E008A7291E77AAF84CFA4
                                                                                                                                                                                                                                          Function 006C5FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C576D: GetConsoleCP.KERNEL32(?,0066860A,00000000), ref: 006C57B5
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,0071C218,D7A06B67,00000000,D7A06B67,0066860A,0066860A,0066860A,D7A06B67,00000000,?,006B591E,00000000,0071C218,00000010), ref: 006C6129
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,006B591E,00000000,0071C218,00000010,0066860A), ref: 006C6133
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006C6178
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 251514795-0
                                                                                                                                                                                                                                          • Opcode ID: e3eb1c8f6f17047682140f9c35fb77c4d736b4dbd9a889b48976e7ba2b645526
                                                                                                                                                                                                                                          • Instruction ID: b2f88bacefa7d26a1af6bd953cc279f008e22b91645f054a914f0c05d4ee4123
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3eb1c8f6f17047682140f9c35fb77c4d736b4dbd9a889b48976e7ba2b645526
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6251A071A00209AADB149FA8CD85FFEBBBAEF09354F080059F501BB252D675DD428B69
                                                                                                                                                                                                                                          Function 0063E640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00000000,D7A06B67,0000005C,?,?,?,?,00000000,006D952D,000000FF,?,0063E09D), ref: 0063E681
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,006D952D,000000FF,?,0063E09D), ref: 0063E738
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,006D952D,000000FF,?,0063E09D), ref: 0063E742
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateDirectoryErrorFileLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 674977465-0
                                                                                                                                                                                                                                          • Opcode ID: 31c70a08a2fc283047902febe65b2dd6931f58a14833edb935483441f3a4bf2d
                                                                                                                                                                                                                                          • Instruction ID: 3c7249f8584f0db61add2d50da996913a4377962d1445a44904138d0d5db8a14
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31c70a08a2fc283047902febe65b2dd6931f58a14833edb935483441f3a4bf2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC31D071A002049BDB24DFA8E985BAEB7B6FB49714F10466EE805937D0D736A904CBE4
                                                                                                                                                                                                                                          Function 00691F70 Relevance: 4.6, APIs: 3, Instructions: 104encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CertGetCertificateChain.CRYPT32(00000000,?,?,?), ref: 0069206C
                                                                                                                                                                                                                                          • CertVerifyCertificateChainPolicy.CRYPT32(00000003,?,?,?), ref: 006920A4
                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(?), ref: 006920D0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CertCertificateChain$FreePolicyVerify
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1741975133-0
                                                                                                                                                                                                                                          • Opcode ID: 39b6ba575176afd7dbff27caf8ab59e078932d53ee68513fb93015f85653df5e
                                                                                                                                                                                                                                          • Instruction ID: dfa41a09539822edda1635368fd5a45a97d92ccdc9be11a2065af1e4d3b7383c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39b6ba575176afd7dbff27caf8ab59e078932d53ee68513fb93015f85653df5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA416E715083869BDB20CF54C894BEBBBE9FF89744F04091DF58897250E775D948CB62
                                                                                                                                                                                                                                          Function 006C6B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000,00000000,0066860A,?,006C6A9A,0066860A,0071C5B8,0000000C,006C6B4C,0071C218), ref: 006C6BC2
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,006C6A9A,0066860A,0071C5B8,0000000C,006C6B4C,0071C218), ref: 006C6BCC
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006C6BF7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 490808831-0
                                                                                                                                                                                                                                          • Opcode ID: 390fd9cc4a767823d278b1ae5afb1600478479350730dd2fa9d324283a0dd42e
                                                                                                                                                                                                                                          • Instruction ID: ecba75ec6c4638bb600553a36fa2fc0c9cd046e00ed8be7962f6658bf8b57e64
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 390fd9cc4a767823d278b1ae5afb1600478479350730dd2fa9d324283a0dd42e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1401493260D1A416C6246378EC46FBE774BDF83738F25424DF82DCB2D2DA358C8181A9
                                                                                                                                                                                                                                          Function 006C68F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,006CF765,00000008,00000000,?,?,?,006C69A3,00000000,00000000,?,006CF765), ref: 006C692F
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,006C69A3,00000000,00000000,?,006CF765,?,006CF765,?,00000000,00000000,00000001,?,00000008), ref: 006C6939
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006C6940
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2336955059-0
                                                                                                                                                                                                                                          • Opcode ID: 87c9cf2c7b57ce8bd60228db3230a328816474a73d6e6e2f1b34e7b9760fc5f7
                                                                                                                                                                                                                                          • Instruction ID: bb00f1b4e1866c4f17c95ef18ed85854db970bbc9a7cda7ee1d8a8edc51b6b6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87c9cf2c7b57ce8bd60228db3230a328816474a73d6e6e2f1b34e7b9760fc5f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B101FC32614555AFCB059FA9DC45DBE3B2FEB86320724020CF412DB2D0EA71DD428B64
                                                                                                                                                                                                                                          Function 00684C69 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: d212d49f50e7e5ed686f33453205b6d1b7f2496805a152c451282d057cde9c53
                                                                                                                                                                                                                                          • Instruction ID: 295b54587b2aa18d2a8242479f7294105104f4fe7a414efc42249d07777e63ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d212d49f50e7e5ed686f33453205b6d1b7f2496805a152c451282d057cde9c53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAB012D525D107BD3354211A6D06C77011EC5C0B20F30422EF500C008098850C8510B5
                                                                                                                                                                                                                                          Function 00684CEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: 98c93d7004c1209836bb9f5b86299352be1830db80a2bb3228744a3d5b4476aa
                                                                                                                                                                                                                                          • Instruction ID: 88b76c7dee7c67c8979cf890f999d6b7d7503d8f58162eba1a286ecb69fd208e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98c93d7004c1209836bb9f5b86299352be1830db80a2bb3228744a3d5b4476aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCB012C125D007BD3394610E6E12D37011EC1C0B20F30812EF108C0180D8850C421132
                                                                                                                                                                                                                                          Function 00684CFA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: 8521591e558e68957226f4dd0e0df386022c9ed341d89ced85314df1e1368bb1
                                                                                                                                                                                                                                          • Instruction ID: 3aca1bfb830d02e53e16dee21b7027f8ca04eb6ddd516a83647e0a0d73265f1b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8521591e558e68957226f4dd0e0df386022c9ed341d89ced85314df1e1368bb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82B012C125D007BD3294610E6D12E37012EE1C0B20F30412EF004C0180D8840C415132
                                                                                                                                                                                                                                          Function 00684CCA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: 5338efc1c336c92e4ce33e1a8990857606a8a27a971ce3f8730a8ec2d78ed9ab
                                                                                                                                                                                                                                          • Instruction ID: 3cc6610e0e07957100274e26aa6f77f0ca7ffe155bb300493efd23fe3bdecab1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5338efc1c336c92e4ce33e1a8990857606a8a27a971ce3f8730a8ec2d78ed9ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79B012C125D017FD3694610E6D12D37011EC2C0B20F30812EF404C0180D8C40C421132
                                                                                                                                                                                                                                          Function 00684CDA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: f1fe8000f88ce5c0b17ce0592a7de6de275e915e81b36a68394d7af0aeb3a37f
                                                                                                                                                                                                                                          • Instruction ID: 41712fb1a011c716c04ff078fbf51e4690eabdb290d6e30ab7afa02ea1c169e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1fe8000f88ce5c0b17ce0592a7de6de275e915e81b36a68394d7af0aeb3a37f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15B012C125D107BD3394610E6D12D77011EC1C0B20F30422EF404C0190D8840C851136
                                                                                                                                                                                                                                          Function 00684CAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: 3d8e88c89db87bd98450e4d567188ed8d6797630d5aa85c9f1ca6f11247990b5
                                                                                                                                                                                                                                          • Instruction ID: 9d65710b43b611d5a960646f05aa2b193fa7d96f6fbe7681e9fb78909cecaef9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d8e88c89db87bd98450e4d567188ed8d6797630d5aa85c9f1ca6f11247990b5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64B012C125D0077D3394610E6D02C37011ED1C0B20F30812EF208C11C0D8850C421131
                                                                                                                                                                                                                                          Function 00684CBA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: ef0b06470fabb50feb8731352cda8606c4c26c6e8f7a4f967f39725775504d59
                                                                                                                                                                                                                                          • Instruction ID: 3dcb6639d2563a7cd7879e65ee1b07a8160bc243a93477a4c55fe950fdbc2d3b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef0b06470fabb50feb8731352cda8606c4c26c6e8f7a4f967f39725775504d59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6B012C125D017BD3694610E6C02C37011EC6C0B20F31812EF504C0180D8850C411531
                                                                                                                                                                                                                                          Function 00684C8A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: dda6048916b152d2182b67135a3d7429004f767b6ea35c253731e205e528aa7b
                                                                                                                                                                                                                                          • Instruction ID: 5e28730c9eb7027c146af0a490c065a6cc8637e60dfc98c72ed9f06725514515
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dda6048916b152d2182b67135a3d7429004f767b6ea35c253731e205e528aa7b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4B012C125D017BD3694610EAC02C37011EC2C0B20F30852EF504C11D0D8840C411131
                                                                                                                                                                                                                                          Function 00684C9A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: yt
                                                                                                                                                                                                                                          • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                          • Opcode ID: c1f3aebc5451820e0e635735cd0a3b978d4955c38bfaba6110b7d7df65db8e62
                                                                                                                                                                                                                                          • Instruction ID: 5b1d56b74b84b455e22402e480ca567d2dcc8bed0652c213d4caad85c1813e8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1f3aebc5451820e0e635735cd0a3b978d4955c38bfaba6110b7d7df65db8e62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7B012C125D1077D3394610E6C02C77011EC1C0B20F30422EF504C11C0D8840C851139
                                                                                                                                                                                                                                          Function 00684D6B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 364e9b28e19b3c365287f3d89a76c5d0c82a2910090936f1b55d59b73a397bdb
                                                                                                                                                                                                                                          • Instruction ID: 51c3207f0d7403c7bc2be9c3cad7b1a3676ba226b7f473167dfee9b39a6b8129
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 364e9b28e19b3c365287f3d89a76c5d0c82a2910090936f1b55d59b73a397bdb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AB012C1358107BC3754610DAC02C77422ED5C1B10B30432EF804C0281D8480C856135
                                                                                                                                                                                                                                          Function 00684D61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 672794077c46d0662d6223cca3a621ebd121146207720c3ee0f0b8856a38fb14
                                                                                                                                                                                                                                          • Instruction ID: 7abc9cbb0de91fdd6ffaede7d7c1101460bc7b32d92ae1c68a47cd02747f3597
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 672794077c46d0662d6223cca3a621ebd121146207720c3ee0f0b8856a38fb14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72B012C1358117FC3A54610DAC02C37022EC6C1B10730822EF904C0281D8480C416131
                                                                                                                                                                                                                                          Function 00684D7F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 7b9f71e8848f0c02dcf3a2d7b1985999890d9c8aeacb32d97a388084df740140
                                                                                                                                                                                                                                          • Instruction ID: fa317daae0b7c63b21107930124124722ed264c803684d85bbea90a881857b73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b9f71e8848f0c02dcf3a2d7b1985999890d9c8aeacb32d97a388084df740140
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85B012C139810BBC3654610EAC02D37023ED5C1B10730422EF404C0281D8480C41A231
                                                                                                                                                                                                                                          Function 00684D75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 50b4e7cc11c969e3525109de9d094bc79dc4952b1c4b650afe281a8dc1f0bdd7
                                                                                                                                                                                                                                          • Instruction ID: c6cc37096f81c81aa1f1e122f0ca94bc3b686ae1fb1d2c5842e04caee6bce65b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50b4e7cc11c969e3525109de9d094bc79dc4952b1c4b650afe281a8dc1f0bdd7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDB012C1258017FC3A54610DAC02C37022ED6C1B10730C22EF904C0281D8480C456131
                                                                                                                                                                                                                                          Function 00684D4D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: bd11cc60c7d16f1fc1106b68154984d4c0f0a18486913cb00d57df138dc7d7e2
                                                                                                                                                                                                                                          • Instruction ID: 49870ff778436061bcd6339e26214dbf5cc48f7f329d9397ed413c49ac91084d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd11cc60c7d16f1fc1106b68154984d4c0f0a18486913cb00d57df138dc7d7e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EB012C1359017FC3B54610DAC02C37423ED6C1B10B30822EF804C1281D8480C456131
                                                                                                                                                                                                                                          Function 00684D43 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: a067238a889c54328413efc0617b6d4cc4cc65eade575f429a664c1a0112e76d
                                                                                                                                                                                                                                          • Instruction ID: 0a14225480ffe56f10b0df0674d6dd611c49d49b06bbe2505e1514da36447991
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a067238a889c54328413efc0617b6d4cc4cc65eade575f429a664c1a0112e76d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49B012C1258007BC3754610DED02C77022FC5C1B20770832EF509C0281D8484C426135
                                                                                                                                                                                                                                          Function 00684D57 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: baad6ce911c4faf45d9bfce890ef647c33c6dcc403dc6d0357dd28c642211115
                                                                                                                                                                                                                                          • Instruction ID: 4fc8523369ddf4d36afba03f3d1b951a6a180490628854f6d2ac93aae6b62356
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baad6ce911c4faf45d9bfce890ef647c33c6dcc403dc6d0357dd28c642211115
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5B012C1268007BC3654610DEC02D77023ED5C1B20730432FF405C0281D8484C41A135
                                                                                                                                                                                                                                          Function 00684D2F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 703297392972262dbc2d5a6d63560b7de825e58d6c0e9b284396289848a50ec7
                                                                                                                                                                                                                                          • Instruction ID: 76926cb8ab57a2c46462e1434b8e49c80a08d7f87d6fcb16ab9004476a141289
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 703297392972262dbc2d5a6d63560b7de825e58d6c0e9b284396289848a50ec7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAB012C1258017FC3A54610DEC02C77032EC6C5B20730832EF805C0381D8484C416135
                                                                                                                                                                                                                                          Function 00684D25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 90f74ebc93f3f866b34bdfd079fca40f524dafe523218ba662d1b8c762629458
                                                                                                                                                                                                                                          • Instruction ID: 34b7bad7fadff015bf290d9a712c4bffb9721d8af373645291d2825222b1c77f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90f74ebc93f3f866b34bdfd079fca40f524dafe523218ba662d1b8c762629458
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AB012C1358007BD3654610DAC02D77423EE5C1B10B30432EF404C0281D8480C41A131
                                                                                                                                                                                                                                          Function 00684D39 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 91ac993ebf4ea8b682a6495b90917ad9d4e0d43a13cd37af0d77fb2cbc3b5394
                                                                                                                                                                                                                                          • Instruction ID: fe947db4772d8bf99d66e96886b4f12fe4aa79514ea0b6f5525bf7682e4ec85e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91ac993ebf4ea8b682a6495b90917ad9d4e0d43a13cd37af0d77fb2cbc3b5394
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AB012C1258107BC3754610DEC02CB7022EC5C1B20730432EF805C0281D8484C856139
                                                                                                                                                                                                                                          Function 00684D0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: e717aac4925856138197b4a047d5a283d06a346a89a2aeeb4627b5e61533a83d
                                                                                                                                                                                                                                          • Instruction ID: c6c089d4bd7e39124b0e9c3d49f1173b3ca7bed7f0472207a5a2b42ac39cc515
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e717aac4925856138197b4a047d5a283d06a346a89a2aeeb4627b5e61533a83d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6B012C1358007BC37142109AD02C37422ED5C1B10B30822EF504C0182D8480C426031
                                                                                                                                                                                                                                          Function 00684D89 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 2f5d616afdcdbb893e1fa333ba1daf489b9d5839309b0ce0edf268ead5b43460
                                                                                                                                                                                                                                          • Instruction ID: 8c7117fce4d54b1e66ac24467216dd6ecc267cb82fb5c60669b02a6e8bbbe80d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f5d616afdcdbb893e1fa333ba1daf489b9d5839309b0ce0edf268ead5b43460
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80B012C1358207BC3754610DBD02C37022EC5C1B10730822EF508C0281D8480C426131
                                                                                                                                                                                                                                          Function 00684D93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID: `auo
                                                                                                                                                                                                                                          • API String ID: 1269201914-3694295154
                                                                                                                                                                                                                                          • Opcode ID: 8bac0a395df210577607b5f87edea08259ffe8c818779802c2d704974d3c210a
                                                                                                                                                                                                                                          • Instruction ID: c9176c009d45df1c58e7559aaf96dd554032fd2ab2ceb4fbb3781f7e77921435
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bac0a395df210577607b5f87edea08259ffe8c818779802c2d704974d3c210a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0B012C1358207BC3B54610DAC02C77022EC5C1B10730432EF804C0281D8480C85A535
                                                                                                                                                                                                                                          Function 00654A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00654AD2
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(-00000001), ref: 00654AFD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeString_com_issue_error
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 709734423-0
                                                                                                                                                                                                                                          • Opcode ID: f18468181679fc517d73cb65f793822e87d5144ee14f0f0cb3d8ec9ec1adbbd3
                                                                                                                                                                                                                                          • Instruction ID: a287df8cb3f70c08bb5ea9623b65f5f6916438954484ad3c5d0be5d02aeb8d59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f18468181679fc517d73cb65f793822e87d5144ee14f0f0cb3d8ec9ec1adbbd3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C21E5B1900711ABD7209F55C805B4AF7E9EF41B21F24471EF81597380DBB4E844CB94
                                                                                                                                                                                                                                          Function 006C5BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,0066860A,00000000,?,006C610D,0066860A,0066860A,00000000,0071C218,D7A06B67,0066860A), ref: 006C5C8C
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,006C610D,0066860A,0066860A,00000000,0071C218,D7A06B67,0066860A,0066860A,0066860A,D7A06B67,00000000,?,006B591E,00000000,0071C218), ref: 006C5CB2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                                                                                          • Opcode ID: 8a40da77360778c808b9407a202cab088fd7757bf10cacf5402f1a0d8715daaa
                                                                                                                                                                                                                                          • Instruction ID: d02fa9a08967c489d75140aed8e138425c1380d1571352b87a25008c3a2a972f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a40da77360778c808b9407a202cab088fd7757bf10cacf5402f1a0d8715daaa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8215E31A002199FCB19DF29DC80AE9B7BAEB59301B1480ADE946D7251D630AE868B64
                                                                                                                                                                                                                                          Function 00639BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                          • InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 51270584-0
                                                                                                                                                                                                                                          • Opcode ID: 4d6741734cc4bce6dc25c6b4286758839f8fe5430a8834a48508b19bc861aee8
                                                                                                                                                                                                                                          • Instruction ID: 5f1b6635b307b66233792558bf33ede972fe040301d0c37c17c22b1151ab8dd6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d6741734cc4bce6dc25c6b4286758839f8fe5430a8834a48508b19bc861aee8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE01C470A406499FEB50DF949C06BAAB3B5FB04B04F104129F5119B2C1DFB55504CA95
                                                                                                                                                                                                                                          Function 006A99E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00654AA5,?,00000000,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5), ref: 006A9A04
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 006A9A0F
                                                                                                                                                                                                                                            • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A38
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A42
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(80070057,D7A06B67,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A47
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A5A
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A70
                                                                                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 006A9A83
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 878839965-0
                                                                                                                                                                                                                                          • Opcode ID: ac533db9b3d010e3e3f51d9a94b5efa8da9ca2a72ee54c99c112c4f4f28f6e1a
                                                                                                                                                                                                                                          • Instruction ID: 11628b1fdaaa1037fc7eed8e1a56608794f7a35abb9b896d8bbc3c4ba44bb886
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac533db9b3d010e3e3f51d9a94b5efa8da9ca2a72ee54c99c112c4f4f28f6e1a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76016275F052549FDB20AF949845BEFF7B6EF49710F10012AEA0567351DB315D10CBA4
                                                                                                                                                                                                                                          Function 0065DEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SHDeleteKeyW.SHLWAPI(?,0070BFD0,?,0065DE7B), ref: 0065DED6
                                                                                                                                                                                                                                          • RegCloseKey.KERNEL32(?,?,0065DE7B), ref: 0065DEE4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseDelete
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 453069226-0
                                                                                                                                                                                                                                          • Opcode ID: 84e1be501f4021cedeab1b14bd4c8045de1340e4d0ed6b4401620eba6d965b1d
                                                                                                                                                                                                                                          • Instruction ID: 3955de4ac269ec7efbbfda5180f40a982b2d6eef163b8ca4510b1bda3ce4b283
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84e1be501f4021cedeab1b14bd4c8045de1340e4d0ed6b4401620eba6d965b1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CE01A70504B528FD730CF29F849B83BBE9AB04711F14C84DE89AD7A94C7B8E884CB54
                                                                                                                                                                                                                                          Function 0063DEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,D7A06B67,?,?), ref: 0063DF08
                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0063E36C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ConvertFolderPathSpecialString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4077199523-0
                                                                                                                                                                                                                                          • Opcode ID: a07dc016025aa3827a2c162e6db8df78a9e39a2bcde3d91ff59bebf4107b55e4
                                                                                                                                                                                                                                          • Instruction ID: 43cfe442b83a9945839bb69320622f6e002a477b09aff7bb53e52b34f926b003
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a07dc016025aa3827a2c162e6db8df78a9e39a2bcde3d91ff59bebf4107b55e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2C1EF31A002049BCB28DF68DD8979DB7B2FF85304F10869DD4099B791DB76AB85CFA4
                                                                                                                                                                                                                                          Function 006C627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6036b7ebb943a358d41ff6347556158a0af9798c6c0c7fac2cf5fc106034dd3b
                                                                                                                                                                                                                                          • Instruction ID: 5666c7a5b7cd1e451609862867f08efc123b260970fa7ce8e83b00f120d0a95c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6036b7ebb943a358d41ff6347556158a0af9798c6c0c7fac2cf5fc106034dd3b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE41CF70A00144AFDB14DF58C881FB97BA3EB89364F2891ACF4499B352D631DD42CB59
                                                                                                                                                                                                                                          Function 006C732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                          • Opcode ID: 3627d600070cd762a95e344e218f3e506858fdb284d45d52100b4b41ab305435
                                                                                                                                                                                                                                          • Instruction ID: 118fa12ac8858a13912b38e7ada3ac1e788035c57d3719830d6b50ebbab51e8b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3627d600070cd762a95e344e218f3e506858fdb284d45d52100b4b41ab305435
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 421115B1A0420AAFCF09DF98E941E9A7BF5EF48314F054069F809EB351D630EA11DBA5
                                                                                                                                                                                                                                          Function 006B5854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                                          • Instruction ID: a2e8a90c00a2a4527928a5501d1a66e0d75bc932b42c62505f040454a16a912f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F02872501A241ADA213669DC05BEB339BDF46335F14071DFC22A76D2CB74D847CB99
                                                                                                                                                                                                                                          Function 0065DF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 0065DF45
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                                          • Opcode ID: 2b053202631b0e0b67f644a5a6b95aea85cef7fbe1a42c8b90c9bc7b34df0211
                                                                                                                                                                                                                                          • Instruction ID: d189f360acc44bb5d96b018634c735c4920c0caeeb7abb0412cb52a8b87f27ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b053202631b0e0b67f644a5a6b95aea85cef7fbe1a42c8b90c9bc7b34df0211
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF017835600209EBCB21CF49C844F9EBBBAFF98310F20809AFC05A7350C771AA64DB90
                                                                                                                                                                                                                                          Function 00676050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00676061
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExistsFilePath
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1174141254-0
                                                                                                                                                                                                                                          • Opcode ID: 39339321eaa416419af5a26580ed4bad3edaaa2b50399a74800b301a5d8fa8c7
                                                                                                                                                                                                                                          • Instruction ID: 74d81ce647b675142ff657544599bd52c8458c948b78fce30c2118cc5a6719f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39339321eaa416419af5a26580ed4bad3edaaa2b50399a74800b301a5d8fa8c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98F049312006008BC7149F69D858B9BB7EAAF88714F00851DE849CB660D375EA41CBA4
                                                                                                                                                                                                                                          Function 006C55F5 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C2174: RtlAllocateHeap.NTDLL(00000000,?,?,?,006A872D,?,?,0063A1ED,0000002C,D7A06B67), ref: 006C21A6
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C5615
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 314386986-0
                                                                                                                                                                                                                                          • Opcode ID: 18eef4049f655c44e850ab26aac5be76c33408ab67aa6e9f183822b150d9597e
                                                                                                                                                                                                                                          • Instruction ID: a3a97e52475625a9977e6fb34409a33d77ffcddb2e21ed5e4b6cf8a557f788cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18eef4049f655c44e850ab26aac5be76c33408ab67aa6e9f183822b150d9597e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53F062721057009FD3359F56D801BA2F7F8EF80B11F10842FE29B876A0DAB4B446CB58
                                                                                                                                                                                                                                          Function 006C2174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,006A872D,?,?,0063A1ED,0000002C,D7A06B67), ref: 006C21A6
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: 339b538f164b3cf1eda78f7ee7c0958ec7a48006df6fbaf97560896db9766ef9
                                                                                                                                                                                                                                          • Instruction ID: 82bb7283ca64f571b2172df32cdd91e4a1f61a0c6336f8561d565a5e56b3eeeb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 339b538f164b3cf1eda78f7ee7c0958ec7a48006df6fbaf97560896db9766ef9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40E0ED7520022266E73036219C20FFA375BEB423A1F19422DEF059AB90CB20CC8182E8
                                                                                                                                                                                                                                          Function 0065E500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 0065E51F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                                                                                                                          • Opcode ID: ce416422192a07b60b3a99ecebd4ee5c9393e8591f272109548a70555d0bb01e
                                                                                                                                                                                                                                          • Instruction ID: 3eddaa8830faf0b3820bbff099ec466fc7734a5b1041dbca55d5dd07c0d56f41
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce416422192a07b60b3a99ecebd4ee5c9393e8591f272109548a70555d0bb01e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22F05831600208ABDB248F0ADC08F9EBBA9EF94710F20849EF84997250D6B1AA108B94
                                                                                                                                                                                                                                          Function 0063136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006313A5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 323602529-0
                                                                                                                                                                                                                                          • Opcode ID: 4fa50679b265e95ea81b5d02950026b617de8daf37853aad63f803bcf43976a7
                                                                                                                                                                                                                                          • Instruction ID: afccafb9e732925a095c31ecd968e7a0fc280c10d24f7d4abf696409bd563800
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fa50679b265e95ea81b5d02950026b617de8daf37853aad63f803bcf43976a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F06572904658EFD715DF48DC01F9AB7EDEB08724F10462EE511937C0DB7969048A98
                                                                                                                                                                                                                                          Function 0065ED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0065ED2F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: c1b319a8527ef2ad8c9a0a87c496a7cca2771a8890cbb7ff86d215b6f422caa4
                                                                                                                                                                                                                                          • Instruction ID: b1d42ddd77b83c53fead0d2dcea267efb96d38b4276a3f3949ed610768c519df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1b319a8527ef2ad8c9a0a87c496a7cca2771a8890cbb7ff86d215b6f422caa4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90E0EC35240208ABDF148E84EC40FA77B2BEB94701F10C415F9084A195C373DD21AAA0
                                                                                                                                                                                                                                          Function 006D4D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00000000,?,006D4E6A,00000000,00000000,-00000002,D7A06B67,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,006F44E4), ref: 006D4D92
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                          • Opcode ID: d62ea8ddb1b3df778756501ae9daee7e8960477ed15578acd97ab859cf30f429
                                                                                                                                                                                                                                          • Instruction ID: c6591cc0b1e35e30e8ebff129f16d7545f8583b0dd7bcea51e22daef0bb2fb82
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d62ea8ddb1b3df778756501ae9daee7e8960477ed15578acd97ab859cf30f429
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBD0A7315103081BAF540E7C946BEF6334F9F5176474C0652F41ECA3E8EE31EC929110
                                                                                                                                                                                                                                          Function 006CFE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,006D0187,?,?,00000000,?,006D0187,00000000,0000000C), ref: 006CFE42
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                          • Opcode ID: 1f3710d3e5c3205306e212fba92c3321c61ca485664e757839856dc687621dac
                                                                                                                                                                                                                                          • Instruction ID: e5c5d70489881891de0b2c751cfc140c6b60875f86ecdc5fbfd75346f4861331
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f3710d3e5c3205306e212fba92c3321c61ca485664e757839856dc687621dac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAD06C3200024DBBDF028F84DD46EDA3BAAFB48714F014000BA1856060C772E931AB91
                                                                                                                                                                                                                                          Function 0069269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00692743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00692743
                                                                                                                                                                                                                                            • Part of subcall function 00692743: AcquireSRWLockExclusive.KERNEL32(?,006928F1), ref: 00692760
                                                                                                                                                                                                                                          • DloadProtectSection.DELAYIMP ref: 006926C5
                                                                                                                                                                                                                                            • Part of subcall function 0069286C: DloadObtainSection.DELAYIMP ref: 0069287C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1209458687-0
                                                                                                                                                                                                                                          • Opcode ID: 7d0813067b3888dc2697c6006e658773d905ab870794b28d90e9fbc7491548e1
                                                                                                                                                                                                                                          • Instruction ID: b5e9d7ad43cd08ad9e0eadba42b87be44af3d7fd9455098912ded28f12c2e5d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d0813067b3888dc2697c6006e658773d905ab870794b28d90e9fbc7491548e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58D02230408282BBCF90FB16BEAA750324FB300700F008406B301C2EB0C3BA48828A2C
                                                                                                                                                                                                                                          Function 0065E8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0065E8D4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: QueryValue
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3660427363-0
                                                                                                                                                                                                                                          • Opcode ID: 8814af22be3e0a4545ad115bb31e5fca6f5a6e5d7d49f99ea3739192c6f0f1d8
                                                                                                                                                                                                                                          • Instruction ID: 9d583d9fd608724e2d02865d8ce375dea2c080c246783fc660cbef0ad7f5fab3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8814af22be3e0a4545ad115bb31e5fca6f5a6e5d7d49f99ea3739192c6f0f1d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CD0EA3604024DBBDF029F81ED05E9A7F2AEB19761F148415FA191806187B39571ABA5
                                                                                                                                                                                                                                          Function 006AE960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006AE973
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1353095263-0
                                                                                                                                                                                                                                          • Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                                          • Instruction ID: 49e2176f0e8ff04b93903283d575c8d88ca06dd6e31af9b7600067618453f5df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6C08C3110020CBBCB00AB41C806F4E7BA9EB80364F200048F80117240CAB1EE049680
                                                                                                                                                                                                                                          Function 00684DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684DAF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: c45f7cb698ffa536582c30d7468753ed3c3fbd77f73523a7cc180ca8781b6ca4
                                                                                                                                                                                                                                          • Instruction ID: a9fa05f5ef1a867f934a7235980ba414231c0b80f8597670ac8fbc9ee8a9019c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c45f7cb698ffa536582c30d7468753ed3c3fbd77f73523a7cc180ca8781b6ca4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55B012C1298017FC3694A1197C02C37010ECAC4F10730813EF408C4190D8444C451131
                                                                                                                                                                                                                                          Function 00684D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00684DAF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: 097b8b2d2bdc5fa45ad10c66f45b85e08c5e0dad59ad1b1723e1ae37505ef9ee
                                                                                                                                                                                                                                          • Instruction ID: 4d82930a67ba24615cca97c8632d1b5818de9bbfec927057c2f95d6525da9043
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 097b8b2d2bdc5fa45ad10c66f45b85e08c5e0dad59ad1b1723e1ae37505ef9ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B012C129901B7C32546105BC02C37011EDDC5B10BB0412EF140D409098444C415031
                                                                                                                                                                                                                                          Function 006914C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006914D8
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: cfe17b8ebaa5b3eb6822acfa3c72b58b759ec8b884b24e869e500f6eb71c86b3
                                                                                                                                                                                                                                          • Instruction ID: 57926ea3625dad117f33e33b0317da86037beb28e637bc8f656215807b812aa2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe17b8ebaa5b3eb6822acfa3c72b58b759ec8b884b24e869e500f6eb71c86b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CB012E52580177C3B1411166D02C37115EC1C1F10B30C02FF104C5880D4482D426035
                                                                                                                                                                                                                                          Function 006A97AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A97C4
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: df5e6a480b15485334fa3dc46986618fa7677e415fb10a8bedc08dccf8a7d7fe
                                                                                                                                                                                                                                          • Instruction ID: a736323f396a2034006e84f47f530e1d324e34ac243cdaccd4c4117d0acf2c8b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df5e6a480b15485334fa3dc46986618fa7677e415fb10a8bedc08dccf8a7d7fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EB012D12784167C371431196D16C37111EC1C1F10734C43EF905D0082A4448C461831
                                                                                                                                                                                                                                          Function 006A9BFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: b81d213d99fc1a142ef7c49bfec3fd6d597b28af0f00e214c9251afd0bae7f99
                                                                                                                                                                                                                                          • Instruction ID: d56fbf179a751726ce2c9c1939655adcc373eedfe6b477d702ea5ee845a3dafb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b81d213d99fc1a142ef7c49bfec3fd6d597b28af0f00e214c9251afd0bae7f99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19B012D126C026BC379461097C02D77025EC2C1B10730852EF504C0280D4440CC92431
                                                                                                                                                                                                                                          Function 006A9BF0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: 857927a2bf17ce73a92c748cb7ea8b8f5fc960c9c12518f8cebc7b9209e5e758
                                                                                                                                                                                                                                          • Instruction ID: 5549715590fdb905658615a72593e33f939b087fc692d44a4eb98efc1072361b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 857927a2bf17ce73a92c748cb7ea8b8f5fc960c9c12518f8cebc7b9209e5e758
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84B012D126C0167C339461097D02D77114EC1C1B10730852EF208C0280E4440CC62435
                                                                                                                                                                                                                                          Function 006A9C4A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: 0cb7b3bc053f622efd72c2ce682685d7b939a3866ef4989a3089a72b9fb631aa
                                                                                                                                                                                                                                          • Instruction ID: 06f17b6ce9bed63bd62c6325bf1d90488add559483f07f6a91770f546ad08519
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cb7b3bc053f622efd72c2ce682685d7b939a3866ef4989a3089a72b9fb631aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCB012C126C016BC33646109BD02F77114EC1C1B10730852EF208C0290E4440C863431
                                                                                                                                                                                                                                          Function 006A9C40 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: 7731181b8f122cc375fe02bc3b914f13b4af0b5c26ce9cc2aba3404329008910
                                                                                                                                                                                                                                          • Instruction ID: 0ef00f7cdf9e3f5607d2dd2c4184b77d0ae45b3ffb7dbc4c200fd31e7d3dea6a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7731181b8f122cc375fe02bc3b914f13b4af0b5c26ce9cc2aba3404329008910
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9B012C126C116BC336461097C02EB7014EC1C1B10730462EF504C0280E4440CC93435
                                                                                                                                                                                                                                          Function 006A9C54 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: e60a1a3cece00b73d425d1d61f61e4090ca614d0a191017d49424e9d778da804
                                                                                                                                                                                                                                          • Instruction ID: ef2d704fa732cf4670b7d1af42b34e374d21a0d9ab43096c2e538c452a1ff839
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e60a1a3cece00b73d425d1d61f61e4090ca614d0a191017d49424e9d778da804
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BB012C126C016BC336461097C02F77015ED1C1B10730492EF104C02C0E4440C857431
                                                                                                                                                                                                                                          Function 006A9C2C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: 5d4e76f27a664072abbe908b9a5ef00e29e32d89a0299d7315392beffc59d456
                                                                                                                                                                                                                                          • Instruction ID: 8355ebaab66d2ddf04d7ef3ef42e019fa401865460f78ccf97816fdbbc3a2552
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d4e76f27a664072abbe908b9a5ef00e29e32d89a0299d7315392beffc59d456
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B012C226C11A7D335461097C02EB7019ED1C1B10730452EF104C0280D4440C856431
                                                                                                                                                                                                                                          Function 006A9C22 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: f894f334856010752378899334a2d748e21c4da03d6cc93033a7a3f61dc3c6c2
                                                                                                                                                                                                                                          • Instruction ID: 7d0c16ab0f0c5fd6ee1a8d523c5b01470c9e4e4ea528dd6f6e8fdd16f6131de0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f894f334856010752378899334a2d748e21c4da03d6cc93033a7a3f61dc3c6c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CB012D126C0167D335461097D02DB711CEC1C1B10B30852EF208C0280D4440C862431
                                                                                                                                                                                                                                          Function 006A9C36 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: d6e84f129e70c3d69ba2a799e27927662997d57c041ae2945099363c1d69f883
                                                                                                                                                                                                                                          • Instruction ID: 9eb6135e0284962a5e1363b3973bb680e1cdb0a8a09e1407c74127ae8d500811
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6e84f129e70c3d69ba2a799e27927662997d57c041ae2945099363c1d69f883
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03B012C126C026FC376461097C02E77014EC2C1B10730852EF504C0280E4444C853431
                                                                                                                                                                                                                                          Function 006A9C0E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: 0d1b466276ed7d00dc16ac5d13e71a455abb20fdaed98ab29a65996c558361fd
                                                                                                                                                                                                                                          • Instruction ID: dfff278a7409fea46be1ced6a1804710240e3d7b0b0f11ba6b1b64156c99ac7f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d1b466276ed7d00dc16ac5d13e71a455abb20fdaed98ab29a65996c558361fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2B012C126C026BD375461197C02DB7018EC2C1B10730852EF504C0280D4440C852431
                                                                                                                                                                                                                                          Function 006A9C04 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: 6bcd203594e29048b0abf78bf1ae60cf33d99c980457cbe7d8980d1874fae5aa
                                                                                                                                                                                                                                          • Instruction ID: 583a04768b81c4668e59d43dbb988b98006ef60e28292225b17017e8291da209
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bcd203594e29048b0abf78bf1ae60cf33d99c980457cbe7d8980d1874fae5aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96B012D126C0167C339461097C02E77015ED2C1B10730452EF104C0280D4440CC5A431
                                                                                                                                                                                                                                          Function 006A9C18 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                                                                            • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                                                                                          • Opcode ID: ca428adb816eb37b4a7b79bf9640853e54e7e745ad9552b67a89a93e4875119c
                                                                                                                                                                                                                                          • Instruction ID: 68a86a73ffc0042a1c86dcd94e025430fb486b1a6d0d9d9a6050bfcf882de271
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca428adb816eb37b4a7b79bf9640853e54e7e745ad9552b67a89a93e4875119c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8B012C526C1167D335461097C02DF7018EC1C1B10730462EF504C0280D4440CC92435
                                                                                                                                                                                                                                          Function 0065ECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                                                                          • Opcode ID: 2277c0a62549fe4e5fb37e40d1decc4953ca7a13ad463137fb7190b3215986f1
                                                                                                                                                                                                                                          • Instruction ID: 1d026951bde773ffcfa6d7a2c46bd992c3e1476bf25ad66e84269add77521795
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2277c0a62549fe4e5fb37e40d1decc4953ca7a13ad463137fb7190b3215986f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE0ED3B200519ABDB018B89EC84D9AFB6DEBD5371B04403BFA1487220D772ED25CBA0

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00660540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,D7A06B67), ref: 00660571
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 006605B7
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 006605DD
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 006605E9
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 006605F5
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00660601
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 0066060D
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 0066061C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 00660628
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 00660634
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 00660640
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 0066064C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 00660658
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,FreeSid), ref: 00660664
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 00660670
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 0066067C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,InitializeAcl), ref: 00660688
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,InitializeSid), ref: 00660694
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 006606A0
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 006606AC
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 006606B8
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 006606C4
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 006606D0
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetAce), ref: 006606DC
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DeleteAce), ref: 006606E8
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EqualSid), ref: 006606F4
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetAclInformation), ref: 00660700
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 0066070F
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 006607DE
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
                                                                                                                                                                                                                                          • String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
                                                                                                                                                                                                                                          • API String ID: 2701342527-838666417
                                                                                                                                                                                                                                          • Opcode ID: 78b6e48c2f496e86bc7d0faf6d65f89f4f52e629e4261855f17aaa3476bd72e7
                                                                                                                                                                                                                                          • Instruction ID: 1027173086d84179b35c3aa225d0f438ed64c3752dc32443d86031caebdbf4eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78b6e48c2f496e86bc7d0faf6d65f89f4f52e629e4261855f17aaa3476bd72e7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4812930940B19FEDF259F65C848BA6BFA2FF05395F00012AEA0466AE0D775B468CFC1
                                                                                                                                                                                                                                          Function 00678190 Relevance: 41.9, APIs: 7, Strings: 16, Instructions: 1638timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 0063463F: GetProcessHeap.KERNEL32(?,?,?,0065C2E1,?,?,?,D7A06B67,?,00000000), ref: 00634676
                                                                                                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32 ref: 00678539
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(D7A06B67,?), ref: 0067867A
                                                                                                                                                                                                                                            • Part of subcall function 00658690: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 006586D6
                                                                                                                                                                                                                                            • Part of subcall function 00658690: LoadResource.KERNEL32(00000000,00000000), ref: 006586E4
                                                                                                                                                                                                                                            • Part of subcall function 00658690: LockResource.KERNEL32(00000000), ref: 006586EF
                                                                                                                                                                                                                                            • Part of subcall function 00658690: SizeofResource.KERNEL32(00000000,00000000), ref: 006586FD
                                                                                                                                                                                                                                            • Part of subcall function 00658690: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00658764
                                                                                                                                                                                                                                            • Part of subcall function 00658690: LoadResource.KERNEL32(00000000,00000000), ref: 00658776
                                                                                                                                                                                                                                            • Part of subcall function 00658690: LockResource.KERNEL32(00000000), ref: 00658785
                                                                                                                                                                                                                                            • Part of subcall function 00658690: SizeofResource.KERNEL32(00000000,00000000), ref: 00658797
                                                                                                                                                                                                                                          • __floor_pentium4.LIBCMT ref: 00678C83
                                                                                                                                                                                                                                          • __floor_pentium4.LIBCMT ref: 00678CDF
                                                                                                                                                                                                                                          • __floor_pentium4.LIBCMT ref: 00678D37
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Resource$__floor_pentium4$FindLoadLockSizeofTime$ErrorHeapLastProcessSystemVariant
                                                                                                                                                                                                                                          • String ID: $GetAsSystemTime failed: %d$Invalid DateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::FormatDateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::Substitute$TOMORROW$YESTERDAY$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateSubstitution.cpp$epoch$failed to convert date element(s) to int: year = %s, month = %s, day = %s$failed to convert epoch date: %s$failed to parse day: %s$failed to parse month: %s$failed to parse year: %s$string %s does not have %d symbols starting index %d$yyyy
                                                                                                                                                                                                                                          • API String ID: 3108935575-1381540002
                                                                                                                                                                                                                                          • Opcode ID: d8f26a068208b7de414c7a6c790331603510482aaa7336e72c51b62f892f90ff
                                                                                                                                                                                                                                          • Instruction ID: 0ad28f79146670a73d0fdc5691434686df51e52f7642c65b6029d755343f95fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8f26a068208b7de414c7a6c790331603510482aaa7336e72c51b62f892f90ff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67E2AD71A00218CFDB24DF68CC55BEEB7B6AF45304F10829DE419A7291EB34AE85CF95
                                                                                                                                                                                                                                          Function 0067F3C0 Relevance: 33.7, APIs: 13, Strings: 6, Instructions: 463encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0067F442
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0067F488
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0067F4C6
                                                                                                                                                                                                                                          • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0067F527
                                                                                                                                                                                                                                          • CertGetNameStringW.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 0067F5AD
                                                                                                                                                                                                                                          • CertGetNameStringW.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 0067F602
                                                                                                                                                                                                                                          • CertGetCertificateChain.CRYPT32(00000000,?,?,00000000,00000010,00000000,00000000,?), ref: 0067F89C
                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(00000000), ref: 0067F8B1
                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(00000000), ref: 0067F8CB
                                                                                                                                                                                                                                            • Part of subcall function 0067E760: CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 0067E877
                                                                                                                                                                                                                                          • CertVerifyCertificateChainPolicy.CRYPT32(00000003,00000000,0000000C,00000014), ref: 0067F906
                                                                                                                                                                                                                                          • CertFreeCertificateChain.CRYPT32(00000000), ref: 0067F942
                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(?), ref: 0067FA73
                                                                                                                                                                                                                                          • CertFreeCRLContext.CRYPT32(00000000), ref: 0067FAA6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Cert$Certificate$ChainFree$ContextCryptParam$NameString$FromPolicyPropertyStoreSubjectVerify
                                                                                                                                                                                                                                          • String ID: 4$Intel Corporation$McAfee, Inc.$McAfee, LLC$McAfee, LLC.$Yahoo! Inc.
                                                                                                                                                                                                                                          • API String ID: 2452394995-549729705
                                                                                                                                                                                                                                          • Opcode ID: 339cfe462ba162c392936e8b9cfefa88d31d87087fa224efcedbec50b1bb0133
                                                                                                                                                                                                                                          • Instruction ID: d026d2f4069337c8b9245d892bfeebe20ebdf6aec6a92cbac723015e8f48b396
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 339cfe462ba162c392936e8b9cfefa88d31d87087fa224efcedbec50b1bb0133
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4127E71900229DBDB709F24CC49BEAB7B6AF29714F0481E9E90DA7351E7359E84CF60
                                                                                                                                                                                                                                          Function 0067EB60 Relevance: 27.5, APIs: 18, Instructions: 477encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001,0066BDCE,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0067EBD2
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067EBE4
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067EBF4
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067ECEE
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067ECFE
                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0067EDEE
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067EE0A
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067EE1C
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067EEB6
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067EEC2
                                                                                                                                                                                                                                            • Part of subcall function 0067F3C0: CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0067F442
                                                                                                                                                                                                                                            • Part of subcall function 0067F3C0: CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0067F488
                                                                                                                                                                                                                                            • Part of subcall function 0067F3C0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0067F4C6
                                                                                                                                                                                                                                            • Part of subcall function 0067F3C0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0067F527
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067EF02
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067EF14
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067EFAE
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067EFBA
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067EFDA
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067EFEA
                                                                                                                                                                                                                                          • CryptMsgClose.CRYPT32(00000000), ref: 0067F0CB
                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(00000000,00000001), ref: 0067F0DB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2648890560-0
                                                                                                                                                                                                                                          • Opcode ID: 637643f8c90461b0d1a446aa4a13f94264e0aa46e7378ac604e28976a6b962a7
                                                                                                                                                                                                                                          • Instruction ID: 308ace6e1452b69f7c53337588227116db2e911ab72cfd7ae09f4ad086baf4ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 637643f8c90461b0d1a446aa4a13f94264e0aa46e7378ac604e28976a6b962a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0025F71E002099BEF14DFA8CD99BEEBBB9AF08304F148559E505FB381D7799A04CB64
                                                                                                                                                                                                                                          Function 00672B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,D7A06B67,00000000,?,00000000,?,00673AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00672B73
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 00672B98
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Controller), ref: 00672BA7
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Release), ref: 00672BC8
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00672C46
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00672CC3
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00673AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 00672CCB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Release, xrefs: 00672BC2
                                                                                                                                                                                                                                          • Controller, xrefs: 00672B9E
                                                                                                                                                                                                                                          • Dispatcher, xrefs: 00672B92
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 00672CE4
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 00672CDF
                                                                                                                                                                                                                                          • Failed to load library %s. Error 0x%08X, xrefs: 00672CD5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressLibraryProc$Free$ErrorLastLoad
                                                                                                                                                                                                                                          • String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
                                                                                                                                                                                                                                          • API String ID: 2058215185-435243658
                                                                                                                                                                                                                                          • Opcode ID: b08449fa0041e7b1a2f8314299935ebecc039d4ec3c7110750455bdd1c4921cc
                                                                                                                                                                                                                                          • Instruction ID: a81cd2c4e2ee13209dfd4fbf7f651bc69bf26dfdb6caa6dc7579f65562210391
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b08449fa0041e7b1a2f8314299935ebecc039d4ec3c7110750455bdd1c4921cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6418BB1A00319DFD7008FA9C954BAEBBF6FF18710F01816AE509AB391D7B58940CFA5
                                                                                                                                                                                                                                          Function 0068B4F0 Relevance: 22.2, Strings: 17, Instructions: 999COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF8)$no error
                                                                                                                                                                                                                                          • API String ID: 0-2110857069
                                                                                                                                                                                                                                          • Opcode ID: 7f3f09c46e54fa7f15079392839221de94fb5e276e60866ad74dd617fd68bcc0
                                                                                                                                                                                                                                          • Instruction ID: ab43dbd6ebcbb00450d3eda071eb66093addcf651eb650f53a1393af985a5fdd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f3f09c46e54fa7f15079392839221de94fb5e276e60866ad74dd617fd68bcc0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E929F71D002299FDB28DF14CC907E9BBB6AF49314F0442E9EA59A7381E7709E85CF90
                                                                                                                                                                                                                                          Function 0062A610 Relevance: 21.9, APIs: 3, Strings: 9, Instructions: 886COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062ABD1
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062ABD6
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062B256
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID: (#r$)$/$8"r$@#r$X#r$YSTEM$p#r$"r
                                                                                                                                                                                                                                          • API String ID: 118556049-2067382064
                                                                                                                                                                                                                                          • Opcode ID: 7a134dde3673208fe9247eb4ef198cc8b2d4869f965e3c697d9b472e8e865adb
                                                                                                                                                                                                                                          • Instruction ID: 36facb8c77944ebc811e7ff7db8cdcb9175769909f00bbd4242c6998124513ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a134dde3673208fe9247eb4ef198cc8b2d4869f965e3c697d9b472e8e865adb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 257232B1D00224DFDB24CF64D8157AE77B6FB09300F20466DE41AA7392EB799A85CF46
                                                                                                                                                                                                                                          Function 00622B00 Relevance: 21.9, APIs: 3, Strings: 9, Instructions: 886COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006230C1
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006230C6
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00623746
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID: r$)$/$0r$8r$Hr$YSTEM$`r$xr
                                                                                                                                                                                                                                          • API String ID: 118556049-2116287919
                                                                                                                                                                                                                                          • Opcode ID: a360580568a0869d11bda7f133d69fda787d36e9bcb7be86a4784461a71563b0
                                                                                                                                                                                                                                          • Instruction ID: 4829bc0fd7edc723582a3451b2cd5491aeaf8dfc3a04ca62832052f1a69a11b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a360580568a0869d11bda7f133d69fda787d36e9bcb7be86a4784461a71563b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A67226B1D00264DFDF24DF24D8157AE77B6EB09300F20466DE45AA7392EB399A84CF94
                                                                                                                                                                                                                                          Function 00646220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?), ref: 00646268
                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00646274
                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 006463BF
                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006463DF
                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006463FC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • 3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 0064671E
                                                                                                                                                                                                                                          • al exception rule %x:%x res %s, xrefs: 0064632E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
                                                                                                                                                                                                                                          • String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
                                                                                                                                                                                                                                          • API String ID: 3004248768-911235813
                                                                                                                                                                                                                                          • Opcode ID: d1ebe5a77f72d119fd3ffa3c19f0c603a4de26ca758d4e0b38471345026ba9b4
                                                                                                                                                                                                                                          • Instruction ID: fec2cfa6a67a4ec0d7e25472b9c9498154802363d5d7330049da0e07ece11593
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1ebe5a77f72d119fd3ffa3c19f0c603a4de26ca758d4e0b38471345026ba9b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F10935B012289FDB259F14CC95BEDB7B6BF48710F154099EA0AAB391CB70AE41CF91
                                                                                                                                                                                                                                          Function 006467B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 006467F3
                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006467FB
                                                                                                                                                                                                                                          • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 0064687F
                                                                                                                                                                                                                                          • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0064689F
                                                                                                                                                                                                                                          • CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 006468BC
                                                                                                                                                                                                                                          • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 006468DE
                                                                                                                                                                                                                                          • CryptDestroyHash.ADVAPI32(00000000), ref: 006468EF
                                                                                                                                                                                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00646902
                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 00646951
                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00646980
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Freeing access handle %p, xrefs: 006467D0
                                                                                                                                                                                                                                          • al exception rule %x:%x res %s, xrefs: 00646824
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
                                                                                                                                                                                                                                          • String ID: Freeing access handle %p$al exception rule %x:%x res %s
                                                                                                                                                                                                                                          • API String ID: 581428007-3582322424
                                                                                                                                                                                                                                          • Opcode ID: c6c602b2230c1d53d8969a9f64ed15ea2f6b7c3a6eb0bb80d3406dd98a8c0572
                                                                                                                                                                                                                                          • Instruction ID: f8b7d884487c902d9b1cf0c676fd5e90d53beda77ce7ea560e090ddf06d5069c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6c602b2230c1d53d8969a9f64ed15ea2f6b7c3a6eb0bb80d3406dd98a8c0572
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40518571A00319ABDB208F60DC89FDA77B9AB15710F144295FA04EA2D0DBF0EE94CF65
                                                                                                                                                                                                                                          Function 0062CF40 Relevance: 20.1, APIs: 3, Strings: 8, Instructions: 886COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062D501
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062D506
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0062DB86
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID: +r$)$/$8+r$P+r$YSTEM$h+r$+r
                                                                                                                                                                                                                                          • API String ID: 118556049-2594505392
                                                                                                                                                                                                                                          • Opcode ID: 49911f33eb54f83fa81ec1b3db303dfb224800bfaa107032e1eee6dc2df0cbe1
                                                                                                                                                                                                                                          • Instruction ID: a0dc8c65b4218074ef939513b898697c50e8da60135c8cd213d216045623726e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49911f33eb54f83fa81ec1b3db303dfb224800bfaa107032e1eee6dc2df0cbe1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D7240B1D00264DFDB24DF24D8117AE77B6AB09304F20466DE42AE7392EB39DA85CF45
                                                                                                                                                                                                                                          Function 0067A540 Relevance: 15.8, Strings: 12, Instructions: 846COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • invalid substitutor, xrefs: 0067A9F8
                                                                                                                                                                                                                                          • [DATE:TODAY], xrefs: 0067AA28
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied, xrefs: 0067A9FF, 0067B07E
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp, xrefs: 0067A95B, 0067AA04, 0067B083
                                                                                                                                                                                                                                          • stol argument out of range, xrefs: 0067A991
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl, xrefs: 0067A956
                                                                                                                                                                                                                                          • NEQ, xrefs: 0067A8CD
                                                                                                                                                                                                                                          • Unknown comparison operator: %s, xrefs: 0067A94F
                                                                                                                                                                                                                                          • invalid stol argument, xrefs: 0067A987
                                                                                                                                                                                                                                          • failed to parse date from name: %s, xrefs: 0067A5B2
                                                                                                                                                                                                                                          • failed to parse date from value: %s, xrefs: 0067A63C
                                                                                                                                                                                                                                          • Unable to substitute the arguments, xrefs: 0067B077
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$SystemVariant
                                                                                                                                                                                                                                          • String ID: NEQ$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$Unknown comparison operator: %s$[DATE:TODAY]$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp$failed to parse date from name: %s$failed to parse date from value: %s$invalid stol argument$invalid substitutor$stol argument out of range
                                                                                                                                                                                                                                          • API String ID: 352189841-3100175478
                                                                                                                                                                                                                                          • Opcode ID: 11f88d83e61dbf698716c2a9714816296eb20ddac9c49753cd2111b426d0d790
                                                                                                                                                                                                                                          • Instruction ID: cae700a0dfe1347a21e8dc63a36155e267e83f4c4ef06f949c2e0163897832e4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11f88d83e61dbf698716c2a9714816296eb20ddac9c49753cd2111b426d0d790
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4472C071D002189ACF25DFA4C841BEEB7B6BF55304F10829DE40ABB381EB346A85CF95
                                                                                                                                                                                                                                          Function 006828A0 Relevance: 13.0, Strings: 10, Instructions: 464COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Encountered SEND_EVENT, but no event reporter was defined$Invalid$Invalid arguments passed to SEND_EVENT command$NWebAdvisor::NXmlUpdater::CSendEventCommand::Execute$Name$Unable to substitute variables for the SEND_EVENT command$Unexpected call to legacy SEND_EVENT command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SendEventCommand.cpp$default$invalid substitutor
                                                                                                                                                                                                                                          • API String ID: 0-494503603
                                                                                                                                                                                                                                          • Opcode ID: 1897cc90f1c74cd900064b22568574960d4e9e20fcd57190fe501a9564e851d9
                                                                                                                                                                                                                                          • Instruction ID: ff7b1237a497c4e51b9a091c367bda011dd167430b6c9a00fea367c4f242a501
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1897cc90f1c74cd900064b22568574960d4e9e20fcd57190fe501a9564e851d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 830273B0A41209AFDF50EF90C966BEE77B6AF08704F110558F5057B381DBB59E08CBA5
                                                                                                                                                                                                                                          Function 00625400 Relevance: 11.4, APIs: 3, Strings: 3, Instructions: 918COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006259C1
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006259C6
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00626066
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID: )$/$YSTEM
                                                                                                                                                                                                                                          • API String ID: 118556049-314724184
                                                                                                                                                                                                                                          • Opcode ID: be48b3c7279f0f8b1da680e7852917711b4474558137c607c050e9f5d999f3a1
                                                                                                                                                                                                                                          • Instruction ID: 65fbbf389080fbeaa4eeb104dae7e8f85e49323fe98637ad3a2e7ad3666fd727
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be48b3c7279f0f8b1da680e7852917711b4474558137c607c050e9f5d999f3a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63720CB1E00A64CFDB249F24D8157AE77B6BB19310F20426DE42BE7391EB359A84CF45
                                                                                                                                                                                                                                          Function 0067F150 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 342encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0067F442
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0067F488
                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0067F4C6
                                                                                                                                                                                                                                          • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0067F527
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CryptParam$CertCertificateFromStoreSubject
                                                                                                                                                                                                                                          • String ID: 1.3.6.1.4.1.311.2.4.1
                                                                                                                                                                                                                                          • API String ID: 738114118-146536318
                                                                                                                                                                                                                                          • Opcode ID: 6b12e06660c2f4962bb523ef6b540251617940c0220fedffbaffb90832ad10bd
                                                                                                                                                                                                                                          • Instruction ID: 0ffb500d85cf0fc3a7556a8843aff3e3439e4f9dbabece690d6ca75e6f8c1d5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b12e06660c2f4962bb523ef6b540251617940c0220fedffbaffb90832ad10bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77D16671D002199FCB64DF64C885BEEBBB6EF49710F1081A9E819A7341DB35AE44CFA0
                                                                                                                                                                                                                                          Function 006CCFDB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D0B
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D41
                                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 006CD0E7
                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 006CD130
                                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 006CD13F
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 006CD187
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 006CD1A6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                          • String ID: (3p
                                                                                                                                                                                                                                          • API String ID: 949163717-1836177990
                                                                                                                                                                                                                                          • Opcode ID: 6f54fc12e99d9756f8589e3912c65dd06c91a77d600e811d94b7d9d9192719eb
                                                                                                                                                                                                                                          • Instruction ID: 1303eb1ca2b355102e480e16d1a5e02033920aa428c9c9ccc77a9fb9779b06f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f54fc12e99d9756f8589e3912c65dd06c91a77d600e811d94b7d9d9192719eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64516C71A00206AADB10DFA8CC81FFA77BAFF09700F14457DE915EB290EB719945CB65
                                                                                                                                                                                                                                          Function 00686D43 Relevance: 10.7, Strings: 8, Instructions: 655COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: @$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$^$alpha
                                                                                                                                                                                                                                          • API String ID: 0-4118445655
                                                                                                                                                                                                                                          • Opcode ID: de63ab175f4ba389621c8e9cb9ced9380e724779a34016ca92f18dfc44f3c5ba
                                                                                                                                                                                                                                          • Instruction ID: 7a112f7ab1d829ce61234eb3117df7564ff3d421eb4aa5170ee026666950045f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de63ab175f4ba389621c8e9cb9ced9380e724779a34016ca92f18dfc44f3c5ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8428F70D083588FDF25DF64C8907EDBBB2AF1A314F284299D989AB352D7309D86CB51
                                                                                                                                                                                                                                          Function 006CCE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,006CD124,00000002,00000000,?,?,?,006CD124,?,00000000), ref: 006CCE9F
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,006CD124,00000002,00000000,?,?,?,006CD124,?,00000000), ref: 006CCEC8
                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,006CD124,?,00000000), ref: 006CCEDD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                          • Opcode ID: 93bfeb9d5a16790e015e4b9070bf6887587201ad4972243ae6e7405489dc9891
                                                                                                                                                                                                                                          • Instruction ID: 888b51f62613598bdd90c5f3967bb8cffaa5c46bf25d0530d02da21c5c501240
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93bfeb9d5a16790e015e4b9070bf6887587201ad4972243ae6e7405489dc9891
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96217132600201AAEB348B65C940FF772A7EF5AB74B56846DE90EDB344E732DE41C390
                                                                                                                                                                                                                                          Function 00690660 Relevance: 8.5, Strings: 6, Instructions: 986COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$qGh
                                                                                                                                                                                                                                          • API String ID: 0-1198645378
                                                                                                                                                                                                                                          • Opcode ID: bece6142518f50c2a4327399b5a4926da784bcbd17a99d587773dc8e7bd3eac9
                                                                                                                                                                                                                                          • Instruction ID: 3bebd6b684d45224e47290aeaba1a4607e8e2ec7ca085f9195ccf42fe6d473d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bece6142518f50c2a4327399b5a4926da784bcbd17a99d587773dc8e7bd3eac9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C824975A002598FEF24CF58C8807EDB7BAAF45314F2442EAD859ABB81D7319E85CF50
                                                                                                                                                                                                                                          Function 0066D2C0 Relevance: 8.0, Strings: 6, Instructions: 504COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: expected ' or "$expected =$expected >$expected element name$invalid numeric character entity$unexpected end of data
                                                                                                                                                                                                                                          • API String ID: 0-1758782166
                                                                                                                                                                                                                                          • Opcode ID: 6cf57104036503179e6b786c1f67ced0ca1ebdf2900bb842d037c2783c1cbfc2
                                                                                                                                                                                                                                          • Instruction ID: 3b31715455aaf6051ed6ab8dc9bbbb2720278a9e74d372857e8de4a534463afa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cf57104036503179e6b786c1f67ced0ca1ebdf2900bb842d037c2783c1cbfc2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D702E4B0A042509FC728CF29C4957B6BBF2FF55304F28859EE49A8B392E7759D41CB90
                                                                                                                                                                                                                                          Function 006A93F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006A93FE
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 006A94CA
                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006A94EA
                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 006A94F4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                                          • Opcode ID: 2e50169c3d7e7006ddb7ad187a735b27e3c3c611917c6c1e92c2fd32afa19961
                                                                                                                                                                                                                                          • Instruction ID: 09393679e80f8f0af769db5223f9d7b73f3943c775b044b8dfe7c2cac0536cd0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e50169c3d7e7006ddb7ad187a735b27e3c3c611917c6c1e92c2fd32afa19961
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F310775D0131C9BDB51EFA4D98ABCDBBB8AF08304F1041AAE509AB250EB719B858F15
                                                                                                                                                                                                                                          Function 006883A0 Relevance: 5.5, Strings: 4, Instructions: 532COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: )$)$:$\b(?=\w)
                                                                                                                                                                                                                                          • API String ID: 0-1096454370
                                                                                                                                                                                                                                          • Opcode ID: e522c78f846151cb3f774427357edd76dd9c8ce959b22e66a4521da1633ba5d5
                                                                                                                                                                                                                                          • Instruction ID: 716806f5cbce3012527663732c153df901c1f18f62e0d37f5e87e5cdcb84412b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e522c78f846151cb3f774427357edd76dd9c8ce959b22e66a4521da1633ba5d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06324E74D04219CFDB25DF68C8807ADBBB2BF09314F18829AD85AAB351C7759D46CF60
                                                                                                                                                                                                                                          Function 006CCA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D0B
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D41
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCAD4
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCB1E
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCBE4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140898709-0
                                                                                                                                                                                                                                          • Opcode ID: 46bd1c2da4a399f18a46c7744d3c8683821963ae2b71c6e1caea7730218c291c
                                                                                                                                                                                                                                          • Instruction ID: 1ffc1f3e152425ea3a6a35be5114c3373bdb33360f4892b8b7e8db1cbb678ea3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46bd1c2da4a399f18a46c7744d3c8683821963ae2b71c6e1caea7730218c291c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B619D719002079FEB289F68CC92FBA77AAEF14320F1440BEE909C6685E735DD81DB50
                                                                                                                                                                                                                                          Function 006AD453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,007280CC), ref: 006AD54B
                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,007280CC), ref: 006AD555
                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,007280CC), ref: 006AD562
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                          • Opcode ID: b120bdaad98b55c581f2e121c5bb479de19a8ff959ea6c5b0959ed76e87cc7fe
                                                                                                                                                                                                                                          • Instruction ID: 8e06cf45f6a29dfebbde7b613981b42071dbb84dc20997b856a07b8ec4c40659
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b120bdaad98b55c581f2e121c5bb479de19a8ff959ea6c5b0959ed76e87cc7fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0231C674D01218ABCB61EF68D8897CDBBB9BF18310F5041EAE40CA7250EB709F858F45
                                                                                                                                                                                                                                          Function 00658EA0 Relevance: 3.6, APIs: 2, Instructions: 635COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006591DE
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0065952E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                                                          • Opcode ID: abb27f7395c76006a102234235d1697e6dc95af49aeb4ca9e0b5eac967069e59
                                                                                                                                                                                                                                          • Instruction ID: 5f7b674fca03ccf4b405c7773cd5ba03cc446c439423552801716113fc5663fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abb27f7395c76006a102234235d1697e6dc95af49aeb4ca9e0b5eac967069e59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A722BD72D10229EFCF24DFA8DC41AAEB7B6FF49311F144229F815A7291DB309D058BA5
                                                                                                                                                                                                                                          Function 006BB340 Relevance: 3.4, APIs: 2, Instructions: 450COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                                                                          • Instruction ID: c0d84d3bb782b4d24fb2469b6b0bf46e6b5e03aebd5ac25ae23be47ef0c685a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F11DB1E002199FDF14CFA9C8906EDBBB2FF88314F258269D819A7345D771AD41CB94
                                                                                                                                                                                                                                          Function 006C70B4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,006B5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480), ref: 006C703D
                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(?,?,006B5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480,?), ref: 006C7054
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DebugDebuggerOutputPresentString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4086329628-0
                                                                                                                                                                                                                                          • Opcode ID: 34a17b171d40efef600a0cefbb86ced5764358788c8f2aae6761cc463e1323b0
                                                                                                                                                                                                                                          • Instruction ID: 475f94a1bf3b811cb0b100b4123446b66d78339eac50614894843ca7200d67e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34a17b171d40efef600a0cefbb86ced5764358788c8f2aae6761cc463e1323b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A012BB12482597BDB606A509C46FBF3B4FEF01361F24000CFD05C7241CE22D9029BBA
                                                                                                                                                                                                                                          Function 006C14AF Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,006C14AA,?,?,00000008,?,?,006D0D68,00000000), ref: 006C16DC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                          • Opcode ID: ddac1f75ef1c1b5663b0d42162b1134b1369f8167af99a207942468d036595b3
                                                                                                                                                                                                                                          • Instruction ID: e26aadb8e33d2a8515717ff76d399df542e9c0e70e8e161a852c8fb2ea3e1eca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddac1f75ef1c1b5663b0d42162b1134b1369f8167af99a207942468d036595b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35B119756106048FD715CF28C496FA57BA2FF46364F29865CE89ACF3A2C335E992CB40
                                                                                                                                                                                                                                          Function 006A9215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 006A922B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                                                                          • Opcode ID: 14d68f85861995b6ec883593a0e38d105464843dbf853c04ae69d456c980faad
                                                                                                                                                                                                                                          • Instruction ID: a7f36a62bb5226ca530301f381b079f0eef3150d82e73cddd4524ca5d7b97065
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14d68f85861995b6ec883593a0e38d105464843dbf853c04ae69d456c980faad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 425176B1A112159FEB28CF68D9857AEBBF1FB49310F24856AC405EB3A0D3789D00CF64
                                                                                                                                                                                                                                          Function 006CCCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D0B
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D41
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCD34
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2003897158-0
                                                                                                                                                                                                                                          • Opcode ID: 75b611c17b33874040ef3a22a0b230538eb7b88acf45a2eb7dfe068904ae4ab5
                                                                                                                                                                                                                                          • Instruction ID: 13c8866ce92bb46738e45a7141f9d37dca39bc1d73d883c4bae6ab28d087eb15
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75b611c17b33874040ef3a22a0b230538eb7b88acf45a2eb7dfe068904ae4ab5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC2198725102069BDB18AB25DC52FBA77AEEF45321B14007EFD0AD6241EB35ED44CB54
                                                                                                                                                                                                                                          Function 006CC952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(006CCA80,00000001,00000000,?,-00000050,?,006CD0BB,00000000,?,?,?,00000055,?), ref: 006CC9C4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                          • Opcode ID: 790fc4a002fa29b7669707dba0c2a58e76e3c462c87401d6e7682505ba307e38
                                                                                                                                                                                                                                          • Instruction ID: 2eb487a0f9e6691ddd21df117c91ab63e7959cbb980067487538b00118db2c16
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 790fc4a002fa29b7669707dba0c2a58e76e3c462c87401d6e7682505ba307e38
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4911E5376007059FDB189F79C891ABABB93FF84369B19442DE98B87B40D771B942C740
                                                                                                                                                                                                                                          Function 006CCF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,006CCC9C,00000000,00000000,?), ref: 006CCF38
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                                          • Opcode ID: 18e11cb425e1d63d5d26e89767c9a5904538e03994de8df5e99670528d397727
                                                                                                                                                                                                                                          • Instruction ID: d4f070dfc6bec0170d2c687d73b63110132faa83b813884632106505f92b18bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18e11cb425e1d63d5d26e89767c9a5904538e03994de8df5e99670528d397727
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F0F932910115BBDB249764C805FFA7B5BEF40764F15442CED29A3280DA74FE41C690
                                                                                                                                                                                                                                          Function 006CC9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(006CCCE0,00000001,?,?,-00000050,?,006CD07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 006CCA37
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                          • Opcode ID: 343b03d06c390be7137c7058bd2f254079d358e0af7186008d072118f3a9173d
                                                                                                                                                                                                                                          • Instruction ID: 9d5e04a943cd88c34299c23a9314b403d3a6d1892c0e90e0ed67fc545741d2c1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 343b03d06c390be7137c7058bd2f254079d358e0af7186008d072118f3a9173d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0F0F6362003485FDB14DF79DC85FBA7B96EF81378B05442DF9498B691C671AC42C650
                                                                                                                                                                                                                                          Function 006CC907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(006CC860,00000001,?,?,?,006CD0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 006CC93E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                          • Opcode ID: 2adfa104aa50723e809d9e407f00a3e6da32ddd340a1a7653080bcf4b2ecb9bb
                                                                                                                                                                                                                                          • Instruction ID: f6edf483da304678d53c43319541e3607e5f8aa68741a2d721285afc4c075215
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2adfa104aa50723e809d9e407f00a3e6da32ddd340a1a7653080bcf4b2ecb9bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5F0553630020457CB059F7ADC46BBABF9AEFC2B20B06405DFA098B251C2329942C790
                                                                                                                                                                                                                                          Function 006C45DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,006C0C61,?,20001004,00000000,00000002,?,?,006C024C), ref: 006C460E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                          • Opcode ID: 2e3b331632e0a8b2d442afd565a0c470a4c0bf61aeeea592dc293e5a3950bb99
                                                                                                                                                                                                                                          • Instruction ID: d9472f7839a7c9f510055153c104b79bae76d9bdb72620dfe4b49710d994f3c7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e3b331632e0a8b2d442afd565a0c470a4c0bf61aeeea592dc293e5a3950bb99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44E04F31540268BBCF126F61EC14FEE3E2BEF45761F014019FD1566225CF328961AAE8
                                                                                                                                                                                                                                          Function 0067E610 Relevance: 1.5, APIs: 1, Instructions: 6encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCrypt
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1563465135-0
                                                                                                                                                                                                                                          • Opcode ID: 9b4e989c9f46a585144c15705f97d3c515f1728da222521ff049d128d31cee3a
                                                                                                                                                                                                                                          • Instruction ID: 17cf4f9950a92cd95dd8dd41d20ba56a48f1fc368bac8cc554a9b4d691698046
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b4e989c9f46a585144c15705f97d3c515f1728da222521ff049d128d31cee3a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BB01270600101479F608B72890C80132599A0030131840846208C1010D635C800C918
                                                                                                                                                                                                                                          Function 006B0B4B Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                          • Opcode ID: 694661c955dd1f6be3db64704972191672964fd7b7a4c310c165235dde51a672
                                                                                                                                                                                                                                          • Instruction ID: b07b7196fdcf8c62b3e8b72af307fd3d9723c11edddd2163a82a1a60b99c9835
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 694661c955dd1f6be3db64704972191672964fd7b7a4c310c165235dde51a672
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84614AF06006086AFB389A688491BFF7FA7AF41704F64062DE582DB3C1DB729DC28745
                                                                                                                                                                                                                                          Function 006847C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 0-336475711
                                                                                                                                                                                                                                          • Opcode ID: 6a864c69e76747ac6da25b64e77dd1d4b87131740a8295e01b471550c62d413b
                                                                                                                                                                                                                                          • Instruction ID: 190899f6a93109fc995ae1021364db2fa6e4d6c4249a34310f6ab9d470f39bb6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a864c69e76747ac6da25b64e77dd1d4b87131740a8295e01b471550c62d413b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2413DA7A01249EFEF11AE5894937DFFBA5DB72300F44419DD8001B383E965870BC7A2
                                                                                                                                                                                                                                          Function 0063463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006A88FA: EnterCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,D7A06B67,?,00641171,?), ref: 006A8905
                                                                                                                                                                                                                                            • Part of subcall function 006A88FA: LeaveCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,D7A06B67,?,00641171,?), ref: 006A8942
                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(?,?,?,0065C2E1,?,?,?,D7A06B67,?,00000000), ref: 00634676
                                                                                                                                                                                                                                            • Part of subcall function 006A88B0: EnterCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88BA
                                                                                                                                                                                                                                            • Part of subcall function 006A88B0: LeaveCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88ED
                                                                                                                                                                                                                                            • Part of subcall function 006A88B0: RtlWakeAllConditionVariable.NTDLL ref: 006A8964
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 325507722-0
                                                                                                                                                                                                                                          • Opcode ID: 9457515a044658ed1abae757ce9566d11690ce84786826b287bb29381f8f9a57
                                                                                                                                                                                                                                          • Instruction ID: e3a77505a0d2e9b171f03404c877c56c62b4ab5e974523ffbf391b6e9050b8cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9457515a044658ed1abae757ce9566d11690ce84786826b287bb29381f8f9a57
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D711D331502700DFE3F0AB28FC06B4677A1A706324F148129E704CB2A1DF7E284E8B6E
                                                                                                                                                                                                                                          Function 006C4619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • GetSystemTimePreciseAsFileTime, xrefs: 006C4629
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                                          • API String ID: 0-595813830
                                                                                                                                                                                                                                          • Opcode ID: e96f98c02b00d42c2a53f8cae350a83f56a1d8d53b21cb0b81a0cc69d03a8768
                                                                                                                                                                                                                                          • Instruction ID: f318ae30f2cac85d3165987bfa6d462cc5d48d754886bef99f1a231af6b9e464
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e96f98c02b00d42c2a53f8cae350a83f56a1d8d53b21cb0b81a0cc69d03a8768
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E0C273780328B7C22076916C0AFBA7E5ACB40BB1F040122FF086A2928DA6491186E9
                                                                                                                                                                                                                                          Function 006D68E0 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                                                                          • Instruction ID: 376d7daca5838c92f07200c351ea84c3978355ed64f99302b4fe1e49387b4cd0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B325FB3F515145BDB0CCE5DCC927ECB3E3AF98214B0E813DA81AD7345EA78D9158A84
                                                                                                                                                                                                                                          Function 006C8609 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4fd3676e06c7041ad82782344334a35b37fb582d49fc19ddf0354f6dbdadef35
                                                                                                                                                                                                                                          • Instruction ID: df3a3d5d652b1700dc6b095818d90673108fc679e836b2b8929ceab90231ff05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fd3676e06c7041ad82782344334a35b37fb582d49fc19ddf0354f6dbdadef35
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07320922E29F418DD7335634CC253356249EFB73C5F15D72BE81AB5AA6EF29C8834104
                                                                                                                                                                                                                                          Function 006B0DB0 Relevance: .2, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a537395111b52f5d7857f5c91b0bd563496db058bf297862494194e06ce498eb
                                                                                                                                                                                                                                          • Instruction ID: 252c68ac94d926a402b9a1f1ee98889e1a16f30aed404e9a046bdb60f968c613
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a537395111b52f5d7857f5c91b0bd563496db058bf297862494194e06ce498eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B56128F07002096AFB389A6888917FF7B9BAB46700F94092DE942DB381DB61DDC78355
                                                                                                                                                                                                                                          Function 006B0919 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                                                                          • Instruction ID: d53201f7125addee5cb696e54b561b19a0fc5cbe7cda9594df93f606c916f312
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 955149F0640748AAFF38AA2884957FFBF9B9B02304F14591ED486EB393D6119EC58356
                                                                                                                                                                                                                                          Function 006B933A Relevance: .2, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                                                                          • Instruction ID: 54f71a5656db1c51959f722fb89a3b77f5d8c157f24ad30e155cbdb94e457e4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE516F71E00119AFDF04CF99C981AEEBBB6EF89304F19805DE905AB341D7349E91DBA0
                                                                                                                                                                                                                                          Function 05AACEE5 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2444105122.0000000005AA4000.00000004.00000020.00020000.00000000.sdmp, Offset: 05AA4000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_5aa4000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ec9607be7e37da490671a285e8bf4b2dc2b6cde13ca0bd0935e78d53964a70a0
                                                                                                                                                                                                                                          • Instruction ID: a423c593532aa93a3f2bdbc4e0455662335f817dae5fda4b58a510e20fc6754e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec9607be7e37da490671a285e8bf4b2dc2b6cde13ca0bd0935e78d53964a70a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF518C315497D29FD7038B74C895BA3BFA5AF03320B2A45E9E4C18F413E3755926CBA2
                                                                                                                                                                                                                                          Function 006D0AB2 Relevance: .1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a7045e63899fe05e97e16d6f0f6a4805f70e201591777631c07312aff81a4ff7
                                                                                                                                                                                                                                          • Instruction ID: 45aae1be6d5f13d3bb02dea444d4986d1e9e9dce39a9a2c22fb6380c6d160cf7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7045e63899fe05e97e16d6f0f6a4805f70e201591777631c07312aff81a4ff7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD21B373F204394B7B0CC47E8C522BDB6E1C68C601745823EE8A6EA3C1D968D917E2E4
                                                                                                                                                                                                                                          Function 006D0992 Relevance: .1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 54eb52936630cf71eb5e1c5f57d600af5345dcde591f2ad596d2b92939ed6e53
                                                                                                                                                                                                                                          • Instruction ID: df1e097f08383dc98d6154fdd883e46d7fee1ecc3dfe9a36c7d199507f82e376
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54eb52936630cf71eb5e1c5f57d600af5345dcde591f2ad596d2b92939ed6e53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2117323F30C255A775C816D8C172BAA5D6EBD825070F533AE826EB384E9A4DE13D290
                                                                                                                                                                                                                                          Function 006AADD0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                          • Instruction ID: 508965b2387bfcbc8fe65312da10b3ee06026c5a83ca9e6c3537729a90ec5d59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C11087724019243DA14AAADD8B45F7E397FBD732172C42ABD1428B754D322ED45FD02
                                                                                                                                                                                                                                          Function 00696AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00696AB6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00696AC4
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00696AD5
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00696AE6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00696AF7
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00696B08
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00696B19
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00696B2A
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00696B3B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00696B4C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00696B5D
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00696B6E
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00696B7F
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00696B90
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00696BA1
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00696BB2
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00696BC3
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00696BD4
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00696BE5
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00696BF6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00696C07
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00696C18
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00696C29
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00696C3A
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00696C4B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00696C5C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00696C6D
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00696C7E
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00696C8F
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00696CA0
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00696CB1
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00696CC2
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00696CD3
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00696CE4
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00696CF5
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00696D06
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00696D17
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00696D28
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00696D39
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00696D4A
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00696D5B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                          • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 667068680-295688737
                                                                                                                                                                                                                                          • Opcode ID: b76b423c435bdc0d764e96ee1d6f7b6406597ece15e898debe552ef471b9cfba
                                                                                                                                                                                                                                          • Instruction ID: 77f6c6d5b5df5f4489a37732298d0f9c3409de5d118c0e27cac60c796aadb02a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b76b423c435bdc0d764e96ee1d6f7b6406597ece15e898debe552ef471b9cfba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2617A71A56394EFC314AFB4AD8E9663EFABA09701305682AF201DB174D7FA4111CF74
                                                                                                                                                                                                                                          Function 0069E2B1 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 449COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0069E2B8
                                                                                                                                                                                                                                          • ctype.LIBCPMT ref: 0069E2FF
                                                                                                                                                                                                                                            • Part of subcall function 00633055: __Getctype.LIBCPMT ref: 00633064
                                                                                                                                                                                                                                            • Part of subcall function 00697FAF: __EH_prolog3.LIBCMT ref: 00697FB6
                                                                                                                                                                                                                                            • Part of subcall function 00697FAF: std::_Lockit::_Lockit.LIBCPMT ref: 00697FC0
                                                                                                                                                                                                                                            • Part of subcall function 00697FAF: std::_Lockit::~_Lockit.LIBCPMT ref: 00698031
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E30D
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E324
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E36B
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E39E
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E3F0
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E405
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E424
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E443
                                                                                                                                                                                                                                          • collate.LIBCPMT ref: 0069E44D
                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 0069E48F
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E4BA
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E4FB
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E510
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E559
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E58C
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E5E7
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E643
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E696
                                                                                                                                                                                                                                            • Part of subcall function 00698203: __EH_prolog3.LIBCMT ref: 0069820A
                                                                                                                                                                                                                                            • Part of subcall function 00698203: std::_Lockit::_Lockit.LIBCPMT ref: 00698214
                                                                                                                                                                                                                                            • Part of subcall function 00698203: std::_Lockit::~_Lockit.LIBCPMT ref: 00698285
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E6B5
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E707
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E74C
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E761
                                                                                                                                                                                                                                            • Part of subcall function 006987D5: __EH_prolog3.LIBCMT ref: 006987DC
                                                                                                                                                                                                                                            • Part of subcall function 006987D5: std::_Lockit::_Lockit.LIBCPMT ref: 006987E6
                                                                                                                                                                                                                                            • Part of subcall function 006987D5: std::_Lockit::~_Lockit.LIBCPMT ref: 00698857
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E780
                                                                                                                                                                                                                                            • Part of subcall function 00697C31: __EH_prolog3.LIBCMT ref: 00697C38
                                                                                                                                                                                                                                            • Part of subcall function 00697C31: std::_Lockit::_Lockit.LIBCPMT ref: 00697C42
                                                                                                                                                                                                                                            • Part of subcall function 00697C31: std::_Lockit::~_Lockit.LIBCPMT ref: 00697CB3
                                                                                                                                                                                                                                          • codecvt.LIBCPMT ref: 0069E7B5
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E7BF
                                                                                                                                                                                                                                            • Part of subcall function 006986AB: __EH_prolog3.LIBCMT ref: 006986B2
                                                                                                                                                                                                                                            • Part of subcall function 006986AB: std::_Lockit::_Lockit.LIBCPMT ref: 006986BC
                                                                                                                                                                                                                                            • Part of subcall function 006986AB: std::_Lockit::~_Lockit.LIBCPMT ref: 0069872D
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E677
                                                                                                                                                                                                                                            • Part of subcall function 00695688: Concurrency::cancel_current_task.LIBCPMT ref: 00695748
                                                                                                                                                                                                                                            • Part of subcall function 00695688: __EH_prolog3.LIBCMT ref: 00695755
                                                                                                                                                                                                                                            • Part of subcall function 00695688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00695781
                                                                                                                                                                                                                                            • Part of subcall function 00695688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 0069578C
                                                                                                                                                                                                                                            • Part of subcall function 00698298: __EH_prolog3.LIBCMT ref: 0069829F
                                                                                                                                                                                                                                            • Part of subcall function 00698298: std::_Lockit::_Lockit.LIBCPMT ref: 006982A9
                                                                                                                                                                                                                                            • Part of subcall function 00698298: std::_Lockit::~_Lockit.LIBCPMT ref: 0069831A
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E658
                                                                                                                                                                                                                                            • Part of subcall function 00695688: __EH_prolog3.LIBCMT ref: 0069568F
                                                                                                                                                                                                                                            • Part of subcall function 00695688: std::_Lockit::_Lockit.LIBCPMT ref: 00695699
                                                                                                                                                                                                                                            • Part of subcall function 00695688: std::_Lockit::~_Lockit.LIBCPMT ref: 0069573D
                                                                                                                                                                                                                                            • Part of subcall function 006980D9: __EH_prolog3.LIBCMT ref: 006980E0
                                                                                                                                                                                                                                            • Part of subcall function 006980D9: std::_Lockit::_Lockit.LIBCPMT ref: 006980EA
                                                                                                                                                                                                                                            • Part of subcall function 006980D9: std::_Lockit::~_Lockit.LIBCPMT ref: 0069815B
                                                                                                                                                                                                                                          • numpunct.LIBCPMT ref: 0069E6F7
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E4A3
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E7D4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypeLocinfoLocinfo::~_Makeloccodecvtcollatectypenumpunct
                                                                                                                                                                                                                                          • String ID: @sr$Dsr$Dsr$Hsr$Hsr$Lsr$Psr$Tsr$Xsr$Xsr$\sr$\sr$`sr$`sr$dsr$hsr$hsr
                                                                                                                                                                                                                                          • API String ID: 3784148211-2707628009
                                                                                                                                                                                                                                          • Opcode ID: 5022097a28a7544f3a8f1ed52a0e1898cd90ed49bcd4c2840f9ec9ba7329b578
                                                                                                                                                                                                                                          • Instruction ID: 196aebed1a64211047c16f59bf8605d523a305307b63844a178ec0571aae7cd2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5022097a28a7544f3a8f1ed52a0e1898cd90ed49bcd4c2840f9ec9ba7329b578
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52E1D4B0C01215AEDF65AF648846ABF3EAFDF02354F14442DF9056BB52EA368D0097E7
                                                                                                                                                                                                                                          Function 00680780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 00680A31
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 006808E0, 00680A44
                                                                                                                                                                                                                                          • Unable to verify signature for file: %s, xrefs: 00680956
                                                                                                                                                                                                                                          • invalid substitutor, xrefs: 006807C5
                                                                                                                                                                                                                                          • Source, xrefs: 006807D1
                                                                                                                                                                                                                                          • Unable to create destination directory (%d), xrefs: 0068099B
                                                                                                                                                                                                                                          • Failed to extract cab (%s), xrefs: 006809D2
                                                                                                                                                                                                                                          • Unable to substitute DeleteFile attribute, xrefs: 006808BC
                                                                                                                                                                                                                                          • Failed to parse DeleteFile as a boolean - default to false, xrefs: 006808D9
                                                                                                                                                                                                                                          • Failed to delete src cab (%d), xrefs: 00680A0D
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 006808E5, 00680962, 006809A7, 006809DE, 00680A19, 00680A49
                                                                                                                                                                                                                                          • DeleteFile, xrefs: 0068086B
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 0068095D, 006809A2, 006809D9, 00680A14
                                                                                                                                                                                                                                          • DestDir, xrefs: 00680813
                                                                                                                                                                                                                                          • Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 00680A3D, 00680A42
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create destination directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                                                          • API String ID: 0-2605792675
                                                                                                                                                                                                                                          • Opcode ID: 74fc2eb999f857d1d31678c9a1737cf743f150b5a2392e7cdac3f6054b1a720a
                                                                                                                                                                                                                                          • Instruction ID: 30234146d4ddd61a40927db5ba38afe3348009ee88255b9660a367d5637d5211
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74fc2eb999f857d1d31678c9a1737cf743f150b5a2392e7cdac3f6054b1a720a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2291E070A40308ABEF54EF90D852BFEBB77AF15704F010A19F50567382DB75A948CBA5
                                                                                                                                                                                                                                          Function 0064A118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 0064DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064DF0C
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 0064A143
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A1AA
                                                                                                                                                                                                                                            • Part of subcall function 0064E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E161
                                                                                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0064A1C1
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0064A1DD
                                                                                                                                                                                                                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 0064A24C
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0064A268
                                                                                                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 0064A410
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000001), ref: 0064A46F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
                                                                                                                                                                                                                                          • String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
                                                                                                                                                                                                                                          • API String ID: 1380281556-3274429967
                                                                                                                                                                                                                                          • Opcode ID: cabdce975ac6e0dedc8dcbdc23a264243df27d03479dd64b4ce6fe94364c060c
                                                                                                                                                                                                                                          • Instruction ID: abbbd048867b01c6a5a7593608de87b1f6ec2445a63a014932344b3de12a99bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cabdce975ac6e0dedc8dcbdc23a264243df27d03479dd64b4ce6fe94364c060c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1B1B170A40209ABDB44EFA0C855BEEB7B7FF44300F00426DE5196B6C1EB756A45CF95
                                                                                                                                                                                                                                          Function 00680FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,D7A06B67,000000FF,00000000,00000000,006DDF30,000000FF), ref: 00680FE8
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00680FF8
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,D7A06B67,000000FF,00000000,00000000,006DDF30,000000FF), ref: 00681037
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00681058
                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(?,?), ref: 00681088
                                                                                                                                                                                                                                          • CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 0068109C
                                                                                                                                                                                                                                          • MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 006810D9
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 006810F0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 00680FE3
                                                                                                                                                                                                                                          • NWebAdvisor::CFileMemMap::Init, xrefs: 00681066, 00681108
                                                                                                                                                                                                                                          • Failed to open the file: %d, xrefs: 0068105F
                                                                                                                                                                                                                                          • CreateFileTransactedW, xrefs: 00680FF2
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 0068106B, 0068110D
                                                                                                                                                                                                                                          • Failed to map file to memory, xrefs: 00681101
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
                                                                                                                                                                                                                                          • String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 2423579280-2843467768
                                                                                                                                                                                                                                          • Opcode ID: 2f8572d39f8f36874daf0c83d97f873533a4db5365026d3cfdb23f580191ceb7
                                                                                                                                                                                                                                          • Instruction ID: eb244969d499934e5b3263858d5580ca1ecb42d7a997a623748e6a30dbeb73fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f8572d39f8f36874daf0c83d97f873533a4db5365026d3cfdb23f580191ceb7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B410B70740345BFEB20AF60CC46FAA77AABB09B14F104718F615EF2C0DBB5A9418B94
                                                                                                                                                                                                                                          Function 0064E843 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 319COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E8A8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                                          • String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure: $`auo$`p
                                                                                                                                                                                                                                          • API String ID: 539357862-2220151901
                                                                                                                                                                                                                                          • Opcode ID: 82722c9d539a14b677d69a145c01c1348b671130daa342886d6038247247db28
                                                                                                                                                                                                                                          • Instruction ID: 498011ec4976ee8c3a9b7a57e004375d6b47dd0f8f4531ead347f2d288ec053c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82722c9d539a14b677d69a145c01c1348b671130daa342886d6038247247db28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BD18F70A00219DBDB64DB60CD85BEDB3B6BF45304F4045ECE50AA7281DB75AB88CFA5
                                                                                                                                                                                                                                          Function 00682FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,D7A06B67), ref: 006830F1
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000008), ref: 0068317C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Invalid substitutor, xrefs: 00683005
                                                                                                                                                                                                                                          • Key, xrefs: 00683013
                                                                                                                                                                                                                                          • Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 006831C5
                                                                                                                                                                                                                                          • Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 00683157
                                                                                                                                                                                                                                          • Error (%d) deleting registry value (%s) in key: %s, xrefs: 0068319D
                                                                                                                                                                                                                                          • Error opening HKLM registry key: %d, xrefs: 006830FC
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 00683103, 0068315E, 006831A4, 006831CC
                                                                                                                                                                                                                                          • Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 006831BC
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 00683108, 00683163, 006831A9, 006831D1
                                                                                                                                                                                                                                          • Name, xrefs: 00683055
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                                                                                                          • String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
                                                                                                                                                                                                                                          • API String ID: 47109696-1081640057
                                                                                                                                                                                                                                          • Opcode ID: 072d54f7777c4ecd67f22ae529ccc172327f402bf0c34eac3ed769d139fa1e12
                                                                                                                                                                                                                                          • Instruction ID: c79c2ea3f0e13f5060650f510299b5579c5bbeb31f3b4ee3255b5916d4f3a57f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 072d54f7777c4ecd67f22ae529ccc172327f402bf0c34eac3ed769d139fa1e12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C51A270A41218ABDB10EF90DC4ABAEB7BBAF05F04F140618F54177381DB75AA05CBA5
                                                                                                                                                                                                                                          Function 00668400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,0071F278,00000023,00000001,00000004,00000000,00000000), ref: 00668462
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(0071F278,00000000,0071F278,00000104,\McAfee\), ref: 00668491
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0066849D
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(0071F278,00000000,0071F278,00000104,0071F070), ref: 006684C5
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006684CB
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00000104), ref: 006684FC
                                                                                                                                                                                                                                          • StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 00668511
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(0071F278,00000000,0071F278,00000104,00000000), ref: 0066852E
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00668534
                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 006685B9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
                                                                                                                                                                                                                                          • String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
                                                                                                                                                                                                                                          • API String ID: 922589859-3713371193
                                                                                                                                                                                                                                          • Opcode ID: 3cf836054b6b74e00b521a61323c6eda200ea0b96b72cc596d5c1f6e797efe71
                                                                                                                                                                                                                                          • Instruction ID: 6603b2489b3ec353fefda2feb4268277a79d858b8984d18a6779b3518d43fcf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cf836054b6b74e00b521a61323c6eda200ea0b96b72cc596d5c1f6e797efe71
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2651CBB5A803186FDF20DB68DC86FDD77A6AB14710F104264F508A72D1DAF59DC08B95
                                                                                                                                                                                                                                          Function 006BCE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$Info
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2509303402-0
                                                                                                                                                                                                                                          • Opcode ID: a5463d8d422db571c90f8533e577006f21bb565766f9b2d46ecc81664d480c0b
                                                                                                                                                                                                                                          • Instruction ID: d9a23ef43f6a593e300f06a76e622d972be3c01d910d07d81fd7174eb16f7bd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5463d8d422db571c90f8533e577006f21bb565766f9b2d46ecc81664d480c0b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D17EB1A002469FDB21DFB8C881BEEBBF6FF08300F14416DE995AB342D6759985CB54
                                                                                                                                                                                                                                          Function 00670950 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 244fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00670490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 006704AA
                                                                                                                                                                                                                                            • Part of subcall function 00670490: GetLastError.KERNEL32 ref: 006704B8
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 00670BB5
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00670BC2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateErrorLast$DirectoryFile
                                                                                                                                                                                                                                          • String ID: _f$CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
                                                                                                                                                                                                                                          • API String ID: 1552088572-3353668808
                                                                                                                                                                                                                                          • Opcode ID: 705f5b754070280d5ee1c88c48d8381a08c4dddd910e88b22bf9b6d5fd164672
                                                                                                                                                                                                                                          • Instruction ID: f6b6af90255112da869faa1543dee327f536434962bfdf0e48e2d1194a2a8178
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 705f5b754070280d5ee1c88c48d8381a08c4dddd910e88b22bf9b6d5fd164672
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70A1AF71D00309DEEF00DFA4C845BEEBBB6AF58314F144219E509B7291D7716A85CBA1
                                                                                                                                                                                                                                          Function 00683300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00683545
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close
                                                                                                                                                                                                                                          • String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
                                                                                                                                                                                                                                          • API String ID: 3535843008-3762851336
                                                                                                                                                                                                                                          • Opcode ID: 81291d428105d22ae21eb7f9e0a59f3b64c26f0e25152e75c4f9489ec485d848
                                                                                                                                                                                                                                          • Instruction ID: 6ca4ac80a4778e8b19659fe03d98e3544ccff5c4de8637ca5c8d6dcfedb445e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81291d428105d22ae21eb7f9e0a59f3b64c26f0e25152e75c4f9489ec485d848
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A771E571A40228ABCF10AF54C842BFDB7B7BF14B04F554658E911BB381DBB1AA00CBA5
                                                                                                                                                                                                                                          Function 006CB4F0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 200COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                          • String ID: xxr$xxr$|xr
                                                                                                                                                                                                                                          • API String ID: 269201875-4179863605
                                                                                                                                                                                                                                          • Opcode ID: 39918cf6c27652c171f355d918213ff881e1135069c9e296e235addd01281b7c
                                                                                                                                                                                                                                          • Instruction ID: 60b8d184116814661680c7e4781afe19053b938e0db7814d745043b160574a05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39918cf6c27652c171f355d918213ff881e1135069c9e296e235addd01281b7c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E961BE72900705AFDB20EF75D842FBAB7EAEB44310F20456EE956EB381EB709D018B54
                                                                                                                                                                                                                                          Function 006A87E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0072742C,00000FA0,?,?,006A87C5), ref: 006A87F3
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,006A87C5), ref: 006A87FE
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,006A87C5), ref: 006A880F
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006A8821
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006A882F
                                                                                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,006A87C5), ref: 006A8852
                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(0072742C,00000007,?,?,006A87C5), ref: 006A8875
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,006A87C5), ref: 006A8885
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 006A880A
                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 006A8827
                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 006A881B
                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006A87F9
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                          • Opcode ID: 81fcead93a119963ec6f047bb34989621d2b7eef9a01dcbb48a59ab4f0ed5963
                                                                                                                                                                                                                                          • Instruction ID: c9ae01dff516b5e449c76d8704515bbebea8f9ff1a33a6c62ab485fad718b6b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81fcead93a119963ec6f047bb34989621d2b7eef9a01dcbb48a59ab4f0ed5963
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2401D871A447515FD7203B74BC4DAA63E9FAB81B507051824F905DB2A4DEB9CC10CA31
                                                                                                                                                                                                                                          Function 006CB0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                          • Opcode ID: dea92aef65bfefb7b20f4934b0564e5cd5e7990729fa9bf2149b87a58f3b9365
                                                                                                                                                                                                                                          • Instruction ID: 3f6655ead2d157fa5f201e906fd9939563a4538665892c536f2d68b66100d20d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dea92aef65bfefb7b20f4934b0564e5cd5e7990729fa9bf2149b87a58f3b9365
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BC14276E40205AFDB60DBA8DC47FEE77F9EB08700F14416DFA05EB282D6749A408794
                                                                                                                                                                                                                                          Function 006691A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,0070A536,00000003), ref: 006691C9
                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 006691DE
                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 006691EE
                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 006691FD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 006691B8
                                                                                                                                                                                                                                          • Failed to retrieve kernel verison, xrefs: 0066932C
                                                                                                                                                                                                                                          • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 0066927F, 00669336
                                                                                                                                                                                                                                          • %d.%d.%d.%d, xrefs: 0066925E
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 00669284, 0066933B
                                                                                                                                                                                                                                          • Failed to format version, xrefs: 00669275
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Resource$FindHandleLoadLockModule
                                                                                                                                                                                                                                          • String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 3968257194-3470154288
                                                                                                                                                                                                                                          • Opcode ID: e2399f4658beb54b0c3fb3705fcd263226cfe796b2ec29f9c75e9d6515f0c3af
                                                                                                                                                                                                                                          • Instruction ID: bde6a8bd9441252d119b5b534153240d1c55b00fcd2edb00a6605fe6bb435c33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2399f4658beb54b0c3fb3705fcd263226cfe796b2ec29f9c75e9d6515f0c3af
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B51F8706003149BDF24AF64CC56BAB77BAEF04704F10459DE905AB3C2E775AE45CBA4
                                                                                                                                                                                                                                          Function 006AC338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 006AC435
                                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 006AC457
                                                                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 006AC566
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 006AC638
                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 006AC6BC
                                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 006AC6D7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                          • Opcode ID: 61fadeb2be1dc9a739eae504d88a57a3fff682e3f2803d4a52591d13a5f1e61c
                                                                                                                                                                                                                                          • Instruction ID: 9f43b614983c78457276360cd9f928a0bae2b81f4b0b7e9e85430cc10667f42d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61fadeb2be1dc9a739eae504d88a57a3fff682e3f2803d4a52591d13a5f1e61c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFB16C71800209EFCF15EFA4C9819AEBBB6FF1A320B145159F8156B212D731EE61CF95
                                                                                                                                                                                                                                          Function 006469A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(D7A06B67,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 006469E9
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(D7A06B67,?,?,00000000), ref: 006469FB
                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00646A2A
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00646A3D
                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 00646A8B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 00646A9E
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00646AB8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: NotComDllUnload$mfeaaca.dll
                                                                                                                                                                                                                                          • API String ID: 2321898493-1077453148
                                                                                                                                                                                                                                          • Opcode ID: 20bce92898723f00679a8c9362eec86b94bb6b1aa5d46c5a9c0a4b6f9843210d
                                                                                                                                                                                                                                          • Instruction ID: d962e4599df9a01426e0723fc984943491943d153cab0fb5b281a297ce2e2695
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20bce92898723f00679a8c9362eec86b94bb6b1aa5d46c5a9c0a4b6f9843210d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C731B0713007019BDB249F24DC89F6A77AAAF45B10F184618F925EB3D4DBB1EC44CAA6
                                                                                                                                                                                                                                          Function 00684280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • NWebAdvisor::CHttpTransaction::Connect, xrefs: 006843D8
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 0068432A, 0068438D, 006843DD
                                                                                                                                                                                                                                          • # SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 00684381
                                                                                                                                                                                                                                          • # SetAutoProxy: Can't get proxy. Err: %d, xrefs: 0068431E
                                                                                                                                                                                                                                          • NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 00684388
                                                                                                                                                                                                                                          • NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 00684325
                                                                                                                                                                                                                                          • Unable to set proxy option, error: %d, xrefs: 006843CE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                          • String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
                                                                                                                                                                                                                                          • API String ID: 1452528299-2881327693
                                                                                                                                                                                                                                          • Opcode ID: 83f75c4b85cad9aeef8be255f6a2a9778840900335dd0064b1c7ad89448bf0c4
                                                                                                                                                                                                                                          • Instruction ID: 674d514a4ba0ff351a1d5236dff824e8b5ba44fc9e1ba57fa54bd55a9c5e8d56
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83f75c4b85cad9aeef8be255f6a2a9778840900335dd0064b1c7ad89448bf0c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75415171A4030AAFEB10DFA5CC45BFEB7FAEF08704F148119E914A6280DBB59954CB65
                                                                                                                                                                                                                                          Function 006AE00A Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                                                                                                          • String ID: :$f$f$f$p$p$p
                                                                                                                                                                                                                                          • API String ID: 1302938615-1434680307
                                                                                                                                                                                                                                          • Opcode ID: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                                                                          • Instruction ID: 779b8da462368d2424bc6264f81474577ddb4ecefcd8515a1a0f9ba33ca2146d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2302A075E00218DADF20AFA4D4846EDB7B7FB47B14FA44196E415BB280D3729E88CF25
                                                                                                                                                                                                                                          Function 006A6940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A6947
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C995
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C9B7
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065C9D7
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065CAB1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                          • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                          • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                                          • Opcode ID: d27a7ffd238e0ed7f99fb9b7ea07e35b9ef445608e7415e3bb4316c3184abdf0
                                                                                                                                                                                                                                          • Instruction ID: ccf110064f55f51f9dda8bf731c6117c68f687c7e24b5b3a1bc1f4e20051ef2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d27a7ffd238e0ed7f99fb9b7ea07e35b9ef445608e7415e3bb4316c3184abdf0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23B19C7250010AEFCF19EF68C955DFE7BAAEF56314F084119FA42A6291D631DE21DF20
                                                                                                                                                                                                                                          Function 00680C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,D7A06B67,00000000), ref: 00680E20
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00680E2E
                                                                                                                                                                                                                                            • Part of subcall function 00680FA0: GetModuleHandleW.KERNEL32(kernel32.dll,D7A06B67,000000FF,00000000,00000000,006DDF30,000000FF), ref: 00680FE8
                                                                                                                                                                                                                                            • Part of subcall function 00680FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00680FF8
                                                                                                                                                                                                                                            • Part of subcall function 00680FA0: GetLastError.KERNEL32 ref: 00681058
                                                                                                                                                                                                                                            • Part of subcall function 00668650: std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::GetContentFile, xrefs: 00680D9B, 00680E3C
                                                                                                                                                                                                                                          • CreateFile failed: %d, xrefs: 00680E35
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00680DA0, 00680E41, 00680F11
                                                                                                                                                                                                                                          • Failed to load cab %s, xrefs: 00680F05
                                                                                                                                                                                                                                          • Unable to create destination directory (%d), xrefs: 00680D94
                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::LoadCabFile, xrefs: 00680F0C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
                                                                                                                                                                                                                                          • String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create destination directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                          • API String ID: 1808632809-3418505487
                                                                                                                                                                                                                                          • Opcode ID: f2876858b039ae296be38c4c63ebd3feffbe53c825f9a18bdbc3568bb11042df
                                                                                                                                                                                                                                          • Instruction ID: 8034e49e371c1a877172617c52d8c9dddc3f05b2034ded6fb8f8b0f75e552e09
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2876858b039ae296be38c4c63ebd3feffbe53c825f9a18bdbc3568bb11042df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5591A371A00208DFDB54EFA4C896BEEB7B6EF04704F20852DF515A7281D7756A09CFA4
                                                                                                                                                                                                                                          Function 0067C600 Relevance: 13.7, APIs: 9, Instructions: 240COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 0067C641
                                                                                                                                                                                                                                            • Part of subcall function 00693084: __EH_prolog3.LIBCMT ref: 0069308B
                                                                                                                                                                                                                                            • Part of subcall function 00693084: std::_Lockit::_Lockit.LIBCPMT ref: 00693096
                                                                                                                                                                                                                                            • Part of subcall function 00693084: std::locale::_Setgloballocale.LIBCPMT ref: 006930B1
                                                                                                                                                                                                                                            • Part of subcall function 00693084: std::_Lockit::~_Lockit.LIBCPMT ref: 00693107
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0067C6CB
                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0067C713
                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0067C748
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0067C7DD
                                                                                                                                                                                                                                            • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                                                                          • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0067C807
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0067C82B
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0067C84C
                                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0067C85B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$std::locale::_$Lockit::_Lockit::~_$Locimp::_Locinfo::_$AddfacH_prolog3InitLocimpLocimp_Locinfo_ctorLocinfo_dtorNew_Setgloballocale_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3142054045-0
                                                                                                                                                                                                                                          • Opcode ID: bd3ce8450576b38c06dc26c8885c9873f60b23deb1d8f791f6ae21f54ab2c082
                                                                                                                                                                                                                                          • Instruction ID: 981279af37bb2f0d4eadafcac571715d7ef59739a813b8c388f17adf5ef0cc6f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd3ce8450576b38c06dc26c8885c9873f60b23deb1d8f791f6ae21f54ab2c082
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AA18BB0D00748DFEB20DFA8C845B9EBBF5AF04314F14852DE409A7791EB75AA44CB95
                                                                                                                                                                                                                                          Function 0067E760 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 0067E877
                                                                                                                                                                                                                                          • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000014), ref: 0067E8A9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CertCertificateContextProperty
                                                                                                                                                                                                                                          • String ID: 1.2.840.10045.4.1$1.2.840.10045.4.3$1.2.840.10045.4.3.2$1.2.840.10045.4.3.3$1.2.840.10045.4.3.4
                                                                                                                                                                                                                                          • API String ID: 665277682-3196566809
                                                                                                                                                                                                                                          • Opcode ID: efbe9708daf162d01d02a36ba16f6ae2d442b480bc155273a77e028d49949158
                                                                                                                                                                                                                                          • Instruction ID: d78584e04a32babf69e3e4366f30ae54769287843d1b91d797f82aaa59a603cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efbe9708daf162d01d02a36ba16f6ae2d442b480bc155273a77e028d49949158
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2151F731A002059BCF649F64D891BEAB7A7AF19320F14C2EDD91D97352D732ED18CB91
                                                                                                                                                                                                                                          Function 0065E2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: z
                                                                                                                                                                                                                                          • API String ID: 0-1657960367
                                                                                                                                                                                                                                          • Opcode ID: b7d6edd44da70879bb7cbbeffd3740aa7a5291a22f249bd2ad57ff5a658c9329
                                                                                                                                                                                                                                          • Instruction ID: fdedbae4f4e732c7f37f80f7626e0e676c48117ac5aa6c9e5bb48cfca3108152
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7d6edd44da70879bb7cbbeffd3740aa7a5291a22f249bd2ad57ff5a658c9329
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A51A371A002499BEF14DF94DC84FEEB7BAFB04325F104179E905A7380D7769A49CBA4
                                                                                                                                                                                                                                          Function 00647107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00647DFC
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647EBB
                                                                                                                                                                                                                                            • Part of subcall function 00654B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                                          • String ID: Failed to add event category ($Service has not been initialized$V
                                                                                                                                                                                                                                          • API String ID: 342047005-375236208
                                                                                                                                                                                                                                          • Opcode ID: 403a80c8ce5a30297169a21468e12e0323ac836084a8a749fb53406b8948fa74
                                                                                                                                                                                                                                          • Instruction ID: 11aac972e64b8daa4742503e75cb7b47bda7a4f7ef2fd9576f6af8be04a71607
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 403a80c8ce5a30297169a21468e12e0323ac836084a8a749fb53406b8948fa74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B851BF71904248DFDB54EF60D855BEE77B6FF05300F5041ADE8069B281EB759A08CFA5
                                                                                                                                                                                                                                          Function 0064A6B6 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,D7A06B67,?,?), ref: 0064A531
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 0064A73D
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A7AC
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A989
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                                          • String ID: Event string is empty$Unexpected return value: $`p
                                                                                                                                                                                                                                          • API String ID: 1703231451-3986244423
                                                                                                                                                                                                                                          • Opcode ID: 1a72187697edb2c331c47bc55e620aab3eda80aebdfbe6988b25cb6349f7bbf8
                                                                                                                                                                                                                                          • Instruction ID: 1a120a71a37ecc06e3ee2fca787b0afb9c0ea8884435c8e49cd1df951f6436ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a72187697edb2c331c47bc55e620aab3eda80aebdfbe6988b25cb6349f7bbf8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6651CE70900208EBDF18EFA4C889BEDB77BEF15310F104298E1155B2C2DB749A85CF66
                                                                                                                                                                                                                                          Function 00698203 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0069820A
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00698214
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 0069824E
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00698265
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00698285
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00698292
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                          • String ID: `sr
                                                                                                                                                                                                                                          • API String ID: 3376033448-227485719
                                                                                                                                                                                                                                          • Opcode ID: 75ce1cc2afd69a2d39191b7d7ed3a7b2f0a56dc7eb6b1d61d864b11f48165663
                                                                                                                                                                                                                                          • Instruction ID: 8aea04fec0526dca1fbcf35e12454c592253f97ca1b0a34edab8314cd058d38b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce1cc2afd69a2d39191b7d7ed3a7b2f0a56dc7eb6b1d61d864b11f48165663
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3101AD319001699FCF48FBA8D851AAE776BBF80310F24450DE811AB782CF749F01CB98
                                                                                                                                                                                                                                          Function 00698298 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0069829F
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006982A9
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 006982E3
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006982FA
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0069831A
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00698327
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                          • String ID: \sr
                                                                                                                                                                                                                                          • API String ID: 3376033448-553530595
                                                                                                                                                                                                                                          • Opcode ID: 99f8e437e6180b6f0af7ce0aabfb839a6e77150bdf8b6b102e41687136b14504
                                                                                                                                                                                                                                          • Instruction ID: 413b88cabeb26e449324cef1a9b5e904a645f9f90053c2001d3c4300b05eaf23
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f8e437e6180b6f0af7ce0aabfb839a6e77150bdf8b6b102e41687136b14504
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A001AD319001699FCF04FBA4D842AAEB7ABAF44710F24000DE811AB791CF749E01CB98
                                                                                                                                                                                                                                          Function 0069832D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00698334
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0069833E
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 00698378
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0069838F
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006983AF
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006983BC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                          • String ID: 8sr
                                                                                                                                                                                                                                          • API String ID: 3376033448-1864390431
                                                                                                                                                                                                                                          • Opcode ID: efa9f12cc8292bf5d270cb5b5bdc4953ea6b6f0d8d3dea4887a1b8c6108b0562
                                                                                                                                                                                                                                          • Instruction ID: 97174c8405e39c1022f13385339bc12534c53a520bb3aad4750ab713256a1600
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efa9f12cc8292bf5d270cb5b5bdc4953ea6b6f0d8d3dea4887a1b8c6108b0562
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A401C0319001659FCF04FBA4C942ABE77BBAF41720F24000DE810AB792CF749E01DB98
                                                                                                                                                                                                                                          Function 006983C2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006983C9
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006983D3
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 0069840D
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00698424
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00698444
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00698451
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                          • String ID: 4sr
                                                                                                                                                                                                                                          • API String ID: 3376033448-1715121787
                                                                                                                                                                                                                                          • Opcode ID: d7dc255d20bc461ea1e7ec198ec46b822569b0e012d8010b78ccfff5288de55c
                                                                                                                                                                                                                                          • Instruction ID: 6b9cee6c78492b00e7e472dcaaded1bbcc675d7ec817932ec1277aa229d16f61
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7dc255d20bc461ea1e7ec198ec46b822569b0e012d8010b78ccfff5288de55c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7301A93190026A9FCF48FB64C945AAE77ABBF80710F24050DE821AB781DF749E01CB99
                                                                                                                                                                                                                                          Function 00698616 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0069861D
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00698627
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • numpunct.LIBCPMT ref: 00698661
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00698678
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00698698
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006986A5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                          • String ID: Hsr
                                                                                                                                                                                                                                          • API String ID: 3064348918-1003568975
                                                                                                                                                                                                                                          • Opcode ID: 09bb4ab8f41f9b15d2044a7ef4b652cf03857b5a2cbc6b5fb99285288360af5f
                                                                                                                                                                                                                                          • Instruction ID: 375bf940fbac60341cddcd6637bfb204221860164e74faf885df63a02bf9249c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09bb4ab8f41f9b15d2044a7ef4b652cf03857b5a2cbc6b5fb99285288360af5f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D01AD319002659FCF44FBA4C956AAE776BAF80714F24000DE814AB781DF759E01CB98
                                                                                                                                                                                                                                          Function 006CA764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3409252457-0
                                                                                                                                                                                                                                          • Opcode ID: 654f5044e0ae958150d26fab6f6d51d78659918cb7f06eae0277fd0b54312287
                                                                                                                                                                                                                                          • Instruction ID: 6f31830fdf8e17773db9be16a5f1bb3f023bff94f3748b922f18c8ca5b24e93d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 654f5044e0ae958150d26fab6f6d51d78659918cb7f06eae0277fd0b54312287
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E5116B0905309AFDB24AFF48C42FBDB7A6EF01318F01816EE55197381EB358941CB5A
                                                                                                                                                                                                                                          Function 00658690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006A987E: EnterCriticalSection.KERNEL32(007277A0,?,00000101,?,006586A7,00000000,?,00000101,?,00000000,?,?,0065C338,-00000010), ref: 006A9889
                                                                                                                                                                                                                                            • Part of subcall function 006A987E: LeaveCriticalSection.KERNEL32(007277A0,?,006586A7,00000000,?,00000101,?,00000000,?,?,0065C338,-00000010,?,?,?,D7A06B67), ref: 006A98B5
                                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 006586D6
                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 006586E4
                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 006586EF
                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 006586FD
                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00658764
                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00658776
                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00658785
                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00658797
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 506522749-0
                                                                                                                                                                                                                                          • Opcode ID: a046e0a7256ac2f6dbb3ed73244f83922ca060d0f74ed7cfd7cb37e4c549989f
                                                                                                                                                                                                                                          • Instruction ID: 5991bdac42c924f732e3a172677556fe143bd4e004681b66c0cda4ffc69f6578
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a046e0a7256ac2f6dbb3ed73244f83922ca060d0f74ed7cfd7cb37e4c549989f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2941F4316002119FD720AF189C84A7FB2AAEF94302F10096DFD56AB741EF39DC19C6A5
                                                                                                                                                                                                                                          Function 006C087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                                                                            • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0B8A
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0BA3
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0BE1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0BEA
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0BF6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorLast
                                                                                                                                                                                                                                          • String ID: C
                                                                                                                                                                                                                                          • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                          • Opcode ID: b7a86e232ddecfab50fc2b9bb7b7eaca2ec70f2e79f5e1639ca7f51f4ecbd42d
                                                                                                                                                                                                                                          • Instruction ID: 23c746a8c2b60e867b00fc901bfb49459cba3cadf7326f584cb615950383cc3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7a86e232ddecfab50fc2b9bb7b7eaca2ec70f2e79f5e1639ca7f51f4ecbd42d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78B10775A0121ADBEB24DF18C894FA9B7B6FB18304F5045EEE94AA7351D731AE90CF40
                                                                                                                                                                                                                                          Function 00651230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • InitOnceBeginInitialize.KERNEL32(0072823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,D7A06B67,?,?), ref: 0065125A
                                                                                                                                                                                                                                          • InitOnceComplete.KERNEL32(0072823C,00000000,00000000), ref: 00651278
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • [%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 006513E3
                                                                                                                                                                                                                                          • C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 006512F3, 006513DE
                                                                                                                                                                                                                                          • [%S:(%d)][%S] Failed to create HMAC traits., xrefs: 006512F8
                                                                                                                                                                                                                                          • McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 006512EC, 006513D7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                          • String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
                                                                                                                                                                                                                                          • API String ID: 51270584-3897904871
                                                                                                                                                                                                                                          • Opcode ID: bf6a3fd855be9b79cb57d8505c43e480fe84b18a2414c6474f9bc7a74e51e2c7
                                                                                                                                                                                                                                          • Instruction ID: dec72f0f7620ca12b946d1964f0562abfd4565c4511cab536940f125110dc29b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf6a3fd855be9b79cb57d8505c43e480fe84b18a2414c6474f9bc7a74e51e2c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F519C717043069FDB14EF28DC82BAE77E6BF99701F04452EF9059B281DA31E948CB96
                                                                                                                                                                                                                                          Function 006552D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 0-1483847951
                                                                                                                                                                                                                                          • Opcode ID: 3bdfa90235787a8231e5f19acb1ec51a01481d3985498902b355e3a1b8f4dc73
                                                                                                                                                                                                                                          • Instruction ID: a4ad154cee47ad4e64d340aaee7bd2c855fbbdca0e1275f677a0796cdecf1f76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bdfa90235787a8231e5f19acb1ec51a01481d3985498902b355e3a1b8f4dc73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB817970904388CFEB24CFA8C9587DEBBF2AF48314F20865DD815AB392D7784A48CB55
                                                                                                                                                                                                                                          Function 0065C960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0065C995
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0065C9B7
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0065C9D7
                                                                                                                                                                                                                                          • __Getctype.LIBCPMT ref: 0065CA70
                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0065CA82
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0065CA8F
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0065CAB1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3947131827-0
                                                                                                                                                                                                                                          • Opcode ID: 0e657431ecb71d875675817e6a47d981fd1ba01a18635e9670425c4c7a06817f
                                                                                                                                                                                                                                          • Instruction ID: 83bb62db2ba0f05a0960c2a30039853549ea131eef33bfc668103db0ebe96fc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e657431ecb71d875675817e6a47d981fd1ba01a18635e9670425c4c7a06817f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D41B171900258DFCF15DF58D841AAEBBB6FF44720F10815DE819AB351EB34AE0ACB85
                                                                                                                                                                                                                                          Function 0064A550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,D7A06B67,?,?), ref: 0064A531
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 0064A58B
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A989
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 0064A99D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Thread signalled when event queue is empty, xrefs: 0064A614
                                                                                                                                                                                                                                          • Unexpected return value: , xrefs: 0064A8CC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
                                                                                                                                                                                                                                          • String ID: Thread signalled when event queue is empty$Unexpected return value:
                                                                                                                                                                                                                                          • API String ID: 3324347728-3645029203
                                                                                                                                                                                                                                          • Opcode ID: f9072fa7f2243c140674ffff52ec4a99e42173335837502dc52d4af171e58c4a
                                                                                                                                                                                                                                          • Instruction ID: 30af3e5102840dccf62f19a4eaa4e7724dc5f756b8f965de6cdc5c6e6f987cbc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9072fa7f2243c140674ffff52ec4a99e42173335837502dc52d4af171e58c4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541AEB0D00218EADF54EFE0C9597DDB77AAF10314F1042ACE5156A2C1DB745A85CF96
                                                                                                                                                                                                                                          Function 006C416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 0-537541572
                                                                                                                                                                                                                                          • Opcode ID: 65991058679276edff68494cab55e9aa6cef7cd6ce480491cf8e9f064f13b769
                                                                                                                                                                                                                                          • Instruction ID: 9678fa86e93c52afae41dc7f58afb9319932ad58c8dcf26b3f64c50f37dbf754
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65991058679276edff68494cab55e9aa6cef7cd6ce480491cf8e9f064f13b769
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35210572A01211EBDB31CB249CA6FBA379ADB11760F250218FC55AB3D1DE35EE02C5E0
                                                                                                                                                                                                                                          Function 00698044 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0069804B
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00698055
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006980A6
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006980C6
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006980D3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: ,sr
                                                                                                                                                                                                                                          • API String ID: 55977855-1947163827
                                                                                                                                                                                                                                          • Opcode ID: db489430788d1e196da1e1792d39cd3bda1ee4115f04ec0ce902254a9168fbe8
                                                                                                                                                                                                                                          • Instruction ID: 606943a49d2bdb80f73a3808c11e92b5843c824cd2be8b0916ede82338cd666e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db489430788d1e196da1e1792d39cd3bda1ee4115f04ec0ce902254a9168fbe8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F01C0319002699FCF05FB64D842ABE777BAF41710F25000DE810AB782DF759E05CB94
                                                                                                                                                                                                                                          Function 006980D9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006980E0
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006980EA
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0069813B
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0069815B
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00698168
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: Xsr
                                                                                                                                                                                                                                          • API String ID: 55977855-670538815
                                                                                                                                                                                                                                          • Opcode ID: 33ca98c6554a1451fd8099c30ae7cf21fbbb43f70a33dc4a9545a744f1e2ebea
                                                                                                                                                                                                                                          • Instruction ID: 07b22fd5f0b5a4f65fe1aaa5d9dcbba354d89def64ff5ff0739021705ba3f327
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33ca98c6554a1451fd8099c30ae7cf21fbbb43f70a33dc4a9545a744f1e2ebea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C01C03190026A9FCF05FB64D8466AE777BAF81710F24040DE810AB781CF749E02CB98
                                                                                                                                                                                                                                          Function 0069816E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00698175
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0069817F
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006981D0
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006981F0
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006981FD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: 0sr
                                                                                                                                                                                                                                          • API String ID: 55977855-1630733991
                                                                                                                                                                                                                                          • Opcode ID: ff17196147436a8a19136c5a5e85773cab2ee7683468709c1fc3efa294438377
                                                                                                                                                                                                                                          • Instruction ID: ffc3ec1aaccb059388c01e18570b09b7436e626595e168247779cf00402f45ba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff17196147436a8a19136c5a5e85773cab2ee7683468709c1fc3efa294438377
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6018B319001669FCF04FB68D841ABE77ABAF45310F24000DE810AB792CF749E028B98
                                                                                                                                                                                                                                          Function 00698457 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 0069845E
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00698468
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006984B9
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006984D9
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006984E6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: @sr
                                                                                                                                                                                                                                          • API String ID: 55977855-901934839
                                                                                                                                                                                                                                          • Opcode ID: a3da6e8585db4fb46ab35eca86d592ef534b8c7e9b08e9415cd0115c656cd167
                                                                                                                                                                                                                                          • Instruction ID: 99b0a9085c461bd373d40feb8ed6a7bcdf6d841fb09527c574f8d78742e0dd70
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3da6e8585db4fb46ab35eca86d592ef534b8c7e9b08e9415cd0115c656cd167
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C201AD3190026A9FCF55FB64C9466AE77ABBF40B10F24040DF811AB782DF749E01CB94
                                                                                                                                                                                                                                          Function 006984EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006984F3
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006984FD
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0069854E
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0069856E
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0069857B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: sr
                                                                                                                                                                                                                                          • API String ID: 55977855-2098570711
                                                                                                                                                                                                                                          • Opcode ID: 76145ea61e609f626668a1d0c2d7b0ddf8df91e88fdf3eeae0d501f5da0ecdb8
                                                                                                                                                                                                                                          • Instruction ID: decb5140dff1906e2508bb0936320e9b35246a049295f99160076ed7de413a78
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76145ea61e609f626668a1d0c2d7b0ddf8df91e88fdf3eeae0d501f5da0ecdb8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A01C0319006659FCF44FB64D8416AE77BBBF40310F25440DE811AB791CF749E05CB99
                                                                                                                                                                                                                                          Function 00698581 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00698588
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00698592
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006985E3
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00698603
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00698610
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: Dsr
                                                                                                                                                                                                                                          • API String ID: 55977855-852215339
                                                                                                                                                                                                                                          • Opcode ID: 37c464f45cece4eabe75bc3216d599848199c5160dcceb48969ce2877759811d
                                                                                                                                                                                                                                          • Instruction ID: 93f1b3161619db8ffe71c9e423b536dd7faa48dbd288323f7c8f69c8927c7839
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37c464f45cece4eabe75bc3216d599848199c5160dcceb48969ce2877759811d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7501AD319001659FCF44FF64C9426AE77ABAF40720F24040DE810AB782CF749E01CB99
                                                                                                                                                                                                                                          Function 006986AB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006986B2
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006986BC
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0069870D
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0069872D
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0069873A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: dsr
                                                                                                                                                                                                                                          • API String ID: 55977855-176586955
                                                                                                                                                                                                                                          • Opcode ID: 0a25715320995686dc7ec2975efdf584c23b6491a8facb4ca730079ef300f91b
                                                                                                                                                                                                                                          • Instruction ID: e73bed14ebaf7d55b5d93324ed1ea15318de912c901834f99d6fe02a11179ec2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a25715320995686dc7ec2975efdf584c23b6491a8facb4ca730079ef300f91b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C701AD319001699FCF45FBA4D951AAEB7BBBF50320F24000DE810AB781DF749E02CB98
                                                                                                                                                                                                                                          Function 00698740 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00698747
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00698751
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006987A2
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006987C2
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006987CF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: <sr
                                                                                                                                                                                                                                          • API String ID: 55977855-1747582915
                                                                                                                                                                                                                                          • Opcode ID: 7e64bf32ba161bca4aa6fb357deeec38676cdb23779c7216e0d9dc8ea2e4e88d
                                                                                                                                                                                                                                          • Instruction ID: d6c3112e6c7bf103d14e38d018598883cb6f46593b07675fad3ab47aed8a9977
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e64bf32ba161bca4aa6fb357deeec38676cdb23779c7216e0d9dc8ea2e4e88d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B601AD369002659FCF44FBA4D842AAE776BAF40710F24040DE810AB781DF749E01CB94
                                                                                                                                                                                                                                          Function 006987D5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006987DC
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006987E6
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00698837
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00698857
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00698864
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID: hsr
                                                                                                                                                                                                                                          • API String ID: 55977855-60586415
                                                                                                                                                                                                                                          • Opcode ID: 9279f53bfd38694687f464f09ffe59ab31f4726af5eac8bb667cabafb3c645c9
                                                                                                                                                                                                                                          • Instruction ID: 400e253a987d1c2409f652b125360fa11eb95d4beba265f01c8ef05027643866
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9279f53bfd38694687f464f09ffe59ab31f4726af5eac8bb667cabafb3c645c9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7601C0319042659FCF44FB64D942AAE77BBBF40714F64440DE811AB781CF749E05CBA8
                                                                                                                                                                                                                                          Function 006A88B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88BA
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88ED
                                                                                                                                                                                                                                          • RtlWakeAllConditionVariable.NTDLL ref: 006A8964
                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,00644086,0072827C,006E68E0,?), ref: 006A896E
                                                                                                                                                                                                                                          • ResetEvent.KERNEL32(?,00644086,0072827C,006E68E0,?), ref: 006A897A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                                          • String ID: ,tr
                                                                                                                                                                                                                                          • API String ID: 3916383385-995019380
                                                                                                                                                                                                                                          • Opcode ID: 6052350184dc23f2f3f563ec22b5dd7e85afd2368c26a8475e9830b8ceb97055
                                                                                                                                                                                                                                          • Instruction ID: ce57bc6117d8b72e9c410d7e7721cb39b3342444a26047744aced4467e2cd11b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6052350184dc23f2f3f563ec22b5dd7e85afd2368c26a8475e9830b8ceb97055
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 510169719056A0DFC718BF28FD888997BAAEB0D711700816AF90197374CB391C12CF99
                                                                                                                                                                                                                                          Function 006A809D Relevance: 9.2, APIs: 6, Instructions: 224COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(?,?), ref: 006A8128
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006A81B6
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006A8228
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006A8242
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006A82A5
                                                                                                                                                                                                                                          • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 006A82C2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2984826149-0
                                                                                                                                                                                                                                          • Opcode ID: ded7de92b0d819b035bac048c0ed95080c2916ebd45d3b0113108793c0604798
                                                                                                                                                                                                                                          • Instruction ID: e4b58711669ca2f9a697879326f53e85b4f7b1ab15f77e43d3743985f11b36c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded7de92b0d819b035bac048c0ed95080c2916ebd45d3b0113108793c0604798
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB716D7190064AAEDF21AFA4CC41AFE7BBBAF47314F240169E845A7250DF358D45CFA4
                                                                                                                                                                                                                                          Function 006968B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00696901
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0069696C
                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00696989
                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 006969C8
                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00696A27
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00696A4A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2829165498-0
                                                                                                                                                                                                                                          • Opcode ID: 7da64f912690f85d82d6869dfb1319cba20b8fe2e0e6d9e6ffd5026d099fdc4d
                                                                                                                                                                                                                                          • Instruction ID: 76d98af9f4f3f4ab712171a004ffa8064e0d6521021c5fccbc2c4c05097312bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7da64f912690f85d82d6869dfb1319cba20b8fe2e0e6d9e6ffd5026d099fdc4d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0051997290031AAFEF209F64CD45FEA7BAFEB40754F148429F915EA690EB318D50DB60
                                                                                                                                                                                                                                          Function 0063E790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 0063E7D7
                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 0063E811
                                                                                                                                                                                                                                          • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 0063E86D
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0063E8C7
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0063E8DC
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0063E917
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2792426717-0
                                                                                                                                                                                                                                          • Opcode ID: 38f2a96d19ab920b97d37c3d0964a2b3d7bb4607bd759d612ef8085d220bf663
                                                                                                                                                                                                                                          • Instruction ID: c4b4ed06b1f85ec022b98ab182724738fe3517de5208cb79b710b8a09faef12d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38f2a96d19ab920b97d37c3d0964a2b3d7bb4607bd759d612ef8085d220bf663
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A416071D01248EBEF10DF94DD89BDEB7BAEF04714F204129F901A62D0D77A9A44CBA4
                                                                                                                                                                                                                                          Function 00638D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00638D46
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00638D66
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00638D86
                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00638E57
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00638E64
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00638E86
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2966223926-0
                                                                                                                                                                                                                                          • Opcode ID: 9ded5aa7e9376391717ff73b248a61e9c00b050277a855f70c2983a721d65126
                                                                                                                                                                                                                                          • Instruction ID: 10c842ee8e31b55d2b0047eaa74b4c850656c5d4fad5ff4629b6ec9c06fb3034
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ded5aa7e9376391717ff73b248a61e9c00b050277a855f70c2983a721d65126
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64419971900215DFCB61EF55D881BAEBBB6FF90710F244169E406AB391DF35AA06CBC1
                                                                                                                                                                                                                                          Function 006B3207 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __freea
                                                                                                                                                                                                                                          • String ID: 3Ak$a/p$am/pm
                                                                                                                                                                                                                                          • API String ID: 240046367-1919609041
                                                                                                                                                                                                                                          • Opcode ID: 5e1e8307c12b2583fe8cd16f531aedb4976a16129986a9cb7a0625030d8baa8f
                                                                                                                                                                                                                                          • Instruction ID: 6353de50451f8587084a9aed32d43133dbe127d82bccfeff2fad038ab5ef73b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1e8307c12b2583fe8cd16f531aedb4976a16129986a9cb7a0625030d8baa8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02C1C0B5B00226DACB258F68C995AFABBB3FF05700F254149E501AB351E7359FC2CB51
                                                                                                                                                                                                                                          Function 00643400 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00643435
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00643457
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00643477
                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0064353A
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00643547
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00643569
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2966223926-0
                                                                                                                                                                                                                                          • Opcode ID: 66a8d67286b2a6954d42c630d0ed172f316f5ae3981bb1ff9b8b412b52d05598
                                                                                                                                                                                                                                          • Instruction ID: 807af3dc4e88859ae7ccba81df436954480dda25d7bf2c1dbc266b6e6227240b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66a8d67286b2a6954d42c630d0ed172f316f5ae3981bb1ff9b8b412b52d05598
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A41DA71900265CFCB11DF58C941AAEB7F6FF44310F14825EE809AB352EB34EA06CB91
                                                                                                                                                                                                                                          Function 006332DE Relevance: 9.1, APIs: 6, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006332E5
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006332F2
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00633340
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00633360
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0063336D
                                                                                                                                                                                                                                          • __Towlower.LIBCPMT ref: 00633388
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2111902878-0
                                                                                                                                                                                                                                          • Opcode ID: 0aa03a7c4d57c2a3e98e90adb18175fc53d008d58b8633f6e5fea200be718446
                                                                                                                                                                                                                                          • Instruction ID: 4d1882e92b47f5133a3c56a26dd21c2e0a4728f51bef0adb1c6d09082a9b3cb5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aa03a7c4d57c2a3e98e90adb18175fc53d008d58b8633f6e5fea200be718446
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A61102319001298FDB44EB64D541ABEB7ABAF84310F24400EF505AB391DF319F028BD9
                                                                                                                                                                                                                                          Function 0069435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00694362
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0069436C
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • codecvt.LIBCPMT ref: 006943A6
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006943BD
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006943DD
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006943EA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2133458128-0
                                                                                                                                                                                                                                          • Opcode ID: 5c8e30371feac14df0f8bc01cc2a3077bf920024259922796cd8a221ee289311
                                                                                                                                                                                                                                          • Instruction ID: e8607b117e71641e956c45b52e9a22700899c7e41b94945a844f964b29a4e09b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c8e30371feac14df0f8bc01cc2a3077bf920024259922796cd8a221ee289311
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F01A93191022A9BCF14BB64D952AAE77ABBF90710F24010DE411AB781CF749E06CB88
                                                                                                                                                                                                                                          Function 006A4475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A447C
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A4486
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • collate.LIBCPMT ref: 006A44C0
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A44D7
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A44F7
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A4504
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1767075461-0
                                                                                                                                                                                                                                          • Opcode ID: 4088a9d525e658c92fede56e7866e74760af1242cfed2f40d3eb57d39d7bdaf0
                                                                                                                                                                                                                                          • Instruction ID: 63cce482169ee91c0ed3b3856ee9fc78497616754bed752759dfbd133401537e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4088a9d525e658c92fede56e7866e74760af1242cfed2f40d3eb57d39d7bdaf0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B01C0359001659BCB04FB64D8516AE77B7FF85710F24440DF810AB382CFB49E01CB88
                                                                                                                                                                                                                                          Function 006A450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A4511
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A451B
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • messages.LIBCPMT ref: 006A4555
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A456C
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A458C
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A4599
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 958335874-0
                                                                                                                                                                                                                                          • Opcode ID: 72d5af3d7c65b42ca400259e83fdd424de30532f18d96bca7f462d499af9e97a
                                                                                                                                                                                                                                          • Instruction ID: 8543294f50ea37a24f88fb81469764153b56fd19d246cc2e3b99e14285a7f728
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72d5af3d7c65b42ca400259e83fdd424de30532f18d96bca7f462d499af9e97a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8101C0759001659BCB44FB64D9516BE77BBBF85320F24040EF810AB381CFB49E01DB88
                                                                                                                                                                                                                                          Function 006A46C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A46D0
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A46DA
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 006A4714
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A472B
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A474B
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A4758
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3376033448-0
                                                                                                                                                                                                                                          • Opcode ID: f0794c27a12131ad5924392d2a7481288c7576bf5bd4a5b2d8b2ebd152ad6ef5
                                                                                                                                                                                                                                          • Instruction ID: 945898f46bae45a7f395c9ea30d5df31b6d6c63a1a29b05edf85d347f1bfd47d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0794c27a12131ad5924392d2a7481288c7576bf5bd4a5b2d8b2ebd152ad6ef5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E01C0359001AA9BCF08FB64C945ABE77B7BF81320F25000DE820AB391CFB49E01CB95
                                                                                                                                                                                                                                          Function 006A475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A4765
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A476F
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • moneypunct.LIBCPMT ref: 006A47A9
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A47C0
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A47E0
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A47ED
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3376033448-0
                                                                                                                                                                                                                                          • Opcode ID: f9184d89f5343528274a9ef554be07ed7999a069c5d98f8502cae44e8b8f2879
                                                                                                                                                                                                                                          • Instruction ID: af99c7eaa0cece7b78ea1119ee11f2d2644382e6d4d9bd2d598d2c19de244ac0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9184d89f5343528274a9ef554be07ed7999a069c5d98f8502cae44e8b8f2879
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF01AD359001669BCB04FB64D945AAE77A7BF91724F24010DE811AB391CFB49E01CB89
                                                                                                                                                                                                                                          Function 0065C410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0065C546
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0065C54B
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0065C550
                                                                                                                                                                                                                                            • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task$_free
                                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                                          • API String ID: 149343396-2658103896
                                                                                                                                                                                                                                          • Opcode ID: 58ca85bff434ffd281c4dfeaddc779bda4a2390aacb1777c07859d5f03aee5a4
                                                                                                                                                                                                                                          • Instruction ID: 2d2425e50b97d0660db094ae9f9f559501465273df4f83b9657e53600379f95f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58ca85bff434ffd281c4dfeaddc779bda4a2390aacb1777c07859d5f03aee5a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B84168B5900341AFCB20EF64D851BAABBF6EF06310F08855DEC459B742D776E909CBA1
                                                                                                                                                                                                                                          Function 006AD1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,006AD278,?,?,007277FC,00000000,?,006AD3A3,00000004,InitializeCriticalSectionEx,0070013C,00700144,00000000), ref: 006AD247
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                          • Opcode ID: 7b69e62068620ae0167ee77143e6b1ace541094ad592fd2e8133d6b349a7a616
                                                                                                                                                                                                                                          • Instruction ID: b5d523fb539305f76fb819de772f8c549dbbe3abb81e18d9c351936bdfe1f108
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b69e62068620ae0167ee77143e6b1ace541094ad592fd2e8133d6b349a7a616
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A11CA31A41221ABDB216B689C44B9977A6AF03770F150250FE02EB7C0D770EE01CED1
                                                                                                                                                                                                                                          Function 0065E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0065E172
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0065E182
                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 0065E1C2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                                                          • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                                                          • API String ID: 588496660-2191092095
                                                                                                                                                                                                                                          • Opcode ID: 5a605d1d1a9b9e5d0fc48249f5c3d23e1428f6e8ab206d657bb60d1dfa6acb22
                                                                                                                                                                                                                                          • Instruction ID: 46b6524a7badbc7877bcfb1927a8516f1319cf72887b25e7d7ec53bfeeb612de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a605d1d1a9b9e5d0fc48249f5c3d23e1428f6e8ab206d657bb60d1dfa6acb22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE01F535640740DBD7314B5AFC04BA27BAAB790B22F00803BE508C6260C3B79559CB64
                                                                                                                                                                                                                                          Function 006811F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00681210
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0068121A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 0068122D
                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::Write, xrefs: 00681228
                                                                                                                                                                                                                                          • WriteFile failed: %d, xrefs: 00681221
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                          • API String ID: 442123175-2264278858
                                                                                                                                                                                                                                          • Opcode ID: ebb9b5ec6bef2483d5e428198e278d20301ab95de6d32869e9a2c221d23ff6d2
                                                                                                                                                                                                                                          • Instruction ID: 40b77a29989736492bd6020e6c07b4532e7d9539b645a18a7a66b7f681339451
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebb9b5ec6bef2483d5e428198e278d20301ab95de6d32869e9a2c221d23ff6d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F08131640208AFDB40FFA4DC42FBEB7A6AB14B04F40415CF9059A181D9719A54DB51
                                                                                                                                                                                                                                          Function 006608A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 006608A9
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 006608C0
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?), ref: 006608D7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                                          • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                          • API String ID: 4190356694-3789238822
                                                                                                                                                                                                                                          • Opcode ID: 48a980b778f2371e4322ca2343503ea9f3c89fcee44fbfa579b7e83413f9ea8b
                                                                                                                                                                                                                                          • Instruction ID: f4c2cca43f77ac409e01ec7367795c105d09afc2141ca8663b5207bf661fbd97
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48a980b778f2371e4322ca2343503ea9f3c89fcee44fbfa579b7e83413f9ea8b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F0A772D4131CABDF109BA06C09AEB779DDB01755B004AE9EC0897240E6768E1496D0
                                                                                                                                                                                                                                          Function 006BE940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,006BE935,?,?,006BE8FD,00000002,00000002,?), ref: 006BE955
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006BE968
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,006BE935,?,?,006BE8FD,00000002,00000002,?), ref: 006BE98B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: dfe11ecea37c00ff3f60d43fea16bb92e8482d8ad65cac6ff95c189162856f94
                                                                                                                                                                                                                                          • Instruction ID: b466b0765f55cd24960afcd7a1094aa63f505cf844fbc1b80f4f86e4286e4845
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfe11ecea37c00ff3f60d43fea16bb92e8482d8ad65cac6ff95c189162856f94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F08C70A50318FBDB11AB51DD49FDEBEBAEF00B55F000164F404A62A0CBB68E44DBA0
                                                                                                                                                                                                                                          Function 006A8982 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SleepConditionVariableCS.KERNELBASE(?,006A891F,00000064), ref: 006A89A5
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(0072742C,00641171,?,006A891F,00000064,?,?,?,0064402B,0072827C,D7A06B67,?,00641171,?), ref: 006A89AF
                                                                                                                                                                                                                                          • WaitForSingleObjectEx.KERNEL32(00641171,00000000,?,006A891F,00000064,?,?,?,0064402B,0072827C,D7A06B67,?,00641171,?), ref: 006A89C0
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0072742C,?,006A891F,00000064,?,?,?,0064402B,0072827C,D7A06B67,?,00641171,?), ref: 006A89C7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                          • String ID: ,tr
                                                                                                                                                                                                                                          • API String ID: 3269011525-995019380
                                                                                                                                                                                                                                          • Opcode ID: f60fd5f43a0b2edced72e7966f4314cc836a6c9e7bb7137257d07ec862629eb2
                                                                                                                                                                                                                                          • Instruction ID: 24b594a0878771f8c3aba775a02b6c3af4a6ee603516fe869fa576870f341f5b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f60fd5f43a0b2edced72e7966f4314cc836a6c9e7bb7137257d07ec862629eb2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9E092329052B4EFC7153B54ED0999E7E2AEB09B10B004020F5095B161CB661D21CFD6
                                                                                                                                                                                                                                          Function 006C03F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006C2174: RtlAllocateHeap.NTDLL(00000000,?,?,?,006A872D,?,?,0063A1ED,0000002C,D7A06B67), ref: 006C21A6
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0501
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0518
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0535
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0550
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006C0567
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3033488037-0
                                                                                                                                                                                                                                          • Opcode ID: 14918e607c3f737608c1f30395221a25e5258abf2fb66020c933258638fb3198
                                                                                                                                                                                                                                          • Instruction ID: 4827962b41cdea5194ee926c88fe6e430ed9a467fae9b74fe4334e57e7a107cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14918e607c3f737608c1f30395221a25e5258abf2fb66020c933258638fb3198
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B519D71A00705EFEB209F29C941FBA77F6EF48724B54466DE90AD7290E731EA01CB44
                                                                                                                                                                                                                                          Function 006943F0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006943F7
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00694401
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00694452
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00694472
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0069447F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                          • Opcode ID: a46a7524720e1fc1fcb0cc6e6b16420acf0a5ec5f127289d7aa204559c2bd7c6
                                                                                                                                                                                                                                          • Instruction ID: 555bb4b7c985a64ac7df58245b60451de8a701278fd36009486e61dd78370ac5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a46a7524720e1fc1fcb0cc6e6b16420acf0a5ec5f127289d7aa204559c2bd7c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 491193319052299BCF54FB989841BAEB7ABEF44B10F14401DF904AB791DF749E06CB98
                                                                                                                                                                                                                                          Function 00697579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2020259771-0
                                                                                                                                                                                                                                          • Opcode ID: 6e1084cfe4e3823e14b7a2481ee1f8a2e3ad3d7a7599b74602e16da96c6a594f
                                                                                                                                                                                                                                          • Instruction ID: 0f499c0897a3744e5541015249b91ad96af623863c30daf876d1251daea8e488
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e1084cfe4e3823e14b7a2481ee1f8a2e3ad3d7a7599b74602e16da96c6a594f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD119EB1618744BBEB20DBA48881F12B7EDEF08310F04491AF285CFE40E665FD5487A9
                                                                                                                                                                                                                                          Function 006A459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A45A6
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A45B0
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A4601
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A4621
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A462E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                          • Opcode ID: fa9bd98ae7e96baae4910d8237f7348527e1fed8eedf3a4607e58f946b371b6d
                                                                                                                                                                                                                                          • Instruction ID: 0373d0298b616dc9b931671ec7aa2207f2a1ac54f45c96c60dbc24ad0f7ca234
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa9bd98ae7e96baae4910d8237f7348527e1fed8eedf3a4607e58f946b371b6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC018035D002699BCB45FB64D996AAE7777AF81710F24000DE810AB391DFB49E01CB98
                                                                                                                                                                                                                                          Function 006A4634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A463B
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A4645
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A4696
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A46B6
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A46C3
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                          • Opcode ID: e9a4cdf1f1955d2467988c1efbbd90a480e99f6d6b2716a95b36c43a61ba3fe6
                                                                                                                                                                                                                                          • Instruction ID: abcc20036d6cbca2d5c4b62dc7699eba37c74f130e77e314742e0f0e6e4b82b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9a4cdf1f1955d2467988c1efbbd90a480e99f6d6b2716a95b36c43a61ba3fe6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A01AD319001659BCB05FB64D951AAE77A7AF81310F24000DE810AB392CFB49E01CF98
                                                                                                                                                                                                                                          Function 006A47F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A47FA
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A4804
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A4855
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A4875
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A4882
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                          • Opcode ID: 4a78eab8976a3663ba5d9c59794649ce0c038d5432bbe43b9cb00f341c95df7e
                                                                                                                                                                                                                                          • Instruction ID: 48ad81b50570ca4596d003404561012c8f49c63046f22759727f877aa66d6b89
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a78eab8976a3663ba5d9c59794649ce0c038d5432bbe43b9cb00f341c95df7e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F01C4319002659BCF48FB64D852AAE7777BF80710F24000DE8106B381CFB4DE01CB85
                                                                                                                                                                                                                                          Function 006A4888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 006A488F
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006A4899
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                                                                            • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 006A48EA
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 006A490A
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006A4917
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 55977855-0
                                                                                                                                                                                                                                          • Opcode ID: 607fb9a9d5da0026b67826d7420a7f87a9302e825725182c1bb40734061a56a7
                                                                                                                                                                                                                                          • Instruction ID: 834d5133afbb9eace48f5d017de0136bd604d0bb79a2171341beaa33d791b38f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 607fb9a9d5da0026b67826d7420a7f87a9302e825725182c1bb40734061a56a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA01AD3190016A9BCF44FBA4D841AAE77A7AF80320F24010DE810AB381CFB49E05CB99
                                                                                                                                                                                                                                          Function 006CB487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006CB49F
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006CB4B1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006CB4C3
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006CB4D5
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006CB4E7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 553b6b0d6d8e6e924f66661470da5603a70ab7a963364c681bafbf32887c4186
                                                                                                                                                                                                                                          • Instruction ID: a1aab3c0af21e06cec56cb7b6a7ad89db5a3523feddf9c7257b63b5d9a69f460
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 553b6b0d6d8e6e924f66661470da5603a70ab7a963364c681bafbf32887c4186
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECF0FF32608614AB8674EB68F996EAA73DEFA00710B94D81EF449D7685C724FC808A58
                                                                                                                                                                                                                                          Function 00680720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • NWebAdvisor::CCabParser::Close, xrefs: 0068073E
                                                                                                                                                                                                                                          • CloseHandle failed: %d, xrefs: 00680737
                                                                                                                                                                                                                                          • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00680743
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                          • API String ID: 918212764-1823807987
                                                                                                                                                                                                                                          • Opcode ID: 80c8ae042380212490c3842f501733bb1188d32905113efe9985942807c11ff2
                                                                                                                                                                                                                                          • Instruction ID: a158b2ea50d2576269f19b9739c19c4d1443cf6d9ab6bde2a2d8b584580b858a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80c8ae042380212490c3842f501733bb1188d32905113efe9985942807c11ff2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FD05B313807146EF7602B68EC0AFB63657DF01714F110B1CB715D51E1D6E3A8514765
                                                                                                                                                                                                                                          Function 006952EC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006952F3
                                                                                                                                                                                                                                            • Part of subcall function 0065BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0065BE2F
                                                                                                                                                                                                                                            • Part of subcall function 0065BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0065BE51
                                                                                                                                                                                                                                            • Part of subcall function 0065BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0065BE71
                                                                                                                                                                                                                                            • Part of subcall function 0065BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0065BFFC
                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 006954EF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                          • String ID: 0123456789ABCDEFabcdef-+Xx$l8]i
                                                                                                                                                                                                                                          • API String ID: 3042121994-3628426331
                                                                                                                                                                                                                                          • Opcode ID: f6820ed193dc165315f3337872cf3e588368d1b1bd07eaf02c141f599af59018
                                                                                                                                                                                                                                          • Instruction ID: 22c8ec76a4d0d06c2a8901921670270efc915a766f58df43e1bf8c641f2e5ccd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6820ed193dc165315f3337872cf3e588368d1b1bd07eaf02c141f599af59018
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03C18D30E046888ADF62DFA4C590AECBBBBAF55300F684059D8866B783DB309D46CB54
                                                                                                                                                                                                                                          Function 006D51F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                                                          • API String ID: 0-4282027825
                                                                                                                                                                                                                                          • Opcode ID: 3af77e7078632d7afbfa62c913fe112247b23d7a834f591d200c993f3d4a09c3
                                                                                                                                                                                                                                          • Instruction ID: 7075df0962201d1ceb6ac7192c8586e8f6af874cb498cd0b305c13a44c69584a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3af77e7078632d7afbfa62c913fe112247b23d7a834f591d200c993f3d4a09c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31715C71D00619DBCF14DFA8C884ADEBBFABF49310F14062AE416E7790E730A945CBA5
                                                                                                                                                                                                                                          Function 0063B420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0063B64C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                          • API String ID: 323602529-1866435925
                                                                                                                                                                                                                                          • Opcode ID: 6d25ae75188815a03950678508989c69dfb9b08afd1a98b47452a11dc4406080
                                                                                                                                                                                                                                          • Instruction ID: ea36d5451c806a914a06c046c5304ab12a5d9b6369cadf702fbf2857fefaa4f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d25ae75188815a03950678508989c69dfb9b08afd1a98b47452a11dc4406080
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F7168B1A0064AEFDB14CF58C984BAABBF5FF48314F14816AEA149B381D775A905CF90
                                                                                                                                                                                                                                          Function 006D4620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 006D46E4
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 006D4728
                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 006D4768
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: PrivateProfileStructWrite$ErrorLast
                                                                                                                                                                                                                                          • String ID: MCRG
                                                                                                                                                                                                                                          • API String ID: 3778923442-1523812224
                                                                                                                                                                                                                                          • Opcode ID: 4beeff1f2d085c359459b1173912afebfa9365d0cb0101e7e19509a444b1c634
                                                                                                                                                                                                                                          • Instruction ID: 5f319f8d0c0bf40d856d9c3efbc9c5c5d6f3d53d54ec4045adc1adbdfe7506e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4beeff1f2d085c359459b1173912afebfa9365d0cb0101e7e19509a444b1c634
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2517F75D00249AFDB10CFA8D845BDEBBB6EF49324F14825AF815AB3A1DB709D05CB90
                                                                                                                                                                                                                                          Function 00640490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00693D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,006404D5,?,?,D7A06B67), ref: 00693DAE
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 006405CC
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 006405F6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
                                                                                                                                                                                                                                          • String ID: generic$unknown error
                                                                                                                                                                                                                                          • API String ID: 3868770561-3628847473
                                                                                                                                                                                                                                          • Opcode ID: 4a5223055e6968c85625111073cccd2c957b55608ab75670f1c14d3db507b6c6
                                                                                                                                                                                                                                          • Instruction ID: c6f6df6cba037e94e1e017e31754e9557c7db9b04ac6ea2a49985decd977510a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a5223055e6968c85625111073cccd2c957b55608ab75670f1c14d3db507b6c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9541D4B09003149FEB24AF68C9457AFBBEAEF45310F10062EE55697381D77899048BA1
                                                                                                                                                                                                                                          Function 006BEA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\is-1P17I.tmp\component1_extract\saBSI.exe
                                                                                                                                                                                                                                          • API String ID: 0-1580353058
                                                                                                                                                                                                                                          • Opcode ID: 24fd85fcec7094e097377e0e5292068af7781726ed434e0ca2993bca36112fca
                                                                                                                                                                                                                                          • Instruction ID: 0b915222af969270ad768693a7e76a8e41b7783186d27ccdeec856ec808f7fa5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24fd85fcec7094e097377e0e5292068af7781726ed434e0ca2993bca36112fca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B3192B1A00218ABCB71DF99DD85DEEBBBEFF94310B14406AE40597310D7729E85CB54
                                                                                                                                                                                                                                          Function 00634A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: H_prolog3_
                                                                                                                                                                                                                                          • String ID: /affid$MSAD_Subinfo$affid
                                                                                                                                                                                                                                          • API String ID: 2427045233-3897642808
                                                                                                                                                                                                                                          • Opcode ID: 3f99a2921b797b2e55b9f01ef90ea82008952ad67f35ed417fa525e2bfd617e9
                                                                                                                                                                                                                                          • Instruction ID: c543685ce847e9d350b810cbbbad1b217a5911b17ea6befeae52146c8d11767b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f99a2921b797b2e55b9f01ef90ea82008952ad67f35ed417fa525e2bfd617e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D415BB0904248DECB08DFA4D895AEDFBB5FF09314F14416EE406A7381DB34AA4ACB95
                                                                                                                                                                                                                                          Function 006A2F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006A2F57
                                                                                                                                                                                                                                            • Part of subcall function 00697DF0: __EH_prolog3.LIBCMT ref: 00697DF7
                                                                                                                                                                                                                                            • Part of subcall function 00697DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00697E01
                                                                                                                                                                                                                                            • Part of subcall function 00697DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00697E72
                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 006A2FF3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                          • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                                                          • API String ID: 2544715827-3094241602
                                                                                                                                                                                                                                          • Opcode ID: 0458dd2a5567db3625389bc05ce304dbd443d2faa0cdbce76a29763a372f9e67
                                                                                                                                                                                                                                          • Instruction ID: 388c859b532d8d7505f1530263694b919d33ce4af4b28e3bbc4902b7e9a191f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0458dd2a5567db3625389bc05ce304dbd443d2faa0cdbce76a29763a372f9e67
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D414A31900219DFCF55EFA8C980AEDBBB6BF06314F100159F911AB255DB309E56CFA5
                                                                                                                                                                                                                                          Function 006A3200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006A3207
                                                                                                                                                                                                                                            • Part of subcall function 006332DE: __EH_prolog3_GS.LIBCMT ref: 006332E5
                                                                                                                                                                                                                                            • Part of subcall function 006332DE: std::_Lockit::_Lockit.LIBCPMT ref: 006332F2
                                                                                                                                                                                                                                            • Part of subcall function 006332DE: std::_Lockit::~_Lockit.LIBCPMT ref: 00633360
                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 006A32A3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                                                                          • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                          • API String ID: 3328206922-2494171821
                                                                                                                                                                                                                                          • Opcode ID: baa281e253cad4cc701c2c70525c61cc11796c422c50f3be166bae43a54d6260
                                                                                                                                                                                                                                          • Instruction ID: c1cafa6e8087d1a47ab5acb588fcb6d170ff1e366fb7b51e3f87ac3ae792be7a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baa281e253cad4cc701c2c70525c61cc11796c422c50f3be166bae43a54d6260
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A413B71900218DFCF45EFA4C885AEDBBB6BF09310F100159F911AB255DB309E56CF95
                                                                                                                                                                                                                                          Function 006A7470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006A7477
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C995
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C9B7
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065C9D7
                                                                                                                                                                                                                                            • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065CAB1
                                                                                                                                                                                                                                          • _Find_elem.LIBCPMT ref: 006A7511
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                          • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                          • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                                          • Opcode ID: b9980f583b1b777a46e3c5288db6b2d3b417b35f678e86c68c08dbf820a826d5
                                                                                                                                                                                                                                          • Instruction ID: ff18a581682cbcc85ac63b9d31d6f944222b32899f013801cfedbe02eb28e753
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9980f583b1b777a46e3c5288db6b2d3b417b35f678e86c68c08dbf820a826d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18413931900209DFCF05EFA8D881AEEBBB6FF05310F100099E911AB252DB359E56CF95
                                                                                                                                                                                                                                          Function 00647156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00654B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                                          • String ID: Failed to add event category ($V
                                                                                                                                                                                                                                          • API String ID: 2287862619-1647955383
                                                                                                                                                                                                                                          • Opcode ID: 6620dd77f57ff979a0e6c24b3ea74fd6c17f371ddf76fc74305a82659edb4f11
                                                                                                                                                                                                                                          • Instruction ID: f2cdf8d87d128ebff94e0770e0ca0997a560325d22165dfd868b95c55e5b93d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6620dd77f57ff979a0e6c24b3ea74fd6c17f371ddf76fc74305a82659edb4f11
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD31A070914248CFDF44EF60D855BDE7BB6EF55304F5040ADE8061B282EB79AA08CFA6
                                                                                                                                                                                                                                          Function 0064A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,D7A06B67,?,?), ref: 0064A531
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 0064A7EC
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A989
                                                                                                                                                                                                                                            • Part of subcall function 0064F110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F268
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Unexpected return value: , xrefs: 0064A8CC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                                          • String ID: Unexpected return value:
                                                                                                                                                                                                                                          • API String ID: 1703231451-3613193034
                                                                                                                                                                                                                                          • Opcode ID: f8a7f628ff24554eb23af5e65139eb8b367273cf13250672b8effad1387fbda3
                                                                                                                                                                                                                                          • Instruction ID: 2c7b24d1014bd34a9ac698603ce2b2010c4937aeca9189302c5f11e0f7fbd67e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8a7f628ff24554eb23af5e65139eb8b367273cf13250672b8effad1387fbda3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9221BF70941208EBDF18DFE4CD89AECB73BAF45310F1042A8E111AB2D5DB309A85CE56
                                                                                                                                                                                                                                          Function 00647052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,D7A06B67,00000000,D7A06B67,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                                                                            • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                                                                            • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                                          • String ID: P$Service has not been initialized
                                                                                                                                                                                                                                          • API String ID: 920826028-2917841385
                                                                                                                                                                                                                                          • Opcode ID: 880a4197cd50a04443698b2bfaca2d7cb943603ecbcbc784143650f6c5baa502
                                                                                                                                                                                                                                          • Instruction ID: 0abca230155b3b74d04ea6be7fb62747210a97570527738ae9652ac16b096266
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 880a4197cd50a04443698b2bfaca2d7cb943603ecbcbc784143650f6c5baa502
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7018471A14248CFDF44EFA0D452BEDB7B6EF55300F50806DE90257281EB79A60CCEA9
                                                                                                                                                                                                                                          Function 0063308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00633095
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 006330A2
                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006330DF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                                                                                          • API String ID: 4089677319-1405518554
                                                                                                                                                                                                                                          • Opcode ID: 97420e11770864f3da9b4eeffc838fa7ce2fca98476a7d5209a5434b9e476fbd
                                                                                                                                                                                                                                          • Instruction ID: 6d8ec4dd1c9694d22651625a75e24362de756b16df106bac452faad15bc939b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97420e11770864f3da9b4eeffc838fa7ce2fca98476a7d5209a5434b9e476fbd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55014F70805B80DEC720AF69848114AFEE1BF29700B508A2EE08983B41CB30A604CB9D
                                                                                                                                                                                                                                          Function 006C24F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3213747228-0
                                                                                                                                                                                                                                          • Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                                          • Instruction ID: 3959643cfd00ca0929db1370f9d1e316518c131f2460aa7fe98436be01651009
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74B1F0729042869FDB15CF28C8A1BFEBBA6EF55340F2481AEEC459B341D6349D42CB64
                                                                                                                                                                                                                                          Function 006D2AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 0063463F: GetProcessHeap.KERNEL32(?,?,?,0065C2E1,?,?,?,D7A06B67,?,00000000), ref: 00634676
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2BF4
                                                                                                                                                                                                                                            • Part of subcall function 006575F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,80070057,8007000E,80004005,00658806,00000000,?,00000000,00000002,00000000), ref: 00657628
                                                                                                                                                                                                                                            • Part of subcall function 006575F0: LoadResource.KERNEL32(00000000,00000000,?,00000000,00000002,00000000), ref: 00657636
                                                                                                                                                                                                                                            • Part of subcall function 006575F0: LockResource.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 00657641
                                                                                                                                                                                                                                            • Part of subcall function 006575F0: SizeofResource.KERNEL32(00000000,00000000,?,00000000,00000002,00000000), ref: 0065764F
                                                                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,?,00000006), ref: 006D2B74
                                                                                                                                                                                                                                            • Part of subcall function 00657580: LoadResource.KERNEL32(00000101,00000101,00000000,80070057,8007000E,80004005,00658806,00000000,?,00000000,00000002,00000000), ref: 00657589
                                                                                                                                                                                                                                            • Part of subcall function 00657580: LockResource.KERNEL32(-00000075,80070057,8007000E,80004005,00658806,00000000,?,00000000,00000002,00000000), ref: 00657594
                                                                                                                                                                                                                                            • Part of subcall function 00657580: SizeofResource.KERNEL32(00000101,00000101,?,00000000,00000002,00000000), ref: 006575A8
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 006D2BAB
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2C2E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2838002939-0
                                                                                                                                                                                                                                          • Opcode ID: 8c1b744fe42832c2709c694dd5878a7ab9f3d8d2dd8606f01c7675c2378cd496
                                                                                                                                                                                                                                          • Instruction ID: d9496133348701c06f79a1da08a78d128a084e9f52caf473712d14b0d9d6acc2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c1b744fe42832c2709c694dd5878a7ab9f3d8d2dd8606f01c7675c2378cd496
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6451BF30600642AFE7248F18CCA9F6AB7EAEF64714F20465EF5019B3D0EBB5AC40CB54
                                                                                                                                                                                                                                          Function 006AC0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                                          • Opcode ID: d85f8c9663025933cc10365113afc93c3502c06867aa6bfeba2a4888cb02f9b7
                                                                                                                                                                                                                                          • Instruction ID: b9ec7e0aa3999562a28c13d9862b0b2d0921c3c3865e4bad61fd8af7f7392378
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d85f8c9663025933cc10365113afc93c3502c06867aa6bfeba2a4888cb02f9b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2051D3B2640206EFDB29BF98C841BBA77A6FF06724F14452EE81557292D731ED81CF90
                                                                                                                                                                                                                                          Function 006C3531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9c53bbb95ef95fa68427803bb1a618b7237c452baf924f1a3e2923b7b6324af6
                                                                                                                                                                                                                                          • Instruction ID: 42e2314117ea2e4d5986b127b7063850226b3a8d537f8b8ea0d47b878e1b84bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c53bbb95ef95fa68427803bb1a618b7237c452baf924f1a3e2923b7b6324af6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A41C8B1A00714BFD724AF78C841FBABBA6EF85710F10852EE112DB781D671DA418794
                                                                                                                                                                                                                                          Function 0065EBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0065EBCB
                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0065EC28
                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 0065EC4F
                                                                                                                                                                                                                                            • Part of subcall function 0065EBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 0065EC7E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseEnumOpenSecurity
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 611561417-0
                                                                                                                                                                                                                                          • Opcode ID: a263a60e3c400aa9facdff2155b4dc5774f7faac26b863aa7c48a77a848247d8
                                                                                                                                                                                                                                          • Instruction ID: 7db97b8dc5f054d5cd99f7272bd362b49dd98d8ab7f20ac57c8d53e9b0ba04da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a263a60e3c400aa9facdff2155b4dc5774f7faac26b863aa7c48a77a848247d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C31A272A0031CABDF209F54DD49FEAB3BAEB08701F0005A9FD15A7291DA719E54CF50
                                                                                                                                                                                                                                          Function 006BE0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c25ac4a0e103be319108a8fa0419cb531c1e0e642bc0d39be6eb605e026e9bd9
                                                                                                                                                                                                                                          • Instruction ID: 3d4fd64cea47ef2a720771b6d2a384c5cefe70df1050d84d1975bb8e67b57be1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c25ac4a0e103be319108a8fa0419cb531c1e0e642bc0d39be6eb605e026e9bd9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E921A1F1644205AFEB20AF69CC81DFB77AFEF053687204518F42597291D732EC9187A0
                                                                                                                                                                                                                                          Function 006BF540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006BF549
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                                                                            • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006BF55C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006BF56D
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 006BF57E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 79cc3d03c355e159284820a8f9fbe071c2deb864829a978237d9c36f1a064ee2
                                                                                                                                                                                                                                          • Instruction ID: f1d68be0d7ec830385f720bf7eeaae8b81e83b76fb3f383069370b16114f6a9f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79cc3d03c355e159284820a8f9fbe071c2deb864829a978237d9c36f1a064ee2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCE046708856609A86B23F30BD01A293B2AF714710344800FF80822331CF3F01AFDBAE
                                                                                                                                                                                                                                          Function 006D4440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006D2AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 006D2B74
                                                                                                                                                                                                                                            • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 006D2BAB
                                                                                                                                                                                                                                            • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2C2E
                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 006D453C
                                                                                                                                                                                                                                          • WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 006D4598
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
                                                                                                                                                                                                                                          • String ID: MCRG
                                                                                                                                                                                                                                          • API String ID: 2178413835-1523812224
                                                                                                                                                                                                                                          • Opcode ID: 84a172b3d98cafeb01cb35a8e2943c53f80f9d6413f302d1211b9313865a9190
                                                                                                                                                                                                                                          • Instruction ID: adb76dd11ba7d6ec15f698be2300e76aeb2cb215ca4ad6e1652ccc9db07ebfca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84a172b3d98cafeb01cb35a8e2943c53f80f9d6413f302d1211b9313865a9190
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66616A71901248EFDB01DFA8D844B9EFBB6EF49320F14825AF815AB3A1DB759D05CB90
                                                                                                                                                                                                                                          Function 006571C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00657362
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00657367
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID: 'me
                                                                                                                                                                                                                                          • API String ID: 118556049-801638730
                                                                                                                                                                                                                                          • Opcode ID: 003a9f06270e9f0df45eda401cdd1e2db93170c2ed820243e93def0fb766a0ee
                                                                                                                                                                                                                                          • Instruction ID: 23f93b644f9b866430e3225113c95ed525d488fde911808e69dd451470f3c95f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 003a9f06270e9f0df45eda401cdd1e2db93170c2ed820243e93def0fb766a0ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C651B2B19046058FDB28DF28D94176EB7F7EF48310F10062EE85697791DB31EA48CB95
                                                                                                                                                                                                                                          Function 006AC6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 006AC707
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 8a533636b8ea97cef4fd6d9760858351f2735d206b86d21210d72c976079d972
                                                                                                                                                                                                                                          • Instruction ID: 9b8f64923fddfe8271d2f329f71c11cf92195377677d3c647faedb5f277816ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a533636b8ea97cef4fd6d9760858351f2735d206b86d21210d72c976079d972
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31411671900209AFCF16EF98CD81AEEBBB6BF4A310F188199F91467256D3359D50DF90
                                                                                                                                                                                                                                          Function 006C2E58 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                          • String ID: P|r$T|r
                                                                                                                                                                                                                                          • API String ID: 269201875-942657587
                                                                                                                                                                                                                                          • Opcode ID: 0e2b859145d24cc4fe56e6bc6e640f316c3ce417a7d1cb529ec670ad96e15692
                                                                                                                                                                                                                                          • Instruction ID: 2f3ec64255727095f08c268ff26817e4a6a8a6026eb2247d89f2cfe638111108
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e2b859145d24cc4fe56e6bc6e640f316c3ce417a7d1cb529ec670ad96e15692
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 891103711043039BD7649F29D891FB2B7E9EB08364B20442EF899D7242E771E880C794
                                                                                                                                                                                                                                          Function 006A8367 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006A904B
                                                                                                                                                                                                                                          • ___raise_securityfailure.LIBCMT ref: 006A9133
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                          • String ID: Xtr
                                                                                                                                                                                                                                          • API String ID: 3761405300-1756760824
                                                                                                                                                                                                                                          • Opcode ID: da779676ad08c82a61e621714aa38437a62363543b790163b155c0588f82b001
                                                                                                                                                                                                                                          • Instruction ID: 9d5611eaa2902c8e02ef952e257df81fa5e3fa5ecfe4d525258ce9538140755b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da779676ad08c82a61e621714aa38437a62363543b790163b155c0588f82b001
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8121C6B4509344DED728DF1AFE96650BBA4BB19314F60D06EE508CB3B0E3785992CF58
                                                                                                                                                                                                                                          Function 006D6290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006D2AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 006D2B74
                                                                                                                                                                                                                                            • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 006D2BAB
                                                                                                                                                                                                                                            • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2C2E
                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,?,00000100,%`m,?,00000000,?,?,?,006D6025,?,00000100,00000000,00000100), ref: 006D62BB
                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,%`m,00000100,00000000,00000100), ref: 006D62F9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiQueryValueWide$FindResource
                                                                                                                                                                                                                                          • String ID: %`m
                                                                                                                                                                                                                                          • API String ID: 3794624133-2537106267
                                                                                                                                                                                                                                          • Opcode ID: a7b9d73889a7177500755ce35a248d19406bc4a2851d824f70b51bf75e6de0e6
                                                                                                                                                                                                                                          • Instruction ID: c2eb36d07a07c062cebf2349bb491a774bfd4a717458246ab5b95f65fe648750
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7b9d73889a7177500755ce35a248d19406bc4a2851d824f70b51bf75e6de0e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E119131500209BFDB119F58CC45E9ABBA6FF49360F148165FC189B2A1E7729D60DF90
                                                                                                                                                                                                                                          Function 0065E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(0000007B,?), ref: 0065E650
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromString
                                                                                                                                                                                                                                          • String ID: @${
                                                                                                                                                                                                                                          • API String ID: 1694596556-3118734784
                                                                                                                                                                                                                                          • Opcode ID: 525af7684dea11f8fbe69891f637b0d2898200ee96a1d3f2c55480f34696ccd0
                                                                                                                                                                                                                                          • Instruction ID: c85cbfc117b4698d85adb8d2a014984b9874b18872322fb7832ca80ce4029200
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 525af7684dea11f8fbe69891f637b0d2898200ee96a1d3f2c55480f34696ccd0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 320186316002089BCF149F58D900BEAB3B9FF59710F4081AEE845E7150DA70AA88CB94
                                                                                                                                                                                                                                          Function 006A9146 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006A9151
                                                                                                                                                                                                                                          • ___raise_securityfailure.LIBCMT ref: 006A920E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                          • String ID: Xtr
                                                                                                                                                                                                                                          • API String ID: 3761405300-1756760824
                                                                                                                                                                                                                                          • Opcode ID: 2d48cff73f0ab1d6a6d616ccd65779316b928d2dea173b55d14d7199e4c988fc
                                                                                                                                                                                                                                          • Instruction ID: 85833efc0d4acda6646b4316409f19a8f7d536b751ba5c9dee1b78d20b9f33f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d48cff73f0ab1d6a6d616ccd65779316b928d2dea173b55d14d7199e4c988fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0211B6B4519344DFD728DF1AFE82640BBA4BB18300B10D05EE9088B370E778A567CF59
                                                                                                                                                                                                                                          Function 00692743 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00692743
                                                                                                                                                                                                                                            • Part of subcall function 006926D0: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00692748,006928F1), ref: 006926E7
                                                                                                                                                                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,006928F1), ref: 00692760
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2469854427.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2468583373.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2472702923.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2474028045.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475021157.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475693810.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.2475952274.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_620000_saBSI.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Lock$AcquireDloadExclusiveFunctionHandleModulePointers
                                                                                                                                                                                                                                          • String ID: 8or
                                                                                                                                                                                                                                          • API String ID: 3692202576-2304182850
                                                                                                                                                                                                                                          • Opcode ID: bcce4773105373169c1013680ab52f905cc02e3938ee6487a5b62cab8adabe72
                                                                                                                                                                                                                                          • Instruction ID: 64999b3bf335df35382fbaf6493260fb213094cb5b103197e7f60b475300f7bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcce4773105373169c1013680ab52f905cc02e3938ee6487a5b62cab8adabe72
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4E0CD303312A3574F246B547FA4955334FAB41744300007BD511FBF54D5384C82C582